Add support for Symfony 8

.github/workflows/unit-tests.yml

@@ -25,6 +25,11 @@ jobs:
                       doctrine-orm: "^2.14"
                       composer-flags: '--prefer-stable --prefer-lowest'
                       can-fail: false
+                    - php: "8.4"
+                      symfony: "8.0.*"
+                      doctrine-orm: "^3.0"
+                      composer-flags: ''
+                      can-fail: true
                 exclude:
                     - php: "8.1"
                       symfony: "7.1.*"

composer.json

@@ -22,19 +22,19 @@
         "nyholm/psr7": "^1.4",
         "psr/http-factory": "^1.0",
         "symfony/deprecation-contracts": "^3",
-        "symfony/event-dispatcher": "^6.4|^7.0",
-        "symfony/filesystem": "^6.4|^7.0",
-        "symfony/framework-bundle": "^6.4|^7.0",
-        "symfony/psr-http-message-bridge": "^6.4|^7",
-        "symfony/security-bundle": "^6.4|^7.0"
+        "symfony/event-dispatcher": "^6.4|^7.0|^8.0",
+        "symfony/filesystem": "^6.4|^7.0|^8.0",
+        "symfony/framework-bundle": "^6.4|^7.0|^8.0",
+        "symfony/psr-http-message-bridge": "^6.4|^7.0|^8.0",
+        "symfony/security-bundle": "^6.4|^7.0|^8.0"
     },
     "require-dev": {
         "ext-pdo": "*",
         "ext-pdo_sqlite": "*",
-        "doctrine/doctrine-bundle": "^2.8.0",
+        "doctrine/doctrine-bundle": "^2.8|^3.0",
         "doctrine/orm": "^2.14|^3.0",
-        "symfony/browser-kit": "^6.4|^7.0",
-        "symfony/phpunit-bridge": "^7.2"
+        "symfony/browser-kit": "^6.4|^7.0|^8.0",
+        "symfony/phpunit-bridge": "^7.3"
     },
     "conflict": {
         "doctrine/doctrine-bundle": "<2.8.0",

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -49,11 +49,9 @@
 final class LeagueOAuth2ServerExtension extends Extension implements PrependExtensionInterface, CompilerPassInterface
 {
     /**
-     * @return void
-     *
      * @throws \Exception
      */
-    public function load(array $configs, ContainerBuilder $container)
+    public function load(array $configs, ContainerBuilder $container): void
     {
         $loader = new PhpFileLoader($container, new FileLocator(__DIR__ . '/../../config'));
         $loader->load('services.php');
@@ -90,10 +88,7 @@ public function getAlias(): string
         return 'league_oauth2_server';
     }
 
-    /**
-     * @return void
-     */
-    public function prepend(ContainerBuilder $container)
+    public function prepend(ContainerBuilder $container): void
     {
         // If no doctrine connection is configured, the DBAL connection should
         // be left alone as adding any configuration setting with no connection
@@ -114,10 +109,7 @@ public function prepend(ContainerBuilder $container)
         ]);
     }
 
-    /**
-     * @return void
-     */
-    public function process(ContainerBuilder $container)
+    public function process(ContainerBuilder $container): void
     {
         $this->assertRequiredBundlesAreEnabled($container);
     }

src/LeagueOAuth2ServerBundle.php

@@ -17,10 +17,7 @@
 
 final class LeagueOAuth2ServerBundle extends Bundle
 {
-    /**
-     * @return void
-     */
-    public function build(ContainerBuilder $container)
+    public function build(ContainerBuilder $container): void
     {
         parent::build($container);
 

src/Security/Authenticator/OAuth2Authenticator.php

@@ -16,6 +16,8 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\AttributesBasedUserProviderInterface;
+use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
@@ -70,6 +72,14 @@ public function authenticate(Request $request): Passport
 
         /** @var string $userIdentifier */
         $userIdentifier = $psr7Request->getAttribute('oauth_user_id', '');
+        if ('' === $userIdentifier) {
+            /**
+             * BC layer for Symfony < 8.0
+             */
+            if (is_a(ChainUserProvider::class, AttributesBasedUserProviderInterface::class, true)) {
+                throw OAuth2AuthenticationFailedException::create('The access token has either an empty or missing "oauth_user_id" attribute.');
+            }
+        }
 
         /** @var string $accessTokenId */
         $accessTokenId = $psr7Request->getAttribute('oauth_access_token_id');
@@ -81,7 +91,10 @@ public function authenticate(Request $request): Passport
         $oauthClientId = $psr7Request->getAttribute('oauth_client_id', '');
 
         $userLoader = function (string $userIdentifier) use ($oauthClientId): UserInterface {
-            if ('' === $userIdentifier || $oauthClientId === $userIdentifier) {
+            if (
+                $oauthClientId === $userIdentifier
+                || ('' === $userIdentifier && is_a(ChainUserProvider::class, AttributesBasedUserProviderInterface::class, true)) // BC layer for Symfony < 8.0
+            ) {
                 return new ClientCredentialsUser($oauthClientId);
             }
 

tests/TestKernel.php

@@ -5,7 +5,6 @@
 namespace League\Bundle\OAuth2ServerBundle\Tests;
 
 use Doctrine\DBAL\Platforms\SQLitePlatform;
-use Doctrine\ORM\Mapping\Annotation;
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\AuthorizationCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
@@ -90,8 +89,7 @@ public function registerContainerConfiguration(LoaderInterface $loader): void
                 ],
             ];
 
-            $doctrine['orm'] = ['enable_lazy_ghost_objects' => !interface_exists(Annotation::class)];
-
+            $doctrine['orm'] = [];
             $container->loadFromExtension('doctrine', $doctrine);
 
             $framework = [

tests/Unit/OAuth2AuthenticatorTest.php

@@ -97,6 +97,8 @@ public function testAuthenticateCreatePassportWithClientCredentialsUser(): void
     {
         $serverRequest = (new ServerRequest('GET', '/foo'))
             ->withAttribute('oauth_access_token_id', 'accessTokenId')
+            ->withAttribute('oauth_user_id', 'clientId')
+            ->withAttribute('oauth_client_id', 'clientId')
         ;
 
         $httpMessageFactory = $this->createMock(HttpMessageFactoryInterface::class);