Maintenance: Started work for PHPStan Level 4

ssddanbrown · ssddanbrown · commit c9347aafc1ee · 2026-04-06T14:41:41.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 /node_modules
 /.vscode
 /composer
+/composer.phar
 /coverage
 Homestead.yaml
 .env
diff --git a/app/Access/EmailConfirmationService.php b/app/Access/EmailConfirmationService.php
@@ -5,6 +5,7 @@
 use BookStack\Access\Notifications\ConfirmEmailNotification;
 use BookStack\Exceptions\ConfirmationEmailException;
 use BookStack\Users\Models\User;
+use Exception;
 
 class EmailConfirmationService extends UserTokenService
 {
@@ -16,6 +17,7 @@ class EmailConfirmationService extends UserTokenService
      * Also removes any existing old ones.
      *
      * @throws ConfirmationEmailException
+     * @throws Exception
      */
     public function sendConfirmation(User $user): void
     {
diff --git a/app/Access/LoginService.php b/app/Access/LoginService.php
@@ -71,7 +71,7 @@ public function reattemptLoginFor(User $user): void
         }
 
         $lastLoginDetails = $this->getLastLoginAttemptDetails();
-        $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember'] ?? false);
+        $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember']);
     }
 
     /**
diff --git a/app/Access/Mfa/MfaValue.php b/app/Access/Mfa/MfaValue.php
@@ -48,17 +48,16 @@ public static function upsertWithValue(User $user, string $method, string $value
     }
 
     /**
-     * Easily get the decrypted MFA value for the given user and method.
+     * Get the decrypted MFA value for the given user and method.
      */
     public static function getValueForUser(User $user, string $method): ?string
     {
-        /** @var MfaValue $mfaVal */
         $mfaVal = static::query()
             ->where('user_id', '=', $user->id)
             ->where('method', '=', $method)
             ->first();
 
-        return $mfaVal ? $mfaVal->getValue() : null;
+        return $mfaVal?->getValue();
     }
 
     /**
diff --git a/app/Access/Oidc/OidcJwtSigningKey.php b/app/Access/Oidc/OidcJwtSigningKey.php
@@ -9,26 +9,21 @@
 
 class OidcJwtSigningKey
 {
-    /**
-     * @var PublicKey
-     */
-    protected $key;
+    protected PublicKey $key;
 
     /**
      * Can be created either from a JWK parameter array or local file path to load a certificate from.
      * Examples:
      * 'file:///var/www/cert.pem'
      * ['kty' => 'RSA', 'alg' => 'RS256', 'n' => 'abc123...'].
      *
-     * @param array|string $jwkOrKeyPath
-     *
      * @throws OidcInvalidKeyException
      */
-    public function __construct($jwkOrKeyPath)
+    public function __construct(array|string $jwkOrKeyPath)
     {
         if (is_array($jwkOrKeyPath)) {
             $this->loadFromJwkArray($jwkOrKeyPath);
-        } elseif (is_string($jwkOrKeyPath) && strpos($jwkOrKeyPath, 'file://') === 0) {
+        } elseif (str_starts_with($jwkOrKeyPath, 'file://')) {
             $this->loadFromPath($jwkOrKeyPath);
         } else {
             throw new OidcInvalidKeyException('Unexpected type of key value provided');
@@ -38,7 +33,7 @@ public function __construct($jwkOrKeyPath)
     /**
      * @throws OidcInvalidKeyException
      */
-    protected function loadFromPath(string $path)
+    protected function loadFromPath(string $path): void
     {
         try {
             $key = PublicKeyLoader::load(
@@ -58,7 +53,7 @@ protected function loadFromPath(string $path)
     /**
      * @throws OidcInvalidKeyException
      */
-    protected function loadFromJwkArray(array $jwk)
+    protected function loadFromJwkArray(array $jwk): void
     {
         // 'alg' is optional for a JWK, but we will still attempt to validate if
         // it exists otherwise presume it will be compatible.
@@ -82,7 +77,7 @@ protected function loadFromJwkArray(array $jwk)
             throw new OidcInvalidKeyException('A "n" parameter on the provided key is expected');
         }
 
-        $n = strtr($jwk['n'] ?? '', '-_', '+/');
+        $n = strtr($jwk['n'], '-_', '+/');
 
         try {
             $key = PublicKeyLoader::load([
diff --git a/app/Access/Oidc/OidcJwtWithClaims.php b/app/Access/Oidc/OidcJwtWithClaims.php
@@ -102,12 +102,12 @@ public function replaceClaims(array $claims): void
     protected function validateTokenStructure(): void
     {
         foreach (['header', 'payload'] as $prop) {
-            if (empty($this->$prop) || !is_array($this->$prop)) {
+            if (empty($this->$prop)) {
                 throw new OidcInvalidTokenException("Could not parse out a valid {$prop} within the provided token");
             }
         }
 
-        if (empty($this->signature) || !is_string($this->signature)) {
+        if (empty($this->signature)) {
             throw new OidcInvalidTokenException('Could not parse out a valid signature within the provided token');
         }
     }
diff --git a/app/Access/Oidc/OidcUserDetails.php b/app/Access/Oidc/OidcUserDetails.php
@@ -39,7 +39,7 @@ public function populate(
     ): void {
         $this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;
         $this->email = $claims->getClaim('email') ?? $this->email;
-        $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;
+        $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?: $this->name;
         $this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;
         $this->picture = static::getPicture($claims) ?: $this->picture;
     }
diff --git a/app/Access/Saml2Service.php b/app/Access/Saml2Service.php
@@ -266,7 +266,7 @@ protected function getExternalId(array $samlAttributes, string $defaultValue)
     /**
      * Extract the details of a user from a SAML response.
      *
-     * @return array{external_id: string, name: string, email: string, saml_id: string}
+     * @return array{external_id: string, name: string, email: string|null, saml_id: string}
      */
     protected function getUserDetails(string $samlID, $samlAttributes): array
     {
@@ -357,7 +357,7 @@ public function processLoginCallback(string $samlID, array $samlAttributes): Use
             ]);
         }
 
-        if ($userDetails['email'] === null) {
+        if (empty($userDetails['email'])) {
             throw new SamlException(trans('errors.saml_no_email_address'));
         }
 
diff --git a/app/Access/SocialAuthService.php b/app/Access/SocialAuthService.php
@@ -117,14 +117,14 @@ public function handleLoginCallback(string $socialDriver, SocialUser $socialUser
         }
 
         // When a user is logged in and the social account exists and is already linked to the current user.
-        if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id === $currentUser->id) {
+        if ($isLoggedIn && $socialAccount->user->id === $currentUser->id) {
             session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => $titleCaseDriver]));
 
             return redirect('/my-account/auth#social_accounts');
         }
 
         // When a user is logged in, A social account exists but the users do not match.
-        if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id != $currentUser->id) {
+        if ($isLoggedIn && $socialAccount->user->id != $currentUser->id) {
             session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => $titleCaseDriver]));
 
             return redirect('/my-account/auth#social_accounts');
diff --git a/app/Activity/Notifications/NotificationManager.php b/app/Activity/Notifications/NotificationManager.php
@@ -15,14 +15,14 @@
 class NotificationManager
 {
     /**
-     * @var class-string<NotificationHandler>[]
+     * @var array<string, class-string<NotificationHandler>[]>
      */
-    protected array $handlers = [];
+    protected array $handlersByActivity = [];
 
     public function handle(Activity $activity, string|Loggable $detail, User $user): void
     {
         $activityType = $activity->type;
-        $handlersToRun = $this->handlers[$activityType] ?? [];
+        $handlersToRun = $this->handlersByActivity[$activityType] ?? [];
         foreach ($handlersToRun as $handlerClass) {
             /** @var NotificationHandler $handler */
             $handler = new $handlerClass();
@@ -35,12 +35,12 @@ public function handle(Activity $activity, string|Loggable $detail, User $user):
      */
     public function registerHandler(string $activityType, string $handlerClass): void
     {
-        if (!isset($this->handlers[$activityType])) {
-            $this->handlers[$activityType] = [];
+        if (!isset($this->handlersByActivity[$activityType])) {
+            $this->handlersByActivity[$activityType] = [];
         }
 
-        if (!in_array($handlerClass, $this->handlers[$activityType])) {
-            $this->handlers[$activityType][] = $handlerClass;
+        if (!in_array($handlerClass, $this->handlersByActivity[$activityType])) {
+            $this->handlersByActivity[$activityType][] = $handlerClass;
         }
     }
 
diff --git a/app/Api/ApiDocsGenerator.php b/app/Api/ApiDocsGenerator.php
@@ -17,7 +17,14 @@
 
 class ApiDocsGenerator
 {
+    /**
+     * @var array<string, ReflectionClass>
+     */
     protected array $reflectionClasses = [];
+
+    /**
+     * @var array<string, ApiController>
+     */
     protected array $controllerClasses = [];
 
     /**
@@ -107,7 +114,6 @@ protected function loadDetailsFromControllers(Collection $routes): Collection
      */
     protected function getBodyParamsFromClass(string $className, string $methodName): ?array
     {
-        /** @var ApiController $class */
         $class = $this->controllerClasses[$className] ?? null;
         if ($class === null) {
             $class = app()->make($className);
@@ -153,7 +159,7 @@ protected function parseDescriptionFromDocBlockComment(string $comment): string
         $matches = [];
         preg_match_all('/^\s*?\*\s?($|((?![\/@\s]).*?))$/m', $comment, $matches);
 
-        $text = implode(' ', $matches[1] ?? []);
+        $text = implode(' ', $matches[1]);
         return str_replace('  ', "\n", $text);
     }
 
diff --git a/app/Api/ApiEntityListFormatter.php b/app/Api/ApiEntityListFormatter.php
@@ -78,7 +78,7 @@ public function withTags(): self
     public function withParents(): self
     {
         $this->withField('book', function (Entity $entity) {
-            if ($entity instanceof BookChild && $entity->book) {
+            if ($entity instanceof BookChild) {
                 return $entity->book->only(['id', 'name', 'slug']);
             }
             return null;
diff --git a/app/Api/ApiTokenGuard.php b/app/Api/ApiTokenGuard.php
@@ -16,30 +16,15 @@ class ApiTokenGuard implements Guard
 {
     use GuardHelpers;
 
-    /**
-     * The request instance.
-     */
-    protected $request;
-
-    /**
-     * @var LoginService
-     */
-    protected $loginService;
-
     /**
      * The last auth exception thrown in this request.
-     *
-     * @var ApiAuthException
      */
-    protected $lastAuthException;
+    protected ApiAuthException|null $lastAuthException = null;
 
-    /**
-     * ApiTokenGuard constructor.
-     */
-    public function __construct(Request $request, LoginService $loginService)
-    {
-        $this->request = $request;
-        $this->loginService = $loginService;
+    public function __construct(
+        protected Request $request,
+        protected LoginService $loginService
+    ) {
     }
 
     /**
@@ -67,7 +52,7 @@ public function user()
     }
 
     /**
-     * Determine if current user is authenticated. If not, throw an exception.
+     * Determine if the current user is authenticated. If not, throw an exception.
      *
      * @throws ApiAuthException
      *
@@ -121,7 +106,7 @@ protected function validateTokenHeaderValue(string $authToken): void
             throw new ApiAuthException(trans('errors.api_no_authorization_found'));
         }
 
-        if (strpos($authToken, ':') === false || strpos($authToken, 'Token ') !== 0) {
+        if (!str_contains($authToken, ':') || !str_starts_with($authToken, 'Token ')) {
             throw new ApiAuthException(trans('errors.api_bad_authorization_format'));
         }
     }
@@ -155,7 +140,7 @@ protected function validateToken(?ApiToken $token, string $secret): void
     /**
      * {@inheritdoc}
      */
-    public function validate(array $credentials = [])
+    public function validate(array $credentials = []): bool
     {
         if (empty($credentials['id']) || empty($credentials['secret'])) {
             return false;
@@ -175,7 +160,7 @@ public function validate(array $credentials = [])
     /**
      * "Log out" the currently authenticated user.
      */
-    public function logout()
+    public function logout(): void
     {
         $this->user = null;
     }
diff --git a/app/Entities/Models/Page.php b/app/Entities/Models/Page.php
@@ -23,7 +23,7 @@
  * @property bool         $draft
  * @property int          $revision_count
  * @property string       $editor
- * @property Chapter      $chapter
+ * @property Chapter|null $chapter
  * @property Collection   $attachments
  * @property Collection   $revisions
  * @property PageRevision $currentRevision
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -7,11 +7,11 @@ parameters:
         - app
 
     # The level 8 is the highest level
-    level: 3
+    level: 4
 
     phpVersion:
         min: 80200
-        max: 80400
+        max: 80500
 
     bootstrapFiles:
       - bootstrap/phpstan.php

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`use BookStack\Access\Notifications\ConfirmEmailNotification;`
`6`	`6`	`use BookStack\Exceptions\ConfirmationEmailException;`
`7`	`7`	`use BookStack\Users\Models\User;`
	`8`	`+use Exception;`
`8`	`9`
`9`	`10`	`class EmailConfirmationService extends UserTokenService`
`10`	`11`	`{`
`@@ -16,6 +17,7 @@ class EmailConfirmationService extends UserTokenService`
`16`	`17`	`* Also removes any existing old ones.`
`17`	`18`	`*`
`18`	`19`	`* @throws ConfirmationEmailException`
	`20`	`+ * @throws Exception`
`19`	`21`	`*/`
`20`	`22`	`public function sendConfirmation(User $user): void`
`21`	`23`	`{`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public function reattemptLoginFor(User $user): void`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`$lastLoginDetails = $this->getLastLoginAttemptDetails();`
`74`		`- $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember'] ?? false);`
	`74`	`+ $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember']);`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -48,17 +48,16 @@ public static function upsertWithValue(User $user, string $method, string $value`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`/**`
`51`		`- * Easily get the decrypted MFA value for the given user and method.`
	`51`	`+ * Get the decrypted MFA value for the given user and method.`
`52`	`52`	`*/`
`53`	`53`	`public static function getValueForUser(User $user, string $method): ?string`
`54`	`54`	`{`
`55`		`- /** @var MfaValue $mfaVal */`
`56`	`55`	`$mfaVal = static::query()`
`57`	`56`	`->where('user_id', '=', $user->id)`
`58`	`57`	`->where('method', '=', $method)`
`59`	`58`	`->first();`
`60`	`59`
`61`		`- return $mfaVal ? $mfaVal->getValue() : null;`
	`60`	`+ return $mfaVal?->getValue();`
`62`	`61`	`}`
`63`	`62`
`64`	`63`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -102,12 +102,12 @@ public function replaceClaims(array $claims): void`
`102`	`102`	`protected function validateTokenStructure(): void`
`103`	`103`	`{`
`104`	`104`	`foreach (['header', 'payload'] as $prop) {`
`105`		`- if (empty($this->$prop) \|\| !is_array($this->$prop)) {`
	`105`	`+ if (empty($this->$prop)) {`
`106`	`106`	`throw new OidcInvalidTokenException("Could not parse out a valid {$prop} within the provided token");`
`107`	`107`	`}`
`108`	`108`	`}`
`109`	`109`
`110`		`- if (empty($this->signature) \|\| !is_string($this->signature)) {`
	`110`	`+ if (empty($this->signature)) {`
`111`	`111`	`throw new OidcInvalidTokenException('Could not parse out a valid signature within the provided token');`
`112`	`112`	`}`
`113`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public function populate(`
`39`	`39`	`): void {`
`40`	`40`	`$this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;`
`41`	`41`	`$this->email = $claims->getClaim('email') ?? $this->email;`
`42`		`- $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;`
	`42`	`+ $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?: $this->name;`
`43`	`43`	`$this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;`
`44`	`44`	`$this->picture = static::getPicture($claims) ?: $this->picture;`
`45`	`45`	`}`
Original file line number	Diff line number	Diff line change
`@@ -266,7 +266,7 @@ protected function getExternalId(array $samlAttributes, string $defaultValue)`
`266`	`266`	`/**`
`267`	`267`	`* Extract the details of a user from a SAML response.`
`268`	`268`	`*`
`269`		`- * @return array{external_id: string, name: string, email: string, saml_id: string}`
	`269`	`+ * @return array{external_id: string, name: string, email: string\|null, saml_id: string}`
`270`	`270`	`*/`
`271`	`271`	`protected function getUserDetails(string $samlID, $samlAttributes): array`
`272`	`272`	`{`
`@@ -357,7 +357,7 @@ public function processLoginCallback(string $samlID, array $samlAttributes): Use`
`357`	`357`	`]);`
`358`	`358`	`}`
`359`	`359`
`360`		`- if ($userDetails['email'] === null) {`
	`360`	`+ if (empty($userDetails['email'])) {`
`361`	`361`	`throw new SamlException(trans('errors.saml_no_email_address'));`
`362`	`362`	`}`
`363`	`363`
Original file line number	Diff line number	Diff line change
`@@ -117,14 +117,14 @@ public function handleLoginCallback(string $socialDriver, SocialUser $socialUser`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`// When a user is logged in and the social account exists and is already linked to the current user.`
`120`		`- if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id === $currentUser->id) {`
	`120`	`+ if ($isLoggedIn && $socialAccount->user->id === $currentUser->id) {`
`121`	`121`	`session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => $titleCaseDriver]));`
`122`	`122`
`123`	`123`	`return redirect('/my-account/auth#social_accounts');`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`// When a user is logged in, A social account exists but the users do not match.`
`127`		`- if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id != $currentUser->id) {`
	`127`	`+ if ($isLoggedIn && $socialAccount->user->id != $currentUser->id) {`
`128`	`128`	`session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => $titleCaseDriver]));`
`129`	`129`
`130`	`130`	`return redirect('/my-account/auth#social_accounts');`
Original file line number	Diff line number	Diff line change
`@@ -15,14 +15,14 @@`
`15`	`15`	`class NotificationManager`
`16`	`16`	`{`
`17`	`17`	`/**`
`18`		`- * @var class-string<NotificationHandler>[]`
	`18`	`+ * @var array<string, class-string<NotificationHandler>[]>`
`19`	`19`	`*/`
`20`		`- protected array $handlers = [];`
	`20`	`+ protected array $handlersByActivity = [];`
`21`	`21`
`22`	`22`	`public function handle(Activity $activity, string\|Loggable $detail, User $user): void`
`23`	`23`	`{`
`24`	`24`	`$activityType = $activity->type;`
`25`		`- $handlersToRun = $this->handlers[$activityType] ?? [];`
	`25`	`+ $handlersToRun = $this->handlersByActivity[$activityType] ?? [];`
`26`	`26`	`foreach ($handlersToRun as $handlerClass) {`
`27`	`27`	`/** @var NotificationHandler $handler */`
`28`	`28`	`$handler = new $handlerClass();`
`@@ -35,12 +35,12 @@ public function handle(Activity $activity, string\|Loggable $detail, User $user):`
`35`	`35`	`*/`
`36`	`36`	`public function registerHandler(string $activityType, string $handlerClass): void`
`37`	`37`	`{`
`38`		`- if (!isset($this->handlers[$activityType])) {`
`39`		`- $this->handlers[$activityType] = [];`
	`38`	`+ if (!isset($this->handlersByActivity[$activityType])) {`
	`39`	`+ $this->handlersByActivity[$activityType] = [];`
`40`	`40`	`}`
`41`	`41`
`42`		`- if (!in_array($handlerClass, $this->handlers[$activityType])) {`
`43`		`- $this->handlers[$activityType][] = $handlerClass;`
	`42`	`+ if (!in_array($handlerClass, $this->handlersByActivity[$activityType])) {`
	`43`	`+ $this->handlersByActivity[$activityType][] = $handlerClass;`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`