Upgrade symfony to 5.4 & separate EntityMapper (#174)

* Update to Symfony 5.4 * Switch to lexik_jwt_bundle * Milliner needs islandora-fedora-entity-mapper but not Crayfish-Commons * Fix tests * Update dependencies to tagged versions * Remove unused imports * Github actions workflow * Update defaults to include the `user_identify_field` configuration parameter * Add upgrade docs * Update nodejs actions for workflows
Islandora · May 5, 2023 · c2c44b9 · c2c44b9
1 parent d4bc375
commit c2c44b9
Show file tree

Hide file tree

Showing 90 changed files with 1,052 additions and 874 deletions.
diff --git a/.github/workflows/build-3.x.yml b/.github/workflows/build-3.x.yml
@@ -29,12 +29,12 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: build_dir
 
       - name: Checkout islandora_ci
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: islandora/islandora_ci
           ref: github-actions
@@ -50,11 +50,18 @@ jobs:
         run: |
           echo "SCRIPT_DIR=$GITHUB_WORKSPACE/islandora_ci" >> $GITHUB_ENV
 
+      - name: Get composer cache directory
+        id: composer-cache
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir/Milliner
+          echo "composer-cache-dir=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
       - name: Cache Composer dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
-          path: /tmp/composer-cache
-          key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }}
+          path: ${{ env.composer-cache-dir }}
+          key: ${{ runner.os }}-composer-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ matrix.php-version }}
 
       - name: composer install
         run: |
@@ -70,5 +77,5 @@ jobs:
           .scripts/tester
 
       - name: codecov
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
 
diff --git a/.github/workflows/build-4.x.yml b/.github/workflows/build-4.x.yml
@@ -0,0 +1,81 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI - 4.x
+
+# Controls when the action will run.
+on:
+  # Triggers the workflow on push or pull request events but only for the 7.x branch
+  push:
+    branches: [ 4.x ]
+  pull_request:
+    branches: [ 4.x ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["7.4", "8.0", "8.1"]
+
+    name: PHP ${{ matrix.php-versions }}
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          path: build_dir
+
+      - name: Checkout islandora_ci
+        uses: actions/checkout@v3
+        with:
+          repository: islandora/islandora_ci
+          ref: github-actions
+          path: islandora_ci
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: composer:v2
+
+      - name: Set environment variables
+        run: |
+          echo "SCRIPT_DIR=$GITHUB_WORKSPACE/islandora_ci" >> $GITHUB_ENV
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir/Milliner
+          echo "composer-cache-dir=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache Composer dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.composer-cache-dir }}
+          key: ${{ runner.os }}-composer-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ matrix.php-version }}
+
+      - name: composer install
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir
+          for D in */; do (cd $D; composer install) done
+
+      - name: line endings
+        run: $SCRIPT_DIR/line_endings.sh $GITHUB_WORKSPACE
+
+      - name: test scripts
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir
+          .scripts/tester
+
+      - name: codecov
+        uses: codecov/codecov-action@v3
+
diff --git a/Homarus/.env b/Homarus/.env
@@ -9,13 +9,20 @@
 # Real environment variables win over .env files.
 #
 # DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
+# https://symfony.com/doc/5.4/configuration/secrets.html
 #
 # Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
-# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
+# https://symfony.com/doc/5.4/best_practices.html#use-environment-variables-for-infrastructure-configuration
 
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=2debbf0f3bc4a9484b577b8952dc3477
 #TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
 #TRUSTED_HOSTS='^(localhost|example\.com)$'
 ###< symfony/framework-bundle ###
+
+###> lexik/jwt-authentication-bundle ###
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=900bcb1e6df36b802204915dbe1c2f6a
+###< lexik/jwt-authentication-bundle ###
diff --git a/Homarus/README.md b/Homarus/README.md
@@ -49,9 +49,6 @@ the `app.executable` parameter in [`/path/to/Homarus/config/services.yaml`](./co
 You also need to set your Fedora Base Url to allow the Fedora Resource to be pulled in automatically.
 This is done in the `/path/to/Homarus/config/packages/crayfish_commons.yaml`. 
 
-Also in the `/path/to/Homarus/config/packages/crayfish_commons.yaml` file you can point to the location of your `syn-settings.xml`.
-If you don't have a `syn-settings.xml` look at the [Syn](http://github.com/Islandora/Syn) documentation.
-
 ### Logging
 
 To change your log settings, edit the `/path/to/Homarus/config/packages/monolog.yaml` file.
@@ -62,10 +59,13 @@ environment directory will take precedence over those in the `/path/to/Homarus/c
 
 The location specified in the configuration file for the log must be writable by the web server.
 
-### Disabling Syn
+### Enabling JWT authentication
 
 There are instructions in the `/path/to/Homarus/config/packages/security.yaml` file describing what to change and what lines
-to comment out to disable Syn.
+to comment out to enable authentication.
+
+We use the Lexik JWT Authentication Bundle for Symfony, more information here
+https://github.com/lexik/LexikJWTAuthenticationBundle
 
 ## Usage
 This will return the an AVI file for the test video file in Fedora.

diff --git a/Homarus/UPGRADE.md b/Homarus/UPGRADE.md
@@ -1,5 +1,42 @@
 This document guides you through the process of upgrading Homarus. First, check if a section named "Upgrade to x.x.x" exists, with x.x.x being the version you are planning to upgrade to.
 
+## Upgrade to 4.0.0
+
+4.0.0 uses Symfony 5.4, which has differences from 3.x.x which used Symfony 4.4.
+This makes it non-backwards compatible and requires testing of any custom changes you
+may have made.
+
+Homarus relies on Crayfish-Commons `^4.0` which no longer includes our own JWT authentication,
+to perform JWT authentication we use the [Lexik JWT Bundle](https://github.com/lexik/LexikJWTAuthenticationBundle).
+
+### Upgrade from version 3.x.x
+
+You can remove the `syn_config:` line from the `./config/packages/crayfish_commons.yaml` file.
+
+You can add a line like `apix_middleware_enabled: false` to the `./config/packages/crayfish_commons.yaml` file. 
+This disables the ApixMiddleware as we pass the full URL to ffmpeg instead of downloading the file and passing
+it directly.
+
+You will need to make a file in `./config/packages` called `lexik_jwt_authentication.yaml`.
+
+The file needs to contain (at a minimum) or you can copy the file from the Github repository:
+```yaml
+lexik_jwt_authentication:
+    # This is the public key from the pair generated by Drupal and is required to validate the JWTs
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    # By default lexik_jwt looks for the username key in the payload, we use sub
+    user_identity_field: sub
+```
+
+You can either:
+* define an [environment variables](https://symfony.com/doc/5.4/configuration.html#configuration-based-on-environment-variables) for
+  the `JWT_PUBLIC_KEY` variable defined above and pointed to the Drupal public key file
+
+_or_
+* explicitly overwrite the `'%env(resolve:JWT_PUBLIC_KEY)%'` in
+  the above file and specify the path to the Drupal public key
+
+
 ## Upgrade to 3.0.0
 
 Homarus (and all of Crayfish) adheres to [semantic versioning](https://semver.org), which makes a distinction between "major", "minor", and "patch" versions. The upgrade path will be different depending on which previous version from which you are migrating.

diff --git a/Homarus/composer.json b/Homarus/composer.json
@@ -6,22 +6,26 @@
     "require": {
         "ext-ctype": "*",
         "ext-iconv": "*",
-        "islandora/crayfish-commons": "^3.0",
-        "symfony/dotenv": "4.4.*",
+        "islandora/crayfish-commons": "^4.0",
+        "lexik/jwt-authentication-bundle": "^2.18",
+        "symfony/dotenv": "5.4.*",
         "symfony/flex": "^1.3.1",
-        "symfony/framework-bundle": "4.4.*",
-        "symfony/yaml": "4.4.*"
+        "symfony/framework-bundle": "5.4.*",
+        "symfony/runtime": "5.4.*",
+        "symfony/string": "5.4.*",
+        "symfony/translation": "5.4.*",
+        "symfony/yaml": "5.4.*"
     },
     "require-dev": {
         "phpspec/prophecy-phpunit": "^2.0",
         "phpunit/phpunit": "^9.5",
         "sebastian/phpcpd": "^6.0",
         "squizlabs/php_codesniffer": "^3.0",
-        "symfony/var-dumper": "4.4.*",
-        "symfony/browser-kit": "4.4.*",
-        "symfony/css-selector": "4.4.*",
+        "symfony/var-dumper": "5.4.*",
+        "symfony/browser-kit": "5.4.*",
+        "symfony/css-selector": "5.4.*",
         "symfony/maker-bundle": "^1.0",
-        "symfony/phpunit-bridge": "4.4.*"
+        "symfony/phpunit-bridge": "5.4.*"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,
@@ -31,7 +35,8 @@
         },
         "sort-packages": true,
         "allow-plugins": {
-            "symfony/flex": true
+            "symfony/flex": true,
+            "symfony/runtime": true
         }
     },
     "autoload": {
@@ -68,7 +73,7 @@
     "extra": {
         "symfony": {
             "allow-contrib": false,
-            "require": "4.4.*"
+            "require": "5.4.*"
         }
     },
     "authors": [

diff --git a/Homarus/config/bootstrap.php b/Homarus/config/bootstrap.php
diff --git a/Homarus/config/bundles.php b/Homarus/config/bundles.php
@@ -5,4 +5,5 @@
     Islandora\Crayfish\Commons\CrayfishCommonsBundle::class => ['all' => true],
     Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
     Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
+    Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
 ];
diff --git a/Homarus/config/packages/crayfish_commons.yaml b/Homarus/config/packages/crayfish_commons.yaml
@@ -1,3 +1,3 @@
 crayfish_commons:
   fedora_base_uri: 'http://localhost:8080/fcrepo/rest'
-  #syn_config: '/path/to/syn-settings.xml'
+  apix_middleware_enabled: false
diff --git a/Homarus/config/packages/framework.yaml b/Homarus/config/packages/framework.yaml
@@ -1,17 +1,24 @@
-# see https://symfony.com/doc/current/reference/configuration/framework.html
+# see https://symfony.com/doc/5.4/reference/configuration/framework.html
 framework:
     secret: '%env(APP_SECRET)%'
     #csrf_protection: true
-    #http_method_override: true
+    http_method_override: false
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
         handler_id: null
         cookie_secure: auto
         cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
 
     #esi: true
     #fragments: true
     php_errors:
         log: true
+
+when@test:
+    framework:
+        test: true
+        session:
+            storage_factory_id: session.storage.factory.mock_file
diff --git a/Homarus/config/packages/lexik_jwt_authentication.yaml b/Homarus/config/packages/lexik_jwt_authentication.yaml
@@ -0,0 +1,9 @@
+lexik_jwt_authentication:
+    # Need secret key to generate a token, this is not necessary for normal usage as the key is generated by Drupal.
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    # This is required if you have set a passphrase on the secret key, this is generally not needed.
+    pass_phrase: '%env(resolve:JWT_PASSPHRASE)%'
+    # This is the public key from the pair generated by Drupal and is required to validate the JWTs
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    # By default lexik_jwt looks for the username key in the payload, we use sub
+    user_identity_field: sub
diff --git a/Homarus/config/packages/security.yaml b/Homarus/config/packages/security.yaml
@@ -1,10 +1,10 @@
 security:
-
-    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    enable_authenticator_manager: true
+    # https://symfony.com/doc/5.4/security.html#where-do-users-come-from-user-providers
     providers:
-        jwt_user_provider:
-            id: Islandora\Crayfish\Commons\Syn\JwtUserProvider
-
+        users_in_memory: { memory: null }
+        jwt:
+            lexik_jwt: ~
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -15,21 +15,18 @@ security:
             # Need stateless or it reloads the User based on a token.
             stateless: true
 
-            # To enable Syn, uncomment the below 4 lines and change anonymous to false above.
-            #provider: jwt_user_provider
-            #guard:
-            #    authenticators:
-            #        - Islandora\Crayfish\Commons\Syn\JwtAuthenticator
+            # To enable JWT authentication, uncomment the below 2 lines and change anonymous to false above.
+            #provider: jwt
+            #jwt: ~
 
             # activate different ways to authenticate
-            # https://symfony.com/doc/current/security.html#firewalls-authentication
+            # https://symfony.com/doc/5.4/security.html#firewalls-authentication
 
-            # https://symfony.com/doc/current/security/impersonating_user.html
+            # https://symfony.com/doc/5.4/security/impersonating_user.html
             # switch_user: true
 
-
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+    # - { path: ^/admin, roles: ROLE_ADMIN }
+    # - { path: ^/profile, roles: ROLE_USER }
diff --git a/Homarus/config/preload.php b/Homarus/config/preload.php
@@ -1,9 +1,5 @@
 <?php
 
-if (file_exists(dirname(__DIR__).'/var/cache/prod/srcApp_KernelProdContainer.preload.php')) {
-    require dirname(__DIR__).'/var/cache/prod/srcApp_KernelProdContainer.preload.php';
-}
-
 if (file_exists(dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php')) {
     require dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php';
 }