Add support for Symfony 7

.github/workflows/test-integration.yml

@@ -6,16 +6,9 @@ jobs:
     continue-on-error: ${{ matrix.experimental }}
     strategy:
       matrix:
-        php-versions: [ '8.2']
+        php-versions: [ '8.2', '8.4']
         experimental: [false]
-        include:
-          - php-versions: '8.1'
-            experimental: true
-          - php-versions: '8.3'
-            experimental: true
-          - php-versions: '8.4'
-            experimental: true
-    timeout-minutes: 30
+    timeout-minutes: 15
     name: PHP ${{ matrix.php-versions }} on Ubuntu latest. Experimental == ${{ matrix.experimental }}
     steps:
       - name: Install PHP
@@ -29,7 +22,7 @@ jobs:
         continue-on-error: ${{ matrix.experimental }}
       - id: checks
         name: Run CI tests
-        run: composer check
+        run: composer check-ci
         continue-on-error: ${{ matrix.experimental }}
       - name: Output log files on failure
         if: failure()

.gitignore

@@ -3,3 +3,4 @@
 .idea
 composer.lock
 .phpunit.result.cache
+var

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 7.0.0
+- Add SF 7 support
+- Upgrade dev & qa tooling
+
+Backward compatibility breaks:  
+ * Minor: `\Surfnet\SamlBundle\SAML2\BridgeContainer::debugMessage` Will now throw a `\Surfnet\SamlBundle\Exception\InvalidArgumentException` instead of 'Fatal error: Uncaught TypeError' if an invalid `$message` is debugged.
+
 # 6.0.0
 - Add SF 6 support
 - Require PHP 8.1

ci/qa/docheader

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+cd $(dirname $0)/../../
+
+./vendor/bin/docheader --no-ansi --docheader=ci/qa/docheader.template check src/
+

ci/qa/docheader.template

@@ -0,0 +1,16 @@
+/**
+ * Copyright %regexp:\d{4}% SURFnet %regexp:(B.V.|bv)%
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+

ci/qa/phpcbf

@@ -3,4 +3,4 @@
 cd $(dirname $0)/../../
 
 # https://github.com/squizlabs/PHP_CodeSniffer/wiki/Fixing-Errors-Automatically
-./vendor/bin/phpcbf --standard=ci/qa/phpcs.xml $1
+./vendor/bin/phpcbf --standard=ci/qa/phpcs.xml --extensions=php src $1

ci/qa/phpcpd

@@ -3,5 +3,4 @@
 cd $(dirname $0)/../../
 
 # https://github.com/sebastianbergmann/phpcpd
-./vendor/bin/phpcpd \
-    ./src $1
+vendor/bin/phpcpd ./src

ci/qa/phpcs

@@ -3,4 +3,4 @@
 cd $(dirname $0)/../../
 
 # https://github.com/squizlabs/PHP_CodeSniffer/wiki/Usage
-./vendor/bin/phpcs --report=full --standard=ci/qa/phpcs.xml --ignore=*/Tests/* --warning-severity=0 --extensions=php src
+./vendor/bin/phpcs --report=full --standard=ci/qa/phpcs.xml --warning-severity=0 --extensions=php src

ci/qa/phpcs.xml

@@ -15,5 +15,18 @@
             <property name="lineLimit" value="120"/>
             <property name="absoluteLineLimit" value="150"/>
         </properties>
+      <exclude-pattern>src/Tests/*</exclude-pattern>
     </rule>
+
+  <rule ref="PSR1.Methods.CamelCapsMethodName">
+    <exclude-pattern>src/Tests/*</exclude-pattern>
+  </rule>
+
+  <rule ref="SlevomatCodingStandard.Namespaces.ReferenceUsedNamesOnly"/>
+  <rule ref="SlevomatCodingStandard.Namespaces.UnusedUses">
+    <properties>
+      <property name="searchAnnotations" type="bool" value="true"/>
+    </properties>
+  </rule>
+  <rule ref="SlevomatCodingStandard.Namespaces.AlphabeticallySortedUses"/>
 </ruleset>

ci/qa/phplint.yaml

@@ -1,6 +1,6 @@
-path: [./src, ./tests]
+path: [./src]
 jobs: 10
-cache: /var/qa/phplint.cache
+cache-dir: var/qa/phplint.cache
 extensions:
     - php
 exclude:

ci/qa/phpunit.xml

@@ -1,10 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/9.6/phpunit.xsd"
+         xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/11.5/phpunit.xsd"
          backupGlobals="false"
          colors="true"
          bootstrap="../../vendor/autoload.php"
+         cacheDirectory="../../var/qa/phpunit.cache"
 >
     <php>
         <env name="SYMFONY_DEPRECATIONS_HELPER" value="weak" />
@@ -18,16 +19,4 @@
             <directory>../../src/Tests/Component</directory>
         </testsuite>
     </testsuites>
-    <coverage processUncoveredFiles="true">
-        <include>
-            <directory>../../src</directory>
-        </include>
-        <exclude>
-            <directory>../../src/Tests</directory>
-        </exclude>
-    </coverage>
-    <listeners>
-        <listener class="\Symfony\Bridge\PhpUnit\SymfonyTestsListener"/>
-        <listener class="\Mockery\Adapter\Phpunit\TestListener"/>
-    </listeners>
 </phpunit>

ci/qa/rector.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+use Rector\Config\RectorConfig;
+
+return RectorConfig::configure()
+    ->withPaths([
+         __DIR__ . '/../../src',
+    ])
+    ->withAttributesSets(all: true)
+    ->withComposerBased(phpunit: true, symfony: true)
+    ->withTypeCoverageLevel(10)
+    ->withDeadCodeLevel(10)
+    ->withCodeQualityLevel(10);

ci/qa/rector.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+# Ensure we run from project root
+cd "$(dirname "$0")/../../" || exit 1
+./vendor/bin/rector --config=ci/qa/rector.php "$@"

composer.json

@@ -1,46 +1,55 @@
 {
     "name": "surfnet/stepup-saml-bundle",
     "type": "symfony-bundle",
-    "description": "A Symfony 6 bundle that integrates the simplesamlphp\\saml2 library with Symfony.",
+    "description": "A Symfony 7 bundle that integrates the simplesamlphp\\saml2 library with Symfony.",
     "keywords": ["surfnet", "StepUp", "simplesamlphp", "SAML", "SAML2"],
     "license": "Apache-2.0",
     "minimum-stability": "stable",
     "require": {
         "php": "^8.1",
         "ext-dom": "*",
         "ext-openssl": "*",
+        "psr/log": "^3.0",
         "robrichards/xmlseclibs": "^3.1.1",
         "simplesamlphp/saml2": "^4.6",
-        "symfony/dependency-injection": "^6.3",
-        "symfony/framework-bundle": "^6.3",
-        "symfony/security-bundle": "^6.3",
-        "symfony/templating": "^6.3",
+        "symfony/dependency-injection": "^6.3|^7.0",
+        "symfony/framework-bundle": "^6.3|^7.0",
+        "symfony/security-bundle": "^6.3|^7.0",
+        "symfony/templating": "^6.3|7.0",
         "twig/twig": "^3"
     },
     "require-dev": {
+        "ext-libxml": "*",
         "ext-zlib": "*",
-        "mbhsoft/phpunit-xsdvalidation": "^3.0",
+        "irstea/phpcpd-shim": "^6.0",
+        "malukenho/docheader": "^1.1",
         "mockery/mockery": "^1.5",
         "overtrue/phplint": "*",
         "phpmd/phpmd": "^2.6",
-        "phpstan/phpstan": "^1.10",
-        "phpunit/phpunit": "^9.5",
-        "psr/log": "~1.0",
-        "sebastian/exporter": "^4.0.5",
-        "sebastian/phpcpd": "^6.0",
-        "squizlabs/php_codesniffer": "^3.7.1",
-        "symfony/phpunit-bridge": "^6.3",
-        "phpstan/extension-installer": "^1.3"
+        "phpstan/extension-installer": "^1.4",
+        "phpstan/phpstan": "^2.1",
+        "phpunit/phpunit": "^11.0.0",
+        "rector/rector": "^2.2",
+        "sebastian/exporter": "^6.3",
+        "slevomat/coding-standard": "^8.24",
+        "squizlabs/php_codesniffer": "^4.0",
+        "symfony/phpunit-bridge": "^7.3.4"
     },
     "scripts": {
         "check": [
-            "@composer-validate",
-            "@phplint",
-            "@phpcpd",
-            "@phpcs",
-            "@phpmd",
-            "@phpstan",
-            "@test"
+          "@check-ci",
+          "@rector"
+        ],
+        "check-ci": [
+          "@composer-validate",
+          "@license-headers",
+          "@phplint",
+          "@phpcpd",
+          "@phpcs",
+          "@phpmd",
+          "@test",
+          "@phpstan",
+          "@composer audit"
         ],
         "composer-validate": "./ci/qa/validate",
         "phplint": "./ci/qa/phplint",
@@ -50,7 +59,10 @@
         "phpstan": "./ci/qa/phpstan",
         "phpstan-baseline": "./ci/qa/phpstan-update-baseline",
         "test": "./ci/qa/phpunit",
-        "phpcbf": "./ci/qa/phpcbf"
+        "license-headers": "./ci/qa/docheader",
+        "phpcbf": "./ci/qa/phpcbf",
+        "rector":  "./ci/qa/rector.sh --dry-run",
+        "rector-fix":  "./ci/qa/rector.sh"
     },
     "autoload": {
         "psr-4": {
@@ -67,7 +79,9 @@
     "config": {
         "sort-packages": true,
         "allow-plugins": {
-            "phpstan/extension-installer": true
+            "dealerdirect/phpcodesniffer-composer-installer": true,
+            "phpstan/extension-installer": true,
+            "simplesamlphp/composer-xmlprovider-installer": true
         }
     }
 }

src/DependencyInjection/SurfnetSamlExtension.php

@@ -24,11 +24,11 @@
 use Surfnet\SamlBundle\Entity\StaticServiceProviderRepository;
 use Surfnet\SamlBundle\Exception\SamlInvalidConfigurationException;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\Config\FileLocator;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Definition;
-use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use Symfony\Component\DependencyInjection\Loader;
+use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use function array_key_exists;
 
 class SurfnetSamlExtension extends Extension
@@ -158,9 +158,7 @@ private function parseRemoteConfiguration(array $remoteConfiguration, ContainerB
         if (!empty($remoteConfiguration['identity_provider']['enabled'])) {
             $definition = $this->parseRemoteIdentityProviderConfiguration($remoteConfiguration['identity_provider']);
 
-            if ($definition !== null) {
-                $container->setDefinition('surfnet_saml.remote.idp', $definition);
-            }
+            $container->setDefinition('surfnet_saml.remote.idp', $definition);
         }
     }
 
@@ -169,7 +167,7 @@ private function parseRemoteConfiguration(array $remoteConfiguration, ContainerB
      */
     private function parseRemoteIdentityProviderConfigurations(array $identityProviders, ContainerBuilder $container): void
     {
-        $definitions = array_map(fn($config) => $this->parseRemoteIdentityProviderConfiguration($config), $identityProviders);
+        $definitions = array_map(fn($config): Definition => $this->parseRemoteIdentityProviderConfiguration($config), $identityProviders);
 
         $definition = new Definition(StaticIdentityProviderRepository::class, [
             $definitions
@@ -202,7 +200,7 @@ private function parseRemoteIdentityProviderConfiguration(array $identityProvide
      */
     private function parseRemoteServiceProviderConfigurations(array $serviceProviders, ContainerBuilder $container): void
     {
-        $definitions = array_map(fn($config) => $this->parseRemoteServiceProviderConfiguration($config), $serviceProviders);
+        $definitions = array_map(fn($config): Definition => $this->parseRemoteServiceProviderConfiguration($config), $serviceProviders);
 
         $definition = new Definition(StaticServiceProviderRepository::class, [
             $definitions

src/Http/Exception/InvalidRequestException.php

@@ -18,9 +18,8 @@
 
 namespace Surfnet\SamlBundle\Http\Exception;
 
-use Surfnet\SamlBundle\Exception\Exception;
 use Surfnet\SamlBundle\Exception\RuntimeException;
 
-class InvalidRequestException extends RuntimeException implements Exception
+class InvalidRequestException extends RuntimeException
 {
 }

src/Http/PostBinding.php

@@ -42,7 +42,7 @@
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects")
  */
 class PostBinding implements HttpBinding
 {

src/Http/ReceivedAuthnRequestPost.php

@@ -28,12 +28,15 @@ final class ReceivedAuthnRequestPost implements SignatureVerifiable
     public const PARAMETER_REQUEST = 'SAMLRequest';
     public const PARAMETER_RELAY_STATE = 'RelayState';
 
-    private ?string $relayState;
+    private ?string $relayState = null;
 
     private ?ReceivedAuthnRequest $receivedRequest = null;
 
-    private function __construct(private readonly string $samlRequest)
+    private readonly string $samlRequest;
+
+    private function __construct(string $samlRequest)
     {
+        $this->samlRequest = $samlRequest;
     }
 
     public static function parse(array $parameters): self
@@ -62,7 +65,7 @@ public function hasRelayState(): bool
         return $this->relayState !== null;
     }
 
-    public function getDecodedSamlRequest(): string|bool
+    public function getDecodedSamlRequest(): string
     {
         return base64_decode($this->samlRequest);
     }

src/Http/ReceivedAuthnRequestQueryString.php

@@ -49,8 +49,8 @@ private function __construct(private readonly string $samlRequest)
     }
 
     /**
-     * @SuppressWarnings(PHPMD.CyclomaticComplexity) Extensive validation
-     * @SuppressWarnings(PHPMD.NPathComplexity) Extensive validation
+     * @SuppressWarnings("PHPMD.CyclomaticComplexity") Extensive validation
+     * @SuppressWarnings("PHPMD.NPathComplexity") Extensive validation
      */
     public static function parse(string $query): ReceivedAuthnRequestQueryString
     {
@@ -211,7 +211,7 @@ public function getSamlRequest(): string
         return $this->samlRequest;
     }
 
-    public function getSignatureAlgorithm(): ?string
+    public function getSignatureAlgorithm(): string
     {
         return urldecode($this->signatureAlgorithm);
     }

src/Http/RedirectBinding.php

@@ -32,7 +32,7 @@
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects) - not much we can do about it
+ * @SuppressWarnings("PHPMD.CouplingBetweenObjects") - not much we can do about it
  * @see https://www.pivotaltracker.com/story/show/83028366
  */
 class RedirectBinding implements HttpBinding
@@ -71,7 +71,7 @@ public function receiveUnsignedAuthnRequestFrom(Request $request): ReceivedAuthn
     }
 
     /**
-     * @SuppressWarnings(PHPMD.NPathComplexity)
+     * @SuppressWarnings("PHPMD.NPathComplexity")
      */
     public function receiveSignedAuthnRequestFrom(Request $request): ReceivedAuthnRequest
     {