Fix phpstan issues

johanib · johanib · commit b45ae5713370 · 2025-11-06T13:57:04.000+01:00
diff --git a/ci/qa/phpstan-baseline.neon b/ci/qa/phpstan-baseline.neon
diff --git a/ci/qa/rector.php b/ci/qa/rector.php
@@ -8,9 +8,8 @@
     ->withPaths([
          __DIR__ . '/../../src',
     ])
-    ->withPhpSets()
     ->withAttributesSets(all: true)
     ->withComposerBased(phpunit: true, symfony: true)
-    ->withTypeCoverageLevel(0)
+    ->withTypeCoverageLevel(10)
     ->withDeadCodeLevel(0)
     ->withCodeQualityLevel(0);
diff --git a/src/DependencyInjection/SurfnetSamlExtension.php b/src/DependencyInjection/SurfnetSamlExtension.php
@@ -158,9 +158,7 @@ private function parseRemoteConfiguration(array $remoteConfiguration, ContainerB
         if (!empty($remoteConfiguration['identity_provider']['enabled'])) {
             $definition = $this->parseRemoteIdentityProviderConfiguration($remoteConfiguration['identity_provider']);
 
-            if ($definition !== null) {
-                $container->setDefinition('surfnet_saml.remote.idp', $definition);
-            }
+            $container->setDefinition('surfnet_saml.remote.idp', $definition);
         }
     }
 
diff --git a/src/Http/PostBinding.php b/src/Http/PostBinding.php
@@ -42,7 +42,7 @@
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects")
  */
 class PostBinding implements HttpBinding
 {
diff --git a/src/Http/ReceivedAuthnRequestPost.php b/src/Http/ReceivedAuthnRequestPost.php
@@ -28,12 +28,15 @@ final class ReceivedAuthnRequestPost implements SignatureVerifiable
     public const PARAMETER_REQUEST = 'SAMLRequest';
     public const PARAMETER_RELAY_STATE = 'RelayState';
 
-    private ?string $relayState;
+    private ?string $relayState = null;
 
     private ?ReceivedAuthnRequest $receivedRequest = null;
 
-    private function __construct(private readonly string $samlRequest)
+    private readonly string $samlRequest;
+
+    private function __construct(string $samlRequest)
     {
+        $this->samlRequest = $samlRequest;
     }
 
     public static function parse(array $parameters): self
@@ -62,7 +65,7 @@ public function hasRelayState(): bool
         return $this->relayState !== null;
     }
 
-    public function getDecodedSamlRequest(): string|bool
+    public function getDecodedSamlRequest(): string
     {
         return base64_decode($this->samlRequest);
     }
diff --git a/src/Http/ReceivedAuthnRequestQueryString.php b/src/Http/ReceivedAuthnRequestQueryString.php
@@ -49,8 +49,8 @@ private function __construct(private readonly string $samlRequest)
     }
 
     /**
-     * @SuppressWarnings(PHPMD.CyclomaticComplexity) Extensive validation
-     * @SuppressWarnings(PHPMD.NPathComplexity) Extensive validation
+     * @SuppressWarnings("PHPMD.CyclomaticComplexity") Extensive validation
+     * @SuppressWarnings("PHPMD.NPathComplexity") Extensive validation
      */
     public static function parse(string $query): ReceivedAuthnRequestQueryString
     {
@@ -211,7 +211,7 @@ public function getSamlRequest(): string
         return $this->samlRequest;
     }
 
-    public function getSignatureAlgorithm(): ?string
+    public function getSignatureAlgorithm(): string
     {
         return urldecode($this->signatureAlgorithm);
     }
diff --git a/src/Http/RedirectBinding.php b/src/Http/RedirectBinding.php
@@ -32,7 +32,7 @@
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects) - not much we can do about it
+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects") - not much we can do about it
  * @see https://www.pivotaltracker.com/story/show/83028366
  */
 class RedirectBinding implements HttpBinding
@@ -71,7 +71,7 @@ public function receiveUnsignedAuthnRequestFrom(Request $request): ReceivedAuthn
     }
 
     /**
-     * @SuppressWarnings(PHPMD.NPathComplexity)
+     * @SuppressWarnings("PHPMD.NPathComplexity")
      */
     public function receiveSignedAuthnRequestFrom(Request $request): ReceivedAuthnRequest
     {
diff --git a/src/Metadata/MetadataFactory.php b/src/Metadata/MetadataFactory.php
@@ -72,10 +72,7 @@ private function buildMetadata(): Metadata
             $metadata->hasSpMetadata = true;
             $metadata->assertionConsumerUrl = $this->getUrl($metadataConfiguration->assertionConsumerRoute);
 
-            if ($metadataConfiguration->spCertificate &&
-                $metadataConfiguration->spCertificate !== '' &&
-                $metadataConfiguration->spCertificate !== '0'
-            ) {
+            if ($metadataConfiguration->spCertificate) {
                 $metadata->spCertificate = $this->getCertificateData($metadataConfiguration->spCertificate);
             }
         }
@@ -84,10 +81,7 @@ private function buildMetadata(): Metadata
             $metadata->hasIdPMetadata = true;
             $metadata->ssoUrl = $this->getUrl($metadataConfiguration->ssoRoute);
 
-            if ($metadataConfiguration->idpCertificate &&
-                $metadataConfiguration->idpCertificate !== '' &&
-                $metadataConfiguration->idpCertificate !== '0'
-            ) {
+            if ($metadataConfiguration->idpCertificate) {
                 $certificate = $this->getCertificateData($metadataConfiguration->idpCertificate);
             } else {
                 $certificate = $this->getCertificateData($metadataConfiguration->publicKey);
diff --git a/src/Monolog/SamlAuthenticationLogger.php b/src/Monolog/SamlAuthenticationLogger.php
@@ -25,7 +25,7 @@
 /**
  * Decorates a PSR logger and adds information pertaining to a SAML request procedure to each message's context.
  *
- * @SuppressWarnings(PHPMD.TooManyPublicMethods)
+ * @SuppressWarnings("PHPMD.TooManyPublicMethods")
  */
 final class SamlAuthenticationLogger implements LoggerInterface
 {
diff --git a/src/SAML2/Attribute/AttributeDictionary.php b/src/SAML2/Attribute/AttributeDictionary.php
@@ -107,7 +107,7 @@ public function getAttributeDefinition(string $attributeName): AttributeDefiniti
 
     public function findAttributeDefinitionByUrn(string $urn): ?AttributeDefinition
     {
-        if (!is_string($urn) || $urn === '') {
+        if ($urn === '') {
             throw InvalidArgumentException::invalidType('non-empty string', $urn, 'urn');
         }
 
diff --git a/src/SAML2/Attribute/ConfigurableAttributeSetFactory.php b/src/SAML2/Attribute/ConfigurableAttributeSetFactory.php
@@ -25,10 +25,7 @@ final class ConfigurableAttributeSetFactory implements AttributeSetFactory
 {
     private static string $attributeSetClassName = AttributeSet::class;
 
-    /**
-     * @param string $attributeSetClassName
-     */
-    public static function configureWhichAttributeSetToCreate($attributeSetClassName): void
+    public static function configureWhichAttributeSetToCreate(mixed $attributeSetClassName): void
     {
         if (!is_string($attributeSetClassName) || $attributeSetClassName === '') {
             throw InvalidArgumentException::invalidType('non-empty string', 'attributeSetClassName', $attributeSetClassName);
diff --git a/src/SAML2/AuthnRequestFactory.php b/src/SAML2/AuthnRequestFactory.php
@@ -34,7 +34,7 @@
 use Symfony\Component\HttpFoundation\Request;
 
 /**
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects")
  */
 class AuthnRequestFactory
 {
diff --git a/src/SAML2/Extensions/GsspUserAttributesChunk.php b/src/SAML2/Extensions/GsspUserAttributesChunk.php
@@ -33,7 +33,6 @@ public function __construct(?DOMElement $value = null)
 
         if ($value && $value->hasChildNodes()) {
             foreach ($value->childNodes as $child) {
-                assert($child instanceof DOMNode);
                 $root->appendChild($doc->importNode($child->cloneNode(true), true));
             }
         }
diff --git a/src/Security/Authentication/SamlAuthenticator.php b/src/Security/Authentication/SamlAuthenticator.php
@@ -48,12 +48,12 @@
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 
 /**
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects")
  */
 class SamlAuthenticator extends AbstractAuthenticator implements InteractiveAuthenticatorInterface, AuthenticationEntryPointInterface
 {
     /**
-     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
+     * @SuppressWarnings("PHPMD.ExcessiveParameterList")
      */
     public function __construct(
         private readonly IdentityProvider $identityProvider,
diff --git a/src/Value/DateTime.php b/src/Value/DateTime.php
@@ -24,7 +24,7 @@
 use Surfnet\SamlBundle\Exception\InvalidArgumentException;
 
 /**
- * @SuppressWarnings(PHPMD.TooManyPublicMethods) due to comparison methods
+ * @SuppressWarnings("PHPMD.TooManyPublicMethods") due to comparison methods
  */
 class DateTime implements Stringable
 {
@@ -33,16 +33,11 @@ class DateTime implements Stringable
      */
     final public const FORMAT = DATE_ATOM;
 
-    /**
-     * Allows for mocking of time.
-     */
-    private static ?self $now = null;
-
     private readonly CoreDateTime $dateTime;
 
     public static function now(): self
     {
-        return self::$now ?: new self(new CoreDateTime);
+        return new self(new CoreDateTime);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -158,9 +158,7 @@ private function parseRemoteConfiguration(array $remoteConfiguration, ContainerB`
`158`	`158`	`if (!empty($remoteConfiguration['identity_provider']['enabled'])) {`
`159`	`159`	`$definition = $this->parseRemoteIdentityProviderConfiguration($remoteConfiguration['identity_provider']);`
`160`	`160`
`161`		`- if ($definition !== null) {`
`162`		`- $container->setDefinition('surfnet_saml.remote.idp', $definition);`
`163`		`- }`
	`161`	`+ $container->setDefinition('surfnet_saml.remote.idp', $definition);`
`164`	`162`	`}`
`165`	`163`	`}`
`166`	`164`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`	`use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;`
`43`	`43`
`44`	`44`	`/**`
`45`		`- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)`
	`45`	`+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects")`
`46`	`46`	`*/`
`47`	`47`	`class PostBinding implements HttpBinding`
`48`	`48`	`{`
Original file line number	Diff line number	Diff line change
`@@ -28,12 +28,15 @@ final class ReceivedAuthnRequestPost implements SignatureVerifiable`
`28`	`28`	`public const PARAMETER_REQUEST = 'SAMLRequest';`
`29`	`29`	`public const PARAMETER_RELAY_STATE = 'RelayState';`
`30`	`30`
`31`		`- private ?string $relayState;`
	`31`	`+ private ?string $relayState = null;`
`32`	`32`
`33`	`33`	`private ?ReceivedAuthnRequest $receivedRequest = null;`
`34`	`34`
`35`		`- private function __construct(private readonly string $samlRequest)`
	`35`	`+ private readonly string $samlRequest;`
	`36`	`+`
	`37`	`+ private function __construct(string $samlRequest)`
`36`	`38`	`{`
	`39`	`+ $this->samlRequest = $samlRequest;`
`37`	`40`	`}`
`38`	`41`
`39`	`42`	`public static function parse(array $parameters): self`
`@@ -62,7 +65,7 @@ public function hasRelayState(): bool`
`62`	`65`	`return $this->relayState !== null;`
`63`	`66`	`}`
`64`	`67`
`65`		`- public function getDecodedSamlRequest(): string\|bool`
	`68`	`+ public function getDecodedSamlRequest(): string`
`66`	`69`	`{`
`67`	`70`	`return base64_decode($this->samlRequest);`
`68`	`71`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,8 +49,8 @@ private function __construct(private readonly string $samlRequest)`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`/**`
`52`		`- * @SuppressWarnings(PHPMD.CyclomaticComplexity) Extensive validation`
`53`		`- * @SuppressWarnings(PHPMD.NPathComplexity) Extensive validation`
	`52`	`+ * @SuppressWarnings("PHPMD.CyclomaticComplexity") Extensive validation`
	`53`	`+ * @SuppressWarnings("PHPMD.NPathComplexity") Extensive validation`
`54`	`54`	`*/`
`55`	`55`	`public static function parse(string $query): ReceivedAuthnRequestQueryString`
`56`	`56`	`{`
`@@ -211,7 +211,7 @@ public function getSamlRequest(): string`
`211`	`211`	`return $this->samlRequest;`
`212`	`212`	`}`
`213`	`213`
`214`		`- public function getSignatureAlgorithm(): ?string`
	`214`	`+ public function getSignatureAlgorithm(): string`
`215`	`215`	`{`
`216`	`216`	`return urldecode($this->signatureAlgorithm);`
`217`	`217`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`/**`
`26`	`26`	`* Decorates a PSR logger and adds information pertaining to a SAML request procedure to each message's context.`
`27`	`27`	`*`
`28`		`- * @SuppressWarnings(PHPMD.TooManyPublicMethods)`
	`28`	`+ * @SuppressWarnings("PHPMD.TooManyPublicMethods")`
`29`	`29`	`*/`
`30`	`30`	`final class SamlAuthenticationLogger implements LoggerInterface`
`31`	`31`	`{`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public function getAttributeDefinition(string $attributeName): AttributeDefiniti`
`107`	`107`
`108`	`108`	`public function findAttributeDefinitionByUrn(string $urn): ?AttributeDefinition`
`109`	`109`	`{`
`110`		`- if (!is_string($urn) \|\| $urn === '') {`
	`110`	`+ if ($urn === '') {`
`111`	`111`	`throw InvalidArgumentException::invalidType('non-empty string', $urn, 'urn');`
`112`	`112`	`}`
`113`	`113`