Comments (5)
fyrye
commented on September 3, 2024
1
@scheb thanks for looking into the issue more in-depth.
Yes, classmap-authoritative: true is set in composer.json., as recommended by Symfony along with optimize-autoloader: true.
Due to the issue being caused by the return type-hint conflict not loading aliases when using classmap-authoritative, I recommend scheb/2fa-trusted-device:^5.3 require lcobucci/jwt:^4.0 to ensure the issue is not encountered by others in production environments with the same configuration.
To circumvent the issue I updated my composer.json autoload definitions until I can find a better solution, thank you for tracking the root cause down.
"autoload": {
"files": [
"vendor/lcobucci/jwt/src/Token/Plain.php",
"vendor/lcobucci/jwt/src/Token/Signature.php"
],
},For clarification, looking at vendor/lcobucci/jwt/compat/class-aliases.php, I do not think this is configured correctly and would need to be addressed by them.
class_exists(\Lcobucci\JWT\Token\Plain::class);
class_exists(\Lcobucci\JWT\Token\Signature::class);The file is referenced in the autoload configuration vendor/lcobucci/jwt/composer.json
"autoload": {
"psr-4": {
"Lcobucci\\JWT\\": "src"
},
"files": [
"compat/class-aliases.php",
"compat/json-exception-polyfill.php",
"compat/lcobucci-clock-polyfill.php"
]
},from 2fa.
scheb
commented on September 3, 2024
Which version of lcobucci/jwt do you have installed? composer show --installed should tell you.
Also a stack trace of the exception might be helpful.
Thanks!
from 2fa.
fyrye
commented on September 3, 2024
@scheb As I have PHP 7.3.22 composer installed lcobucci/jwt 3.4.4, since lcobucci/jwt 4.0+ requires PHP 7.4+
Note this issue also affects scheb/2fa-trusted-device ^5.3 when the JwtTokenEncoder::generateToken return signature was changed to Plain.
Stack Trace (scheb/2fa-bundle 5.4.2)
TypeError:
Return value of Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\JwtTokenEncoder::generateToken() must be an instance of Lcobucci\JWT\Token\Plain, instance of Lcobucci\JWT\Token returned
at vendor/scheb/2fa-trusted-device/Security/TwoFactor/Trusted/JwtTokenEncoder.php:45
at Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\JwtTokenEncoder->generateToken('[email protected]', 'main', 4, object(DateTimeImmutable))
(vendor/scheb/2fa-trusted-device/Security/TwoFactor/Trusted/TrustedDeviceTokenEncoder.php:33)
at Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceTokenEncoder->generateToken('[email protected]', 'main', 4)
(vendor/scheb/2fa-trusted-device/Security/TwoFactor/Trusted/TrustedDeviceTokenStorage.php:89)
at Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceTokenStorage->addTrustedToken('[email protected]', 'main', 4)
(var/cache/dev/ContainerO5l8XgX/srcApp_KerneldevDebugContainer.php:30895)
at ContainerO5l8XgX\TrustedDeviceTokenStorage_fc7b3c4->addTrustedToken('[email protected]', 'main', 4)
(vendor/scheb/2fa-trusted-device/Security/TwoFactor/Trusted/TrustedDeviceManager.php:38)
at Scheb\TwoFactorBundle\Security\TwoFactor\Trusted\TrustedDeviceManager->addTrustedDevice(object(Users), 'main')
(vendor/scheb/2fa-bundle/Security/Http/Firewall/TwoFactorListener.php:193)
at Scheb\TwoFactorBundle\Security\Http\Firewall\TwoFactorListener->onSuccess(object(Request), object(PostAuthenticationGuardToken), object(TwoFactorToken))
(vendor/scheb/2fa-bundle/Security/Http/Firewall/TwoFactorListener.php:150)
at Scheb\TwoFactorBundle\Security\Http\Firewall\TwoFactorListener->attemptAuthentication(object(Request), object(TwoFactorToken))
(vendor/scheb/2fa-bundle/Security/Http/Firewall/TwoFactorListener.php:134)
at Scheb\TwoFactorBundle\Security\Http\Firewall\TwoFactorListener->authenticate(object(RequestEvent))
(vendor/symfony/security-bundle/Debug/WrappedLazyListener.php:49)
at Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate(object(RequestEvent))
(vendor/symfony/security-http/Firewall/AbstractListener.php:27)
at Symfony\Component\Security\Http\Firewall\AbstractListener->__invoke(object(RequestEvent))
(vendor/symfony/security-bundle/Security/LazyFirewallContext.php:64)
at Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext->__invoke(object(RequestEvent))
(vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php:59)
at Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener->callListeners(object(RequestEvent), object(Generator))
(vendor/symfony/security-http/Firewall.php:98)
at Symfony\Component\Security\Http\Firewall->onKernelRequest(object(RequestEvent), 'kernel.request', object(TraceableEventDispatcher))
(vendor/symfony/event-dispatcher/Debug/WrappedListener.php:126)
at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(RequestEvent), 'kernel.request', object(TraceableEventDispatcher))
(vendor/symfony/event-dispatcher/EventDispatcher.php:264)
at Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.request', object(RequestEvent))
(vendor/symfony/event-dispatcher/EventDispatcher.php:239)
at Symfony\Component\EventDispatcher\EventDispatcher->callListeners(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.request', object(RequestEvent))
(vendor/symfony/event-dispatcher/EventDispatcher.php:73)
at Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object(RequestEvent), 'kernel.request')
(vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:168)
at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object(RequestEvent), 'kernel.request')
(vendor/symfony/http-kernel/HttpKernel.php:134)
at Symfony\Component\HttpKernel\HttpKernel->handleRaw(object(Request), 1)
(vendor/symfony/http-kernel/HttpKernel.php:80)
at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), 1, true)
(vendor/symfony/http-kernel/Kernel.php:201)
at Symfony\Component\HttpKernel\Kernel->handle(object(Request))
(/home/app/index.php:22)
from 2fa.
scheb
commented on September 3, 2024
lcobucci/jwt 3.4.* contains a compatibility layer for version lcobucci/jwt 4.*, so it is in fact possible to call the library with the signatures from version 4, even when you are using 3.4.*. That's the reason why the signatures have changed, to make the bundle compatible with both versions.
Just from the perspective of the code I cannot really trace down the issue. In v3.4.* Lcobucci\JWT\Token is an alias for Lcobucci\JWT\Token\Plain as seen here https://github.com/lcobucci/jwt/blob/3.4.4/src/Token/Plain.php so you shouldn't get that TypeError. Also, according to unit and integration tests everything is fine. Not sure what I'm missing here.
I have to try and setup a test environment with exactly those versions, see if I can reproduce the issue.
from 2fa.
scheb
commented on September 3, 2024
I forced the integration test suite to execute with PHP7.3 and got almost the same environment as yours:
https://github.com/scheb/2fa/runs/1881875528?check_suite_focus=true
PHP 7.3.27 and if you look into "Display dependency versions":
lcobucci/jwt 3.4.4
symfony/symfony v4.4.19
The integration test suite is definitly exection that piece of code, but no issue.
I have the suspicion this has something to do with class autoloading and was actually able to reproduce the exception by generating the Composer autoloader with composer dump-autoload --classmap-authoritative. The classmap-authoritative is likely becoming the issue here, because Lcobucci\JWT\Token is not an actual class but an alias in that version of lcobucci/jwt. I believe that's why it's missing in the generated autoloader classmap, therefore the file creating the alias is never loaded, therefore you get a TypeError.
Did you use the classmap-authoritative option in the environment having that issue? If so, I'd say this is actually an issue of the lcobucci/jwt library.
from 2fa.
Related Issues (20)
- Infinite redirection loop problem HOT 2
- advice on taking this bundle to the next level HOT 3
- Unable to decode the secret. Is it correctly base32 encoded? HOT 1
- After login it is not redirecting me to the 2fa route HOT 2
- Reduce the secret length to 16 characters HOT 1
- 2FA not detected/working on my project HOT 8
- Increase performance by using CacheableVoterInterface HOT 2
- GitHub Sponsors (PayPal not possible) HOT 2
- Cache-control headers are set to private when using 2FA bundle HOT 1
- Symfony 7.1 Support
- Unrecognized option "trusted_device" under "scheb_two_factor" HOT 2
- Failover 2FA HOT 1
- How to ask for 2FA (TOTP code) when already logged in HOT 2
- "User is in a two-factor authentication process" exception picked up by sentry HOT 3
- Modify 2fa in project to check all factors (username+password and 2fa code) before reporting an error HOT 2
- no authenticator raised when I enter the 2fa code, bug only with traeffik HOT 2
- Check route redirects back to login form upon submit HOT 3
- Allow CSRF token to be retrieved via the X-XSRF-TOKEN header HOT 4
- Support locale with route HOT 4
- Always getting error "invalid_code" HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2fa.