From 90dba4aacbc93ddb833741d652c0dce8b25614d0 Mon Sep 17 00:00:00 2001 From: Robert Deutz Date: Wed, 9 Jul 2025 15:22:34 +0200 Subject: [PATCH 1/7] remove drone CI --- .drone.jsonnet | 108 ---------------------------------- .drone.yml | 156 ------------------------------------------------- 2 files changed, 264 deletions(-) delete mode 100644 .drone.jsonnet delete mode 100644 .drone.yml diff --git a/.drone.jsonnet b/.drone.jsonnet deleted file mode 100644 index 08168518..00000000 --- a/.drone.jsonnet +++ /dev/null @@ -1,108 +0,0 @@ -local volumes = [ - { - name: "composer-cache", - path: "/tmp/composer-cache", - }, -]; - -local hostvolumes = [ - { - name: "composer-cache", - host: {path: "/tmp/composer-cache"} - }, -]; - -local composer(phpversion, params) = { - name: "composer", - image: "joomlaprojects/docker-images:php" + phpversion, - volumes: volumes, - commands: [ - "php -v", - "composer update " + params, - ] -}; - -local phpunit(phpversion) = { - name: "PHPUnit", - image: "joomlaprojects/docker-images:php" + phpversion, - [if phpversion == "8.4" then "failure"]: "ignore", - commands: ["vendor/bin/phpunit"] -}; - -local pipeline(name, phpversion, params) = { - kind: "pipeline", - name: "PHP " + name, - volumes: hostvolumes, - steps: [ - composer(phpversion, params), - phpunit(phpversion) - ], -}; - -[ - { - kind: "pipeline", - name: "Codequality", - volumes: hostvolumes, - steps: [ - { - name: "composer", - image: "joomlaprojects/docker-images:php8.1", - volumes: volumes, - commands: [ - "php -v", - "composer update" - ] - }, - { - name: "phpcs", - image: "joomlaprojects/docker-images:php8.1", - depends: [ "composer" ], - commands: [ - "vendor/bin/phpcs --standard=ruleset.xml src/" - ] - }, - { - name: "phan", - image: "joomlaprojects/docker-images:php8.1-ast", - depends: [ "composer" ], - failure: "ignore", - commands: [ - "vendor/bin/phan" - ] - }, - { - name: "phpstan", - image: "joomlaprojects/docker-images:php8.1", - depends: [ "composer" ], - failure: "ignore", - commands: [ - "./vendor/bin/phpstan", - ] - }, - { - name: "phploc", - image: "joomlaprojects/docker-images:php8.1", - depends: [ "composer" ], - failure: "ignore", - commands: [ - "phploc src", - ] - }, - { - name: "phpcpd", - image: "joomlaprojects/docker-images:php8.1", - depends: [ "composer" ], - failure: "ignore", - commands: [ - "phpcpd src", - ] - } - ] - }, - pipeline("8.1 lowest", "8.1", "--prefer-stable --prefer-lowest"), - pipeline("8.1", "8.1", "--prefer-stable"), - pipeline("8.2", "8.2", "--prefer-stable"), - pipeline("8.3", "8.3", "--prefer-stable"), - pipeline("8.4", "8.4", "--prefer-stable"), -] diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index d591b95d..00000000 --- a/.drone.yml +++ /dev/null @@ -1,156 +0,0 @@ ---- -kind: pipeline -name: Codequality -steps: -- commands: - - php -v - - composer update - image: joomlaprojects/docker-images:php8.1 - name: composer - volumes: - - name: composer-cache - path: /tmp/composer-cache -- commands: - - vendor/bin/phpcs --standard=ruleset.xml src/ - depends: - - composer - image: joomlaprojects/docker-images:php8.1 - name: phpcs -- commands: - - vendor/bin/phan - depends: - - composer - failure: ignore - image: joomlaprojects/docker-images:php8.1-ast - name: phan -- commands: - - ./vendor/bin/phpstan - depends: - - composer - failure: ignore - image: joomlaprojects/docker-images:php8.1 - name: phpstan -- commands: - - phploc src - depends: - - composer - failure: ignore - image: joomlaprojects/docker-images:php8.1 - name: phploc -- commands: - - phpcpd src - depends: - - composer - failure: ignore - image: joomlaprojects/docker-images:php8.1 - name: phpcpd -volumes: -- host: - path: /tmp/composer-cache - name: composer-cache ---- -kind: pipeline -name: PHP 8.1 lowest -steps: -- commands: - - php -v - - composer update --prefer-stable --prefer-lowest - image: joomlaprojects/docker-images:php8.1 - name: composer - volumes: - - name: composer-cache - path: /tmp/composer-cache -- commands: - - vendor/bin/phpunit - image: joomlaprojects/docker-images:php8.1 - name: PHPUnit -volumes: -- host: - path: /tmp/composer-cache - name: composer-cache ---- -kind: pipeline -name: PHP 8.1 -steps: -- commands: - - php -v - - composer update --prefer-stable - image: joomlaprojects/docker-images:php8.1 - name: composer - volumes: - - name: composer-cache - path: /tmp/composer-cache -- commands: - - vendor/bin/phpunit - image: joomlaprojects/docker-images:php8.1 - name: PHPUnit -volumes: -- host: - path: /tmp/composer-cache - name: composer-cache ---- -kind: pipeline -name: PHP 8.2 -steps: -- commands: - - php -v - - composer update --prefer-stable - image: joomlaprojects/docker-images:php8.2 - name: composer - volumes: - - name: composer-cache - path: /tmp/composer-cache -- commands: - - vendor/bin/phpunit - image: joomlaprojects/docker-images:php8.2 - name: PHPUnit -volumes: -- host: - path: /tmp/composer-cache - name: composer-cache ---- -kind: pipeline -name: PHP 8.3 -steps: -- commands: - - php -v - - composer update --prefer-stable - image: joomlaprojects/docker-images:php8.3 - name: composer - volumes: - - name: composer-cache - path: /tmp/composer-cache -- commands: - - vendor/bin/phpunit - image: joomlaprojects/docker-images:php8.3 - name: PHPUnit -volumes: -- host: - path: /tmp/composer-cache - name: composer-cache ---- -kind: pipeline -name: PHP 8.4 -steps: -- commands: - - php -v - - composer update --prefer-stable - image: joomlaprojects/docker-images:php8.4 - name: composer - volumes: - - name: composer-cache - path: /tmp/composer-cache -- commands: - - vendor/bin/phpunit - failure: ignore - image: joomlaprojects/docker-images:php8.4 - name: PHPUnit -volumes: -- host: - path: /tmp/composer-cache - name: composer-cache ---- -kind: signature -hmac: f1387a4d434258a2643c7617d2c49f93f57a2680d8a1e5c124778238d1a59d53 - -... From 04d84384556348b3c5e97a22e0d37ea287aece17 Mon Sep 17 00:00:00 2001 From: Robert Deutz Date: Wed, 9 Jul 2025 15:22:45 +0200 Subject: [PATCH 2/7] update composer --- composer.json | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/composer.json b/composer.json index ca5efac8..78640bc6 100644 --- a/composer.json +++ b/composer.json @@ -6,16 +6,16 @@ "homepage": "https://github.com/joomla-framework/authentication", "license": "GPL-2.0-or-later", "require": { - "php": "^8.1.0" + "php": "^8.3.0" }, "require-dev": { - "joomla/database": "^3.0", - "joomla/input": "^3.0", - "phpunit/phpunit": "^10.0", - "symfony/phpunit-bridge": "^7.0", - "squizlabs/php_codesniffer": "~3.10.2", - "phpstan/phpstan": "1.12.27", - "phpstan/phpstan-deprecation-rules": "1.2.1" + "joomla/database": "dev-4.x-dev", + "joomla/input": "dev-4.x-dev", + "phpunit/phpunit": "^12.0", + "symfony/phpunit-bridge": "^8.0", + "squizlabs/php_codesniffer": "^3.10.2", + "phpstan/phpstan": "^2.1.17", + "phpstan/phpstan-deprecation-rules": "^2.0.3" }, "suggest": { "joomla/database": "Required if you want to use Joomla\\Authentication\\Strategies\\DatabaseStrategy", @@ -35,7 +35,8 @@ "extra": { "branch-alias": { "dev-2.0-dev": "2.0-dev", - "dev-3.x-dev": "3.0-dev" + "dev-3.x-dev": "3.0-dev", + "dev-4.x-dev": "4.0-dev" } } } From ab19cd761bbdc51312b3995e746a7f70441f2e08 Mon Sep 17 00:00:00 2001 From: Robert Deutz Date: Wed, 9 Jul 2025 15:23:21 +0200 Subject: [PATCH 3/7] ignore database interface message, revisit later --- phpstan-baseline.neon | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 phpstan-baseline.neon diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon new file mode 100644 index 00000000..59270cb2 --- /dev/null +++ b/phpstan-baseline.neon @@ -0,0 +1,10 @@ +parameters: + ignoreErrors: + - + message: ''' + #^Call to method bind\(\) of deprecated interface Joomla\\Database\\Query\\PreparableInterface\: + 3\.0 Capabilities will be required in Joomla\\Database\\QueryInterface$# + ''' + identifier: method.deprecatedInterface + count: 1 + path: src/Strategies/DatabaseStrategy.php From 10c4853f31c6553a780c679543ad799abe47eefe Mon Sep 17 00:00:00 2001 From: Robert Deutz Date: Wed, 9 Jul 2025 15:23:52 +0200 Subject: [PATCH 4/7] no external packages included in PHP --- src/Password/Argon2iHandler.php | 60 ++++++-------------------------- src/Password/Argon2idHandler.php | 6 ++-- 2 files changed, 14 insertions(+), 52 deletions(-) diff --git a/src/Password/Argon2iHandler.php b/src/Password/Argon2iHandler.php index e96edcf7..a00de5f0 100644 --- a/src/Password/Argon2iHandler.php +++ b/src/Password/Argon2iHandler.php @@ -9,8 +9,6 @@ namespace Joomla\Authentication\Password; -use Joomla\Authentication\Exception\UnsupportedPasswordHandlerException; - /** * Password handler for Argon2i hashed passwords * @@ -27,7 +25,6 @@ class Argon2iHandler implements HandlerInterface * @return string * * @since 1.2.0 - * @throws UnsupportedPasswordHandlerException if the password handler is not supported */ public function hashPassword($plaintext, array $options = []) { @@ -36,31 +33,15 @@ public function hashPassword($plaintext, array $options = []) return password_hash($plaintext, \PASSWORD_ARGON2I, $options); } - // Use the sodium extension (PHP 7.2 native or PECL 2.x) if able - if (\function_exists('sodium_crypto_pwhash_str_verify')) { - $hash = sodium_crypto_pwhash_str( - $plaintext, - \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, - \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE - ); - sodium_memzero($plaintext); - - return $hash; - } - - // Use the libsodium extension (PECL 1.x) if able - if (\extension_loaded('libsodium')) { - $hash = \Sodium\crypto_pwhash_str( - $plaintext, - \Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, - \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE - ); - \Sodium\memzero($plaintext); + $hash = sodium_crypto_pwhash_str( + $plaintext, + SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, + SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE + ); - return $hash; - } + sodium_memzero($plaintext); - throw new UnsupportedPasswordHandlerException('Argon2i algorithm is not supported.'); + return $hash; } /** @@ -77,13 +58,8 @@ public static function isSupported() return true; } - // Check if the sodium_compat polyfill is installed and look for compatibility through that - if (class_exists('\\ParagonIE_Sodium_Compat') && method_exists('\\ParagonIE_Sodium_Compat', 'crypto_pwhash_is_available')) { - return \ParagonIE_Sodium_Compat::crypto_pwhash_is_available(); - } - // Check for support from the (lib)sodium extension - return \function_exists('sodium_crypto_pwhash_str') || \extension_loaded('libsodium'); + return \function_exists('sodium_crypto_pwhash_str'); } /** @@ -95,7 +71,6 @@ public static function isSupported() * @return boolean * * @since 1.2.0 - * @throws UnsupportedPasswordHandlerException if the password handler is not supported */ public function validatePassword($plaintext, $hashed) { @@ -104,22 +79,9 @@ public function validatePassword($plaintext, $hashed) return password_verify($plaintext, $hashed); } - // Use the sodium extension (PHP 7.2 native or PECL 2.x) if able - if (\function_exists('sodium_crypto_pwhash_str_verify')) { - $valid = sodium_crypto_pwhash_str_verify($hashed, $plaintext); - sodium_memzero($plaintext); - - return $valid; - } - - // Use the libsodium extension (PECL 1.x) if able - if (\extension_loaded('libsodium')) { - $valid = \Sodium\crypto_pwhash_str_verify($hashed, $plaintext); - \Sodium\memzero($plaintext); - - return $valid; - } + $valid = sodium_crypto_pwhash_str_verify($hashed, $plaintext); + sodium_memzero($plaintext); - throw new UnsupportedPasswordHandlerException('Argon2i algorithm is not supported.'); + return $valid; } } diff --git a/src/Password/Argon2idHandler.php b/src/Password/Argon2idHandler.php index 27cc76e6..a9f05600 100644 --- a/src/Password/Argon2idHandler.php +++ b/src/Password/Argon2idHandler.php @@ -32,7 +32,7 @@ class Argon2idHandler implements HandlerInterface public function hashPassword($plaintext, array $options = []) { // Use the password extension if able - if (version_compare(\PHP_VERSION, '7.3', '>=') && \defined('PASSWORD_ARGON2ID')) { + if (self::isSupported()) { return password_hash($plaintext, \PASSWORD_ARGON2ID, $options); } @@ -49,7 +49,7 @@ public function hashPassword($plaintext, array $options = []) public static function isSupported() { // Check for native PHP engine support in the password extension - if (version_compare(\PHP_VERSION, '7.3', '>=') && \defined('PASSWORD_ARGON2ID')) { + if (\defined('PASSWORD_ARGON2ID')) { return true; } @@ -70,7 +70,7 @@ public static function isSupported() public function validatePassword($plaintext, $hashed) { // Use the password extension if able - if (version_compare(\PHP_VERSION, '7.3', '>=') && \defined('PASSWORD_ARGON2ID')) { + if (self::isSupported()) { return password_verify($plaintext, $hashed); } From 2093c3f1c019d969160c9d385ce8ea0ea548c7aa Mon Sep 17 00:00:00 2001 From: Robert Deutz Date: Wed, 9 Jul 2025 15:28:32 +0200 Subject: [PATCH 5/7] add baseline --- phpstan.neon | 1 + 1 file changed, 1 insertion(+) diff --git a/phpstan.neon b/phpstan.neon index 07d82270..2197bd8f 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -1,5 +1,6 @@ includes: + - phpstan-baseline.neon - vendor/phpstan/phpstan-deprecation-rules/rules.neon parameters: From 6b03f2d43c255327e302b9004d8e19533785e480 Mon Sep 17 00:00:00 2001 From: Robert Deutz Date: Wed, 9 Jul 2025 15:33:11 +0200 Subject: [PATCH 6/7] info updated --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index b3f35854..17c3133b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,7 +5,8 @@ These versions are currently being supported with security updates: | Version | Supported | -| ------- | ------------------ | +|---------| ------------------ | +| 4.x.x | :white_check_mark: | | 3.x.x | :white_check_mark: | | 2.0.x | :white_check_mark: | | 1.3.x | :x: | From a65b9090767a3143c81e0c616d6f588555ebd6d4 Mon Sep 17 00:00:00 2001 From: Richard Fath Date: Sat, 12 Jul 2025 16:13:55 +0200 Subject: [PATCH 7/7] Fix include order in phpstan.neon so it's the same as elsewhere --- phpstan.neon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpstan.neon b/phpstan.neon index 2197bd8f..305d72f1 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -1,7 +1,7 @@ includes: - - phpstan-baseline.neon - vendor/phpstan/phpstan-deprecation-rules/rules.neon + - phpstan-baseline.neon parameters: level: 5