search

lcobucci / jwt

A simple library to work with JSON Web Token and JSON Web Signature
https://lcobucci-jwt.readthedocs.io/en/stable/
BSD 3-Clause "New" or "Revised" License
7.3k stars 601 forks source link

Make `Token\Builder` really `readonly` #1086

Open Slamdunk opened 2 weeks ago

Slamdunk commented 2 weeks ago

As reported by PHPStan 2, the current Token\Builder implementation is not really readonly:

https://github.com/lcobucci/jwt/actions/runs/11784435253/job/32823593891?pr=1085#step:9:50

All attributes must be accepted only in its constructor. But we can't do that on a public constructor because we need the safeguards provided by its API.

The solution is to add a new static function new() method as the public constructor, make the constructor private, and only then apply the readonly attribute, hence the https://github.com/lcobucci/jwt/labels/BC-break label here

Slamdunk commented 1 week ago

Hey @Ocramius, what are those googly eyes?

Ocramius commented 1 week ago

Just for myself / that I've already seen this :)

I agree with masking the public constructor BTW.