simplesamlphp
diff --git a/‎.github/workflows/php.yml‎
Lines changed: 6 additions & 21 deletions b/‎.github/workflows/php.yml‎
Lines changed: 6 additions & 21 deletions
diff --git a/‎phpstan-dev.neon‎
Lines changed: 4 additions & 0 deletions b/‎phpstan-dev.neon‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎phpstan.neon‎
Lines changed: 4 additions & 0 deletions b/‎phpstan.neon‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎psalm-dev.xml‎
Lines changed: 0 additions & 27 deletions b/‎psalm-dev.xml‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎psalm.xml‎
Lines changed: 0 additions & 30 deletions b/‎psalm.xml‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎src/Auth/Process/AttributeAddFromLDAP.php‎
Lines changed: 5 additions & 5 deletions b/‎src/Auth/Process/AttributeAddFromLDAP.php‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎src/Auth/Process/AttributeAddUsersGroups.php‎
Lines changed: 7 additions & 7 deletions b/‎src/Auth/Process/AttributeAddUsersGroups.php‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎src/Auth/Process/BaseFilter.php‎
Lines changed: 10 additions & 5 deletions b/‎src/Auth/Process/BaseFilter.php‎
Lines changed: 10 additions & 5 deletions
diff --git a/‎src/Auth/Source/Ldap.php‎
Lines changed: 15 additions & 11 deletions b/‎src/Auth/Source/Ldap.php‎
Lines changed: 15 additions & 11 deletions
@@ -51,9 +51,8 @@ jobs:
         with:
           # Should be the higest supported version, so we can use the newest tools
           php-version: '8.3'
-          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
-          # optional performance gain for psalm: opcache
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, ldap, mbstring, opcache, openssl, pcre, posix, spl, xml
+          tools: composer, composer-require-checker, composer-unused, phpcs
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, ldap, mbstring, openssl, pcre, posix, spl, xml
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
@@ -85,27 +84,13 @@ jobs:
       - name: PHP Code Sniffer
         run: phpcs
 
-      - name: Psalm
-        continue-on-error: true
-        run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalm (testsuite)
+      - name: PHPStan
         run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan.neon --debug
 
-      - name: Psalter
+      - name: PHPStan (testsuite)
         run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan-dev.neon --debug
 
   security:
     name: Security checks
 
@@ -0,0 +1,4 @@
+parameters:
+  level: 9
+  paths:
+    - tests
@@ -0,0 +1,4 @@
+parameters:
+  level: 6
+  paths:
+    - src
@@ -21,21 +21,21 @@ class AttributeAddFromLDAP extends BaseFilter
     /**
      * LDAP attributes to add to the request attributes
      *
-     * @var array
+     * @var string[]
      */
     protected array $searchAttributes;
 
     /**
      * LDAP attributes to base64 encode
      *
-     * @var array
+     * @var string[]
      */
     protected array $binaryAttributes;
 
     /**
      * LDAP search filter to use in the LDAP query
      *
-     * @var string
+     * @var string[]
      */
     protected string $searchFilter;
 
@@ -55,7 +55,7 @@ class AttributeAddFromLDAP extends BaseFilter
     /**
      * Initialize this filter.
      *
-     * @param array $config Configuration information about this filter.
+     * @param array<mixed> $config Configuration information about this filter.
      * @param mixed $reserved For future use.
      */
     public function __construct(array $config, $reserved)
@@ -83,7 +83,7 @@ public function __construct(array $config, $reserved)
     /**
      * Add attributes from an LDAP server.
      *
-     * @param array &$state The current request
+     * @param array<mixed> &$state The current request
      */
     public function process(array &$state): void
     {
 
@@ -33,7 +33,7 @@ class AttributeAddUsersGroups extends BaseFilter
     /**
      * Initialize this filter.
      *
-     * @param array $config Configuration information about this filter.
+     * @param array<mixed> $config Configuration information about this filter.
      * @param mixed $reserved For future use.
      */
     public function __construct(array $config, $reserved)
@@ -51,7 +51,7 @@ public function __construct(array $config, $reserved)
      * LDAP search filters to be added to the base filters for this authproc-filter.
      * It's an array of key => value pairs that will be translated to (key=value) in the ldap query.
      *
-     * @var array
+     * @var array<mixed>
      */
     protected array $additional_filters;
 
@@ -63,7 +63,7 @@ public function __construct(array $config, $reserved)
      * are then added to the request attributes.
      *
      * @throws \SimpleSAML\Error\Exception
-     * @param array &$state
+     * @param array<mixed> &$state
      */
     public function process(array &$state): void
     {
@@ -124,8 +124,8 @@ public function process(array &$state): void
      * get their group membership, recursively.
      *
      * @throws \SimpleSAML\Error\Exception
-     * @param array $attributes
-     * @return array
+     * @param array<mixed> $attributes
+     * @return array<mixed>
      */
     protected function getGroups(array $attributes): array
     {
@@ -330,8 +330,8 @@ protected function getGroups(array $attributes): array
      * Avoids loops by only searching a DN once. Returns
      * the list of groups found.
      *
-     * @param array $memberOf
-     * @param array $options
+     * @param array<mixed> $memberOf
+     * @param array<mixed> $options
      * @return array
      */
     protected function search(array $memberOf, array $options): array
 
@@ -17,22 +17,26 @@
 
 abstract class BaseFilter extends Auth\ProcessingFilter
 {
-    // TODO: Support ldap:LDAPMulti, if possible
+    /**
+     * TODO: Support ldap:LDAPMulti, if possible
+     *
+     * @var string[]
+     */
     protected static array $ldapsources = ['ldap:Ldap', 'authX509:X509userCert'];
 
     /**
      * List of attribute "alias's" linked to the real attribute
      * name. Used for abstraction / configuration of the LDAP
      * attribute names, which may change between dir service.
      *
-     * @var array
+     * @var array<mixed>
      */
     protected array $attribute_map;
 
     /**
      * The base DN of the LDAP connection. Used when searching the LDAP server.
      *
-     * @var array
+     * @var array<mixed>
      */
     protected array $searchBase;
 
@@ -64,7 +68,7 @@ abstract class BaseFilter extends Auth\ProcessingFilter
      * List of LDAP object types, used to determine the type of
      * object that a DN references.
      *
-     * @var array
+     * @var array<mixed>
      */
     protected array $type_map;
 
@@ -75,7 +79,7 @@ abstract class BaseFilter extends Auth\ProcessingFilter
      * instance/object and stores everything in class members.
      *
      * @throws \SimpleSAML\Error\Exception
-     * @param array &$config
+     * @param array<mixed> &$config
      * @param mixed $reserved
      */
     public function __construct(array &$config, $reserved)
@@ -164,6 +168,7 @@ public function __construct(array &$config, $reserved)
      * Parse authsource config
      *
      * @param string $as The name of the authsource
+     * @return array<mixed>
      */
     private function parseAuthSourceConfig(string $as): array
     {
 
@@ -49,8 +49,8 @@ class Ldap extends UserPassBase
     /**
      * Constructor for this authentication source.
      *
-     * @param array $info  Information about this authentication source.
-     * @param array $config  Configuration.
+     * @param array<mixed> $info  Information about this authentication source.
+     * @param array<mixed> $config  Configuration.
      */
     public function __construct(array $info, array $config)
     {
@@ -71,11 +71,15 @@ public function __construct(array $info, array $config)
      *
      * @param string $username  The username the user wrote.
      * @param string $password  The password the user wrote.
-     * @param array|null $sasl_args  SASL options
-     * @return array  Associative array with the users attributes.
+     * @param array<mixed> $sasl_args  SASL options
+     * @return array<mixed> Associative array with the users attributes.
      */
-    protected function loginSasl(string $username, #[\SensitiveParameter]string $password, array $sasl_args = []): array
-    {
+    protected function loginSasl(
+        string $username,
+        #[\SensitiveParameter]
+        string $password,
+        array $sasl_args = [],
+    ): array {
         if (preg_match('/^\s*$/', $password)) {
             // The empty string is considered an anonymous bind to Symfony
             throw new Error\Error('WRONGUSERPASS');
@@ -110,7 +114,7 @@ protected function loginSasl(string $username, #[\SensitiveParameter]string $pas
             Assert::nullOrNotWhitespaceOnly($searchUsername);
 
             $searchPassword = $this->ldapConfig->getOptionalString('search.password', null);
-            Assert::nullOrnotWhitespaceOnly($searchPassword);
+            Assert::nullOrNotWhitespaceOnly($searchPassword);
 
             try {
                 $this->connector->bind($searchUsername, $searchPassword);
@@ -164,7 +168,7 @@ protected function loginSasl(string $username, #[\SensitiveParameter]string $pas
      *
      * @param string $username  The username the user wrote.
      * @param string $password  The password the user wrote.
-     * @return array  Associative array with the users attributes.
+     * @return array<mixed> Associative array with the users attributes.
      */
     protected function login(string $username, #[\SensitiveParameter]string $password): array
     {
@@ -176,15 +180,15 @@ protected function login(string $username, #[\SensitiveParameter]string $passwor
      * Attempt to find a user's attributes given its username.
      *
      * @param string $username  The username who's attributes we want.
-     * @return array  Associative array with the users attributes.
+     * @return array<mixed> Associative array with the users attributes.
      */
     public function getAttributes(string $username): array
     {
         $searchUsername = $this->ldapConfig->getOptionalString('search.username', null);
         Assert::nullOrNotWhitespaceOnly($searchUsername);
 
         $searchPassword = $this->ldapConfig->getOptionalString('search.password', null);
-        Assert::nullOrnotWhitespaceOnly($searchPassword);
+        Assert::nullOrNotWhitespaceOnly($searchPassword);
 
         try {
             $this->connector->bind($searchUsername, $searchPassword);
@@ -232,7 +236,7 @@ public function getAttributes(string $username): array
 
     /**
      * @param \Symfony\Component\Ldap\Entry $entry
-     * @return array
+     * @return array<mixed>
      */
     private function processAttributes(Entry $entry): array
     {
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +parameters:
 +  level: 9
 +  paths:
 +    - tests