Maintenance: Updated PHPStan to Level 4 (#6085)

2026-05-04 18:08:46 +03:00 · 2026-04-08 21:03:20 +01:00
parent c33853ed84
commit 5e78dc6ed5
34 changed files with 105 additions and 102 deletions
--- a/app/Access/EmailConfirmationService.php
+++ b/app/Access/EmailConfirmationService.php
@@ -5,6 +5,7 @@ namespace BookStack\Access;
 use BookStack\Access\Notifications\ConfirmEmailNotification;
 use BookStack\Exceptions\ConfirmationEmailException;
 use BookStack\Users\Models\User;
+use Exception;

 class EmailConfirmationService extends UserTokenService
 {
@@ -16,6 +17,7 @@ class EmailConfirmationService extends UserTokenService
     * Also removes any existing old ones.
     *
     * @throws ConfirmationEmailException
+     * @throws Exception
     */
    public function sendConfirmation(User $user): void
    {
--- a/app/Access/LoginService.php
+++ b/app/Access/LoginService.php
@@ -71,7 +71,7 @@ class LoginService
        }

        $lastLoginDetails = $this->getLastLoginAttemptDetails();
-        $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember'] ?? false);
+        $this->login($user, $lastLoginDetails['method'], $lastLoginDetails['remember']);
    }

    /**
--- a/app/Access/Mfa/MfaValue.php
+++ b/app/Access/Mfa/MfaValue.php
@@ -48,17 +48,16 @@ class MfaValue extends Model
    }

    /**
-     * Easily get the decrypted MFA value for the given user and method.
+     * Get the decrypted MFA value for the given user and method.
     */
    public static function getValueForUser(User $user, string $method): ?string
    {
-        /** @var MfaValue $mfaVal */
        $mfaVal = static::query()
            ->where('user_id', '=', $user->id)
            ->where('method', '=', $method)
            ->first();

-        return $mfaVal ? $mfaVal->getValue() : null;
+        return $mfaVal?->getValue();
    }

    /**
--- a/app/Access/Oidc/OidcJwtSigningKey.php
+++ b/app/Access/Oidc/OidcJwtSigningKey.php
@@ -9,10 +9,7 @@ use phpseclib3\Math\BigInteger;

 class OidcJwtSigningKey
 {
-    /**
-     * @var PublicKey
-     */
-    protected $key;
+    protected PublicKey $key;

    /**
     * Can be created either from a JWK parameter array or local file path to load a certificate from.
@@ -20,15 +17,13 @@ class OidcJwtSigningKey
     * 'file:///var/www/cert.pem'
     * ['kty' => 'RSA', 'alg' => 'RS256', 'n' => 'abc123...'].
     *
-     * @param array|string $jwkOrKeyPath
-     *
     * @throws OidcInvalidKeyException
     */
-    public function __construct($jwkOrKeyPath)
+    public function __construct(array|string $jwkOrKeyPath)
    {
        if (is_array($jwkOrKeyPath)) {
            $this->loadFromJwkArray($jwkOrKeyPath);
-        } elseif (is_string($jwkOrKeyPath) && strpos($jwkOrKeyPath, 'file://') === 0) {
+        } elseif (str_starts_with($jwkOrKeyPath, 'file://')) {
            $this->loadFromPath($jwkOrKeyPath);
        } else {
            throw new OidcInvalidKeyException('Unexpected type of key value provided');
@@ -38,7 +33,7 @@ class OidcJwtSigningKey
    /**
     * @throws OidcInvalidKeyException
     */
-    protected function loadFromPath(string $path)
+    protected function loadFromPath(string $path): void
    {
        try {
            $key = PublicKeyLoader::load(
@@ -58,7 +53,7 @@ class OidcJwtSigningKey
    /**
     * @throws OidcInvalidKeyException
     */
-    protected function loadFromJwkArray(array $jwk)
+    protected function loadFromJwkArray(array $jwk): void
    {
        // 'alg' is optional for a JWK, but we will still attempt to validate if
        // it exists otherwise presume it will be compatible.
@@ -82,7 +77,7 @@ class OidcJwtSigningKey
            throw new OidcInvalidKeyException('A "n" parameter on the provided key is expected');
        }

-        $n = strtr($jwk['n'] ?? '', '-_', '+/');
+        $n = strtr($jwk['n'], '-_', '+/');

        try {
            $key = PublicKeyLoader::load([
--- a/app/Access/Oidc/OidcJwtWithClaims.php
+++ b/app/Access/Oidc/OidcJwtWithClaims.php
@@ -102,12 +102,12 @@ class OidcJwtWithClaims implements ProvidesClaims
    protected function validateTokenStructure(): void
    {
        foreach (['header', 'payload'] as $prop) {
-            if (empty($this->$prop) || !is_array($this->$prop)) {
+            if (empty($this->$prop)) {
                throw new OidcInvalidTokenException("Could not parse out a valid {$prop} within the provided token");
            }
        }

-        if (empty($this->signature) || !is_string($this->signature)) {
+        if (empty($this->signature)) {
            throw new OidcInvalidTokenException('Could not parse out a valid signature within the provided token');
        }
    }
--- a/app/Access/Oidc/OidcUserDetails.php
+++ b/app/Access/Oidc/OidcUserDetails.php
@@ -39,7 +39,7 @@ class OidcUserDetails
    ): void {
        $this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;
        $this->email = $claims->getClaim('email') ?? $this->email;
-        $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;
+        $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?: $this->name;
        $this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;
        $this->picture = static::getPicture($claims) ?: $this->picture;
    }
--- a/app/Access/Saml2Service.php
+++ b/app/Access/Saml2Service.php
@@ -266,7 +266,7 @@ class Saml2Service
    /**
     * Extract the details of a user from a SAML response.
     *
-     * @return array{external_id: string, name: string, email: string, saml_id: string}
+     * @return array{external_id: string, name: string, email: string|null, saml_id: string}
     */
    protected function getUserDetails(string $samlID, $samlAttributes): array
    {
@@ -357,7 +357,7 @@ class Saml2Service
            ]);
        }

-        if ($userDetails['email'] === null) {
+        if (empty($userDetails['email'])) {
            throw new SamlException(trans('errors.saml_no_email_address'));
        }

--- a/app/Access/SocialAuthService.php
+++ b/app/Access/SocialAuthService.php
@@ -117,14 +117,14 @@ class SocialAuthService
        }

        // When a user is logged in and the social account exists and is already linked to the current user.
-        if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id === $currentUser->id) {
+        if ($isLoggedIn && $socialAccount->user->id === $currentUser->id) {
            session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => $titleCaseDriver]));

            return redirect('/my-account/auth#social_accounts');
        }

        // When a user is logged in, A social account exists but the users do not match.
-        if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id != $currentUser->id) {
+        if ($isLoggedIn && $socialAccount->user->id != $currentUser->id) {
            session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => $titleCaseDriver]));

            return redirect('/my-account/auth#social_accounts');