diff --git a/lib/SimpleSAML/Command/RouterDebugCommand.php b/lib/SimpleSAML/Command/RouterDebugCommand.php index d1bfab227e89241faeed568dac483997dea75863..05edf2fe6553363a5ad686ce68d81a79c5d71043 100644 --- a/lib/SimpleSAML/Command/RouterDebugCommand.php +++ b/lib/SimpleSAML/Command/RouterDebugCommand.php @@ -26,7 +26,7 @@ class RouterDebugCommand extends Command /** - * @param Symfony\Component\Routing\RouterInterface + * @param \Symfony\Component\Routing\RouterInterface * * @throws \Symfony\Component\Console\Exception\LogicException When the command name is empty */ @@ -58,7 +58,7 @@ EOF /** * @param \Symfony\Component\Console\Input\InputInterface $input * @param \Symfony\Component\Console\Output\OutputInterface $output - * @return int 0 if everything went fine, or an exit code + * @return void */ protected function execute(InputInterface $input, OutputInterface $output) { diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php index 5059487a96de5c0b63377fd1918052c4a1f4c0df..be7ad8955b464b2ae85d7cf4e35f0fb8cd027847 100644 --- a/lib/SimpleSAML/Configuration.php +++ b/lib/SimpleSAML/Configuration.php @@ -468,8 +468,6 @@ class Configuration implements Utils\ClearableState return null; } - Assert::string($path); - return Utils\System::resolvePath($path, $this->getBaseDir()); } @@ -790,8 +788,6 @@ class Configuration implements Utils\ClearableState */ public function getArrayize(string $name, $default = self::REQUIRED_OPTION) { - Assert::string($name); - $ret = $this->getValue($name, $default); if ($ret === $default) { @@ -817,7 +813,7 @@ class Configuration implements Utils\ClearableState * required if this parameter isn't given. The default value can be any value, including * null. * - * @return array The option with the given name, or $default if the option isn't found and $default is specified. + * @return mixed The option with the given name, or $default if the option isn't found and $default is specified. * * @throws \Exception If the option is not a string or an array of strings. */ @@ -858,7 +854,8 @@ class Configuration implements Utils\ClearableState * This function will only return null if $default is set to null and the option * doesn't exist. * - * @return \SimpleSAML\Configuration|null The option with the given name, or $default if the option isn't found and $default is specified. + * @return \SimpleSAML\Configuration|null The option with the given name, + * or $default if the option isn't found and $default is specified. * * @throws \Exception If the option is not an array. */ @@ -1022,7 +1019,7 @@ class Configuration implements Utils\ClearableState * @param mixed $default The default value to return if no matching endpoint is found. If no default is provided, * an exception will be thrown. * - * @return array|null The default endpoint, or null if no acceptable endpoints are used. + * @return mixed|null The default endpoint, or null if no acceptable endpoints are used. * * @throws \Exception If no supported endpoint is found. */ diff --git a/lib/SimpleSAML/Error/AuthSource.php b/lib/SimpleSAML/Error/AuthSource.php index b836b93b806166d3070bf71bf560f506e16ad0c9..b42ab25d0d85e6a6c4eab9dd45c65d19ea8575e9 100644 --- a/lib/SimpleSAML/Error/AuthSource.php +++ b/lib/SimpleSAML/Error/AuthSource.php @@ -4,13 +4,12 @@ declare(strict_types=1); namespace SimpleSAML\Error; -use Exception; use Webmozart\Assert\Assert; /** * Baseclass for auth source exceptions. * - * @package SimpleSAMLphp_base + * @package SimpleSAMLphp * */ @@ -36,7 +35,7 @@ class AuthSource extends Error * @param string $reason Description of the error. * @param \Exception|null $cause */ - public function __construct(string $authsource, string $reason, Exception $cause = null) + public function __construct(string $authsource, string $reason, \Exception $cause = null) { $this->authsource = $authsource; $this->reason = $reason; diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php index 0805dd328da930d2b2400ad01f0c42db3aaa3a83..be1742dcdf5c2c69416f75046809f85d162c0271 100644 --- a/lib/SimpleSAML/Logger.php +++ b/lib/SimpleSAML/Logger.php @@ -426,7 +426,6 @@ class Logger // get the configuration $config = Configuration::getInstance(); - Assert::isInstanceOf($config, Configuration::class); // setting minimum log_level self::$logLevel = $config->getInteger('logging.level', self::INFO); diff --git a/lib/SimpleSAML/Memcache.php b/lib/SimpleSAML/Memcache.php index 7eff621f7238c4263905dcff90131b8ccddd57ae..07302815eddd96112e60891921216d56d33e850a 100644 --- a/lib/SimpleSAML/Memcache.php +++ b/lib/SimpleSAML/Memcache.php @@ -408,7 +408,6 @@ class Memcache { // get the configuration instance $config = Configuration::getInstance(); - Assert::isInstanceOf($config, Configuration::class); // get the expire-value from the configuration $expire = $config->getInteger('memcache_store.expires', 0); diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php index ac8407ce3d4c0b055ca079fd580042772cbbe487..e4a88e189edef243107c90a68e653cd8d7341ee3 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php @@ -108,7 +108,6 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState // get the configuration $config = Configuration::getInstance(); - Assert::isInstanceOf($config, Configuration::class); $baseurl = Utils\HTTP::getSelfURLHost() . $config->getBasePath(); @@ -311,8 +310,6 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState $index = $this->getMetaDataCurrentEntityID($set, 'metaindex'); } - Assert::string($index); - foreach ($this->sources as $source) { $metadata = $source->getMetaData($index, $set); diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index f598e7e0295cb2afe98f846ebda0c9d517ae85f5..d7ae636765d36ec2f6cd11b1f87fa0ddb6c34a67 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -76,8 +76,6 @@ class SAMLBuilder */ public function __construct(string $entityId, int $maxCache = null, int $maxDuration = null) { - Assert::string($entityId); - $this->maxCache = $maxCache; $this->maxDuration = $maxDuration; @@ -132,8 +130,6 @@ class SAMLBuilder */ public function getEntityDescriptorText(bool $formatted = true): string { - Assert::boolean($formatted); - $xml = $this->getEntityDescriptor(); if ($formatted) { Utils\XML::formatDOMElement($xml); diff --git a/lib/SimpleSAML/Module.php b/lib/SimpleSAML/Module.php index e59418bdca6795ac13b4c3bb8c4b2ea6de38a78f..285882f7c47642f0f8e5fdc1b73da0d8f3272977 100644 --- a/lib/SimpleSAML/Module.php +++ b/lib/SimpleSAML/Module.php @@ -583,7 +583,7 @@ class Module * * This method removes the trailing slash and redirects to the resulting URL. * - * @param Symfony\Component\HttpFoundation\Request $request The request to process by this controller method. + * @param \Symfony\Component\HttpFoundation\Request $request The request to process by this controller method. * * @return \Symfony\Component\HttpFoundation\RedirectResponse * A redirection to the URI specified in the request, but without the trailing slash. diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index e0a16dd3e79c0b838e3495704bdd5185851aa723..61428d3e935eb726bcb7b67e88c1997cf054318e 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -352,8 +352,6 @@ class Session implements \Serializable, Utils\ClearableState return null; } - Assert::isInstanceOf($session, self::class); - if ($checkToken) { $globalConfig = Configuration::getInstance(); diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php index 44752f4e5cf8ad82d6d792fc002e332035d35861..f37c31803db5d848781e5ba8d7aaac7a0e996b5a 100644 --- a/lib/SimpleSAML/Utils/Crypto.php +++ b/lib/SimpleSAML/Utils/Crypto.php @@ -328,9 +328,7 @@ class Crypto */ public static function pwHash(string $password): string { - if (!is_string($password)) { - throw new \InvalidArgumentException('Invalid input parameter.'); - } elseif (!is_string($hash = password_hash($password, PASSWORD_DEFAULT))) { + if (!is_string($hash = password_hash($password, PASSWORD_DEFAULT))) { throw new \InvalidArgumentException('Error while hashing password.'); } return $hash; diff --git a/lib/SimpleSAML/Utils/System.php b/lib/SimpleSAML/Utils/System.php index 2c2b4d181db62ac2bcb64685cde1947cb01ce49d..a61b6784c56e31218fd2881a6ba990bf19961d94 100644 --- a/lib/SimpleSAML/Utils/System.php +++ b/lib/SimpleSAML/Utils/System.php @@ -28,7 +28,8 @@ class System /** * This function returns the Operating System we are running on. * - * @return string|false A predefined constant identifying the OS we are running on. False if we are unable to determine it. + * @return int|false A predefined constant identifying the OS we are running on. + * False if we are unable to determine it. * * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no> */ diff --git a/modules/admin/lib/Controller/Config.php b/modules/admin/lib/Controller/Config.php index ad94e0df787de7f4c0bac48391819f1a1f4b0afb..423adafb05868b749a6642c7cf4e20cd4a91882a 100644 --- a/modules/admin/lib/Controller/Config.php +++ b/modules/admin/lib/Controller/Config.php @@ -57,7 +57,7 @@ class Config * * @return \SimpleSAML\XHTML\Template */ - public function diagnostics(Request $request) + public function diagnostics(Request $request): Template { Utils\Auth::requireAdmin(); @@ -90,7 +90,7 @@ class Config * * @return \SimpleSAML\XHTML\Template */ - public function main() + public function main(): Template { Utils\Auth::requireAdmin(); @@ -127,7 +127,7 @@ class Config * * @return RunnableResponse */ - public function phpinfo() + public function phpinfo(): RunnableResponse { Utils\Auth::requireAdmin(); @@ -148,7 +148,7 @@ class Config * * @return array */ - protected function getPrerequisiteChecks() + protected function getPrerequisiteChecks(): array { $matrix = [ [ @@ -333,7 +333,7 @@ class Config * * @return array */ - protected function getWarnings() + protected function getWarnings(): array { $warnings = []; diff --git a/modules/admin/lib/Controller/Federation.php b/modules/admin/lib/Controller/Federation.php index 6b6e0ca3710b152700ffc72cfba9f10173f6e1da..7ba872b7d2fa7cdc6c7550c0ab130d3ce4a297cd 100644 --- a/modules/admin/lib/Controller/Federation.php +++ b/modules/admin/lib/Controller/Federation.php @@ -62,7 +62,7 @@ class Federation * @throws \SimpleSAML\Error\Exception * @throws \SimpleSAML\Error\Exception */ - public function main() + public function main(): Template { Utils\Auth::requireAdmin(); @@ -344,7 +344,7 @@ class Federation * * @return \SimpleSAML\XHTML\Template */ - public function metadataConverter(Request $request) + public function metadataConverter(Request $request): Template { Utils\Auth::requireAdmin(); if ($xmlfile = $request->files->get('xmlfile')) { @@ -411,7 +411,7 @@ class Federation * * @return Response PEM-encoded certificate. */ - public function downloadCert(Request $request) + public function downloadCert(Request $request): Response { Utils\Auth::requireAdmin(); @@ -454,7 +454,7 @@ class Federation * * @return Response */ - public function showRemoteEntity(Request $request) + public function showRemoteEntity(Request $request): Response { Utils\Auth::requireAdmin(); diff --git a/modules/admin/lib/Controller/Menu.php b/modules/admin/lib/Controller/Menu.php index 6887fab1abd066809ea8b0207d8db5d701c6bfb7..bd1b2f4304ef621b3e695a7c244e2bb6f764940c 100644 --- a/modules/admin/lib/Controller/Menu.php +++ b/modules/admin/lib/Controller/Menu.php @@ -55,7 +55,7 @@ final class Menu * @param string $name The name of the option for display purposes. * @return void */ - public function addOption($id, $url, $name) + public function addOption(string $id, string $url, string $name): void { $this->options[$id] = [ 'url' => $url, @@ -84,7 +84,7 @@ final class Menu * * @return \SimpleSAML\XHTML\Template The template with the added menu. */ - public function insert(Template $template) + public function insert(Template $template): Template { $template->data['menu'] = $this->options; Module::callHooks('adminmenu', $template); diff --git a/modules/admin/lib/Controller/Test.php b/modules/admin/lib/Controller/Test.php index 06b4baa0f7d6ea4b80b5e76b6491428642016b1d..5a9dd1db208dcbfab92e8d901704dce1dca62724 100644 --- a/modules/admin/lib/Controller/Test.php +++ b/modules/admin/lib/Controller/Test.php @@ -58,7 +58,7 @@ class Test * @param string|null $as * @return \SimpleSAML\XHTML\Template */ - public function main(Request $request, $as) + public function main(Request $request, string $as = null) { Utils\Auth::requireAdmin(); if (is_null($as)) { diff --git a/modules/core/hooks/hook_frontpage.php b/modules/core/hooks/hook_frontpage.php index f6ff146a3978a41970a25dbefc0979a22e4a7612..8eb6d6416498b9bbf19586579f4868ad9906f194 100644 --- a/modules/core/hooks/hook_frontpage.php +++ b/modules/core/hooks/hook_frontpage.php @@ -10,9 +10,8 @@ use Webmozart\Assert\Assert; * @param array &$links The links on the frontpage, split into sections. * @return void */ -function core_hook_frontpage(&$links) +function core_hook_frontpage(array &$links): void { - Assert::isArray($links); Assert::keyExists($links, 'links'); $links['links']['frontpage_welcome'] = [ diff --git a/modules/core/hooks/hook_sanitycheck.php b/modules/core/hooks/hook_sanitycheck.php index c786872bb70049a549d8e81c4ea825ddb4a22a6d..d37d6c62b43fa4e81a7906215058575f85cdc103 100644 --- a/modules/core/hooks/hook_sanitycheck.php +++ b/modules/core/hooks/hook_sanitycheck.php @@ -10,9 +10,8 @@ use Webmozart\Assert\Assert; * @param array &$hookinfo hookinfo * @return void */ -function core_hook_sanitycheck(&$hookinfo) +function core_hook_sanitycheck(array &$hookinfo): void { - Assert::isArray($hookinfo); Assert::keyExists($hookinfo, 'errors'); Assert::keyExists($hookinfo, 'info'); diff --git a/modules/core/lib/ACL.php b/modules/core/lib/ACL.php index 6ab1baa790f1ea76cf345e95b5794ac05221e0cb..0840cd12b95846137eeee8ed87d9f76478d47cb9 100644 --- a/modules/core/lib/ACL.php +++ b/modules/core/lib/ACL.php @@ -23,6 +23,7 @@ class ACL */ private $acl; + /** * Initializer for this access control list. * @@ -70,13 +71,14 @@ class ACL return $config->getArray($id); } + /** * Match the attributes against the access control list. * * @param array $attributes The attributes of an user. * @return boolean TRUE if the user is allowed to access the resource, FALSE if not. */ - public function allows(array $attributes) + public function allows(array $attributes): bool { foreach ($this->acl as $rule) { $action = array_shift($rule); @@ -94,6 +96,7 @@ class ACL return false; } + /** * Match the attributes against the given rule. * @@ -129,6 +132,7 @@ class ACL } } + /** * 'and' match operator. * @@ -148,6 +152,7 @@ class ACL return true; } + /** * 'equals' match operator. * @@ -188,6 +193,7 @@ class ACL return true; } + /** * 'equals-preg' match operator. * @@ -229,6 +235,7 @@ class ACL return true; } + /** * 'has' match operator. * @@ -256,6 +263,7 @@ class ACL return true; } + /** * 'has-preg' match operator. * @@ -284,6 +292,7 @@ class ACL return true; } + /** * 'or' match operator. * diff --git a/modules/core/lib/Auth/Process/AttributeMap.php b/modules/core/lib/Auth/Process/AttributeMap.php index 63c81aad0e6ba97ec2aba50eff5627e8c5fb45a7..5a79368b94ed03c9d46b08f2641b33790ec2ec48 100644 --- a/modules/core/lib/Auth/Process/AttributeMap.php +++ b/modules/core/lib/Auth/Process/AttributeMap.php @@ -101,6 +101,7 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter throw new \Exception('Could not find attribute map file: ' . $filePath); } + /** @psalm-var mixed|null $attributemap */ $attributemap = null; include($filePath); if (!is_array($attributemap)) { diff --git a/modules/core/lib/Auth/Source/AdminPassword.php b/modules/core/lib/Auth/Source/AdminPassword.php index 5f2b8f7b5fbff5146445e3b24197b4cc9e195e76..9433372556bf500d2aa7d8ae27f0b63724612ef5 100644 --- a/modules/core/lib/Auth/Source/AdminPassword.php +++ b/modules/core/lib/Auth/Source/AdminPassword.php @@ -25,9 +25,6 @@ class AdminPassword extends \SimpleSAML\Module\core\Auth\UserPassBase */ public function __construct(array $info, array $config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -50,9 +47,6 @@ class AdminPassword extends \SimpleSAML\Module\core\Auth\UserPassBase */ protected function login(string $username, string $password): array { - Assert::string($username); - Assert::string($password); - $config = Configuration::getInstance(); $adminPassword = $config->getString('auth.adminpassword', '123'); if ($adminPassword === '123') { diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php index 4b2ac3452e52f067564bc3f42b2f1848928bf6fd..14890d8de6a49e110f18f220a5c1bbfc3a5129c5 100644 --- a/modules/core/lib/Auth/UserPassBase.php +++ b/modules/core/lib/Auth/UserPassBase.php @@ -100,11 +100,8 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source * @param array $info Information about this authentication source. * @param array &$config Configuration for this authentication source. */ - public function __construct($info, &$config) + public function __construct(array $info, array &$config) { - Assert::isArray($info); - Assert::isArray($config); - if (isset($config['core:loginpage_links'])) { $this->loginLinks = $config['core:loginpage_links']; } @@ -135,7 +132,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source * @param string|null $forcedUsername The forced username. * @return void */ - public function setForcedUsername($forcedUsername): void + public function setForcedUsername(?string $forcedUsername): void { Assert::nullOrString($forcedUsername); $this->forcedUsername = $forcedUsername; @@ -143,7 +140,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source /** * Return login links from configuration - * @return array + * @return string[] */ public function getLoginLinks(): array { @@ -238,7 +235,6 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source } $attributes = $this->login($username, $password); - Assert::isArray($attributes); $state['Attributes'] = $attributes; return; @@ -271,9 +267,9 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source * * @param string $username The username the user wrote. * @param string $password The password the user wrote. - * @return array Associative array with the user's attributes. + * @return array Associative array with the user's attributes. */ - abstract protected function login($username, $password): array; + abstract protected function login(string $username, string $password): array; /** @@ -288,7 +284,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source * @param string $password The password the user wrote. * @return void */ - public static function handleLogin(string $authStateId, string $username, string $password) + public static function handleLogin(string $authStateId, string $username, string $password): void { // Here we retrieve the state array we saved in the authenticate-function. /** @var array $state */ @@ -319,7 +315,6 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source Logger::stats('User \'' . $username . '\' successfully authenticated from ' . $_SERVER['REMOTE_ADDR']); // Save the attributes we received from the login-function in the $state-array - Assert::isArray($attributes); $state['Attributes'] = $attributes; // Return control to SimpleSAMLphp after successful authentication. diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php index f8ba52fd0aec98f56a94152fcf31e59fcd8fdc60..b854a240ddf4d5ba679b0caf97e624e2efd13e8d 100644 --- a/modules/core/lib/Auth/UserPassOrgBase.php +++ b/modules/core/lib/Auth/UserPassOrgBase.php @@ -99,11 +99,8 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source * @param array $info Information about this authentication source. * @param array &$config Configuration for this authentication source. */ - public function __construct($info, &$config) + public function __construct(array $info, array &$config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -143,7 +140,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source * @param string $usernameOrgMethod The method which should be used. * @return void */ - protected function setUsernameOrgMethod($usernameOrgMethod): void + protected function setUsernameOrgMethod(string $usernameOrgMethod): void { Assert::oneOf($usernameOrgMethod, ['none', 'allow', 'force']); diff --git a/modules/core/lib/Controller/Login.php b/modules/core/lib/Controller/Login.php index 99b13664e7a1e0edecd7260e34b73a4b7aedd869..e117cdc2c6537e486c00d6b416a7d23fd53cb823 100644 --- a/modules/core/lib/Controller/Login.php +++ b/modules/core/lib/Controller/Login.php @@ -199,7 +199,7 @@ class Login * @param Request $request The request that lead to this login operation. * @return void */ - public function cleardiscochoices(Request $request) + public function cleardiscochoices(Request $request): void { // The base path for cookies. This should be the installation directory for SimpleSAMLphp. $cookiePath = $this->config->getBasePath(); diff --git a/modules/core/lib/Stats/Output/File.php b/modules/core/lib/Stats/Output/File.php index a6562637ab104c6d4ffc94fb924b503277b874d9..df83076923caba53db330feb33e9bc3ff5f5acf8 100644 --- a/modules/core/lib/Stats/Output/File.php +++ b/modules/core/lib/Stats/Output/File.php @@ -58,7 +58,7 @@ class File extends \SimpleSAML\Stats\Output * @param string $date The date for the log file. * @return void */ - private function openLog(string $date) + private function openLog(string $date): void { if ($this->file !== null && $this->file !== false) { fclose($this->file); diff --git a/modules/core/lib/Storage/SQLPermanentStorage.php b/modules/core/lib/Storage/SQLPermanentStorage.php index 541bb711792249df973adf4b1b91cf6c49863e17..dda3fa35c3898550d479dc3c7a04631ed7bdff58 100644 --- a/modules/core/lib/Storage/SQLPermanentStorage.php +++ b/modules/core/lib/Storage/SQLPermanentStorage.php @@ -28,7 +28,7 @@ class SQLPermanentStorage * @param \SimpleSAML\Configuration|null $config * @throws \Exception */ - public function __construct($name, $config = null) + public function __construct(string $name, Configuration $config = null) { if (is_null($config)) { $config = Configuration::getInstance(); @@ -78,7 +78,7 @@ class SQLPermanentStorage * @param int|null $duration * @return void */ - public function set($type, $key1, $key2, $value, $duration = null) + public function set(string $type, string $key1, string $key2, string $value, int $duration = null): void { if ($this->exists($type, $key1, $key2)) { $this->update($type, $key1, $key2, $value, $duration); @@ -140,12 +140,12 @@ class SQLPermanentStorage /** - * @param string $type - * @param string $key1 - * @param string $key2 + * @param string|null $type + * @param string|null $key1 + * @param string|null $key2 * @return array|null */ - public function get($type = null, $key1 = null, $key2 = null) + public function get(string $type = null, string $key1 = null, string $key2 = null): ?array { $conditions = $this->getCondition($type, $key1, $key2); $query = 'SELECT * FROM data WHERE ' . $conditions; @@ -165,12 +165,12 @@ class SQLPermanentStorage /** * Return the value directly (not in a container) * - * @param string $type - * @param string $key1 - * @param string $key2 - * @return array|null + * @param string|null $type + * @param string|null $key1 + * @param string|null $key2 + * @return string|null */ - public function getValue($type = null, $key1 = null, $key2 = null) + public function getValue(string $type = null, string $key1 = null, string $key2 = null): ?string { $res = $this->get($type, $key1, $key2); if ($res === null) { @@ -186,7 +186,7 @@ class SQLPermanentStorage * @param string $key2 * @return bool */ - public function exists($type, $key1, $key2) + public function exists(string $type, string $key1, string $key2): bool { $query = 'SELECT * FROM data WHERE type = :type AND key1 = :key1 AND key2 = :key2 LIMIT 1'; $prepared = $this->db->prepare($query); @@ -198,12 +198,12 @@ class SQLPermanentStorage /** - * @param string $type - * @param string $key1 - * @param string $key2 + * @param string|null $type + * @param string|null $key1 + * @param string|null $key2 * @return array|false */ - public function getList($type = null, $key1 = null, $key2 = null) + public function getList(string $type = null, string $key1 = null, string $key2 = null) { $conditions = $this->getCondition($type, $key1, $key2); $query = 'SELECT * FROM data WHERE ' . $conditions; @@ -223,15 +223,19 @@ class SQLPermanentStorage /** - * @param string $type - * @param string $key1 - * @param string $key2 + * @param string|null $type + * @param string|null $key1 + * @param string|null $key2 * @param string $whichKey * @throws \Exception * @return array|null */ - public function getKeys($type = null, $key1 = null, $key2 = null, $whichKey = 'type') - { + public function getKeys( + string $type = null, + string $key1 = null, + string $key2 = null, + string $whichKey = 'type' + ): ?array { if (!in_array($whichKey, ['key1', 'key2', 'type'], true)) { throw new \Exception('Invalid key type'); } @@ -254,13 +258,14 @@ class SQLPermanentStorage return $resarray; } + /** * @param string $type * @param string $key1 * @param string $key2 * @return bool */ - public function remove($type, $key1, $key2) + public function remove(string $type, string $key1, string $key2): bool { $query = 'DELETE FROM data WHERE type = :type AND key1 = :key1 AND key2 = :key2'; $prepared = $this->db->prepare($query); @@ -274,7 +279,7 @@ class SQLPermanentStorage /** * @return int */ - public function removeExpired() + public function removeExpired(): int { $query = "DELETE FROM data WHERE expire IS NOT NULL AND expire < :expire"; $prepared = $this->db->prepare($query); @@ -286,9 +291,9 @@ class SQLPermanentStorage /** * Create a SQL condition statement based on parameters * - * @param string $type - * @param string $key1 - * @param string $key2 + * @param string|null $type + * @param string|null $key1 + * @param string|null $key2 * @return string */ private function getCondition(string $type = null, string $key1 = null, string $key2 = null): string diff --git a/modules/cron/hooks/hook_configpage.php b/modules/cron/hooks/hook_configpage.php index 136888a0036582a91a086acf69179db53fa81fce..cb43582994a0e41e690f878e95684711370fb8d6 100644 --- a/modules/cron/hooks/hook_configpage.php +++ b/modules/cron/hooks/hook_configpage.php @@ -6,7 +6,7 @@ * @param \SimpleSAML\XHTML\Template &$template The template that we should alter in this hook. * @return void */ -function cron_hook_configpage(\SimpleSAML\XHTML\Template &$template) +function cron_hook_configpage(\SimpleSAML\XHTML\Template &$template): void { $template->data['links']['cron'] = [ 'href' => SimpleSAML\Module::getModuleURL('cron/croninfo.php'), diff --git a/modules/cron/hooks/hook_cron.php b/modules/cron/hooks/hook_cron.php index 18b18847b750b9b263f6bdaf1e57882cf1f59245..2211d7a40260ae56e97d7c58c4028a15eef31d7f 100644 --- a/modules/cron/hooks/hook_cron.php +++ b/modules/cron/hooks/hook_cron.php @@ -8,9 +8,8 @@ use Webmozart\Assert\Assert; * @param array &$croninfo Output * @return void */ -function cron_hook_cron(&$croninfo) +function cron_hook_cron(array &$croninfo): void { - Assert::isArray($croninfo); Assert::keyExists($croninfo, 'summary'); Assert::keyExists($croninfo, 'tag'); diff --git a/modules/cron/hooks/hook_frontpage.php b/modules/cron/hooks/hook_frontpage.php index 3ca4903136dbf2064e59cf529cbc95260c970750..4e34f505d0c0a97307bf97d7d9b2b5e8414de439 100644 --- a/modules/cron/hooks/hook_frontpage.php +++ b/modules/cron/hooks/hook_frontpage.php @@ -8,9 +8,8 @@ use Webmozart\Assert\Assert; * @param array &$links The links on the frontpage, split into sections. * @return void */ -function cron_hook_frontpage(&$links) +function cron_hook_frontpage(array &$links): void { - Assert::isArray($links); Assert::keyExists($links, 'links'); $links['config'][] = [ diff --git a/modules/cron/lib/Controller/Cron.php b/modules/cron/lib/Controller/Cron.php index 7654533f347fdafe6c1b4ffa0402a42b21f942d9..e3d1a01767b694d98a9a15c01b119414be6581f8 100644 --- a/modules/cron/lib/Controller/Cron.php +++ b/modules/cron/lib/Controller/Cron.php @@ -63,7 +63,7 @@ class Cron * @return \SimpleSAML\XHTML\Template * An HTML template or a redirection if we are not authenticated. */ - public function info() + public function info(): Template { Utils\Auth::requireAdmin(); @@ -100,14 +100,14 @@ class Cron * * @param string $tag The tag * @param string $key The secret key - * @param string|null $output The output format, defaulting to xhtml + * @param string $output The output format, defaulting to xhtml * * @return \SimpleSAML\XHTML\Template|\Symfony\Component\HttpFoundation\Response * An HTML template, a redirect or a "runnable" response. * * @throws \SimpleSAML\Error\Exception */ - public function run($tag, $key, $output) + public function run(string $tag, string $key, string $output = 'xhtml'): Response { $configKey = $this->cronconfig->getValue('key', 'secret'); if ($key !== $configKey) { @@ -116,7 +116,7 @@ class Cron } $cron = new \SimpleSAML\Module\cron\Cron(); - if ($tag === null || !$cron->isValidTag($tag)) { + if (!$cron->isValidTag($tag)) { Logger::error('Cron - Illegal tag [' . $tag . '].'); exit; } diff --git a/modules/cron/lib/Cron.php b/modules/cron/lib/Cron.php index 81b3641b69837556652500ff2655e6f8c3920ebe..128ddc8bcfdcbc9c58d18027854038f714b8d0a7 100644 --- a/modules/cron/lib/Cron.php +++ b/modules/cron/lib/Cron.php @@ -38,7 +38,7 @@ class Cron * @return array the tag, and summary information from the run. * @throws \Exception If an invalid tag specified */ - public function runTag($tag) + public function runTag(string $tag): array { if (!$this->isValidTag($tag)) { throw new \Exception("Invalid cron tag '$tag''"); @@ -63,7 +63,7 @@ class Cron * @param string $tag * @return bool */ - public function isValidTag($tag) + public function isValidTag(string $tag): bool { if (!is_null($this->cronconfig->getValue('allowed_tags'))) { return in_array($tag, $this->cronconfig->getArray('allowed_tags'), true); diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php index 966ab4b57d57b09e78126709715572cc396041d2..606479543cf59c24bf2c51b74aabc30a1fe3850d 100644 --- a/modules/exampleauth/lib/Auth/Source/External.php +++ b/modules/exampleauth/lib/Auth/Source/External.php @@ -44,11 +44,8 @@ class External extends \SimpleSAML\Auth\Source * @param array $info Information about this authentication source. * @param array $config Configuration. */ - public function __construct($info, $config) + public function __construct(array $info, array $config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -109,8 +106,6 @@ class External extends \SimpleSAML\Auth\Source */ public function authenticate(array &$state): void { - Assert::isArray($state); - $attributes = $this->getUser(); if ($attributes !== null) { /* @@ -273,8 +268,6 @@ class External extends \SimpleSAML\Auth\Source */ public function logout(array &$state): void { - Assert::isArray($state); - if (!session_id()) { // session_start not called before. Do it here session_start(); diff --git a/modules/exampleauth/lib/Auth/Source/StaticSource.php b/modules/exampleauth/lib/Auth/Source/StaticSource.php index 21c86c697944e374f31d36834bb1c4f3fecfa0f2..75e6a57da5c2604be0b4081e9b8f8b03c2124393 100644 --- a/modules/exampleauth/lib/Auth/Source/StaticSource.php +++ b/modules/exampleauth/lib/Auth/Source/StaticSource.php @@ -31,11 +31,8 @@ class StaticSource extends \SimpleSAML\Auth\Source * @param array $info Information about this authentication source. * @param array $config Configuration. */ - public function __construct($info, $config) + public function __construct(array $info, array $config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -57,7 +54,6 @@ class StaticSource extends \SimpleSAML\Auth\Source */ public function authenticate(array &$state): void { - Assert::isArray($state); $state['Attributes'] = $this->attributes; } } diff --git a/modules/exampleauth/lib/Auth/Source/UserPass.php b/modules/exampleauth/lib/Auth/Source/UserPass.php index 6d6849f2377e862b27f5c629f4e800ae2c08bf9c..e4e6b21883a755574ea39a6763284615a27a6f22 100644 --- a/modules/exampleauth/lib/Auth/Source/UserPass.php +++ b/modules/exampleauth/lib/Auth/Source/UserPass.php @@ -35,11 +35,8 @@ class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase * @param array $info Information about this authentication source. * @param array $config Configuration. */ - public function __construct($info, $config) + public function __construct(array $info, array $config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -86,11 +83,8 @@ class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ - protected function login($username, $password) + protected function login(string $username, string $password): array { - Assert::string($username); - Assert::string($password); - $userpass = $username . ':' . $password; if (!array_key_exists($userpass, $this->users)) { throw new Error\Error('WRONGUSERPASS'); diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php index 5bad36250774b37089d70e77d4826348af30407f..009b9fb8c399ffa6037413ae6e3e882a059792f8 100644 --- a/modules/multiauth/lib/Auth/Source/MultiAuth.php +++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php @@ -59,11 +59,8 @@ class MultiAuth extends \SimpleSAML\Auth\Source * @param array $info Information about this authentication source. * @param array $config Configuration. */ - public function __construct($info, $config) + public function __construct(array $info, array $config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -141,8 +138,6 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public function authenticate(array &$state): void { - Assert::isArray($state); - $state[self::AUTHID] = $this->authId; $state[self::SOURCESID] = $this->sources; @@ -184,11 +179,8 @@ class MultiAuth extends \SimpleSAML\Auth\Source * @return void * @throws \Exception */ - public static function delegateAuthentication($authId, $state) + public static function delegateAuthentication(string $authId, array $state): void { - assert::string($authId); - Assert::isArray($state); - $as = Auth\Source::getById($authId); $valid_sources = array_map( /** @@ -236,8 +228,6 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public function logout(array &$state): void { - Assert::isArray($state); - // Get the source that was used to authenticate $session = Session::getSessionFromRequest(); $authId = $session->getData(self::SESSION_SOURCE, $this->authId); @@ -260,10 +250,8 @@ class MultiAuth extends \SimpleSAML\Auth\Source * @param string $source Name of the authentication source the user selected. * @return void */ - public function setPreviousSource($source) + public function setPreviousSource(string $source): void { - Assert::string($source); - $cookieName = 'multiauth_source_' . $this->authId; $config = Configuration::getInstance(); @@ -286,7 +274,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source * last time or NULL if this is the first time or remembering is disabled. * @return string|null */ - public function getPreviousSource() + public function getPreviousSource(): ?string { $cookieName = 'multiauth_source_' . $this->authId; if (array_key_exists($cookieName, $_COOKIE)) { diff --git a/modules/portal/hooks/hook_htmlinject.php b/modules/portal/hooks/hook_htmlinject.php index d446a6ed63b8c1a60a0011ab67f6eed95b631afb..acd88405c47fa7897f9d4d0ebf3df4a7b691ea10 100644 --- a/modules/portal/hooks/hook_htmlinject.php +++ b/modules/portal/hooks/hook_htmlinject.php @@ -8,9 +8,8 @@ use Webmozart\Assert\Assert; * @param array &$hookinfo hookinfo * @return void */ -function portal_hook_htmlinject(&$hookinfo) +function portal_hook_htmlinject(array &$hookinfo) { - Assert::isArray($hookinfo); Assert::keyExists($hookinfo, 'pre'); Assert::keyExists($hookinfo, 'post'); Assert::keyExists($hookinfo, 'page'); diff --git a/modules/portal/lib/Portal.php b/modules/portal/lib/Portal.php index e116c6e5a5d93aaf967555029c401622f4e68833..f397953fee4026f476c494301174279d55fa6b41 100644 --- a/modules/portal/lib/Portal.php +++ b/modules/portal/lib/Portal.php @@ -21,7 +21,7 @@ class Portal * @param array $pages * @param array|null $config */ - public function __construct($pages, $config = null) + public function __construct(array $pages, array $config = null) { $this->pages = $pages; $this->config = $config; @@ -32,7 +32,7 @@ class Portal * @param string $thispage * @return array|null */ - public function getTabset($thispage) + public function getTabset(string $thispage): ?array { if (!isset($this->config)) { return null; @@ -50,7 +50,7 @@ class Portal * @param string $thispage * @return bool */ - public function isPortalized($thispage) + public function isPortalized(string $thispage): bool { if (!isset($this->config)) { return false; @@ -69,7 +69,7 @@ class Portal * @param string $thispage * @return string */ - public function getLoginInfo($translator, $thispage) + public function getLoginInfo(Translate $translator, string $thispage): string { $info = ['info' => '', 'translator' => $translator, 'thispage' => $thispage]; Module::callHooks('portalLoginInfo', $info); @@ -81,7 +81,7 @@ class Portal * @param string $thispage * @return string */ - public function getMenu($thispage) + public function getMenu(string $thispage): string { $config = Configuration::getInstance(); $t = new Translate($config); diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php index 75ee581b251354789831b7f8b8c24b68770f1c55..38f35ccfe2234b3ea5d9f42fb2ec7aa534ca2c57 100644 --- a/modules/saml/hooks/hook_metadata_hosted.php +++ b/modules/saml/hooks/hook_metadata_hosted.php @@ -8,10 +8,8 @@ use Webmozart\Assert\Assert; * @param array &$metadataHosted The metadata links for hosted metadata on the frontpage. * @return void */ -function saml_hook_metadata_hosted(&$metadataHosted) +function saml_hook_metadata_hosted(array &$metadataHosted) { - Assert::isArray($metadataHosted); - $sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP'); foreach ($sources as $source) { diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php index cd64ac6ad8c89cf460d66dfab731b62c45c594ea..d33f6bad767675ac2f2eb1aacd0d9e58cbc32a42 100644 --- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php +++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php @@ -97,7 +97,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter * @param array $request * @return void */ - protected function unauthorized(&$request): void + protected function unauthorized(array &$request): void { Logger::error( 'ExpectedAuthnContextClassRef: Invalid authentication context: ' . strval($this->AuthnContextClassRef) . diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index 5dedebf5181088a4b47f9d6c77642ac809555a7a..eb9536602608983aaf7b1dcc9b25a811e40a158e 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -71,11 +71,8 @@ class SP extends \SimpleSAML\Auth\Source * @param array $info Information about this authentication source. * @param array $config Configuration. */ - public function __construct($info, $config) + public function __construct(array $info, array $config) { - Assert::isArray($info); - Assert::isArray($config); - // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -107,7 +104,7 @@ class SP extends \SimpleSAML\Auth\Source * * @return string The metadata URL. */ - public function getMetadataURL() + public function getMetadataURL(): string { return Module::getModuleURL('saml/sp/metadata.php/' . urlencode($this->authId)); } @@ -118,7 +115,7 @@ class SP extends \SimpleSAML\Auth\Source * * @return string The entity id of this SP. */ - public function getEntityId() + public function getEntityId(): string { return $this->entityId; } @@ -129,7 +126,7 @@ class SP extends \SimpleSAML\Auth\Source * * @return array The metadata array for its use by a remote IdP. */ - public function getHostedMetadata() + public function getHostedMetadata(): array { $entityid = $this->getEntityId(); $metadata = [ @@ -286,10 +283,8 @@ class SP extends \SimpleSAML\Auth\Source * @param string $entityId The entity id of the IdP. * @return \SimpleSAML\Configuration The metadata of the IdP. */ - public function getIdPMetadata($entityId) + public function getIdPMetadata(string $entityId): Configuration { - Assert::string($entityId); - if ($this->idp !== null && $this->idp !== $entityId) { throw new Error\Exception('Cannot retrieve metadata for IdP ' . var_export($entityId, true) . ' because it isn\'t a valid IdP for this SP.'); @@ -316,7 +311,7 @@ class SP extends \SimpleSAML\Auth\Source * * @return \SimpleSAML\Configuration The metadata of this SP. */ - public function getMetadata() + public function getMetadata(): Configuration { return $this->metadata; } @@ -325,9 +320,9 @@ class SP extends \SimpleSAML\Auth\Source /** * Get a list with the protocols supported by this SP. * - * @return array + * @return string[] */ - public function getSupportedProtocols() + public function getSupportedProtocols(): array { return $this->protocols; } @@ -455,7 +450,7 @@ class SP extends \SimpleSAML\Auth\Source * @param array $state The state array for the current authentication. * @return void */ - private function startSSO2(Configuration $idpMetadata, array $state) + private function startSSO2(Configuration $idpMetadata, array $state): void { if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) { Auth\State::throwException( @@ -654,7 +649,7 @@ class SP extends \SimpleSAML\Auth\Source * @param \SAML2\AuthnRequest $ar The authentication request. * @return void */ - public function sendSAML2AuthnRequest(array &$state, Binding $binding, AuthnRequest $ar) + public function sendSAML2AuthnRequest(array &$state, Binding $binding, AuthnRequest $ar): void { $binding->send($ar); Assert::true(false); @@ -668,10 +663,8 @@ class SP extends \SimpleSAML\Auth\Source * @param array $state The state array for the current authentication. * @return void */ - public function startSSO($idp, array $state) + public function startSSO(string $idp, array $state): void { - Assert::string($idp); - $idpMetadata = $this->getIdPMetadata($idp); $type = $idpMetadata->getString('metadata-set'); @@ -692,7 +685,7 @@ class SP extends \SimpleSAML\Auth\Source * @param array $state The state array. * @return void */ - private function startDisco(array $state) + private function startDisco(array $state): void { $id = Auth\State::saveState($state, 'saml:sp:sso'); @@ -732,8 +725,6 @@ class SP extends \SimpleSAML\Auth\Source */ public function authenticate(array &$state): void { - Assert::isArray($state); - // We are going to need the authId in order to retrieve this authentication source later $state['saml:sp:AuthId'] = $this->authId; @@ -877,7 +868,7 @@ class SP extends \SimpleSAML\Auth\Source * @return void * @throws \SimpleSAML\Module\saml\Error\NoPassive In case the authentication request was passive. */ - public static function askForIdPChange(array &$state) + public static function askForIdPChange(array &$state): void { Assert::keyExists($state, 'saml:sp:IdPMetadata'); Assert::keyExists($state, 'saml:sp:AuthId'); @@ -908,7 +899,7 @@ class SP extends \SimpleSAML\Auth\Source * @param array $state The state array. * @return void */ - public static function reauthLogout(array $state) + public static function reauthLogout(array $state): void { Logger::debug('Proxy: logging the user out before re-authentication.'); @@ -929,7 +920,7 @@ class SP extends \SimpleSAML\Auth\Source * @param array $state The authentication state. * @return void */ - public static function reauthPostLogin(array $state) + public static function reauthPostLogin(array $state): void { Assert::keyExists($state, 'ReturnCallback'); @@ -953,7 +944,7 @@ class SP extends \SimpleSAML\Auth\Source * @param array &$state The state array with the state during logout. * @return void */ - public static function reauthPostLogout(IdP $idp, array $state) + public static function reauthPostLogout(IdP $idp, array $state): void { Assert::keyExists($state, 'saml:sp:AuthId'); @@ -978,9 +969,8 @@ class SP extends \SimpleSAML\Auth\Source * @param array $state The logout state. * @return void */ - public function startSLO2(&$state) + public function startSLO2(array &$state): void { - Assert::isArray($state); Assert::keyExists($state, 'saml:logout:IdP'); Assert::keyExists($state, 'saml:logout:NameID'); Assert::keyExists($state, 'saml:logout:SessionIndex'); @@ -1036,14 +1026,10 @@ class SP extends \SimpleSAML\Auth\Source */ public function logout(array &$state): void { - Assert::isArray($state); Assert::keyExists($state, 'saml:logout:Type'); $logoutType = $state['saml:logout:Type']; switch ($logoutType) { - case 'saml1': - // Nothing to do - return; case 'saml2': $this->startSLO2($state); return; @@ -1062,9 +1048,8 @@ class SP extends \SimpleSAML\Auth\Source * @param array $attributes The attributes. * @return void */ - public function handleResponse(array $state, $idp, array $attributes) + public function handleResponse(array $state, string $idp, array $attributes): void { - Assert::string($idp); Assert::keyExists($state, 'LogoutState'); Assert::keyExists($state, 'saml:logout:Type'); @@ -1107,10 +1092,8 @@ class SP extends \SimpleSAML\Auth\Source * @param string $idpEntityId The entity ID of the IdP. * @return void */ - public function handleLogout($idpEntityId) + public function handleLogout(string $idpEntityId): void { - Assert::string($idpEntityId); - /* Call the logout callback we registered in onProcessingCompleted(). */ $this->callLogoutCallback($idpEntityId); } @@ -1131,11 +1114,8 @@ class SP extends \SimpleSAML\Auth\Source * configuration directive for more information about allowing (or disallowing) URLs. * @return void */ - public static function handleUnsolicitedAuth($authId, array $state, $redirectTo) + public static function handleUnsolicitedAuth(string $authId, array $state, string $redirectTo): void { - Assert::string($authId); - Assert::string($redirectTo); - $session = Session::getSessionFromRequest(); $session->doLogin($authId, Auth\State::getPersistentAuthData($state)); @@ -1149,7 +1129,7 @@ class SP extends \SimpleSAML\Auth\Source * @param array $authProcState The processing chain state. * @return void */ - public static function onProcessingCompleted(array $authProcState) + public static function onProcessingCompleted(array $authProcState): void { Assert::keyExists($authProcState, 'saml:sp:IdP'); Assert::keyExists($authProcState, 'saml:sp:State'); diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php index 0e7dc5c9cf67213e52e4e8a22f814373dce1a98f..15bb39770fd1b55287e795a8cefd5ae7a9d9c2d2 100644 --- a/modules/saml/lib/BaseNameIDGenerator.php +++ b/modules/saml/lib/BaseNameIDGenerator.php @@ -78,7 +78,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter * * @return string|null The NameID value. */ - abstract protected function getValue(array &$state); + abstract protected function getValue(array &$state): ?string; /** diff --git a/modules/saml/lib/Error.php b/modules/saml/lib/Error.php index e299117b2eda06e8ecdb9e99a511236987340904..9c28eab9e2edc95bd932444cb8a1248d5d334d8a 100644 --- a/modules/saml/lib/Error.php +++ b/modules/saml/lib/Error.php @@ -47,12 +47,12 @@ class Error extends \SimpleSAML\Error\Exception * Can be NULL, in which case there is no status message. * @param \Exception|null $cause The cause of this exception. Can be NULL. */ - public function __construct($status, $subStatus = null, $statusMessage = null, \Exception $cause = null) - { - Assert::string($status); - Assert::nullOrString($subStatus); - Assert::nullOrString($statusMessage); - + public function __construct( + string $status, + string $subStatus = null, + string $statusMessage = null, + \Exception $cause = null + ) { $st = self::shortStatus($status); if ($subStatus !== null) { $st .= '/' . self::shortStatus($subStatus); @@ -73,7 +73,7 @@ class Error extends \SimpleSAML\Error\Exception * * @return string The top-level status code. */ - public function getStatus() + public function getStatus(): string { return $this->status; } @@ -84,7 +84,7 @@ class Error extends \SimpleSAML\Error\Exception * * @return string|null The second-level status code or NULL if no second-level status code is present. */ - public function getSubStatus() + public function getSubStatus(): ?string { return $this->subStatus; } @@ -95,7 +95,7 @@ class Error extends \SimpleSAML\Error\Exception * * @return string|null The status message or NULL if no status message is present. */ - public function getStatusMessage() + public function getStatusMessage(): ?string { return $this->statusMessage; } @@ -115,23 +115,6 @@ class Error extends \SimpleSAML\Error\Exception if ($exception instanceof \SimpleSAML\Module\saml\Error) { // Return the original exception unchanged return $exception; - - // TODO: remove this branch in 2.0 - } elseif ($exception instanceof \SimpleSAML\Error\NoPassive) { - $e = new self( - Constants::STATUS_RESPONDER, - Constants::STATUS_NO_PASSIVE, - $exception->getMessage(), - $exception - ); - // TODO: remove this branch in 2.0 - } elseif ($exception instanceof \SimpleSAML\Error\ProxyCountExceeded) { - $e = new self( - Constants::STATUS_RESPONDER, - Constants::STATUS_PROXY_COUNT_EXCEEDED, - $exception->getMessage(), - $exception - ); } else { $e = new self( \SAML2\Constants::STATUS_RESPONDER, @@ -156,7 +139,7 @@ class Error extends \SimpleSAML\Error\Exception * * @return \SimpleSAML\Error\Exception An exception representing this error. */ - public function toException() + public function toException(): \SimpleSAML\Error\Exception { $e = null; diff --git a/modules/saml/lib/Error/NoAuthnContext.php b/modules/saml/lib/Error/NoAuthnContext.php index 508da8e0ca4f0f347d060fa8c1f9ba32408e8a1d..f9a3a40b16d4fc2287fad442b9bc1dfdb5241133 100644 --- a/modules/saml/lib/Error/NoAuthnContext.php +++ b/modules/saml/lib/Error/NoAuthnContext.php @@ -23,7 +23,7 @@ class NoAuthnContext extends \SimpleSAML\Module\saml\Error * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ - public function __construct($responsible, $message = null, \Exception $cause = null) + public function __construct(string $responsible, string $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_NO_AUTHN_CONTEXT, $message, $cause); } diff --git a/modules/saml/lib/Error/NoAvailableIDP.php b/modules/saml/lib/Error/NoAvailableIDP.php index f1c66ab4bbe7493ed2056f92163f202216a61c3c..f740aedc6ffc1a15c3dea3cf2d4ccfee0c7f3236 100644 --- a/modules/saml/lib/Error/NoAvailableIDP.php +++ b/modules/saml/lib/Error/NoAvailableIDP.php @@ -23,7 +23,7 @@ class NoAvailableIDP extends \SimpleSAML\Module\saml\Error * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ - public function __construct($responsible, $message = null, \Exception $cause = null) + public function __construct(string $responsible, string $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_NO_AVAILABLE_IDP, $message, $cause); } diff --git a/modules/saml/lib/Error/NoPassive.php b/modules/saml/lib/Error/NoPassive.php index 3fc03e0499b61f9a93c64259cd2c10f5c573fb3b..46ed47a3b553dc13f8a523c969898d13470d2c1a 100644 --- a/modules/saml/lib/Error/NoPassive.php +++ b/modules/saml/lib/Error/NoPassive.php @@ -23,7 +23,7 @@ class NoPassive extends \SimpleSAML\Module\saml\Error * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ - public function __construct($responsible, $message = null, \Exception $cause = null) + public function __construct(string $responsible, string $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_NO_PASSIVE, $message, $cause); } diff --git a/modules/saml/lib/Error/NoSupportedIDP.php b/modules/saml/lib/Error/NoSupportedIDP.php index 7806fb379e925e87301aa6cfae70743c8ad47c08..8e2a31dcd92876c5cce79c87c9640d5cc0e084b6 100644 --- a/modules/saml/lib/Error/NoSupportedIDP.php +++ b/modules/saml/lib/Error/NoSupportedIDP.php @@ -23,7 +23,7 @@ class NoSupportedIDP extends \SimpleSAML\Module\saml\Error * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ - public function __construct($responsible, $message = null, \Exception $cause = null) + public function __construct(string $responsible, string $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_NO_SUPPORTED_IDP, $message, $cause); } diff --git a/modules/saml/lib/Error/ProxyCountExceeded.php b/modules/saml/lib/Error/ProxyCountExceeded.php index 044aded1f9dd0d3ae5d2de0c3af8cd8abfb87f72..cfdbfb1e0083861bd29dd91a5a44cee7d8725e99 100644 --- a/modules/saml/lib/Error/ProxyCountExceeded.php +++ b/modules/saml/lib/Error/ProxyCountExceeded.php @@ -23,7 +23,7 @@ class ProxyCountExceeded extends \SimpleSAML\Module\saml\Error * @param string|null $message A short message explaining why this error happened. * @param \Exception|null $cause An exception that caused this error. */ - public function __construct($responsible, $message = null, \Exception $cause = null) + public function __construct(string $responsible, string $message = null, \Exception $cause = null) { parent::__construct($responsible, Constants::STATUS_PROXY_COUNT_EXCEEDED, $message, $cause); } diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index da474da24406bdeed92155e013c469cafca6c40c..89b035128b3adfd8c392592e3886377df4e886d5 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -49,7 +49,7 @@ class SAML2 * @param array $state The authentication state. * @return void */ - public static function sendResponse(array $state) + public static function sendResponse(array $state): void { Assert::keyExists($state, 'saml:RequestId'); // Can be NULL Assert::keyExists($state, 'saml:RelayState'); // Can be NULL. @@ -127,7 +127,7 @@ class SAML2 * @param array $state The error state. * @return void */ - public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state) + public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state): void { Assert::keyExists($state, 'saml:RequestId'); // Can be NULL. Assert::keyExists($state, 'saml:RelayState'); // Can be NULL. @@ -200,7 +200,7 @@ class SAML2 string $AssertionConsumerServiceURL = null, string $ProtocolBinding = null, int $AssertionConsumerServiceIndex = null - ) { + ): ?array { /* We want to pick the best matching endpoint in the case where for example * only the ProtocolBinding is given. We therefore pick endpoints with the * following priority: @@ -277,7 +277,7 @@ class SAML2 * @return void * @throws \SimpleSAML\Error\BadRequest In case an error occurs when trying to receive the request. */ - public static function receiveAuthnRequest(\SimpleSAML\IdP $idp) + public static function receiveAuthnRequest(IdP $idp): void { $metadata = MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); @@ -494,10 +494,8 @@ class SAML2 * @param string|null $relayState An id that should be carried across the logout. * @return void */ - public static function sendLogoutRequest(IdP $idp, array $association, $relayState) + public static function sendLogoutRequest(IdP $idp, array $association, string $relayState = null): void { - Assert::nullOrString($relayState); - Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], true)); $metadata = MetaDataStorageHandler::getMetadataHandler(); @@ -532,7 +530,7 @@ class SAML2 * @param array &$state The logout state array. * @return void */ - public static function sendLogoutResponse(IdP $idp, array $state) + public static function sendLogoutResponse(IdP $idp, array $state): void { Assert::keyExists($state, 'saml:RelayState'); // Can be NULL. Assert::notNull($state['saml:SPEntityId']); @@ -593,7 +591,7 @@ class SAML2 * @return void * @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message. */ - public static function receiveLogoutMessage(IdP $idp) + public static function receiveLogoutMessage(IdP $idp): void { $binding = Binding::getCurrentBinding(); $message = $binding->receive(); @@ -602,15 +600,8 @@ class SAML2 if ($issuer === null) { /* Without an issuer we have no way to respond to the message. */ throw new Error\BadRequest('Received message on logout endpoint without issuer.'); - } elseif ($issuer instanceof Issuer) { - /** @psalm-var string|null $spEntityId */ - $spEntityId = $issuer->getValue(); - if ($spEntityId === null) { - /* Without an issuer we have no way to respond to the message. */ - throw new Error\BadRequest('Received message on logout endpoint without issuer.'); - } } else { - $spEntityId = $issuer; + $spEntityId = $issuer->getValue(); } $metadata = MetaDataStorageHandler::getMetadataHandler(); @@ -676,10 +667,8 @@ class SAML2 * * @return string The logout URL. */ - public static function getLogoutURL(IdP $idp, array $association, $relayState) + public static function getLogoutURL(IdP $idp, array $association, string $relayState = null): string { - Assert::nullOrString($relayState); - Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], true)); $metadata = MetaDataStorageHandler::getMetadataHandler(); @@ -718,7 +707,7 @@ class SAML2 * * @return \SimpleSAML\Configuration Configuration object for the SP metadata. */ - public static function getAssociationConfig(IdP $idp, array $association) + public static function getAssociationConfig(IdP $idp, array $association): Configuration { $metadata = MetaDataStorageHandler::getMetadataHandler(); try { @@ -739,7 +728,7 @@ class SAML2 * @throws \SimpleSAML\Error\Exception * @throws \SimpleSAML\Error\MetadataNotFound */ - public static function getHostedMetadata($entityid) + public static function getHostedMetadata(string $entityid): array { $handler = MetaDataStorageHandler::getMetadataHandler(); $config = $handler->getMetaDataConfig($entityid, 'saml20-idp-hosted'); @@ -942,7 +931,7 @@ class SAML2 Configuration $idpMetadata, Configuration $spMetadata, array &$state - ) { + ): ?string { $attribute = $spMetadata->getString('simplesaml.nameidattribute', null); if ($attribute === null) { $attribute = $idpMetadata->getString('simplesaml.nameidattribute', null); diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php index 37a3a2899ae56ed753212a3f4d4a6a1ae61e1afb..1d810040b910a8e4ed7d96ea2cec4fb357dd3bd5 100644 --- a/modules/saml/lib/IdP/SQLNameID.php +++ b/modules/saml/lib/IdP/SQLNameID.php @@ -178,12 +178,13 @@ class SQLNameID * @param array $config * @return void */ - public static function add($idpEntityId, $spEntityId, $user, $value, array $config = []) - { - Assert::string($idpEntityId); - Assert::string($spEntityId); - Assert::string($user); - Assert::string($value); + public static function add( + string $idpEntityId, + string $spEntityId, + string $user, + string $value, + array $config = [] + ): void { $params = [ '_idp' => $idpEntityId, @@ -207,12 +208,12 @@ class SQLNameID * @param array $config * @return string|null $value The NameID value, or NULL of no NameID value was found. */ - public static function get($idpEntityId, $spEntityId, $user, array $config = []) - { - Assert::string($idpEntityId); - Assert::string($spEntityId); - Assert::string($user); - + public static function get( + string $idpEntityId, + string $spEntityId, + string $user, + array $config = [] + ): ?string { $params = [ '_idp' => $idpEntityId, '_sp' => $spEntityId, @@ -229,7 +230,7 @@ class SQLNameID return null; } - return $row['_value']; + return strval($row['_value']); } @@ -242,12 +243,12 @@ class SQLNameID * @param array $config * @return void */ - public static function delete($idpEntityId, $spEntityId, $user, array $config = []) - { - Assert::string($idpEntityId); - Assert::string($spEntityId); - assert::string($user); - + public static function delete( + string $idpEntityId, + string $spEntityId, + string $user, + array $config = [] + ): void { $params = [ '_idp' => $idpEntityId, '_sp' => $spEntityId, @@ -268,11 +269,8 @@ class SQLNameID * @param array $config * @return array Array of userid => NameID. */ - public static function getIdentities($idpEntityId, $spEntityId, array $config = []) + public static function getIdentities(string $idpEntityId, string $spEntityId, array $config = []): array { - Assert::string($idpEntityId); - assert::string($spEntityId); - $params = [ '_idp' => $idpEntityId, '_sp' => $spEntityId, diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php index 7027e4f7e18fe342d1b49807cfd309f6aa911cfd..c5194aeca622586e2f602ae393cd74e0f332ccf7 100644 --- a/modules/saml/lib/Message.php +++ b/modules/saml/lib/Message.php @@ -43,7 +43,7 @@ class Message Configuration $srcMetadata, Configuration $dstMetadata, SignedElement $element - ) { + ): void { $dstPrivateKey = $dstMetadata->getString('signature.privatekey', null); if ($dstPrivateKey !== null) { @@ -95,8 +95,7 @@ class Message Configuration $srcMetadata, Configuration $dstMetadata, \SAML2\Message $message - ) { - + ): void { $signingEnabled = null; if ($message instanceof LogoutRequest || $message instanceof LogoutResponse) { $signingEnabled = $srcMetadata->getBoolean('sign.logout', null); @@ -171,7 +170,7 @@ class Message * @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity. * @throws \Exception if the signature validation fails with an exception. */ - public static function checkSign(Configuration $srcMetadata, SignedElement $element) + public static function checkSign(Configuration $srcMetadata, SignedElement $element): bool { // find the public key that should verify signatures by this entity $keys = $srcMetadata->getPublicKeys('signing'); @@ -239,7 +238,7 @@ class Message Configuration $srcMetadata, Configuration $dstMetadata, \SAML2\Message $message - ) { + ): void { $enabled = null; if ($message instanceof LogoutRequest || $message instanceof LogoutResponse) { $enabled = $srcMetadata->getBoolean('validate.logout', null); @@ -283,7 +282,7 @@ class Message public static function getDecryptionKeys( Configuration $srcMetadata, Configuration $dstMetadata - ) { + ): array { $sharedKey = $srcMetadata->getString('sharedkey', null); if ($sharedKey !== null) { $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); @@ -338,7 +337,7 @@ class Message public static function getBlacklistedAlgorithms( Configuration $srcMetadata, Configuration $dstMetadata - ) { + ): array { $blacklist = $srcMetadata->getArray('encryption.blacklisted-algorithms', null); if ($blacklist === null) { $blacklist = $dstMetadata->getArray('encryption.blacklisted-algorithms', [XMLSecurityKey::RSA_1_5]); @@ -424,7 +423,7 @@ class Message Configuration $srcMetadata, Configuration $dstMetadata, Assertion &$assertion - ) { + ): void { if (!$assertion->hasEncryptedAttributes()) { return; } @@ -461,7 +460,7 @@ class Message * * @return \SimpleSAML\Module\saml\Error The error. */ - public static function getResponseError(StatusResponse $response) + public static function getResponseError(StatusResponse $response): \SimpleSAML\Module\saml\Error { $status = $response->getStatus(); return new \SimpleSAML\Module\saml\Error($status['Code'], $status['SubCode'], $status['Message']); @@ -478,7 +477,7 @@ class Message public static function buildAuthnRequest( Configuration $spMetadata, Configuration $idpMetadata - ) { + ): AuthnRequest { $ar = new AuthnRequest(); // get the NameIDPolicy to apply. IdP metadata has precedence. @@ -540,7 +539,7 @@ class Message public static function buildLogoutRequest( Configuration $srcMetadata, Configuration $dstMetadata - ) { + ): LogoutRequest { $lr = new LogoutRequest(); $issuer = new Issuer(); $issuer->setValue($srcMetadata->getString('entityid')); @@ -563,7 +562,7 @@ class Message public static function buildLogoutResponse( Configuration $srcMetadata, Configuration $dstMetadata - ) { + ): LogoutResponse { $lr = new LogoutResponse(); $issuer = new Issuer(); $issuer->setValue($srcMetadata->getString('entityid')); @@ -594,7 +593,7 @@ class Message Configuration $spMetadata, Configuration $idpMetadata, Response $response - ) { + ): array { if (!$response->isSuccess()) { throw self::getResponseError($response); } @@ -891,7 +890,7 @@ class Message * * @throws \SimpleSAML\Error\Exception if there is no supported encryption key in the metadata of this entity. */ - public static function getEncryptionKey(Configuration $metadata) + public static function getEncryptionKey(Configuration $metadata): XMLSecurityKey { $sharedKey = $metadata->getString('sharedkey', null); if ($sharedKey !== null) { diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php index 8b941acd9611a1bcd092465f2349646ae475755a..a229d43bd3434bd4976c8818570c89b0a7f04aff 100644 --- a/modules/saml/lib/SP/LogoutStore.php +++ b/modules/saml/lib/SP/LogoutStore.php @@ -26,7 +26,7 @@ class LogoutStore * @param \SimpleSAML\Store\SQL $store The datastore. * @return void */ - private static function createLogoutTable(Store\SQL $store) + private static function createLogoutTable(Store\SQL $store): void { $tableVer = $store->getTableVersion('saml_LogoutStore'); if ($tableVer === 4) { @@ -201,7 +201,7 @@ class LogoutStore * @param \SimpleSAML\Store\SQL $store The datastore. * @return void */ - private static function cleanLogoutStore(Store\SQL $store) + private static function cleanLogoutStore(Store\SQL $store): void { Logger::debug('saml.LogoutStore: Cleaning logout store.'); @@ -231,7 +231,7 @@ class LogoutStore string $sessionIndex, int $expire, string $sessionId - ) { + ): void { self::createLogoutTable($store); if (rand(0, 1000) < 10) { @@ -330,12 +330,8 @@ class LogoutStore * @param int $expire * @return void */ - public static function addSession($authId, $nameId, $sessionIndex, $expire) + public static function addSession(string $authId, NameID $nameId, ?string $sessionIndex, int $expire): void { - Assert::string($authId); - Assert::nullorString($sessionIndex); - Assert::integer($expire); - $session = Session::getSessionFromRequest(); if ($session->isTransient()) { // transient sessions are useless for this purpose, nothing to do @@ -385,10 +381,8 @@ class LogoutStore * @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty. * @return int|false Number of sessions logged out, or FALSE if not supported. */ - public static function logoutSessions($authId, $nameId, array $sessionIndexes) + public static function logoutSessions(string $authId, NameID $nameId, array $sessionIndexes) { - Assert::string($authId); - $store = Store::getInstance(); if ($store === false) { // We don't have a datastore diff --git a/tests/Utils/SpTester.php b/tests/Utils/SpTester.php index 9580819c5d3575099a2bd6b7fd6a8901a1077e71..bca15ff61d789a0802b068d265fdfe37ed1d4697 100644 --- a/tests/Utils/SpTester.php +++ b/tests/Utils/SpTester.php @@ -21,7 +21,7 @@ class SpTester extends \SimpleSAML\Module\saml\Auth\Source\SP * @param array $config * @return void */ - public function __construct($info, $config) + public function __construct(array $info, array $config) { parent::__construct($info, $config); } @@ -30,7 +30,7 @@ class SpTester extends \SimpleSAML\Module\saml\Auth\Source\SP /** * @return void */ - public function startSSO2Test(Configuration $idpMetadata, array $state) + public function startSSO2Test(Configuration $idpMetadata, array $state): void { $reflector = new ReflectionObject($this); $method = $reflector->getMethod('startSSO2'); @@ -43,7 +43,7 @@ class SpTester extends \SimpleSAML\Module\saml\Auth\Source\SP * override the method that sends the request to avoid sending anything * @return void */ - public function sendSAML2AuthnRequest(array &$state, Binding $binding, AuthnRequest $ar) + public function sendSAML2AuthnRequest(array &$state, Binding $binding, AuthnRequest $ar): void { // Exit test. Continuing would mean running into a assert(FALSE) throw new ExitTestException( diff --git a/tests/lib/SimpleSAML/DatabaseTest.php b/tests/lib/SimpleSAML/DatabaseTest.php index eea953043b25098d6a3eda157fcd0bbe419a78a7..95b4671e2056e6d51431c33ce3846b162f80a0a9 100644 --- a/tests/lib/SimpleSAML/DatabaseTest.php +++ b/tests/lib/SimpleSAML/DatabaseTest.php @@ -72,7 +72,6 @@ class DatabaseTest extends TestCase $this->config = new Configuration($config, "test/SimpleSAML/DatabaseTest.php"); // Ensure that we have a functional configuration class - $this->assertInstanceOf(Configuration::class, $this->config); $this->assertEquals($config['database.dsn'], $this->config->getString('database.dsn')); $this->db = Database::getInstance($this->config);