BE 6, cakephp 5, phpunit 11/12, +php 8.4

.github/workflows/php.yml

@@ -6,22 +6,28 @@ on:
       - '**/*.php'
       - '.github/workflows/php.yml'
       - 'composer.json'
+      - 'phpcs.xml.dist'
+      - 'phpstan.neon.dist'
+      - 'phpunit.xml.dist'
   push:
     paths:
       - '**/*.php'
       - '.github/workflows/php.yml'
       - 'composer.json'
+      - 'phpcs.xml.dist'
+      - 'phpstan.neon.dist'
+      - 'phpunit.xml.dist'
 
 jobs:
   cs:
     uses: bedita/github-workflows/.github/workflows/php-cs.yml@v2
     with:
-      php_versions: '["8.3"]'
+      php_versions: '["8.4"]'
 
   stan:
     uses: bedita/github-workflows/.github/workflows/php-stan.yml@v2
     with:
-      php_versions: '["8.3"]'
+      php_versions: '["8.4"]'
 
   unit:
     name: 'Run unit tests'
@@ -33,6 +39,7 @@ jobs:
       matrix:
         php:
           - '8.3'
+          - '8.4'
 
     env:
       PHP_VERSION: '${{ matrix.php }}'

.github/workflows/release.yml

@@ -17,5 +17,5 @@ jobs:
     uses: bedita/github-workflows/.github/workflows/release.yml@v2
     with:
       main_branch: 'master'
-      dist_branches: '["master"]'
+      dist_branches: '["4.x", "master"]'
       version_bump: ${{ inputs.releaseType }}

.gitignore

@@ -10,4 +10,5 @@
 /plugins
 /tmp
 .phpunit.result.cache
+.phpunit.cache
 phinx.yml

composer.json

@@ -6,23 +6,24 @@
         "php": ">= 8.3",
         "ext-openssl": "*",
         "aws/aws-sdk-php": "^3.222",
-        "bedita/core": "^5.36",
-        "cakephp/cakephp": "^4.5",
+        "bedita/core": "^6.0",
+        "cakephp/cakephp": "^5",
         "lcobucci/jwt": "^4.2.1",
-        "league/flysystem": "^2.4.3",
-        "league/flysystem-aws-s3-v3": "^2.4.3",
+        "league/flysystem": "^3.30.2",
+        "league/flysystem-aws-s3-v3": "^3.30.1",
         "guzzlehttp/guzzle": "^7.4"
     },
     "require-dev": {
+        "cakephp/authentication": "^3.3",
         "cakephp/cakephp-codesniffer": "~4.7.0",
-        "phpunit/phpunit": "^9.6",
-        "phpstan/phpstan": "~1.10",
-        "cakephp/authentication": "^2.9",
-        "phpstan/extension-installer": "^1.1",
-        "phpstan/phpstan-phpunit": "^1.1"
+        "phpstan/phpstan": "^1.10",
+        "phpstan/extension-installer": "^1.0",
+        "phpstan/phpstan-deprecation-rules": "^1.0",
+        "phpstan/phpstan-phpunit": "^1.1",
+        "phpunit/phpunit": "^11.5"
     },
     "suggest": {
-        "cakephp/authentication": "^2.9"
+        "cakephp/authentication": "^3.3"
     },
     "autoload": {
         "psr-4": {
@@ -35,10 +36,11 @@
         }
     },
     "scripts": {
-        "cs-check": "vendor/bin/phpcs",
-        "cs-fix": "vendor/bin/phpcbf",
+        "cs-check": "vendor/bin/phpcs --colors -p --standard=vendor/cakephp/cakephp-codesniffer/CakePHP ./src ./tests",
+        "cs-fix": "vendor/bin/phpcbf --colors --standard=vendor/cakephp/cakephp-codesniffer/CakePHP ./src ./tests",
         "stan": "vendor/bin/phpstan analyse",
-        "test": "vendor/bin/phpunit --colors=always"
+        "test": "vendor/bin/phpunit --colors=always",
+        "coverage": "vendor/bin/phpunit --colors=always --coverage-html coverage"
     },
     "config": {
         "allow-plugins": {

phpstan.neon.dist

@@ -4,6 +4,8 @@ parameters:
   paths:
     - src
     - tests
-  phpVersion: 70400
   level: 8
-  checkMissingIterableValueType: false
+  ignoreErrors:
+    - '#type has no value type specified in iterable type array#'
+    - '#has parameter .* with no value type specified in iterable type array#'
+    - '#has parameter .* with generic interface .* but does not specify its types#'

phpunit.xml.dist

@@ -10,24 +10,28 @@
   ~
   ~ See LICENSE.LGPL or <http://gnu.org/licenses/lgpl-3.0.html> for more details.
   -->
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" colors="true" processIsolation="false" stopOnFailure="false" bootstrap="tests/bootstrap.php" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
-  <coverage>
-    <include>
-      <directory suffix=".php">src/</directory>
-    </include>
-  </coverage>
-  <php>
-    <ini name="memory_limit" value="-1"/>
-    <ini name="apc.enable_cli" value="1"/>
-  </php>
-  <!-- Add any additional test suites you want to run here -->
-  <testsuites>
-    <testsuite name="BEdita/AWS">
-      <directory>tests/TestCase/</directory>
-    </testsuite>
-  </testsuites>
-  <!-- Register extension for fixtures -->
-  <extensions>
-    <extension class="\Cake\TestSuite\Fixture\PHPUnitExtension" />
-  </extensions>
+<phpunit
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    colors="true"
+    processIsolation="false"
+    stopOnFailure="false"
+    bootstrap="./tests/bootstrap.php"
+    cacheDirectory=".phpunit.cache"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/11.1/phpunit.xsd"
+>
+    <source>
+        <include>
+            <directory suffix=".php">./src/</directory>
+        </include>
+    </source>
+    <php>
+        <ini name="memory_limit" value="-1"/>
+        <ini name="apc.enable_cli" value="1"/>
+    </php>
+    <!-- Add any additional test suites you want to run here -->
+    <testsuites>
+        <testsuite name="BEdita AWS">
+            <directory>./tests/TestCase/</directory>
+        </testsuite>
+    </testsuites>
 </phpunit>

src/Authenticator/AlbAuthenticator.php

@@ -19,16 +19,17 @@
 use Authentication\Authenticator\Result;
 use Authentication\Authenticator\ResultInterface;
 use Authentication\Authenticator\TokenAuthenticator;
-use Authentication\Identifier\IdentifierInterface;
+use Authentication\Identifier\JwtSubjectIdentifier;
 use Cake\Cache\Cache;
-use Cake\I18n\FrozenTime;
+use Cake\I18n\DateTime;
 use Exception;
 use GuzzleHttp\Client;
 use GuzzleHttp\RequestOptions;
 use JsonException;
 use Lcobucci\Clock\FrozenClock;
 use Lcobucci\JWT\Decoder;
 use Lcobucci\JWT\Encoding\CannotDecodeContent;
+use Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter;
 use Lcobucci\JWT\Signer\Ecdsa\Sha256;
 use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\SodiumBase64Polyfill;
@@ -60,11 +61,11 @@ class AlbAuthenticator extends TokenAuthenticator
      *
      * @var array
      */
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
         'header' => 'x-amzn-oidc-data',
         'returnPayload' => true,
         'fields' => [
-            IdentifierInterface::CREDENTIAL_JWT_SUBJECT => IdentifierInterface::CREDENTIAL_JWT_SUBJECT,
+            JwtSubjectIdentifier::CREDENTIAL_JWT_SUBJECT => JwtSubjectIdentifier::CREDENTIAL_JWT_SUBJECT,
         ],
         'publicKeyEndpoint' => null,
         'region' => null,
@@ -114,7 +115,7 @@ public function authenticate(ServerRequestInterface $request): ResultInterface
             return new Result(null, ResultInterface::FAILURE_CREDENTIALS_INVALID);
         }
 
-        if (empty($result[IdentifierInterface::CREDENTIAL_JWT_SUBJECT])) {
+        if (empty($result[JwtSubjectIdentifier::CREDENTIAL_JWT_SUBJECT])) {
             return new Result(null, ResultInterface::FAILURE_CREDENTIALS_MISSING);
         }
 
@@ -189,7 +190,7 @@ function () use ($keyId): string {
     protected function decodeToken(string $token): ?array
     {
         $jwt = (new TokenParser(new class implements Decoder {
-            /** @inheritdoc */
+            /** @inheritDoc */
             public function jsonDecode(string $json)
             {
                 try {
@@ -199,7 +200,7 @@ public function jsonDecode(string $json)
                 }
             }
 
-            /** @inheritdoc */
+            /** @inheritDoc */
             public function base64UrlDecode(string $data): string
             {
                 return SodiumBase64Polyfill::base642bin(
@@ -212,11 +213,11 @@ public function base64UrlDecode(string $data): string
         if (empty($kid) || !is_string($kid) || !$jwt instanceof UnencryptedToken) {
             return null;
         }
-
+        $ecdsa = new Sha256(new MultibyteStringConverter());
         (new Validator())->assert(
             $jwt,
-            new SignedWith(Sha256::create(), $this->getKey($kid)),
-            new LooseValidAt(new FrozenClock(FrozenTime::now())),
+            new SignedWith($ecdsa, $this->getKey($kid)),
+            new LooseValidAt(new FrozenClock(DateTime::now())),
         );
 
         return $jwt->claims()->all();

src/Filesystem/Adapter/AwsS3CloudFrontAdapter.php

@@ -19,6 +19,7 @@
 use Aws\CloudFront\Exception\CloudFrontException;
 use Aws\S3\S3ClientInterface;
 use DomainException;
+use Exception;
 use League\Flysystem\AwsS3V3\AwsS3V3Adapter;
 use League\Flysystem\Config;
 
@@ -58,8 +59,14 @@ class AwsS3CloudFrontAdapter extends AwsS3V3Adapter
      * @param bool $streamReads Whether reads should be streamed.
      * @param \Aws\CloudFront\CloudFrontClient|null $cloudfrontClient CloudFront client instance, or `null`.
      */
-    public function __construct(S3ClientInterface $client, string $bucket, string $prefix = '', array $options = [], $streamReads = true, ?CloudFrontClient $cloudfrontClient = null)
-    {
+    public function __construct(
+        S3ClientInterface $client,
+        string $bucket,
+        string $prefix = '',
+        array $options = [],
+        $streamReads = true,
+        ?CloudFrontClient $cloudfrontClient = null
+    ) {
         parent::__construct($client, $bucket, $prefix, null, null, $options, $streamReads);
 
         if (!empty($options['distributionId']) && $cloudfrontClient === null) {
@@ -100,12 +107,30 @@ public function hasCloudFrontConfig(): bool
         return $this->cloudfrontClient !== null;
     }
 
+    /**
+     * Check whether a file exists.
+     *
+     * @param string $path The path to check.
+     * @return bool
+     */
+    protected function exists(string $path): bool
+    {
+        $result = false;
+        try {
+            $result = $this->hasCloudFrontConfig() && $this->fileExists($path);
+        } catch (Exception $e) {
+            // Ignore exceptions
+        }
+
+        return $result;
+    }
+
     /**
      * @inheritDoc
      */
     public function copy(string $source, string $destination, Config $config): void
     {
-        $existed = $this->hasCloudFrontConfig() && $this->fileExists($destination);
+        $existed = $this->exists($destination);
         parent::copy($source, $destination, $config);
         if ($existed) {
             $this->createCloudFrontInvalidation($destination);
@@ -117,7 +142,7 @@ public function copy(string $source, string $destination, Config $config): void
      */
     public function delete(string $path): void
     {
-        $existed = $this->hasCloudFrontConfig() && $this->fileExists($path);
+        $existed = $this->exists($path);
         parent::delete($path);
         if ($existed) {
             $this->createCloudFrontInvalidation($path);
@@ -138,7 +163,7 @@ public function deleteDirectory(string $path): void
      */
     public function write(string $path, string $contents, Config $config): void
     {
-        $existed = $this->hasCloudFrontConfig() && $this->fileExists($path);
+        $existed = $this->exists($path);
         parent::write($path, $contents, $config);
         if ($existed) {
             $this->createCloudFrontInvalidation($path);

src/Filesystem/Adapter/S3Adapter.php

@@ -34,7 +34,7 @@ class S3Adapter extends FilesystemAdapter
     /**
      * @inheritDoc
      */
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
         'region' => null,
         'bucket' => null,
         'version' => 'latest',

src/Mailer/Transport/SesTransport.php

@@ -39,7 +39,7 @@ class SesTransport extends AbstractTransport
     /**
      * @inheritDoc
      */
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
         'region' => null,
         'version' => 'latest',
     ];

src/Mailer/Transport/SnsTransport.php

@@ -32,7 +32,7 @@ class SnsTransport extends AbstractTransport
     /**
      * @inheritDoc
      */
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
         'region' => null,
         'version' => 'latest',
         'smsType' => null,