Update SignedUrl & improve CI to exactly test JWT v5 & v6

Author: jakubboucek

.github/workflows/code_analysis.yaml

@@ -24,17 +24,18 @@ jobs:
           - "7.4"
           - "8.0"
           - "8.1"
+          - "8.2"
 
-        deps:
-          - name: Lowest deps
-            key: lowest
-            arg: --prefer-lowest
+        jwt:
+          - name: JWT 5
+            key: jtw5
+            arg: '"firebase/php-jwt:^5.0"'
 
-          - name: Current deps
-            key: current
-            arg: ''
+          - name: JWT 6
+            key: jwt6
+            arg: '"firebase/php-jwt:^6.0"'
 
-    name: ${{ matrix.actions.name }} on PHP ${{ matrix.php }} with ${{ matrix.deps.name }}
+    name: ${{ matrix.actions.name }} on PHP ${{ matrix.php }} with ${{ matrix.jwt.name }}
     runs-on: ubuntu-latest
 
     steps:
@@ -62,20 +63,19 @@ jobs:
         with:
           path: |
             ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-data-${{ hashFiles('composer.json') }}-php-${{ matrix.php }}-${{ matrix.deps.name }}
+          key: ${{ runner.os }}-composer-data-${{ hashFiles('composer.json') }}-php-${{ matrix.php }}-${{ matrix.jwt.name }}
 
 
       - uses: actions/cache@v2
         with:
           path: |
             **/composer.lock
-          key: ${{ runner.os }}-composer-lock-${{ hashFiles('composer.json') }}-php-${{ matrix.php }}-${{ matrix.deps.name }}
+          key: ${{ runner.os }}-composer-lock-${{ hashFiles('composer.json') }}-php-${{ matrix.php }}-${{ matrix.jwt.key }}
 
 
       - name: Install Composer
-        run: composer update --no-progress ${{ matrix.deps.arg }}
+        run: composer update --no-progress --with ${{ matrix.jwt.arg }}
 
 
       - name: Run job
-        if: ${{ matrix.deps.key != 'lowest' && matrix.php != '8.1 }}
         run: ${{ matrix.actions.run }}

src/Plugin/SignedUrl.php

@@ -25,7 +25,6 @@
 
 /**
  * @phpstan-type ParsedUrl array{'scheme'?: string, 'host'?: string, 'port'?: int, 'user'?: string, 'pass'?: string, 'path'?: string, 'query'?: string, 'fragment'?: string}
- * @phpstan-type ClaimsSet array{'iss': string, 'aud': string|null, 'iat': int, 'exp': int, 'sub': string, 'meth': array<int, string>, 'mod': int, 'val': int}
  */
 class SignedUrl implements Plugin
 {
@@ -243,7 +242,6 @@ public function verifyUrl(string $url, bool $allowRedirect = false): array
     public function verifyToken(string $token): array
     {
         try {
-            /** @var ClaimsSet $payload */
             $payload = $this->jwt->decode($token);
         } catch (RuntimeException $e) {
             throw new SignedUrlVerificationException('JWT Token invalid', 0, $e);
@@ -364,7 +362,6 @@ protected function normalizeUrl(array $url): array
     {
         $url['path'] = ($url['path'] ?? '') === '' ? '/' : ($url['path'] ?? '');
         unset($url['fragment']);
-        /** @var ParsedUrl $url (bypass PhpStan bug) */
         return $url;
     }
 }