Migrate psalm to phpstan

simplesamlphp · Aug 9, 2024 · 4016fc6 · 4016fc6
1 parent 3f3cc9c
commit 4016fc6
Show file tree

Hide file tree

Showing 22 changed files with 104 additions and 159 deletions.
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -50,8 +50,7 @@ jobs:
         with:
           # Should be the higest supported version, so we can use the newest tools
           php-version: '8.3'
-          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
-          # optional performance gain for psalm: opcache
+          tools: composer, composer-require-checker, composer-unused, phpcs, phpstan
           extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, pcre, spl, xml
 
       - name: Setup problem matchers for PHP
@@ -84,27 +83,13 @@ jobs:
       - name: PHP Code Sniffer
         run: phpcs
 
-      - name: Psalm
-        continue-on-error: true
+      - name: PHPStan
         run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          phpstan analyze -c phpstan.neon --debug
 
-      - name: Psalm (testsuite)
+      - name: PHPStan (testsuite)
         run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalter
-        run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          phpstan analyze -c phpstan-dev.neon --debug
 
   security:
     name: Security checks

diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -0,0 +1,46 @@
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Offset 'FIDO2PasswordlessAu…' does not exist on array\\{FIDO2AuthSuccessful\\: mixed, FIDO2WantsRegister\\: bool\\}\\.$#"
+			count: 1
+			path: src/Controller/AuthProcess.php
+
+		-
+			message: "#^Call to an undefined method class@anonymous/Controller/PushbackUserPass\\.php\\:97\\:\\:login\\(\\)\\.$#"
+			count: 1
+			path: src/Controller/PushbackUserPass.php
+
+		-
+			message: "#^Class class@anonymous/Controller/PushbackUserPass\\.php\\:97 does not have a constructor and must be instantiated without any parameters\\.$#"
+			count: 1
+			path: src/Controller/PushbackUserPass.php
+
+		-
+			message: "#^Constructor of class SimpleSAML\\\\Module\\\\webauthn\\\\Store has an unused parameter \\$config\\.$#"
+			count: 1
+			path: src/Store.php
+
+		-
+			message: "#^Method SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\:\\:__construct\\(\\) with return type void returns null but should not return anything\\.$#"
+			count: 1
+			path: src/WebAuthn/AAGUID.php
+
+		-
+			message: "#^Method SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\:\\:getInstance\\(\\) should return static\\(SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\) but returns SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\.$#"
+			count: 1
+			path: src/WebAuthn/AAGUID.php
+
+		-
+			message: "#^Static property SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\:\\:\\$instance \\(static\\(SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\)\\) does not accept SimpleSAML\\\\Module\\\\webauthn\\\\WebAuthn\\\\AAGUID\\.$#"
+			count: 1
+			path: src/WebAuthn/AAGUID.php
+
+		-
+			message: "#^Call to an undefined method CBOR\\\\CBORObject\\:\\:normalize\\(\\)\\.$#"
+			count: 1
+			path: src/WebAuthn/WebAuthnAbstractEvent.php
+
+		-
+			message: "#^Part \\$attestationData \\(array\\) of encapsed string cannot be cast to string\\.$#"
+			count: 1
+			path: src/WebAuthn/WebAuthnRegistrationEvent.php
diff --git a/phpstan-dev-baseline.neon b/phpstan-dev-baseline.neon
@@ -0,0 +1,11 @@
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Unreachable statement \\- code above always terminates\\.$#"
+			count: 1
+			path: tests/src/Controller/RegProcessTest.php
+
+		-
+			message: "#^Unreachable statement \\- code above always terminates\\.$#"
+			count: 1
+			path: tests/src/Controller/RegistrationTest.php
diff --git a/phpstan-dev.neon b/phpstan-dev.neon
@@ -0,0 +1,4 @@
+parameters:
+  level: 5
+  paths:
+    - tests
diff --git a/phpstan.neon b/phpstan.neon
@@ -0,0 +1,6 @@
+parameters:
+  level: 3
+  paths:
+    - src
+  bootstrapFiles:
+    - tests/bootstrap.php
diff --git a/psalm-dev.xml b/psalm-dev.xml
diff --git a/psalm.xml b/psalm.xml
diff --git a/src/Auth/Process/WebAuthn.php b/src/Auth/Process/WebAuthn.php
@@ -71,10 +71,6 @@ class WebAuthn extends Auth\ProcessingFilter
      */
     public function __construct(array $config, $reserved)
     {
-        /**
-         * Remove annotation + assert as soon as this method can be typehinted (SSP 2.0)
-         * @psalm-suppress RedundantConditionGivenDocblockType
-         */
         parent::__construct($config, $reserved);
 
         $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray();

diff --git a/src/Controller/AuthProcess.php b/src/Controller/AuthProcess.php
@@ -29,16 +29,10 @@
  */
 class AuthProcess
 {
-    /**
-     * @var \SimpleSAML\Auth\State|string
-     * @psalm-var \SimpleSAML\Auth\State|class-string
-     */
+    /** @var \SimpleSAML\Auth\State|string */
     protected $authState = Auth\State::class;
 
-    /**
-     * @var \SimpleSAML\Logger|string
-     * @psalm-var \SimpleSAML\Logger|class-string
-     */
+    /** @var \SimpleSAML\Logger|string */
     protected $logger = Logger::class;
 
     /**
@@ -151,7 +145,6 @@ public function main(Request $request): Response
             $oneToken[1] = stream_get_contents($oneToken[1]);
         }
 
-        /** @psalm-var array $oneToken */
         $authObject = new WebAuthnAuthenticationEvent(
             $request->request->get('type'),
             ($state['FIDO2Scope'] === null ? $state['FIDO2DerivedScope'] : $state['FIDO2Scope']),

diff --git a/src/Controller/ManageToken.php b/src/Controller/ManageToken.php
@@ -24,16 +24,10 @@
  */
 class ManageToken
 {
-    /**
-     * @var \SimpleSAML\Auth\State|string
-     * @psalm-var \SimpleSAML\Auth\State|class-string
-     */
+    /** @var \SimpleSAML\Auth\State|string */
     protected $authState = Auth\State::class;
 
-    /**
-     * @var \SimpleSAML\Logger|string
-     * @psalm-var \SimpleSAML\Logger|class-string
-     */
+    /** @var \SimpleSAML\Logger|string */
     protected $logger = Logger::class;
 
 

diff --git a/src/Controller/PushbackUserPass.php b/src/Controller/PushbackUserPass.php
@@ -6,14 +6,13 @@
 
 use Exception;
 use SimpleSAML\Auth;
-use SimpleSAML\Auth\Source;
 use SimpleSAML\Configuration;
 use SimpleSAML\Error;
+use SimpleSAML\HTTP\RunnableResponse;
 use SimpleSAML\Logger;
 use SimpleSAML\Module\webauthn\Auth\Source\AuthSourceOverloader;
 use SimpleSAML\Session;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\{Request, Response};
 
 /**
  * Controller class for the webauthn module.
@@ -24,16 +23,10 @@
  */
 class PushbackUserPass
 {
-    /**
-     * @var \SimpleSAML\Auth\State|string
-     * @psalm-var \SimpleSAML\Auth\State|class-string
-     */
+    /** @var \SimpleSAML\Auth\State|string */
     protected $authState = Auth\State::class;
 
-    /**
-     * @var \SimpleSAML\Logger|string
-     * @psalm-var \SimpleSAML\Logger|class-string
-     */
+    /** @var \SimpleSAML\Logger|string */
     protected $logger = Logger::class;
 
     /**
@@ -92,7 +85,7 @@ public function main(Request $request): Response
 
         $authsources = Configuration::getConfig('authsources.php')->toArray();
         $authsourceString = $state['pushbackAuthsource'];
-        $classname = get_class(Source::getById($authsourceString));
+        $classname = get_class(Auth\Source::getById($authsourceString));
         class_alias($classname, '\SimpleSAML\Module\webauthn\Auth\Source\AuthSourceOverloader');
         $overrideSource = new class (
             ['AuthId' => $authsourceString],
@@ -117,7 +110,7 @@ public function loginOverload(string $username, string $password): array
         unset($attribs);
 
         // now properly return our final state to the framework
-        Source::completeAuth($state);
+        return new RunnableResponse([Auth\Source::class, 'completeAuth'], [&$state]);
     }
 
     public function login(string $username, string $password): array

diff --git a/src/Controller/RegProcess.php b/src/Controller/RegProcess.php
@@ -30,16 +30,10 @@
  */
 class RegProcess
 {
-    /**
-     * @var \SimpleSAML\Auth\State|string
-     * @psalm-var \SimpleSAML\Auth\State|class-string
-     */
+    /** @var \SimpleSAML\Auth\State|string */
     protected $authState = Auth\State::class;
 
-    /**
-     * @var \SimpleSAML\Logger|string
-     * @psalm-var \SimpleSAML\Logger|class-string
-     */
+    /** @var \SimpleSAML\Logger|string */
     protected $logger = Logger::class;
 
 

diff --git a/src/Controller/Registration.php b/src/Controller/Registration.php
@@ -27,22 +27,13 @@
  */
 class Registration
 {
-    /**
-     * @var \SimpleSAML\Auth\State|string
-     * @psalm-var \SimpleSAML\Auth\State|class-string
-     */
+    /** @var \SimpleSAML\Auth\State|string */
     protected $authState = Auth\State::class;
 
-    /**
-     * @var \SimpleSAML\Auth\Simple|string
-     * @psalm-var \SimpleSAML\Auth\Simple|class-string
-     */
+    /** @var \SimpleSAML\Auth\Simple|string */
     protected $authSimple = Auth\Simple::class;
 
-    /**
-     * @var \SimpleSAML\Logger|string
-     * @psalm-var \SimpleSAML\Logger|class-string
-     */
+    /** @var \SimpleSAML\Logger|string */
     protected $logger = Logger::class;
 
 
@@ -108,7 +99,7 @@ public function main(/** @scrutinizer ignore-unused */ Request $request): Runnab
 
         $state = [];
         $state['SPMetadata']['entityid'] = "WEBAUTHN-SP-REGISTRATION";
-        /** @psalm-var class-string $authSimple */
+
         $authSimple = $this->authSimple;
         $as = new $authSimple($registrationAuthSource);
         $as->requireAuth();

diff --git a/src/Controller/WebAuthn.php b/src/Controller/WebAuthn.php
@@ -29,16 +29,10 @@ class WebAuthn
     public const STATE_AUTH_ALLOWMGMT = 2; // allow to switch to mgmt page
     public const STATE_MGMT = 4; // show token management page
 
-    /**
-     * @var \SimpleSAML\Auth\State|string
-     * @psalm-var \SimpleSAML\Auth\State|class-string
-     */
+    /** @var \SimpleSAML\Auth\State|string */
     protected $authState = Auth\State::class;
 
-    /**
-     * @var \SimpleSAML\Logger|string
-     * @psalm-var \SimpleSAML\Logger|class-string
-     */
+    /** @var \SimpleSAML\Logger|string */
     protected $logger = Logger::class;
 
 

diff --git a/src/Store.php b/src/Store.php
@@ -25,6 +25,7 @@ abstract class Store
      * This constructor should always be called first in any class which implements this class.
      *
      * @param array &$config The configuration for this storage handler.
+     * @phpstan-ignore constructor.unusedParameter
      */
     protected function __construct(array &$config)
     {
@@ -168,10 +169,7 @@ public static function parseStoreConfig(string|array $config): Store
             '\SimpleSAML\Module\webauthn\Store',
         );
 
-        /**
-         * @psalm-suppress InvalidStringClass
-         * @var \SimpleSAML\Module\webauthn\Store
-         */
+        /** @var \SimpleSAML\Module\webauthn\Store */
         return new $className($config);
     }
 }