facile-it
Replace abandoned packages
Due the web-token libraries reorganisation there are abandoned packages. The upstream facile-it/php-jose-verifier library has a 0.5-beta version that works with the new web-token but needs changes.
These are included. Lots of changes from @p4veI 's branch and some addition work by me.
I've been unable to get the conformance tests to work with a timeout error and there potentially are a large number of other changes that need making.
Codecov Report
Attention: Patch coverage is 79.36508% with 13 lines in your changes missing coverage. Please review.
Project coverage is 64.17%. Comparing base (
a9bff56) to head (10b1e67). Report is 26 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #47 +/- ##
============================================
+ Coverage 61.75% 64.17% +2.41%
+ Complexity 466 459 -7
============================================
Files 62 62
Lines 1561 1552 -9
============================================
+ Hits 964 996 +32
+ Misses 597 556 -41
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @cooperaj, thanks! It's a good start, I'm going to think about it in these days. Probably we'll can merge it and start from your work.
There are a large number of failing static analysis points in files that have not been touched so I can only assume the upstream library has changed some interfaces etc.
Looks like it should all be passing now but the failing 7.4 test matrix (removed in this PR) stops the rest from completing.
@cooperaj you can fix that by changing the CI under the include key: there's a specific job for the --prefer-lowest case, were 7.4 is specified; you should bump it to 8.1, since now it's the new minimum requirement.
Can't believe I missed that. Thanks.
EDIT. Though for some reason there aren't any checks running at all now.
We need a changelog entry. In that regard, is it correct to say that this PR does not bring any breaking change to the end user, apart from indirect dependencies change?
Apart from the dropping of 7.4 support I'd say that's the case. I don't believe any of the public interfaces were changed but our uses of the library don't touch all the functionality so I'm depending on the unit tests to flag others up.
I've been unable to get the conformance suite running. I think the upstream APIs tondo it have changed since the tests were written (~2020)
No CI pipeline seems to be running?
As I suspected the additional array_key_exists check was for Psalms benefit. It throws a wobbler when it sees the unset call further down the file about the _claim sources possibly being null. I don't under stand why given the !is_array call but :shrug:
CI was disabled due to inactivity, I re-enabled it.
I'll close & reopen this PR to trigger a new CI run.
I've tried refactoring out the code around the suppressed check so that it doesn't occur but it leads into issues with the return values being incorrect (since we technically modify the response it doesn't always match what we claim is returned i.e a TokenSetClaimsType)