Update web-token/jwt-library requirement from ^3.4 to ^3.4 || ^4.0 in…

… the production-dependencies group (#1)

* Update web-token/jwt-library requirement || ^4.0

Updates the requirements on [web-token/jwt-library](https://github.com/web-token/jwt-library) to permit the latest version.

Updates `web-token/jwt-library` to 4.0.1
- [Commits](web-token/jwt-library@3.4.0...4.0.1)

---
updated-dependencies:
- dependency-name: web-token/jwt-library
  dependency-type: direct:production
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update web-token/jwt-library requirement || ^4.0

Updates the requirements on [web-token/jwt-library](https://github.com/web-token/jwt-library) to permit the latest version.

Updates `web-token/jwt-library` to 4.0.1
- [Commits](web-token/jwt-library@3.4.0...4.0.1)

---
updated-dependencies:
- dependency-name: web-token/jwt-library
  dependency-type: direct:production
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Abstract finals to decorators

* Add coverage

* Requre specific deps for GHA unit test run

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marko Ivancic <mivanci@srce.hr>

.github/workflows/php.yml

@@ -148,14 +148,15 @@ jobs:
         run: composer audit
 
   unit-tests-linux:
-    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, JWT ${{ matrix.jwt-version }}, ${{ matrix.operating-system }}"
     runs-on: ${{ matrix.operating-system }}
     needs: [linter, quality, security]
     strategy:
       fail-fast: false
       matrix:
         operating-system: [ubuntu-latest]
         php-versions: ['8.2', '8.3']
+        jwt-version: ['^3.4', '^4.0.2']
 
     steps:
       - name: Setup PHP, with composer and extensions
@@ -191,41 +192,45 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
+      - name: Require specific dependencies
+        run: composer require web-token/jwt-framework:${{ matrix.jwt-version }} --no-update
+
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
       - name: Run unit tests with coverage
-        if: ${{ matrix.php-versions == '8.3' }}
+        if: ${{ matrix.php-versions == '8.3' && matrix.jwt-version == '^4.0.2' }}
         run: vendor/bin/phpunit
 
       - name: Run unit tests (no coverage)
         if: ${{ matrix.php-versions != '8.3' }}
         run: vendor/bin/phpunit --no-coverage
 
       - name: Save coverage data
-        if: ${{ matrix.php-versions == '8.3' }}
+        if: ${{ matrix.php-versions == '8.3' && matrix.jwt-version == '^4.0.2' }}
         uses: actions/upload-artifact@v4
         with:
           name: coverage-data
           path: ${{ github.workspace }}/build
 
   unit-tests-windows:
-    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, JWT ${{ matrix.jwt-version }}, ${{ matrix.operating-system }}"
     runs-on: ${{ matrix.operating-system }}
     needs: [linter, quality, security]
     strategy:
       fail-fast: true
       matrix:
         operating-system: [windows-latest]
         php-versions: ['8.2', '8.3']
+        jwt-version: ['^3.4', '^4.0.2']
 
     steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, filter, hash, mbstring, openssl, pcre, soap, spl, xml
+          extensions: ctype, date, dom, filter, hash, mbstring, openssl, pcre, soap, spl, xml, sodium
           tools: composer
           ini-values: error_reporting=E_ALL
           coverage: none
@@ -253,6 +258,9 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
+      - name: Require specific dependencies
+        run: composer require web-token/jwt-framework:${{ matrix.jwt-version }} --no-update
+
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 

composer.json

@@ -29,7 +29,7 @@
         "psr/http-message": "^2",
         "psr/log": "^3",
         "psr/simple-cache": "^3",
-        "web-token/jwt-library": "^3.4"
+        "web-token/jwt-library": "^3.4 || ^4.0.2"
     },
     "require-dev": {
         "phpstan/phpstan": "^2.1",
@@ -49,10 +49,15 @@
     },
     "scripts": {
         "pre-commit": [
+            "vendor/bin/phpcbf",
             "vendor/bin/phpcs -p",
+            "composer update web-token/jwt-framework --with web-token/jwt-framework:^3.0",
             "vendor/bin/psalm --no-cache",
-            "vendor/bin/rector --dry-run",
-            "vendor/bin/phpunit --no-coverage"
+            "vendor/bin/phpunit --no-coverage",
+            "composer update web-token/jwt-framework --with web-token/jwt-framework:^4.0",
+            "vendor/bin/psalm --no-cache",
+            "vendor/bin/phpunit --no-coverage",
+            "vendor/bin/rector --dry-run"
         ]
     }
 }

src/Algorithms/AlgorithmManagerDecorator.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\Algorithms;
+
+use Jose\Component\Core\AlgorithmManager;
+
+class AlgorithmManagerDecorator
+{
+    public function __construct(
+        protected readonly AlgorithmManager $algorithmManager,
+    ) {
+    }
+
+    public function algorithmManager(): AlgorithmManager
+    {
+        return $this->algorithmManager;
+    }
+}

src/Core.php

@@ -11,29 +11,29 @@
 use SimpleSAML\OpenID\Core\Factories\ClientAssertionFactory;
 use SimpleSAML\OpenID\Core\Factories\RequestObjectFactory;
 use SimpleSAML\OpenID\Decorators\DateIntervalDecorator;
-use SimpleSAML\OpenID\Factories\AlgorithmManagerFactory;
+use SimpleSAML\OpenID\Factories\AlgorithmManagerDecoratorFactory;
 use SimpleSAML\OpenID\Factories\DateIntervalDecoratorFactory;
-use SimpleSAML\OpenID\Factories\JwsSerializerManagerFactory;
+use SimpleSAML\OpenID\Factories\JwsSerializerManagerDecoratorFactory;
 use SimpleSAML\OpenID\Jwks\Factories\JwksFactory;
 use SimpleSAML\OpenID\Jws\Factories\JwsParserFactory;
-use SimpleSAML\OpenID\Jws\Factories\JwsVerifierFactory;
+use SimpleSAML\OpenID\Jws\Factories\JwsVerifierDecoratorFactory;
 use SimpleSAML\OpenID\Jws\JwsParser;
-use SimpleSAML\OpenID\Jws\JwsVerifier;
-use SimpleSAML\OpenID\Serializers\JwsSerializerManager;
+use SimpleSAML\OpenID\Jws\JwsVerifierDecorator;
+use SimpleSAML\OpenID\Serializers\JwsSerializerManagerDecorator;
 
 class Core
 {
     protected DateIntervalDecorator $timestampValidationLeewayDecorator;
-    protected ?JwsSerializerManager $jwsSerializerManager = null;
+    protected ?JwsSerializerManagerDecorator $jwsSerializerManagerDecorator = null;
     protected ?JwsParser $jwsParser = null;
-    protected ?JwsVerifier $jwsVerifier = null;
+    protected ?JwsVerifierDecorator $jwsVerifierDecorator = null;
     protected ?RequestObjectFactory $requestObjectFactory = null;
     protected ?ClientAssertionFactory $clientAssertionFactory = null;
     protected ?Helpers $helpers = null;
-    protected ?AlgorithmManagerFactory $algorithmManagerFactory = null;
-    protected ?JwsSerializerManagerFactory $jwsSerializerManagerFactory = null;
+    protected ?AlgorithmManagerDecoratorFactory $algorithmManagerDecoratorFactory = null;
+    protected ?JwsSerializerManagerDecoratorFactory $jwsSerializerManagerDecoratorFactory = null;
     protected ?JwsParserFactory $jwsParserFactory = null;
-    protected ?JwsVerifierFactory $jwsVerifierFactory = null;
+    protected ?JwsVerifierDecoratorFactory $jwsVerifierDecoratorFactory = null;
     protected ?JwksFactory $jwksFactory = null;
     protected ?DateIntervalDecoratorFactory $dateIntervalDecoratorFactory = null;
 
@@ -56,9 +56,9 @@ public function requestObjectFactory(): RequestObjectFactory
     {
         return $this->requestObjectFactory ??= new RequestObjectFactory(
             $this->jwsParser(),
-            $this->jwsVerifier(),
+            $this->jwsVerifierDecorator(),
             $this->jwksFactory(),
-            $this->jwsSerializerManager(),
+            $this->jwsSerializerManagerDecorator(),
             $this->timestampValidationLeewayDecorator,
             $this->helpers(),
         );
@@ -68,9 +68,9 @@ public function clientAssertionFactory(): ClientAssertionFactory
     {
         return $this->clientAssertionFactory ??= new ClientAssertionFactory(
             $this->jwsParser(),
-            $this->jwsVerifier(),
+            $this->jwsVerifierDecorator(),
             $this->jwksFactory(),
-            $this->jwsSerializerManager(),
+            $this->jwsSerializerManagerDecorator(),
             $this->timestampValidationLeewayDecorator,
             $this->helpers(),
         );
@@ -81,20 +81,20 @@ public function helpers(): Helpers
         return $this->helpers ??= new Helpers();
     }
 
-    public function algorithmManagerFactory(): AlgorithmManagerFactory
+    public function algorithmManagerDecoratorFactory(): AlgorithmManagerDecoratorFactory
     {
-        if (is_null($this->algorithmManagerFactory)) {
-            $this->algorithmManagerFactory = new AlgorithmManagerFactory();
+        if (is_null($this->algorithmManagerDecoratorFactory)) {
+            $this->algorithmManagerDecoratorFactory = new AlgorithmManagerDecoratorFactory();
         }
-        return $this->algorithmManagerFactory;
+        return $this->algorithmManagerDecoratorFactory;
     }
 
-    public function jwsSerializerManagerFactory(): JwsSerializerManagerFactory
+    public function jwsSerializerManagerDecoratorFactory(): JwsSerializerManagerDecoratorFactory
     {
-        if (is_null($this->jwsSerializerManagerFactory)) {
-            $this->jwsSerializerManagerFactory = new JwsSerializerManagerFactory();
+        if (is_null($this->jwsSerializerManagerDecoratorFactory)) {
+            $this->jwsSerializerManagerDecoratorFactory = new JwsSerializerManagerDecoratorFactory();
         }
-        return $this->jwsSerializerManagerFactory;
+        return $this->jwsSerializerManagerDecoratorFactory;
     }
 
     public function jwsParserFactory(): JwsParserFactory
@@ -105,12 +105,12 @@ public function jwsParserFactory(): JwsParserFactory
         return $this->jwsParserFactory;
     }
 
-    public function jwsVerifierFactory(): JwsVerifierFactory
+    public function jwsVerifierDecoratorFactory(): JwsVerifierDecoratorFactory
     {
-        if (is_null($this->jwsVerifierFactory)) {
-            $this->jwsVerifierFactory = new JwsVerifierFactory();
+        if (is_null($this->jwsVerifierDecoratorFactory)) {
+            $this->jwsVerifierDecoratorFactory = new JwsVerifierDecoratorFactory();
         }
-        return $this->jwsVerifierFactory;
+        return $this->jwsVerifierDecoratorFactory;
     }
 
     public function jwksFactory(): JwksFactory
@@ -127,29 +127,30 @@ public function dateIntervalDecoratorFactory(): DateIntervalDecoratorFactory
         return $this->dateIntervalDecoratorFactory;
     }
 
-    public function jwsSerializerManager(): JwsSerializerManager
+    public function jwsSerializerManagerDecorator(): JwsSerializerManagerDecorator
     {
-        if (is_null($this->jwsSerializerManager)) {
-            $this->jwsSerializerManager = $this->jwsSerializerManagerFactory()->build($this->supportedSerializers);
+        if (is_null($this->jwsSerializerManagerDecorator)) {
+            $this->jwsSerializerManagerDecorator = $this->jwsSerializerManagerDecoratorFactory()
+                ->build($this->supportedSerializers);
         }
-        return $this->jwsSerializerManager;
+        return $this->jwsSerializerManagerDecorator;
     }
 
     public function jwsParser(): JwsParser
     {
         if (is_null($this->jwsParser)) {
-            $this->jwsParser = $this->jwsParserFactory()->build($this->jwsSerializerManager());
+            $this->jwsParser = $this->jwsParserFactory()->build($this->jwsSerializerManagerDecorator());
         }
         return $this->jwsParser;
     }
 
-    public function jwsVerifier(): JwsVerifier
+    public function jwsVerifierDecorator(): JwsVerifierDecorator
     {
-        if (is_null($this->jwsVerifier)) {
-            $this->jwsVerifier = $this->jwsVerifierFactory()->build(
-                $this->algorithmManagerFactory()->build($this->supportedAlgorithms),
+        if (is_null($this->jwsVerifierDecorator)) {
+            $this->jwsVerifierDecorator = $this->jwsVerifierDecoratorFactory()->build(
+                $this->algorithmManagerDecoratorFactory()->build($this->supportedAlgorithms),
             );
         }
-        return $this->jwsVerifier;
+        return $this->jwsVerifierDecorator;
     }
 }

src/Core/Factories/ClientAssertionFactory.php

@@ -13,9 +13,9 @@ public function fromToken(string $token): ClientAssertion
     {
         return new ClientAssertion(
             $this->jwsParser->parse($token),
-            $this->jwsVerifier,
+            $this->jwsVerifierDecorator,
             $this->jwksFactory,
-            $this->jwsSerializerManager,
+            $this->jwsSerializerManagerDecorator,
             $this->timestampValidationLeeway,
             $this->helpers,
         );

src/Core/Factories/RequestObjectFactory.php

@@ -13,9 +13,9 @@ public function fromToken(string $token): RequestObject
     {
         return new RequestObject(
             $this->jwsParser->parse($token),
-            $this->jwsVerifier,
+            $this->jwsVerifierDecorator,
             $this->jwksFactory,
-            $this->jwsSerializerManager,
+            $this->jwsSerializerManagerDecorator,
             $this->timestampValidationLeeway,
             $this->helpers,
         );

src/Factories/AlgorithmManagerDecoratorFactory.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\Factories;
+
+use Jose\Component\Core\AlgorithmManager;
+use SimpleSAML\OpenID\Algorithms\AlgorithmManagerDecorator;
+use SimpleSAML\OpenID\SupportedAlgorithms;
+
+class AlgorithmManagerDecoratorFactory
+{
+    public function build(SupportedAlgorithms $supportedAlgorithms): AlgorithmManagerDecorator
+    {
+        return new AlgorithmManagerDecorator(
+            new AlgorithmManager(
+                $supportedAlgorithms->getSignatureAlgorithmBag()->getAllInstances(),
+            ),
+        );
+    }
+}

src/Factories/JwsSerializerManagerDecoratorFactory.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\Factories;
+
+use Jose\Component\Signature\Serializer\JWSSerializerManager;
+use SimpleSAML\OpenID\Serializers\JwsSerializerManagerDecorator;
+use SimpleSAML\OpenID\SupportedSerializers;
+
+class JwsSerializerManagerDecoratorFactory
+{
+    public function build(SupportedSerializers $supportedSerializers): JwsSerializerManagerDecorator
+    {
+        return new JwsSerializerManagerDecorator(
+            new JWSSerializerManager(
+                $supportedSerializers->getJwsSerializerBag()->getAllInstances(),
+            ),
+        );
+    }
+}