diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
index ef856cc..09e94b0 100644
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@@ -162,9 +162,8 @@ jobs:
with:
# Should be the higest supported version, so we can use the newest tools
php-version: '8.4'
- tools: composer, composer-require-checker, composer-unused, phpcs, psalm
- # optional performance gain for psalm: opcache
- extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, \
+ tools: composer, composer-require-checker, composer-unused, phpcs
+ extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, \
pcre, posix, soap, spl, xml
- name: Setup problem matchers for PHP
@@ -197,27 +196,14 @@ jobs:
- name: PHP Code Sniffer
run: phpcs
- - name: Psalm
- continue-on-error: true
- run: |
- psalm -c psalm.xml \
- --show-info=true \
- --shepherd \
- --php-version=${{ steps.setup-php.outputs.php-version }}
- - name: Psalm (testsuite)
+ - name: PHPStan
run: |
- psalm -c psalm-dev.xml \
- --show-info=true \
- --shepherd \
- --php-version=${{ steps.setup-php.outputs.php-version }}
+ vendor/bin/phpstan analyze -c phpstan.neon
- - name: Psalter
+ - name: PHPStan (testsuite)
run: |
- psalm --alter \
- --issues=UnnecessaryVarAnnotation \
- --dry-run \
- --php-version=${{ steps.setup-php.outputs.php-version }}
+ vendor/bin/phpstan analyze -c phpstan-dev.neon
security:
name: Security checks
diff --git a/phpstan-dev.neon b/phpstan-dev.neon
new file mode 100644
index 0000000..4d29b8b
--- /dev/null
+++ b/phpstan-dev.neon
@@ -0,0 +1,4 @@
+parameters:
+ level: 9
+ paths:
+ - tests
diff --git a/phpstan.neon b/phpstan.neon
new file mode 100644
index 0000000..db37782
--- /dev/null
+++ b/phpstan.neon
@@ -0,0 +1,4 @@
+parameters:
+ level: 6
+ paths:
+ - src
diff --git a/psalm-dev.xml b/psalm-dev.xml
deleted file mode 100644
index 6116331..0000000
--- a/psalm-dev.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/psalm.xml b/psalm.xml
deleted file mode 100644
index 81d8399..0000000
--- a/psalm.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/src/IdP/ADFS.php b/src/IdP/ADFS.php
index 5208db6..d10e8e2 100644
--- a/src/IdP/ADFS.php
+++ b/src/IdP/ADFS.php
@@ -119,7 +119,7 @@ public static function receivePassiveAuthnRequest(
$password = Password::getChildrenOfClass($usernameToken->toXML());
$password = array_pop($password);
- if ($username === null || $password === null) {
+ if ($password === null) {
throw new Error\BadRequest('Missing username or password in SOAP header.');
} else {
$_SERVER['PHP_AUTH_USER'] = $username->getContent();
@@ -207,7 +207,7 @@ function () use ($idp, &$state) {
* @param string $issuer
* @param string $target
* @param string $nameid
- * @param array $attributes
+ * @param array $attributes
* @param int $assertionLifetime
* @param string $method
* @return \SimpleSAML\SAML11\XML\saml\Assertion
@@ -287,7 +287,7 @@ private static function generateActiveAssertion(
* @param string $issuer
* @param string $target
* @param string $nameid
- * @param array $attributes
+ * @param array $attributes
* @param int $assertionLifetime
* @return \SimpleSAML\SAML11\XML\saml\Assertion
*/
@@ -409,7 +409,7 @@ private static function postResponse(string $wreply, string $wresult, ?string $w
/**
- * @param array $state
+ * @param array $state
* @throws \Exception
*/
public static function sendPassiveResponse(array $state): void
@@ -519,7 +519,7 @@ public static function sendPassiveResponse(array $state): void
/**
- * @param array $state
+ * @param array $state
* @throws \Exception
*/
public static function sendResponse(array $state): void
@@ -603,7 +603,7 @@ public static function sendResponse(array $state): void
/**
* @param \SimpleSAML\IdP $idp
- * @param array $state
+ * @param array $state
*/
public static function sendLogoutResponse(IdP $idp, array $state): void
{
@@ -645,7 +645,7 @@ public static function receiveLogoutMessage(IdP $idp): void
* accepts an association array, and returns a URL that can be accessed to terminate the association
*
* @param \SimpleSAML\IdP $idp
- * @param array $association
+ * @param array $association
* @param string $relayState
* @return string
*/
diff --git a/src/IdP/MetadataBuilder.php b/src/IdP/MetadataBuilder.php
index 1c68dc3..a3359f9 100644
--- a/src/IdP/MetadataBuilder.php
+++ b/src/IdP/MetadataBuilder.php
@@ -99,7 +99,7 @@ protected function signDocument(AbstractMetadataDocument $document): AbstractMet
{
$cryptoUtils = new Utils\Crypto();
- /** @var array $keyArray */
+ /** @var array $keyArray */
$keyArray = $cryptoUtils->loadPrivateKey($this->config, true, 'metadata.sign.');
$certArray = $cryptoUtils->loadPublicKey($this->config, false, 'metadata.sign.');
$algo = $this->config->getOptionalString('metadata.sign.algorithm', C::SIG_RSA_SHA256);
@@ -123,6 +123,8 @@ protected function signDocument(AbstractMetadataDocument $document): AbstractMet
/**
* This method builds the md:Organization element, if any
+ *
+ * @return \SimpleSAML\SAML2\XML\md\Organization
*/
private function getOrganization(): ?Organization
{
@@ -157,6 +159,8 @@ private function getOrganization(): ?Organization
/**
* This method builds the role descriptor elements
+ *
+ * @return \SimpleSAML\SAML2\XML\md\AbstractRoleDescriptor[]
*/
private function getRoleDescriptor(): array
{
@@ -177,6 +181,8 @@ private function getRoleDescriptor(): array
/**
* This method builds the SecurityTokenService element
+ *
+ * @return \SimpleSAML\WSSecurity\XML\fed\SecurityTokenServiceType
*/
public function getSecurityTokenService(): SecurityTokenServiceType
{
@@ -202,6 +208,8 @@ public function getSecurityTokenService(): SecurityTokenServiceType
/**
* This method builds the md:KeyDescriptor elements, if any
+ *
+ * @return \SimpleSAML\SAML2\XML\md\KeyDescriptor[]
*/
private function getKeyDescriptor(): array
{
@@ -238,6 +246,8 @@ private function getKeyDescriptor(): array
/**
* This method builds the md:ContactPerson elements, if any
+ *
+ * @return \SimpleSAML\SAML2\XML\md\ContactPerson[]
*/
private function getContactPerson(): array
{
@@ -255,6 +265,8 @@ private function getContactPerson(): array
/**
* This method builds the md:Extensions, if any
+ *
+ * @return \SimpleSAML\SAML2\XML\md\Extensions|null
*/
private function getExtensions(): ?Extensions
{
@@ -332,6 +344,13 @@ private function getExtensions(): ?Extensions
}
+ /**
+ * @param string $use
+ * @param string $x509Cert
+ * @param string|null $keyName
+ *
+ * @return \SimpleSAML\SAML2\XML\md\KeyDescriptor
+ */
private static function buildKeyDescriptor(string $use, string $x509Cert, ?string $keyName): KeyDescriptor
{
Assert::oneOf($use, ['encryption', 'signing']);
diff --git a/src/IdP/PassiveIdP.php b/src/IdP/PassiveIdP.php
index 4ee5ed1..145181e 100644
--- a/src/IdP/PassiveIdP.php
+++ b/src/IdP/PassiveIdP.php
@@ -29,7 +29,7 @@ class PassiveIdP
/**
* A cache for resolving IdP id's.
*
- * @var array
+ * @var \SimpleSAML\Module\adfs\IdP\PassiveIdP[]
*/
private static array $idpCache = [];
@@ -130,7 +130,7 @@ public static function getById(Configuration $config, string $id): PassiveIdP
* Retrieve the IdP "owning" the state.
*
* @param \SimpleSAML\Configuration $config The Configuration.
- * @param array &$state The state array.
+ * @param array &$state The state array.
*
* @return \SimpleSAML\Module\adfs\IdP\PassiveIdP The IdP.
*/
@@ -167,7 +167,7 @@ public function isAuthenticated(): bool
/**
* Called after authproc has run.
*
- * @param array $state The authentication request state array.
+ * @param array $state The authentication request state array.
*/
public static function postAuthProc(array $state): void
{
@@ -191,7 +191,7 @@ public static function postAuthProc(array $state): void
/**
* The user is authenticated.
*
- * @param array $state The authentication request state array.
+ * @param array $state The authentication request state array.
*
* @throws \SimpleSAML\Error\Exception If we are not authenticated.
*/
@@ -238,7 +238,7 @@ public static function postAuth(array $state): Response
*
* This function authenticates the user.
*
- * @param array &$state The authentication request state.
+ * @param array &$state The authentication request state.
*/
private function authenticate(array &$state): Response
{
@@ -249,7 +249,7 @@ private function authenticate(array &$state): Response
/**
* Process authentication requests.
*
- * @param array &$state The authentication request state.
+ * @param array &$state The authentication request state.
*/
public function handleAuthenticationRequest(array &$state): Response
{
@@ -314,7 +314,7 @@ public function getLogoutHandler(): LogoutHandlerInterface
*
* This function will never return.
*
- * @param array &$state The logout request state.
+ * @param array &$state The logout request state.
*/
public function finishLogout(array &$state): Response
{
diff --git a/src/MetadataExchange.php b/src/MetadataExchange.php
index 6136fda..0a6a621 100644
--- a/src/MetadataExchange.php
+++ b/src/MetadataExchange.php
@@ -56,9 +56,6 @@ class MetadataExchange
{
/**
* Constructor.
- *
- * @param \SimpleSAML\Configuration $config The general configuration
- * @param \SimpleSAML\Configuration $metadata The metadata configuration
*/
public function __construct()
{
@@ -68,7 +65,7 @@ public function __construct()
/**
* Build a mex document
*
- * @return \SimpleSAML\WSSecurity\XML\wsdl\Definitions
+ * @return \SimpleSAML\WSDL\XML\wsdl\Definitions
*/
public function buildDocument(): Definitions
{
@@ -89,7 +86,7 @@ public function buildDocument(): Definitions
/**
* This method builds the wsp:Policy elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy[]
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy[]
*/
private function getPolicies(): array
{
@@ -106,7 +103,7 @@ private function getPolicies(): array
/**
* This method builds the wsdl:types elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsdl\Types[]
+ * @return \SimpleSAML\WSSL\XML\wsdl\Types[]
private function getTypes(): array
{
$defaultEndpoint = Module::getModuleURL('adfs/services/trust/mex');
@@ -132,7 +129,7 @@ private function getTypes(): array
/**
* This method builds the wsdl:message elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsdl\Message[]
+ * @return \SimpleSAML\WSDL\XML\wsdl\Message[]
*/
private function getMessages(): array
{
@@ -190,7 +187,7 @@ private function getMessages(): array
/**
* This method builds the wsdl:portType elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsdl\PortType[]
+ * @return \SimpleSAML\WSDL\XML\wsdl\PortType[]
*/
private function getPortTypes(): array
{
@@ -258,7 +255,7 @@ private function getPortTypes(): array
/**
* This method builds the wsdl:binding elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsdl\Binding[]
+ * @return \SimpleSAML\WSDL\XML\wsdl\Binding[]
*/
private function getBindings(): array
{
@@ -569,7 +566,7 @@ private function getBindings(): array
/**
* This method builds the wsdl:service elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsdl\Service[]
+ * @return \SimpleSAML\WSDL\XML\wsdl\Service[]
*/
private function getServices(): array
{
diff --git a/src/Trust/Policy13.php b/src/Trust/Policy13.php
index 9473b8a..7d9de33 100644
--- a/src/Trust/Policy13.php
+++ b/src/Trust/Policy13.php
@@ -54,9 +54,6 @@ class Policy13
{
/**
* Constructor.
- *
- * @param \SimpleSAML\Configuration $config The general configuration
- * @param \SimpleSAML\Configuration $metadata The metadata configuration
*/
public function __construct()
{
@@ -66,7 +63,7 @@ public function __construct()
/**
* This method builds the wsp:Policy elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy[]
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy[]
*/
public function getPolicies(): array
{
@@ -82,7 +79,7 @@ public function getPolicies(): array
/**
* This method builds the CertificateWSTrustBinding policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getCertificateWSTrustBinding(): Policy
{
@@ -186,7 +183,7 @@ private function getCertificateWSTrustBinding(): Policy
/**
* This method builds the UserNameWSTrustBinding policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getUserNameWSTrustBindingPolicy(): Policy
{
@@ -289,7 +286,7 @@ private function getUserNameWSTrustBindingPolicy(): Policy
/**
* This method builds the IssuedTokenWSTrustBinding policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getIssuedTokenWSTrustBinding(): Policy
{
@@ -401,7 +398,7 @@ private function getIssuedTokenWSTrustBinding(): Policy
/**
* This method builds the IssuedTokenWSTrustBinding1 policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getIssuedTokenWSTrustBinding1(): Policy
{
diff --git a/src/Trust/Policy2005.php b/src/Trust/Policy2005.php
index 4c98ff8..d1a72c8 100644
--- a/src/Trust/Policy2005.php
+++ b/src/Trust/Policy2005.php
@@ -53,9 +53,6 @@ class Policy2005
{
/**
* Constructor.
- *
- * @param \SimpleSAML\Configuration $config The general configuration
- * @param \SimpleSAML\Configuration $metadata The metadata configuration
*/
public function __construct()
{
@@ -65,7 +62,7 @@ public function __construct()
/**
* This method builds the wsp:Policy elements
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy[]
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy[]
*/
public function getPolicies(): array
{
@@ -82,7 +79,7 @@ public function getPolicies(): array
/**
* This method builds the CertificateWSTrustBinding policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getCertificateWSTrustBinding(): Policy
{
@@ -186,7 +183,7 @@ private function getCertificateWSTrustBinding(): Policy
/**
* This method builds the CertificateWSTrustBinding1 policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getCertificateWSTrustBinding1(): Policy
{
@@ -231,7 +228,7 @@ private function getCertificateWSTrustBinding1(): Policy
/**
* This method builds the UserNameWSTrustBinding policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getUserNameWSTrustBindingPolicy(): Policy
{
@@ -334,7 +331,7 @@ private function getUserNameWSTrustBindingPolicy(): Policy
/**
* This method builds the IssuedTokenWSTrustBinding policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getIssuedTokenWSTrustBinding(): Policy
{
@@ -445,7 +442,7 @@ private function getIssuedTokenWSTrustBinding(): Policy
/**
* This method builds the IssuedTokenWSTrustBinding1 policy.
*
- * @param \SimpleSAML\WSSecurity\XML\wsp\Policy
+ * @return \SimpleSAML\WSSecurity\XML\wsp\Policy
*/
private function getIssuedTokenWSTrustBinding1(): Policy
{
diff --git a/tests/InterOperability/DefinitionsTest.php b/tests/InterOperability/DefinitionsTest.php
index 6a54c6b..1e30c12 100644
--- a/tests/InterOperability/DefinitionsTest.php
+++ b/tests/InterOperability/DefinitionsTest.php
@@ -37,7 +37,7 @@ public function testUnmarshalling(bool $shouldPass, DOMElement $mex): void
/**
- * @return array
+ * @return array
*/
public static function provideMex(): array
{
diff --git a/tests/src/Controller/AdfsControllerTest.php b/tests/src/Controller/AdfsControllerTest.php
index e6c4cce..f91b474 100644
--- a/tests/src/Controller/AdfsControllerTest.php
+++ b/tests/src/Controller/AdfsControllerTest.php
@@ -17,7 +17,7 @@
/**
*/
#[CoversClass(Controller\Adfs::class)]
-class AdfsControllerTest extends TestCase
+final class AdfsControllerTest extends TestCase
{
/** @var \SimpleSAML\Configuration */
protected Configuration $config;