diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
index cfc066d..3ff53ea 100644
--- a/.github/workflows/documentation.yml
+++ b/.github/workflows/documentation.yml
@@ -18,7 +18,7 @@ jobs:
runs-on: [ubuntu-latest]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Lint markdown files
uses: nosborn/github-action-markdown-cli@v3
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
index 1d3d7fd..d16cc58 100644
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@@ -69,7 +69,7 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -115,7 +115,7 @@ jobs:
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-versions }}
- extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+ extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml, zip
tools: composer
ini-values: error_reporting=E_ALL
coverage: none
@@ -131,7 +131,7 @@ jobs:
git config --global core.autocrlf false
git config --global core.eol lf
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV"
@@ -162,14 +162,13 @@ jobs:
with:
# Should be the higest supported version, so we can use the newest tools
php-version: '8.4'
- tools: composer, composer-require-checker, composer-unused, phpcs, psalm
- # optional performance gain for psalm: opcache
- extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, pcre, posix, spl, xml
+ tools: composer, composer-require-checker, composer-unused, phpcs, phpstan
+ extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -196,27 +195,13 @@ jobs:
- name: PHP Code Sniffer
run: phpcs
- - name: Psalm
- continue-on-error: true
- run: |
- psalm -c psalm.xml \
- --show-info=true \
- --shepherd \
- --php-version=${{ steps.setup-php.outputs.php-version }}
-
- - name: Psalm (testsuite)
+ - name: PHPStan
run: |
- psalm -c psalm-dev.xml \
- --show-info=true \
- --shepherd \
- --php-version=${{ steps.setup-php.outputs.php-version }}
+ vendor/bin/phpstan analyze -c phpstan.neon
- - name: Psalter
+ - name: PHPStan (testsuite)
run: |
- psalm --alter \
- --issues=UnnecessaryVarAnnotation \
- --dry-run \
- --php-version=${{ steps.setup-php.outputs.php-version }}
+ vendor/bin/phpstan analyze -c phpstan-dev.neon
security:
name: Security checks
@@ -237,7 +222,7 @@ jobs:
- name: Setup problem matchers for PHP
run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- name: Get composer cache directory
run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -266,9 +251,9 @@ jobs:
runs-on: [ubuntu-latest]
needs: [unit-tests-linux]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v5
- - uses: actions/download-artifact@v4
+ - uses: actions/download-artifact@v5
with:
name: coverage-data
path: ${{ github.workspace }}/build
diff --git a/1 b/1
new file mode 100644
index 0000000..0b6d1a5
--- /dev/null
+++ b/1
@@ -0,0 +1,31 @@
+# This is a combination of 2 commits.
+# This is the 1st commit message:
+
+#eplace psalm with phpstan
+
+# This is the commit message #2:
+
+Replace psalm with phpstan
+
+# Please enter the commit message for your changes. Lines starting
+# with '#' will be ignored, and an empty message aborts the commit.
+#
+# Date: Mon Aug 18 21:58:48 2025 +0200
+#
+# interactive rebase in progress; onto 1a4ff67
+# Last commands done (5 commands done):
+# pick 9e85746 Replace psalm with phpstan
+# squash e07af03 Replace psalm with phpstan
+# No commands remaining.
+# You are currently rebasing branch 'feature/replace-psalm' on '1a4ff67'.
+#
+# Changes to be committed:
+# modified: .github/workflows/php.yml
+# new file: phpstan-dev.neon
+# new file: phpstan.neon
+# deleted: psalm-dev.xml
+# deleted: psalm.xml
+# modified: src/Client.php
+# modified: src/Controller/CDC.php
+# modified: src/Server.php
+#
diff --git a/phpstan-dev.neon b/phpstan-dev.neon
new file mode 100644
index 0000000..4d29b8b
--- /dev/null
+++ b/phpstan-dev.neon
@@ -0,0 +1,4 @@
+parameters:
+ level: 9
+ paths:
+ - tests
diff --git a/phpstan.neon b/phpstan.neon
new file mode 100644
index 0000000..db37782
--- /dev/null
+++ b/phpstan.neon
@@ -0,0 +1,4 @@
+parameters:
+ level: 6
+ paths:
+ - src
diff --git a/psalm-dev.xml b/psalm-dev.xml
deleted file mode 100644
index 95c5632..0000000
--- a/psalm-dev.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
diff --git a/psalm.xml b/psalm.xml
deleted file mode 100644
index 0088fee..0000000
--- a/psalm.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/src/Auth/Process/CDC.php b/src/Auth/Process/CDC.php
index e430ccb..1743bf5 100644
--- a/src/Auth/Process/CDC.php
+++ b/src/Auth/Process/CDC.php
@@ -35,7 +35,7 @@ class CDC extends Auth\ProcessingFilter
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
public function __construct(array $config, $reserved)
@@ -54,7 +54,7 @@ public function __construct(array $config, $reserved)
/**
* Redirect to page setting CDC.
*
- * @param array &$state The request state.
+ * @param array &$state The request state.
*/
public function process(array &$state): void
{
diff --git a/src/Client.php b/src/Client.php
index 17ebc9e..5412d9d 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -12,17 +12,10 @@
class Client
{
- /**
- * Our CDC domain.
- *
- * @var string
- */
- private string $domain;
-
/**
* The CDC server we send requests to.
*
- * @var Server
+ * @var \SimpleSAML\Module\cdc\Server
*/
private Server $server;
@@ -32,9 +25,9 @@ class Client
*
* @param string $domain The domain we should query the server for.
*/
- public function __construct(string $domain)
- {
- $this->domain = $domain;
+ public function __construct(
+ protected string $domain,
+ ) {
$this->server = new Server($domain);
}
@@ -42,7 +35,7 @@ public function __construct(string $domain)
/**
* Receive a CDC response.
*
- * @return array|null The response, or NULL if no response is received.
+ * @return array|null The response, or NULL if no response is received.
*/
public function getResponse(): ?array
{
@@ -55,7 +48,7 @@ public function getResponse(): ?array
*
* @param string $returnTo The URL we should return to afterwards.
* @param string $op The operation we are performing.
- * @param array $params Additional parameters.
+ * @param array $params Additional parameters.
*/
public function sendRequest(string $returnTo, string $op, array $params = []): void
{
diff --git a/src/Controller/CDC.php b/src/Controller/CDC.php
index e3df8b6..caf07cb 100644
--- a/src/Controller/CDC.php
+++ b/src/Controller/CDC.php
@@ -88,10 +88,6 @@ public function resume(Request $request): RunnableResponse
}
$state = Auth\State::loadState($response['id'], 'cdc:resume');
- if (is_null($state)) {
- throw new Error\NoState();
- }
-
return new RunnableResponse([Auth\ProcessingChain::class, 'resumeProcessing'], [$state]);
}
}
diff --git a/src/Server.php b/src/Server.php
index 2751ebc..088846d 100644
--- a/src/Server.php
+++ b/src/Server.php
@@ -11,6 +11,21 @@
use SimpleSAML\SAML2\Exception\ProtocolViolationException;
use SimpleSAML\Utils;
+use function array_search;
+use function base64_decode;
+use function base64_encode;
+use function explode;
+use function implode;
+use function intval;
+use function is_string;
+use function json_decode;
+use function json_encode;
+use function sha1;
+use function strlen;
+use function strval;
+use function time;
+use function var_export;
+
/**
* CDC server class.
*
@@ -82,7 +97,7 @@ public function __construct(string $domain)
/**
* Send a request to this CDC server.
*
- * @param array $request The CDC request.
+ * @param array $request The CDC request.
*/
public function sendRequest(array $request): void
{
@@ -97,7 +112,7 @@ public function sendRequest(array $request): void
/**
* Parse and validate response received from a CDC server.
*
- * @return array|null The response, or NULL if no response is received.
+ * @return array|null The response, or NULL if no response is received.
* @throws \SimpleSAML\Error\Exception
*/
public function getResponse(): ?array
@@ -139,7 +154,7 @@ public static function processRequest(): void
/**
* Handle a parsed CDC requst.
*
- * @param array $request
+ * @param array $request
* @throws \SimpleSAML\Error\Exception
*/
private function handleRequest(array $request): void
@@ -147,14 +162,14 @@ private function handleRequest(array $request): void
if (!isset($request['op'])) {
throw new Error\BadRequest('Missing "op" in CDC request.');
}
- $op = (string) $request['op'];
+ $op = strval($request['op']);
Logger::info('Received CDC request with "op": ' . var_export($op, true));
if (!isset($request['return'])) {
throw new Error\BadRequest('Missing "return" in CDC request.');
}
- $return = (string) $request['return'];
+ $ret = strval($request['return']);
switch ($op) {
case 'append':
@@ -178,18 +193,18 @@ private function handleRequest(array $request): void
$response['op'] = $op;
if (isset($request['id'])) {
- $response['id'] = (string) $request['id'];
+ $response['id'] = strval($request['id']);
}
$response['domain'] = $this->domain;
- $this->send($return, 'CDCResponse', $response);
+ $this->send($ret, 'CDCResponse', $response);
}
/**
* Handle an append request.
*
- * @param array $request The request.
+ * @param array $request The request.
* @throws \SimpleSAML\Error\BadRequest
* @return string The response.
*/
@@ -217,7 +232,7 @@ private function handleAppend(array $request): string
/**
* Handle a delete request.
*
- * @param array $request The request.
+ * @param array $request The request.
* @return string The response.
*/
private function handleDelete(array $request): string
@@ -238,8 +253,8 @@ private function handleDelete(array $request): string
/**
* Handle a read request.
*
- * @param array $request The request.
- * @return array The response.
+ * @param array $request The request.
+ * @return array The response.
*/
private function handleRead(array $request): array
{
@@ -257,7 +272,7 @@ private function handleRead(array $request): array
*
* @param string $parameter The name of the query parameter.
* @throws \SimpleSAML\Error\BadRequest
- * @return array|null The response, or NULL if no response is received.
+ * @return array|null The response, or NULL if no response is received.
*/
private static function get(string $parameter): ?array
{
@@ -267,7 +282,7 @@ private static function get(string $parameter): ?array
$message = (string) $_REQUEST[$parameter];
Assert::validBase64($message, ProtocolViolationException::class);
- $message = @base64_decode($message);
+ $message = @base64_decode($message, true);
if ($message === false) {
throw new Error\BadRequest('Error base64-decoding CDC message.');
}
@@ -280,7 +295,7 @@ private static function get(string $parameter): ?array
if (!isset($message['timestamp'])) {
throw new Error\BadRequest('Missing timestamp in CDC message.');
}
- $timestamp = (int) $message['timestamp'];
+ $timestamp = intval($message['timestamp']);
if ($timestamp + 60 < time()) {
throw new Error\BadRequest('CDC signature has expired.');
@@ -328,7 +343,7 @@ private function validate(string $parameter): void
*
* @param string $to The URL the message should be delivered to.
* @param string $parameter The query parameter the message should be sent in.
- * @param array $message The CDC message.
+ * @param array $message The CDC message.
*/
private function send(string $to, string $parameter, array $message): void
{
@@ -368,7 +383,7 @@ private function calcSignature(string $rawMessage): string
/**
* Get the IdP entities saved in the common domain cookie.
*
- * @return array List of IdP entities.
+ * @return string[] List of IdP entities.
*/
private function getCDC(): array
{
@@ -376,12 +391,12 @@ private function getCDC(): array
return [];
}
- $ret = (string) $_COOKIE['_saml_idp'];
+ $ret = strval($_COOKIE['_saml_idp']);
$ret = explode(' ', $ret);
foreach ($ret as &$idp) {
Assert::validBase64($idp, ProtocolViolationException::class);
- $idp = base64_decode($idp);
+ $idp = base64_decode($idp, true);
if ($idp === false) {
// Not properly base64 encoded
Logger::warning('CDC - Invalid base64-encoding of CDC entry.');
@@ -397,7 +412,7 @@ private function getCDC(): array
/**
* Build a CDC cookie string.
*
- * @param array $list The list of IdPs.
+ * @param string[] $list The list of IdPs.
* @return string The CDC cookie value.
*/
private function setCDC(array $list): string