search

Saeven / zf3-circlical-user

Turnkey Authentication, Identity, and RBAC for Laminas and Zend Framework 3. Supports Doctrine and Middleware.
Mozilla Public License 2.0
36 stars 15 forks source link

PHP 7.2 has Sodium & paragonie/halite > v4 #41

Closed rkeet closed 4 years ago

rkeet commented 6 years ago

Setting up a new project let me come across the following error:

$ composer require saeven/zf3-circlical-user
Using version ^0.2.3 for saeven/zf3-circlical-user
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - paragonie/halite v2.2.0 requires ext-libsodium ^1.0.6 -> the requested PHP extension libsodium is missing from your system.
    - paragonie/halite v2.1.3 requires ext-libsodium ^1.0.6 -> the requested PHP extension libsodium is missing from your system.
    - paragonie/halite v2.1.2 requires ext-libsodium ^1.0.6 -> the requested PHP extension libsodium is missing from your system.
    - paragonie/halite v2.1.1 requires ext-libsodium ^1.0.6 -> the requested PHP extension libsodium is missing from your system.
    - paragonie/halite v2.1.0 requires ext-libsodium ^1.0.6 -> the requested PHP extension libsodium is missing from your system.
    - saeven/zf3-circlical-user 0.2.3 requires paragonie/halite ^2.1 -> satisfiable by paragonie/halite[v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.2.0].
    - Installation request for saeven/zf3-circlical-user ^0.2.3 -> satisfiable by saeven/zf3-circlical-user[0.2.3].

PHP 7.2 includes Sodium. This is used by default by paragonie/halite > 4.1

From paragonie/halite readme file

  PHP libsodium PECL libsodium Support
Halite 4.1 and newer 7.2.0 1.0.15 N/A (standard) ✔️ Active
Halite 4.0 7.2.0 1.0.13 N/A (standard) ✔️ Active
Halite 3 7.0.0 1.0.9 1.0.6 / 2.0.4 ❌ Not Supported
Halite 2 7.0.0 1.0.9 1.0.6 ❌ Not Supported
Halite 1 5.6.0 1.0.6 1.0.2 ❌ Not Supported

Shows paragonie/halite V3.* is also no longer supported.

All the above comes down to me trying to word that the requirement for paragonie/halite version ^2.1 should be updated ;-) Current version is 4.4.1 so I'm thinking ^4.4 would be a good starting point.

As encryption is supported by the module, it might also be a good idea to require at least PHP 7.2. Updating this with a new minor release shouldn't cause any bc-breaks (I think, not sure).

Saeven commented 6 years ago

Thanks for taking the time to write such a detailed post! I have some critical prod projects running 7.1; so I'd have to test both configs, protecting the library against BC breaks.

Certainly open to it.

Saeven commented 5 years ago

Just wanted to let you know that this is underway! https://github.com/Saeven/zf3-circlical-user/pull/46

I put a PR against passwdqc so that it doesn't break tests on 7.3 (simple continue-in-switch issue). Once that's merged in, I should be able to finish up quickly.

https://github.com/paragonie/passwdqc/pull/1

Saeven commented 5 years ago

All set, travis is green all the way up to 7.3 👍