Replace Psalm with PHPStan

tvdijen · tvdijen · commit ca0e771290af · 2025-10-28T19:42:18.000+01:00
diff --git a/.gitattributes b/.gitattributes
@@ -5,8 +5,10 @@ codecov.yml export-ignore
 .editorconfig export-ignore
 .gitattributes export-ignore
 .gitignore export-ignore
-psalm.xml export-ignore
-psalm-dev.xml export-ignore
+phpstan.neon export-ignore
+phpstan-dev.neon export-ignore
+phpstan-baseline.neon export-ignore
+phpstan-baseline-dev.neon export-ignore
 phpcs.xml export-ignore
 phpunit.xml export-ignore
 .php_cs.dist export-ignore
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -165,8 +165,7 @@ jobs:
         with:
           # Should be the higest supported version, so we can use the newest tools
           php-version: '8.5'
-          tools: composer, composer-require-checker, composer-unused, psalm
-          # optional performance gain for psalm: opcache
+          tools: composer, composer-require-checker, composer-unused
           extensions: ctype, date, dom, fileinfo, filter, hash, intl, ldap, mbstring, opcache, openssl, pcre, spl, xml
 
       - name: Setup problem matchers for PHP
@@ -199,27 +198,13 @@ jobs:
       - name: PHP Code Sniffer
         run: vendor/bin/phpcs
 
-      - name: Psalm
-        continue-on-error: true
+      - name: PHPStan
         run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan.neon --debug
 
-      - name: Psalm (testsuite)
+      - name: PHPStan (testsuite)
         run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalter
-        run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan-dev.neon --debug
 
   security:
     name: Security checks
diff --git a/phpstan-dev.neon b/phpstan-dev.neon
@@ -0,0 +1,4 @@
+parameters:
+  level: 9
+  paths:
+    - tests
diff --git a/phpstan.neon b/phpstan.neon
@@ -0,0 +1,4 @@
+parameters:
+  level: 5
+  paths:
+    - src
diff --git a/psalm-dev.xml b/psalm-dev.xml
diff --git a/psalm.xml b/psalm.xml
diff --git a/src/Auth/Source/Negotiate.php b/src/Auth/Source/Negotiate.php
@@ -67,7 +67,7 @@ public function __construct(array $info, array $config)
      *
      * @param array &$state Information about the current authentication.
      */
-    public function authenticate(array &$state): void
+    public function authenticate(array &$state): never
     {
         // set the default backend to config
         $state['LogoutState'] = [
@@ -95,14 +95,10 @@ public function authenticate(array &$state): void
         ) {
             Logger::debug('Negotiate - session disabled. falling back');
             $this->fallBack($state);
-            // never executed
-            assert(false);
         }
 
         if (!$this->checkMask()) {
             $this->fallBack($state);
-            // never executed
-            assert(false);
         }
 
         // No auth token. Send it.
@@ -235,17 +231,13 @@ public function externalAuth(array &$state): void
             ];
             Logger::info('Negotiate - authenticate(): ' . $user . ' authorized.');
             Auth\Source::completeAuth($state);
-            // Never reached.
-            assert(false);
         }
     }
 
 
     /**
      * Passes control of the login process to a different module.
      *
-     * @param string $state Information about the current authentication.
-     *
      * @throws \SimpleSAML\Error\BadRequest If couldn't determine the auth source.
      * @throws \SimpleSAML\Error\NoState
      * @throws \SimpleSAML\Error\Exception
@@ -265,7 +257,6 @@ public static function external(): void
             }
             $httpUtils = new Utils\HTTP();
             $httpUtils->redirectUntrustedURL($sid['url'], ['negotiateext.auth' => 'false']);
-            assert(false);
         }
 
         Assert::isArray($state);
@@ -294,7 +285,6 @@ public static function external(): void
         }
 
         self::fallBack($state);
-        assert(false);
     }
 
 
diff --git a/tests/src/Controller/NegotiateControllerTest.php b/tests/src/Controller/NegotiateControllerTest.php
@@ -130,12 +130,14 @@ public function testEnable(): void
 
         // Validate cookie
         $cookies = $response->headers->getCookies();
+        $cookie = null;
         foreach ($cookies as $cookie) {
             if ($cookie->getName() === 'NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT') {
                 break;
             }
         }
 
+        $this->assertNotNull($cookie);
         $this->assertEquals($cookie->getValue(), null);
         $this->assertEquals($cookie->getDomain(), null);
         $this->assertEquals($cookie->getPath(), '/');
@@ -160,12 +162,14 @@ public function testDisable(): void
 
         // Validate cookie
         $cookies = $response->headers->getCookies();
+        $cookie = null;
         foreach ($cookies as $cookie) {
             if ($cookie->getName() === 'NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT') {
                 break;
             }
         }
 
+        $this->assertNotNull($cookie);
         $this->assertEquals($cookie->getValue(), 'true');
         $this->assertEquals($cookie->getDomain(), null);
         $this->assertEquals($cookie->getPath(), '/');

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +parameters:
 +  level: 9
 +  paths:
 +    - tests
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ public function __construct(array $info, array $config)`
`67`	`67`	`*`
`68`	`68`	`* @param array &$state Information about the current authentication.`
`69`	`69`	`*/`
`70`		`- public function authenticate(array &$state): void`
	`70`	`+ public function authenticate(array &$state): never`
`71`	`71`	`{`
`72`	`72`	`// set the default backend to config`
`73`	`73`	`$state['LogoutState'] = [`
`@@ -95,14 +95,10 @@ public function authenticate(array &$state): void`
`95`	`95`	`) {`
`96`	`96`	`Logger::debug('Negotiate - session disabled. falling back');`
`97`	`97`	`$this->fallBack($state);`
`98`		`- // never executed`
`99`		`- assert(false);`
`100`	`98`	`}`
`101`	`99`
`102`	`100`	`if (!$this->checkMask()) {`
`103`	`101`	`$this->fallBack($state);`
`104`		`- // never executed`
`105`		`- assert(false);`
`106`	`102`	`}`
`107`	`103`
`108`	`104`	`// No auth token. Send it.`
`@@ -235,17 +231,13 @@ public function externalAuth(array &$state): void`
`235`	`231`	`];`
`236`	`232`	`Logger::info('Negotiate - authenticate(): ' . $user . ' authorized.');`
`237`	`233`	`Auth\Source::completeAuth($state);`
`238`		`- // Never reached.`
`239`		`- assert(false);`
`240`	`234`	`}`
`241`	`235`	`}`
`242`	`236`
`243`	`237`
`244`	`238`	`/**`
`245`	`239`	`* Passes control of the login process to a different module.`
`246`	`240`	`*`
`247`		`- * @param string $state Information about the current authentication.`
`248`		`- *`
`249`	`241`	`* @throws \SimpleSAML\Error\BadRequest If couldn't determine the auth source.`
`250`	`242`	`* @throws \SimpleSAML\Error\NoState`
`251`	`243`	`* @throws \SimpleSAML\Error\Exception`
`@@ -265,7 +257,6 @@ public static function external(): void`
`265`	`257`	`}`
`266`	`258`	`$httpUtils = new Utils\HTTP();`
`267`	`259`	`$httpUtils->redirectUntrustedURL($sid['url'], ['negotiateext.auth' => 'false']);`
`268`		`- assert(false);`
`269`	`260`	`}`
`270`	`261`
`271`	`262`	`Assert::isArray($state);`
`@@ -294,7 +285,6 @@ public static function external(): void`
`294`	`285`	`}`
`295`	`286`
`296`	`287`	`self::fallBack($state);`
`297`		`- assert(false);`
`298`	`288`	`}`
`299`	`289`
`300`	`290`