Merge branch 'release/3.0.0'

.env

@@ -1,2 +1,3 @@
 # Use by development docker setup.
 COMPOSE_PROJECT_NAME=agency-auth-bundle
+COMPOSE_DOMAIN=agency-auth-bundle.local.itkdev.dk

.github/workflows/pr.yaml

@@ -1,4 +1,8 @@
-on: pull_request
+on:
+  pull_request:
+  schedule:
+    # “At 04:44 on Saturday.”
+    - cron: '44 4 * * 6'
 name: Test & Code Style Review
 jobs:
 
@@ -8,8 +12,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php: [ '7.4', '8.0' ]
-        dependency-version: [ prefer-lowest, prefer-stable ]
+        php: [ '8.1' ]
+        dependency-version: [ 'prefer-stable' ]
     steps:
       - uses: actions/checkout@master
 
@@ -43,8 +47,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php: ['7.4', '8.0']
-        dependency-version: [ prefer-lowest, prefer-stable ]
+        php: [ '8.1' ]
+        dependency-version: [ 'prefer-stable' ]
     steps:
       - uses: actions/checkout@master
 
@@ -86,7 +90,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php: [ '7.4' ]
+        php: [ '8.1' ]
     name: Coding style fixer (${{ matrix.php }})
     steps:
       - uses: actions/checkout@master
@@ -114,14 +118,36 @@ jobs:
         run: composer actions/phpcsfixer
 
   psalm:
-    name: Psalm
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php: [ '8.1' ]
+    name: Psalm (${{ matrix.php }})
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - uses: actions/checkout@master
 
-      - name: Psalm
-        uses: docker://vimeo/psalm-github-actions
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extension: apcu, ctype, iconv, imagick, json, redis, soap, xmlreader, zip
+          coverage: none
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - uses: actions/cache@v1
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ matrix.php }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ matrix.php }}-composer-
+
+      - name: Install Dependencies
+        run: composer install -q --no-ansi --no-interaction --no-scripts --no-suggest --no-progress --prefer-dist
+
+      - name: phpcsfixerr
+        run: php vendor/bin/psalm
 
   markdownlint:
     name: Markdown Lint
@@ -143,7 +169,7 @@ jobs:
       - name: Yarn install
         uses: actions/setup-node@v2
         with:
-          node-version: '14'
+          node-version: '16'
       - run: yarn install
       - name: markdownlint
         run: yarn markdownlint README.md

CHANGELOG.md

@@ -0,0 +1,18 @@
+<!-- markdownlint-configure-file { "blanks-around-headers": { "lines_below": 0 } } -->
+<!-- markdownlint-configure-file { "blanks-around-lists": false } -->
+
+# Changelog
+
+![keep a changelog badge](https://img.shields.io/badge/Keep%20a%20Changelog-v1.0.0-brightgreen.svg?logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9IiNmMTVkMzAiIHZpZXdCb3g9IjAgMCAxODcgMTg1Ij48cGF0aCBkPSJNNjIgN2MtMTUgMy0yOCAxMC0zNyAyMmExMjIgMTIyIDAgMDAtMTggOTEgNzQgNzQgMCAwMDE2IDM4YzYgOSAxNCAxNSAyNCAxOGE4OSA4OSAwIDAwMjQgNCA0NSA0NSAwIDAwNiAwbDMtMSAxMy0xYTE1OCAxNTggMCAwMDU1LTE3IDYzIDYzIDAgMDAzNS01MiAzNCAzNCAwIDAwLTEtNWMtMy0xOC05LTMzLTE5LTQ3LTEyLTE3LTI0LTI4LTM4LTM3QTg1IDg1IDAgMDA2MiA3em0zMCA4YzIwIDQgMzggMTQgNTMgMzEgMTcgMTggMjYgMzcgMjkgNTh2MTJjLTMgMTctMTMgMzAtMjggMzhhMTU1IDE1NSAwIDAxLTUzIDE2bC0xMyAyaC0xYTUxIDUxIDAgMDEtMTItMWwtMTctMmMtMTMtNC0yMy0xMi0yOS0yNy01LTEyLTgtMjQtOC0zOWExMzMgMTMzIDAgMDE4LTUwYzUtMTMgMTEtMjYgMjYtMzMgMTQtNyAyOS05IDQ1LTV6TTQwIDQ1YTk0IDk0IDAgMDAtMTcgNTQgNzUgNzUgMCAwMDYgMzJjOCAxOSAyMiAzMSA0MiAzMiAyMSAyIDQxLTIgNjAtMTRhNjAgNjAgMCAwMDIxLTE5IDUzIDUzIDAgMDA5LTI5YzAtMTYtOC0zMy0yMy01MWE0NyA0NyAwIDAwLTUtNWMtMjMtMjAtNDUtMjYtNjctMTgtMTIgNC0yMCA5LTI2IDE4em0xMDggNzZhNTAgNTAgMCAwMS0yMSAyMmMtMTcgOS0zMiAxMy00OCAxMy0xMSAwLTIxLTMtMzAtOS01LTMtOS05LTEzLTE2YTgxIDgxIDAgMDEtNi0zMiA5NCA5NCAwIDAxOC0zNSA5MCA5MCAwIDAxNi0xMmwxLTJjNS05IDEzLTEzIDIzLTE2IDE2LTUgMzItMyA1MCA5IDEzIDggMjMgMjAgMzAgMzYgNyAxNSA3IDI5IDAgNDJ6bS00My03M2MtMTctOC0zMy02LTQ2IDUtMTAgOC0xNiAyMC0xOSAzN2E1NCA1NCAwIDAwNSAzNGM3IDE1IDIwIDIzIDM3IDIyIDIyLTEgMzgtOSA0OC0yNGE0MSA0MSAwIDAwOC0yNCA0MyA0MyAwIDAwLTEtMTJjLTYtMTgtMTYtMzEtMzItMzh6bS0yMyA5MWgtMWMtNyAwLTE0LTItMjEtN2EyNyAyNyAwIDAxLTEwLTEzIDU3IDU3IDAgMDEtNC0yMCA2MyA2MyAwIDAxNi0yNWM1LTEyIDEyLTE5IDI0LTIxIDktMyAxOC0yIDI3IDIgMTQgNiAyMyAxOCAyNyAzM3MtMiAzMS0xNiA0MGMtMTEgOC0yMSAxMS0zMiAxMXptMS0zNHYxNGgtOFY2OGg4djI4bDEwLTEwaDExbC0xNCAxNSAxNyAxOEg5NnoiLz48L3N2Zz4K)
+
+All notable changes to this project will be documented in this file.
+
+See [keep a changelog](https://keepachangelog.com/en/1.0.0/) for information about writing changes to this log.
+
+## [Unreleased]
+
+## [3.0.0] - 2022-07-05
+
+### Changed
+- Upgrade to Symfony 6. Migrated to new Symfony authentication system.
+- Upgrade tp PHP 8

README.md

@@ -60,35 +60,31 @@ Then set the actuel values in your `.env.local`. (See [configuration based on en
 
 ## Security Configuration
 
-Configure firewalls, access control and roles according to your needs in your `config/packages/security.yml`. The bundle provides a `TokenAuthenticator` you can use as a [Symfony Guard](https://symfony.com/doc/4.4/security/guard_authentication.html).
-If authenticated it will return a `User` with the `ROLE_OPENPLATFORM_AGENCY`. You can use Symfonys [hierarchical roles](https://symfony.com/doc/4.4/security.html#hierarchical-roles)
+Configure firewalls, access control and roles according to your needs in your `config/packages/security.yml`. The bundle provides a `TokenAuthenticator` you can use as a [custom authenticator](https://symfony.com/doc/current/security/custom_authenticator.html) and a `OpenPlatformUserProvider` you can use as a [custom user provider](https://symfony.com/doc/current/security/user_providers.html#creating-a-custom-user-provider).
+If authenticated it will return a [self validating passport](https://symfony.com/doc/current/security/custom_authenticator.html#self-validating-passport) with a `User` with the `ROLE_OPENPLATFORM_AGENCY`. You can use Symfonys [hierarchical roles](https://symfony.com/doc/4.4/security.html#hierarchical-roles)
 to map this role to your applications roles.
 
 A working security configuration could be:
 
 ```yaml
 security:
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
     providers:
-        in_memory: { memory: null }
-
+        openplatform_provider:
+            id: DanskernesDigitaleBibliotek\AgencyAuthBundle\Security\OpenPlatformUserProvider
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
-        api:
-            pattern: ^/api
-            stateless: true
-            anonymous: lazy
-            guard:
-                authenticators:
-                    - DanskernesDigitaleBibliotek\AgencyAuthBundle\Security\TokenAuthenticator
         main:
-            anonymous: true
+            stateless: true
+            custom_authenticators:
+                - DanskernesDigitaleBibliotek\AgencyAuthBundle\Security\TokenAuthenticator
 
     access_control:
         # Allows accessing the Swagger UI
         - { path: '^/api/docs', roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: '^/api', roles: ROLE_OPENPLATFORM_AGENCY }
+        - { path: '^/api', roles: ROLE_API_USER }
 
     role_hierarchy:
         ROLE_OPENPLATFORM_AGENCY: [ROLE_API_USER, ROLE_ENTRY_READ]

composer.json

@@ -20,21 +20,22 @@
     "sort-packages": true
   },
   "require": {
-    "php": "^7.4 | ^8.0",
+    "php": "^8.1",
     "ext-curl": "*",
     "ext-json": "*",
-    "symfony/cache": "^4.4 | ^5.2",
-    "symfony/config": "^4.4 | ^5.2",
-    "symfony/dependency-injection": "^4.4 | ^5.2",
-    "symfony/http-client": "^4.4 | ^5.2",
-    "symfony/http-foundation": "^4.4 | ^5.2",
-    "symfony/http-kernel": "^4.4 | ^5.2",
-    "symfony/security-guard": "^4.4 | <5.3"
+    "symfony/cache": "^6.0",
+    "symfony/config": "^6.0",
+    "symfony/dependency-injection": "^6.0",
+    "symfony/http-client": "^6.0",
+    "symfony/http-foundation": "^6.0",
+    "symfony/http-kernel": "^6.0",
+    "symfony/security-core": "^6.0",
+    "symfony/security-http": "^6.0"
   },
   "require-dev": {
     "drenso/phan-extensions": "^3.1",
-    "friendsofphp/php-cs-fixer": "^3.2",
-    "symfony/phpunit-bridge": "^4.4 | ^5.2",
+    "friendsofphp/php-cs-fixer": "^3.8",
+    "symfony/phpunit-bridge": "^6.0",
     "vimeo/psalm": "^4.8"
   },
   "scripts": {

docker-compose.yml

@@ -1,8 +1,9 @@
+# itk-version: 2.0.0
 version: "3"
 
 services:
   phpfpm:
-    image: itkdev/php7.4-fpm
+    image: itkdev/php8.1-fpm
     environment:
       - XDEBUG_MODE=${XDEBUG_MODE:-off}
       - XDEBUG_SESSION=${XDEBUG_SESSION:-0}
@@ -12,7 +13,19 @@ services:
       - PHP_IDE_CONFIG=serverName=localhost
       - COMPOSER_VERSION=2
     volumes:
-      - .:/app:delegated
+      - nfsApp:/app:delegated
     tmpfs:
       - /app/var/cache:size=1G
       - /tmp:size=1G
+
+volumes:
+  # Named volume requires that you have NFS shares enabled (performance boost on Macs).
+  # Use `itkdev-docker-compose nfs:enable` to enable NFS shares. If you don't want to use it remove it from here and
+  # change the volume mapping to use normal shares in the containers. See
+  # https://sean-handley.medium.com/how-to-set-up-docker-for-mac-with-native-nfs-145151458adc
+  nfsApp:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=host.docker.internal,rw,nolock,hard,nointr,nfsvers=3
+      device: ":$PWD"

phpunit.xml.dist

@@ -1,25 +1,20 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.1/phpunit.xsd"
-         backupGlobals="false"
-         colors="true"
-         bootstrap="./vendor/autoload.php"
->
-    <php>
-        <ini name="error_reporting" value="-1" />
-        <ini name="intl.default_locale" value="en" />
-        <ini name="intl.error_level" value="0" />
-        <ini name="memory_limit" value="-1" />
-        <server name="KERNEL_CLASS" value="App\Kernel" />
-    </php>
-    <testsuites>
-        <testsuite name="Test suite">
-            <directory suffix="Test.php">./tests</directory>
-        </testsuite>
-    </testsuites>
-    <filter>
-        <whitelist>
-            <directory>./src</directory>
-        </whitelist>
-    </filter>
-</phpunit>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd" backupGlobals="false" colors="true" bootstrap="./vendor/autoload.php">
+  <coverage>
+    <include>
+      <directory>./src</directory>
+    </include>
+  </coverage>
+  <php>
+    <ini name="error_reporting" value="-1"/>
+    <ini name="intl.default_locale" value="en"/>
+    <ini name="intl.error_level" value="0"/>
+    <ini name="memory_limit" value="-1"/>
+    <server name="KERNEL_CLASS" value="App\Kernel"/>
+  </php>
+  <testsuites>
+    <testsuite name="Test suite">
+      <directory suffix="Test.php">./tests</directory>
+    </testsuite>
+  </testsuites>
+</phpunit>

psalm.xml

@@ -1,16 +1,44 @@
 <?xml version="1.0"?>
 <psalm
-    errorLevel="3"
+    errorLevel="1"
     resolveFromConfigFile="true"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="https://getpsalm.org/schema/config"
     xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
-    errorBaseline="psalm-baseline.xml"
 >
     <projectFiles>
         <directory name="src" />
         <ignoreFiles>
             <directory name="vendor" />
         </ignoreFiles>
     </projectFiles>
+
+    <issueHandlers>
+        <PossiblyUndefinedMethod>
+            <errorLevel type="suppress">
+                <referencedMethod name="NodeDefinition::children"/>
+                <file name="src/DependencyInjection/Configuration.php"/>
+            </errorLevel>
+        </PossiblyUndefinedMethod>
+        <MissingConstructor>
+            <errorLevel type="suppress">
+                <file name="src/Security/User.php"/>
+            </errorLevel>
+        </MissingConstructor>
+        <MixedReturnStatement>
+            <errorLevel type="suppress">
+                <file name="src/DanskernesDigitaleBibliotekAgencyAuthBundle.php"/>
+            </errorLevel>
+        </MixedReturnStatement>
+        <MixedInferredReturnType>
+            <errorLevel type="suppress">
+                <file name="src/DanskernesDigitaleBibliotekAgencyAuthBundle.php"/>
+            </errorLevel>
+        </MixedInferredReturnType>
+        <MixedMethodCall>
+            <errorLevel type="suppress">
+                <file name="src/DependencyInjection/Configuration.php"/>
+            </errorLevel>
+        </MixedMethodCall>
+    </issueHandlers>
 </psalm>

src/DanskernesDigitaleBibliotekAgencyAuthBundle.php

@@ -7,6 +7,7 @@
 namespace DanskernesDigitaleBibliotek\AgencyAuthBundle;
 
 use DanskernesDigitaleBibliotek\AgencyAuthBundle\DependencyInjection\DanskernesDigitaleBibliotekAgencyAuthExtension;
+use Symfony\Component\DependencyInjection\Extension\ExtensionInterface;
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 
 /**
@@ -19,7 +20,7 @@ class DanskernesDigitaleBibliotekAgencyAuthBundle extends Bundle
      *
      * Overridden to allow for the custom extension alias.
      */
-    public function getContainerExtension()
+    public function getContainerExtension(): ?ExtensionInterface
     {
         if (null === $this->extension) {
             $this->extension = new DanskernesDigitaleBibliotekAgencyAuthExtension();

src/DependencyInjection/Configuration.php

@@ -17,7 +17,7 @@ class Configuration implements ConfigurationInterface
     /**
      * {@inheritdoc}
      */
-    public function getConfigTreeBuilder()
+    public function getConfigTreeBuilder(): TreeBuilder
     {
         $treeBuilder = new TreeBuilder('ddb_agency_auth');