Use symfony/clock component when available instead of non-testable time()

Command/GenerateTokenCommand.php

@@ -3,6 +3,7 @@
 namespace Lexik\Bundle\JWTAuthenticationBundle\Command;
 
 use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
+use Symfony\Component\Clock\Clock;
 use Symfony\Component\Console\Attribute\AsCommand;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputArgument;
@@ -95,7 +96,12 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         if (null !== $input->getOption('ttl') && ((int) $input->getOption('ttl')) == 0) {
             $payload['exp'] = 0;
         } elseif (null !== $input->getOption('ttl') && ((int) $input->getOption('ttl')) > 0) {
-            $payload['exp'] = time() + $input->getOption('ttl');
+            if (class_exists(Clock::class)) {
+                $now = Clock::get()->now()->getTimestamp();
+            } else {
+                $now = time();
+            }
+            $payload['exp'] = $now + $input->getOption('ttl');
         }
 
         $token = $this->tokenManager->createFromPayload($user, $payload);

Security/Http/Cookie/JWTCookieProvider.php

@@ -3,6 +3,7 @@
 namespace Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Cookie;
 
 use Lexik\Bundle\JWTAuthenticationBundle\Helper\JWTSplitter;
+use Symfony\Component\Clock\Clock;
 use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpKernel\Kernel;
 
@@ -62,7 +63,12 @@ public function createCookie(string $jwt, ?string $name = null, $expiresAt = nul
         $jwt = $jwtParts->getParts($split ?: $this->defaultSplit);
 
         if (null === $expiresAt) {
-            $expiresAt = 0 === $this->defaultLifetime ? 0 : (time() + $this->defaultLifetime);
+            if (class_exists(Clock::class)) {
+                $now = Clock::get()->now()->getTimestamp();
+            } else {
+                $now = time();
+            }
+            $expiresAt = 0 === $this->defaultLifetime ? 0 : ($now + $this->defaultLifetime);
         }
 
         return Cookie::create(

Services/JWSProvider/DefaultJWSProvider.php

@@ -8,6 +8,7 @@
 use Lexik\Bundle\JWTAuthenticationBundle\Signature\CreatedJWS;
 use Lexik\Bundle\JWTAuthenticationBundle\Signature\LoadedJWS;
 use Namshi\JOSE\JWS;
+use Symfony\Component\Clock\Clock;
 
 /**
  * JWS Provider, Namshi\JOSE library integration.
@@ -82,13 +83,19 @@ public function __construct(KeyLoaderInterface $keyLoader, $cryptoEngine, $signa
      */
     public function create(array $payload, array $header = [])
     {
+        if (class_exists(Clock::class)) {
+            $now = Clock::get()->now()->getTimestamp();
+        } else {
+            $now = time();
+        }
+
         $header['alg'] = $this->signatureAlgorithm;
 
         $jws = new JWS($header, $this->cryptoEngine);
-        $claims = ['iat' => time()];
+        $claims = ['iat' => $now];
 
         if (null !== $this->ttl && !isset($payload['exp'])) {
-            $claims['exp'] = time() + $this->ttl;
+            $claims['exp'] = $now + $this->ttl;
         }
 
         $jws->setPayload($payload + $claims);

Services/JWSProvider/LcobucciJWSProvider.php

@@ -2,7 +2,6 @@
 
 namespace Lexik\Bundle\JWTAuthenticationBundle\Services\JWSProvider;
 
-use Lcobucci\Clock\Clock;
 use Lcobucci\Clock\SystemClock;
 use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Encoding\ChainedFormatter;
@@ -30,6 +29,8 @@
 use Lexik\Bundle\JWTAuthenticationBundle\Services\KeyLoader\RawKeyLoader;
 use Lexik\Bundle\JWTAuthenticationBundle\Signature\CreatedJWS;
 use Lexik\Bundle\JWTAuthenticationBundle\Signature\LoadedJWS;
+use Symfony\Component\Clock\Clock as SymfonyClock;
+use Psr\Clock\ClockInterface as Clock;
 
 /**
  * @final
@@ -77,7 +78,11 @@ public function __construct(KeyLoaderInterface $keyLoader, string $cryptoEngine,
             throw new \InvalidArgumentException(sprintf('The %s provider supports only "openssl" as crypto engine.', self::class));
         }
         if (null === $clock) {
-            $clock = new SystemClock(new \DateTimeZone('UTC'));
+            if (class_exists(SymfonyClock::class)) {
+                $clock = SymfonyClock::get();
+            } else {
+                $clock = new SystemClock(new \DateTimeZone('UTC'));
+            }
         }
 
         $this->keyLoader = $keyLoader;
@@ -103,7 +108,7 @@ public function create(array $payload, array $header = [])
             $jws = $jws->withHeader($k, $v);
         }
 
-        $now = time();
+        $now = $this->clock->now()->getTimestamp();
 
         $issuedAt = $payload['iat'] ?? $now;
         unset($payload['iat']);

Signature/LoadedJWS.php

@@ -2,6 +2,8 @@
 
 namespace Lexik\Bundle\JWTAuthenticationBundle\Signature;
 
+use Symfony\Component\Clock\Clock;
+
 /**
  * Object representation of a JSON Web Signature loaded from an
  * existing JSON Web Token.
@@ -74,7 +76,13 @@ private function checkExpiration(): void
             return;
         }
 
-        if ($this->clockSkew <= time() - $this->payload['exp']) {
+        if (class_exists(Clock::class)) {
+            $now = Clock::get()->now()->getTimestamp();
+        } else {
+            $now = time();
+        }
+
+        if ($this->clockSkew <= $now - $this->payload['exp']) {
             $this->state = self::EXPIRED;
         }
     }
@@ -84,7 +92,12 @@ private function checkExpiration(): void
      */
     private function checkIssuedAt()
     {
-        if (isset($this->payload['iat']) && (int) $this->payload['iat'] - $this->clockSkew > time()) {
+        if (class_exists(Clock::class)) {
+            $now = Clock::get()->now()->getTimestamp();
+        } else {
+            $now = time();
+        }
+        if (isset($this->payload['iat']) && (int) $this->payload['iat'] - $this->clockSkew > $now) {
             return $this->state = self::INVALID;
         }
     }

Subscriber/AdditionalAccessTokenClaimsAndHeaderSubscriber.php

@@ -4,6 +4,7 @@
 
 use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
 use Lexik\Bundle\JWTAuthenticationBundle\Events;
+use Symfony\Component\Clock\Clock;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 
 final class AdditionalAccessTokenClaimsAndHeaderSubscriber implements EventSubscriberInterface
@@ -29,14 +30,20 @@ public static function getSubscribedEvents(): array
 
     public function addClaims(JWTCreatedEvent $event): void
     {
+        if (class_exists(Clock::class)) {
+            $now = Clock::get()->now()->getTimestamp();
+        } else {
+            $now = time();
+        }
+
         $claims = [
             'jti' => uniqid('', true),
-            'iat' => time(),
-            'nbf' => time(),
+            'iat' => $now,
+            'nbf' => $now,
         ];
         $data = $event->getData();
         if (!array_key_exists('exp', $data) && $this->ttl > 0) {
-            $claims['exp'] = time() + $this->ttl;
+            $claims['exp'] = $now + $this->ttl;
         }
         $event->setData(array_merge($claims, $data));
     }

Tests/Signature/LoadedJWSTest.php

@@ -6,6 +6,8 @@
 use Lexik\Bundle\JWTAuthenticationBundle\Tests\ForwardCompatTestCaseTrait;
 use PHPUnit\Framework\TestCase;
 use Symfony\Bridge\PhpUnit\ClockMock;
+use Symfony\Component\Clock\Clock;
+use Symfony\Component\Clock\MockClock;
 
 /**
  * Tests the CreatedJWS model class.
@@ -128,7 +130,11 @@ public function testIsNotExpiredDaySavingTransition()
     {
         // 2020-10-25 00:16:13 UTC+0
         $timestamp = 1603584973;
-        ClockMock::withClockMock($timestamp);
+        if (class_exists(Clock::class)) {
+            Clock::set(new MockClock("@$timestamp"));
+        } else {
+            ClockMock::withClockMock($timestamp);
+        }
 
         $dstPayload = [
             'username' => 'test',

composer.json

@@ -68,7 +68,8 @@
     },
     "suggest": {
         "gesdinet/jwt-refresh-token-bundle": "Implements a refresh token system over Json Web Tokens in Symfony",
-        "spomky-labs/lexik-jose-bridge": "Provides a JWT Token encoder with encryption support"
+        "spomky-labs/lexik-jose-bridge": "Provides a JWT Token encoder with encryption support",
+        "symfony/clock": "Allow to test JWT with a shared and expectable clock"
     },
     "autoload": {
         "psr-4": {