Upgrade symfony to 5.4 & separate EntityMapper (#174)

* Update to Symfony 5.4
* Switch to lexik_jwt_bundle
* Milliner needs islandora-fedora-entity-mapper but not Crayfish-Commons
* Fix tests
* Update dependencies to tagged versions
* Remove unused imports
* Github actions workflow
* Update defaults to include the `user_identify_field` configuration parameter
* Add upgrade docs
* Update nodejs actions for workflows

Author: whikloj

.github/workflows/build-3.x.yml

@@ -29,12 +29,12 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: build_dir
 
       - name: Checkout islandora_ci
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: islandora/islandora_ci
           ref: github-actions
@@ -50,11 +50,18 @@ jobs:
         run: |
           echo "SCRIPT_DIR=$GITHUB_WORKSPACE/islandora_ci" >> $GITHUB_ENV
 
+      - name: Get composer cache directory
+        id: composer-cache
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir/Milliner
+          echo "composer-cache-dir=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
       - name: Cache Composer dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
-          path: /tmp/composer-cache
-          key: ${{ runner.os }}-${{ hashFiles('**/composer.lock') }}
+          path: ${{ env.composer-cache-dir }}
+          key: ${{ runner.os }}-composer-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ matrix.php-version }}
 
       - name: composer install
         run: |
@@ -70,5 +77,5 @@ jobs:
           .scripts/tester
 
       - name: codecov
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
 

.github/workflows/build-4.x.yml

@@ -0,0 +1,81 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI - 4.x
+
+# Controls when the action will run.
+on:
+  # Triggers the workflow on push or pull request events but only for the 7.x branch
+  push:
+    branches: [ 4.x ]
+  pull_request:
+    branches: [ 4.x ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["7.4", "8.0", "8.1"]
+
+    name: PHP ${{ matrix.php-versions }}
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          path: build_dir
+
+      - name: Checkout islandora_ci
+        uses: actions/checkout@v3
+        with:
+          repository: islandora/islandora_ci
+          ref: github-actions
+          path: islandora_ci
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: composer:v2
+
+      - name: Set environment variables
+        run: |
+          echo "SCRIPT_DIR=$GITHUB_WORKSPACE/islandora_ci" >> $GITHUB_ENV
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir/Milliner
+          echo "composer-cache-dir=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache Composer dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.composer-cache-dir }}
+          key: ${{ runner.os }}-composer-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ matrix.php-version }}
+
+      - name: composer install
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir
+          for D in */; do (cd $D; composer install) done
+
+      - name: line endings
+        run: $SCRIPT_DIR/line_endings.sh $GITHUB_WORKSPACE
+
+      - name: test scripts
+        run: |
+          cd $GITHUB_WORKSPACE/build_dir
+          .scripts/tester
+
+      - name: codecov
+        uses: codecov/codecov-action@v3
+

Homarus/.env

@@ -9,13 +9,20 @@
 # Real environment variables win over .env files.
 #
 # DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
+# https://symfony.com/doc/5.4/configuration/secrets.html
 #
 # Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
-# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
+# https://symfony.com/doc/5.4/best_practices.html#use-environment-variables-for-infrastructure-configuration
 
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=2debbf0f3bc4a9484b577b8952dc3477
 #TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
 #TRUSTED_HOSTS='^(localhost|example\.com)$'
 ###< symfony/framework-bundle ###
+
+###> lexik/jwt-authentication-bundle ###
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=900bcb1e6df36b802204915dbe1c2f6a
+###< lexik/jwt-authentication-bundle ###

Homarus/README.md

@@ -49,9 +49,6 @@ the `app.executable` parameter in [`/path/to/Homarus/config/services.yaml`](./co
 You also need to set your Fedora Base Url to allow the Fedora Resource to be pulled in automatically.
 This is done in the `/path/to/Homarus/config/packages/crayfish_commons.yaml`. 
 
-Also in the `/path/to/Homarus/config/packages/crayfish_commons.yaml` file you can point to the location of your `syn-settings.xml`.
-If you don't have a `syn-settings.xml` look at the [Syn](http://github.com/Islandora/Syn) documentation.
-
 ### Logging
 
 To change your log settings, edit the `/path/to/Homarus/config/packages/monolog.yaml` file.
@@ -62,10 +59,13 @@ environment directory will take precedence over those in the `/path/to/Homarus/c
 
 The location specified in the configuration file for the log must be writable by the web server.
 
-### Disabling Syn
+### Enabling JWT authentication
 
 There are instructions in the `/path/to/Homarus/config/packages/security.yaml` file describing what to change and what lines
-to comment out to disable Syn.
+to comment out to enable authentication.
+
+We use the Lexik JWT Authentication Bundle for Symfony, more information here
+https://github.com/lexik/LexikJWTAuthenticationBundle
 
 ## Usage
 This will return the an AVI file for the test video file in Fedora.

Homarus/UPGRADE.md

@@ -1,5 +1,42 @@
 This document guides you through the process of upgrading Homarus. First, check if a section named "Upgrade to x.x.x" exists, with x.x.x being the version you are planning to upgrade to.
 
+## Upgrade to 4.0.0
+
+4.0.0 uses Symfony 5.4, which has differences from 3.x.x which used Symfony 4.4.
+This makes it non-backwards compatible and requires testing of any custom changes you
+may have made.
+
+Homarus relies on Crayfish-Commons `^4.0` which no longer includes our own JWT authentication,
+to perform JWT authentication we use the [Lexik JWT Bundle](https://github.com/lexik/LexikJWTAuthenticationBundle).
+
+### Upgrade from version 3.x.x
+
+You can remove the `syn_config:` line from the `./config/packages/crayfish_commons.yaml` file.
+
+You can add a line like `apix_middleware_enabled: false` to the `./config/packages/crayfish_commons.yaml` file. 
+This disables the ApixMiddleware as we pass the full URL to ffmpeg instead of downloading the file and passing
+it directly.
+
+You will need to make a file in `./config/packages` called `lexik_jwt_authentication.yaml`.
+
+The file needs to contain (at a minimum) or you can copy the file from the Github repository:
+```yaml
+lexik_jwt_authentication:
+    # This is the public key from the pair generated by Drupal and is required to validate the JWTs
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    # By default lexik_jwt looks for the username key in the payload, we use sub
+    user_identity_field: sub
+```
+
+You can either:
+* define an [environment variables](https://symfony.com/doc/5.4/configuration.html#configuration-based-on-environment-variables) for
+  the `JWT_PUBLIC_KEY` variable defined above and pointed to the Drupal public key file
+
+_or_
+* explicitly overwrite the `'%env(resolve:JWT_PUBLIC_KEY)%'` in
+  the above file and specify the path to the Drupal public key
+
+
 ## Upgrade to 3.0.0
 
 Homarus (and all of Crayfish) adheres to [semantic versioning](https://semver.org), which makes a distinction between "major", "minor", and "patch" versions. The upgrade path will be different depending on which previous version from which you are migrating.

Homarus/composer.json

@@ -6,22 +6,26 @@
     "require": {
         "ext-ctype": "*",
         "ext-iconv": "*",
-        "islandora/crayfish-commons": "^3.0",
-        "symfony/dotenv": "4.4.*",
+        "islandora/crayfish-commons": "^4.0",
+        "lexik/jwt-authentication-bundle": "^2.18",
+        "symfony/dotenv": "5.4.*",
         "symfony/flex": "^1.3.1",
-        "symfony/framework-bundle": "4.4.*",
-        "symfony/yaml": "4.4.*"
+        "symfony/framework-bundle": "5.4.*",
+        "symfony/runtime": "5.4.*",
+        "symfony/string": "5.4.*",
+        "symfony/translation": "5.4.*",
+        "symfony/yaml": "5.4.*"
     },
     "require-dev": {
         "phpspec/prophecy-phpunit": "^2.0",
         "phpunit/phpunit": "^9.5",
         "sebastian/phpcpd": "^6.0",
         "squizlabs/php_codesniffer": "^3.0",
-        "symfony/var-dumper": "4.4.*",
-        "symfony/browser-kit": "4.4.*",
-        "symfony/css-selector": "4.4.*",
+        "symfony/var-dumper": "5.4.*",
+        "symfony/browser-kit": "5.4.*",
+        "symfony/css-selector": "5.4.*",
         "symfony/maker-bundle": "^1.0",
-        "symfony/phpunit-bridge": "4.4.*"
+        "symfony/phpunit-bridge": "5.4.*"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,
@@ -31,7 +35,8 @@
         },
         "sort-packages": true,
         "allow-plugins": {
-            "symfony/flex": true
+            "symfony/flex": true,
+            "symfony/runtime": true
         }
     },
     "autoload": {
@@ -68,7 +73,7 @@
     "extra": {
         "symfony": {
             "allow-contrib": false,
-            "require": "4.4.*"
+            "require": "5.4.*"
         }
     },
     "authors": [

Homarus/config/bootstrap.php

@@ -5,4 +5,5 @@
     Islandora\Crayfish\Commons\CrayfishCommonsBundle::class => ['all' => true],
     Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
     Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
+    Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
 ];

Homarus/config/bundles.php

@@ -1,3 +1,3 @@
 crayfish_commons:
   fedora_base_uri: 'http://localhost:8080/fcrepo/rest'
-  #syn_config: '/path/to/syn-settings.xml'
+  apix_middleware_enabled: false

Homarus/config/packages/crayfish_commons.yaml

@@ -1,17 +1,24 @@
-# see https://symfony.com/doc/current/reference/configuration/framework.html
+# see https://symfony.com/doc/5.4/reference/configuration/framework.html
 framework:
     secret: '%env(APP_SECRET)%'
     #csrf_protection: true
-    #http_method_override: true
+    http_method_override: false
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
         handler_id: null
         cookie_secure: auto
         cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
 
     #esi: true
     #fragments: true
     php_errors:
         log: true
+
+when@test:
+    framework:
+        test: true
+        session:
+            storage_factory_id: session.storage.factory.mock_file