feature #7 add psalm static analysis (azjezz)

This PR was squashed before being merged into the 0.1-dev branch.

Discussion
----------

add psalm static analysis

this PR contains 3 commits.

1. setting up psalm
2. fixing all issues in the project
3. adds psalm to github actions ( +sends type coverage to https://shepherd.dev/ ), and type coverage badge in README

from 350 errors down to 0, at the strictest level, and 99.8% type coverage 😄

![image](https://user-images.githubusercontent.com/29315886/110499174-456dca80-80f8-11eb-91f8-7e3d3c78dfc7.png)

Commits
-------

467c85d add psalm static analysis

Author: chalasr

.github/workflows/static-analysis.yml

@@ -0,0 +1,25 @@
+name: "static analysis"
+
+on: ["pull_request", "push"]
+
+jobs:
+  static-analysis:
+    name: "static analysis"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "checkout"
+        uses: "actions/checkout@v2"
+
+      - name: "installing PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          php-version: "7.4"
+          ini-values: memory_limit=-1
+          tools: composer:v2, cs2pr
+          extensions: intl, bcmath, curl, openssl, mbstring, pdo, pdo_sqlite
+
+      - name: "installing dependencies"
+        run: "composer update --no-interaction --no-progress"
+
+      - name: "running static analysis"
+        run: "vendor/bin/psalm --shepherd --stats"

README.md

@@ -2,6 +2,7 @@
 
 ![Unit tests status](https://github.com/thephpleague/oauth2-server-bundle/workflows/unit%20tests/badge.svg)
 ![Coding standards status](https://github.com/thephpleague/oauth2-server-bundle/workflows/coding%20standards/badge.svg)
+[![Type Coverage](https://shepherd.dev/github/thephpleague/oauth2-server-bundle/coverage.svg)](https://shepherd.dev/github/thephpleague/oauth2-server-bundle)
 [![Latest Stable Version](https://poser.pugx.org/league/oauth2-server-bundle/v/stable)](https://packagist.org/packages/thephpleague/oauth2-server-bundle)
 
 OAuth2ServerBundle is a Symfony bundle integrating the [oauth2-server](https://github.com/thephpleague/oauth2-server) library into Symfony applications.

composer.json

@@ -31,8 +31,10 @@
         "ext-pdo_sqlite": "*",
         "laminas/laminas-diactoros": "^2.2",
         "nyholm/psr7": "^1.2",
+        "psalm/plugin-symfony": "^2.2",
         "symfony/browser-kit": "^4.4|^5.0",
-        "symfony/phpunit-bridge": "^5.2"
+        "symfony/phpunit-bridge": "^5.2",
+        "vimeo/psalm": "^4.6"
     },
     "autoload": {
         "psr-4": { "League\\Bundle\\OAuth2ServerBundle\\": "src/" }

psalm.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<psalm
+        totallyTyped="true"
+        resolveFromConfigFile="true"
+        forbidEcho="true"
+        strictBinaryOperands="true"
+        phpVersion="7.1"
+        allowPhpStormGenerics="true"
+        allowStringToStandInForClass="true"
+        rememberPropertyAssignmentsAfterCall="false"
+        checkForThrowsInGlobalScope="true"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns="https://getpsalm.org/schema/config"
+        xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+>
+    <projectFiles>
+        <directory name="src"/>
+        <ignoreFiles>
+            <directory name="src/DependencyInjection"/>
+            <directory name="vendor"/>
+        </ignoreFiles>
+    </projectFiles>
+
+    <issueHandlers>
+        <LessSpecificReturnType errorLevel="error"/>
+        <DeprecatedMethod errorLevel="error"/>
+        <DeprecatedProperty errorLevel="error"/>
+        <DeprecatedClass errorLevel="error"/>
+        <DeprecatedConstant errorLevel="error"/>
+        <DeprecatedInterface errorLevel="error"/>
+        <DeprecatedTrait errorLevel="error"/>
+        <ForbiddenCode errorLevel="error"/>
+        <InternalMethod errorLevel="error"/>
+        <InternalProperty errorLevel="error"/>
+        <InternalClass errorLevel="error"/>
+        <MissingClosureReturnType errorLevel="error"/>
+        <MissingReturnType errorLevel="error"/>
+        <MissingPropertyType errorLevel="error"/>
+        <InvalidDocblock errorLevel="error"/>
+        <PropertyNotSetInConstructor errorLevel="error"/>
+        <MissingConstructor errorLevel="error"/>
+        <MissingClosureParamType errorLevel="error"/>
+        <MissingParamType errorLevel="error"/>
+        <DocblockTypeContradiction errorLevel="error"/>
+        <RawObjectIteration errorLevel="error"/>
+        <InvalidStringClass errorLevel="error"/>
+        <UnresolvableInclude errorLevel="error"/>
+    </issueHandlers>
+
+    <plugins>
+        <pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin"/>
+    </plugins>
+</psalm>

src/Command/ClearExpiredTokensCommand.php

@@ -17,8 +17,19 @@ final class ClearExpiredTokensCommand extends Command
 {
     protected static $defaultName = 'league:oauth2-server:clear-expired-tokens';
 
+    /**
+     * @var AccessTokenManagerInterface
+     */
     private $accessTokenManager;
+
+    /**
+     * @var RefreshTokenManagerInterface
+     */
     private $refreshTokenManager;
+
+    /**
+     * @var AuthorizationCodeManagerInterface
+     */
     private $authorizationCodeManager;
 
     public function __construct(
@@ -74,15 +85,15 @@ protected function execute(InputInterface $input, OutputInterface $output): int
             return 0;
         }
 
-        if (true === $clearExpiredAccessTokens) {
+        if ($clearExpiredAccessTokens) {
             $this->clearExpiredAccessTokens($io);
         }
 
-        if (true === $clearExpiredRefreshTokens) {
+        if ($clearExpiredRefreshTokens) {
             $this->clearExpiredRefreshTokens($io);
         }
 
-        if (true === $clearExpiredAuthCodes) {
+        if ($clearExpiredAuthCodes) {
             $this->clearExpiredAuthCodes($io);
         }
 

src/Command/CreateClientCommand.php

@@ -20,6 +20,9 @@ final class CreateClientCommand extends Command
 {
     protected static $defaultName = 'league:oauth2-server:create-client';
 
+    /**
+     * @var ClientManagerInterface
+     */
     private $clientManager;
 
     public function __construct(ClientManagerInterface $clientManager)
@@ -105,38 +108,40 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
     private function buildClientFromInput(InputInterface $input): Client
     {
+        /** @var string $identifier */
         $identifier = $input->getArgument('identifier') ?? hash('md5', random_bytes(16));
 
+        /** @var bool $isPublic */
         $isPublic = $input->getOption('public');
 
-        if (null !== $input->getArgument('secret') && $isPublic) {
+        if ($isPublic && null !== $input->getArgument('secret')) {
             throw new \InvalidArgumentException('The client cannot have a secret and be public.');
         }
 
+        /** @var string $secret */
         $secret = $isPublic ? null : $input->getArgument('secret') ?? hash('sha512', random_bytes(32));
 
         $client = new Client($identifier, $secret);
         $client->setActive(true);
         $client->setAllowPlainTextPkce($input->getOption('allow-plain-text-pkce'));
 
-        $redirectUris = array_map(
-            static function (string $redirectUri): RedirectUri { return new RedirectUri($redirectUri); },
-            $input->getOption('redirect-uri')
-        );
-        $client->setRedirectUris(...$redirectUris);
-
-        $grants = array_map(
-            static function (string $grant): Grant { return new Grant($grant); },
-            $input->getOption('grant-type')
-        );
-        $client->setGrants(...$grants);
-
-        $scopes = array_map(
-            static function (string $scope): Scope { return new Scope($scope); },
-            $input->getOption('scope')
-        );
-        $client->setScopes(...$scopes);
-
-        return $client;
+        /** @var list<string> $redirectUriStrings */
+        $redirectUriStrings = $input->getOption('redirect-uri');
+        /** @var list<string> $grantStrings */
+        $grantStrings = $input->getOption('grant-type');
+        /** @var list<string> $scopeStrings */
+        $scopeStrings = $input->getOption('scope');
+
+        return $client
+            ->setRedirectUris(...array_map(static function (string $redirectUri): RedirectUri {
+                return new RedirectUri($redirectUri);
+            }, $redirectUriStrings))
+            ->setGrants(...array_map(static function (string $grant): Grant {
+                return new Grant($grant);
+            }, $grantStrings))
+            ->setScopes(...array_map(static function (string $scope): Scope {
+                return new Scope($scope);
+            }, $scopeStrings))
+        ;
     }
 }

src/Command/DeleteClientCommand.php

@@ -15,6 +15,9 @@ final class DeleteClientCommand extends Command
 {
     protected static $defaultName = 'league:oauth2-server:delete-client';
 
+    /**
+     * @var ClientManagerInterface
+     */
     private $clientManager;
 
     public function __construct(ClientManagerInterface $clientManager)

src/Command/ListClientsCommand.php

@@ -22,6 +22,9 @@ final class ListClientsCommand extends Command
 
     protected static $defaultName = 'league:oauth2-server:list-clients';
 
+    /**
+     * @var ClientManagerInterface
+     */
     private $clientManager;
 
     public function __construct(ClientManagerInterface $clientManager)
@@ -77,18 +80,25 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
     private function getFindByCriteria(InputInterface $input): ClientFilter
     {
+        /** @var list<string> $grantStrings */
+        $grantStrings = $input->getOption('grant-type');
+        /** @var list<string> $redirectUriStrings */
+        $redirectUriStrings = $input->getOption('redirect-uri');
+        /** @var list<string> $scopeStrings */
+        $scopeStrings = $input->getOption('scope');
+
         return
             ClientFilter
                 ::create()
                 ->addGrantCriteria(...array_map(static function (string $grant): Grant {
                     return new Grant($grant);
-                }, $input->getOption('grant-type')))
+                }, $grantStrings))
                 ->addRedirectUriCriteria(...array_map(static function (string $redirectUri): RedirectUri {
                     return new RedirectUri($redirectUri);
-                }, $input->getOption('redirect-uri')))
+                }, $redirectUriStrings))
                 ->addScopeCriteria(...array_map(static function (string $scope): Scope {
                     return new Scope($scope);
-                }, $input->getOption('scope')))
+                }, $scopeStrings))
             ;
     }
 

src/Command/UpdateClientCommand.php

@@ -20,6 +20,9 @@ final class UpdateClientCommand extends Command
 {
     protected static $defaultName = 'league:oauth2-server:update-client';
 
+    /**
+     * @var ClientManagerInterface
+     */
     private $clientManager;
 
     public function __construct(ClientManagerInterface $clientManager)
@@ -89,24 +92,23 @@ private function updateClientFromInput(Client $client, InputInterface $input): C
     {
         $client->setActive(!$input->getOption('deactivated'));
 
-        $redirectUris = array_map(
-            static function (string $redirectUri): RedirectUri { return new RedirectUri($redirectUri); },
-            $input->getOption('redirect-uri')
-        );
-        $client->setRedirectUris(...$redirectUris);
-
-        $grants = array_map(
-            static function (string $grant): Grant { return new Grant($grant); },
-            $input->getOption('grant-type')
-        );
-        $client->setGrants(...$grants);
-
-        $scopes = array_map(
-            static function (string $scope): Scope { return new Scope($scope); },
-            $input->getOption('scope')
-        );
-        $client->setScopes(...$scopes);
-
-        return $client;
+        /** @var list<string> $redirectUriStrings */
+        $redirectUriStrings = $input->getOption('redirect-uri');
+        /** @var list<string> $grantStrings */
+        $grantStrings = $input->getOption('grant-type');
+        /** @var list<string> $scopeStrings */
+        $scopeStrings = $input->getOption('scope');
+
+        return $client
+            ->setRedirectUris(...array_map(static function (string $redirectUri): RedirectUri {
+                return new RedirectUri($redirectUri);
+            },  $redirectUriStrings))
+            ->setGrants(...array_map(static function (string $grant): Grant {
+                return new Grant($grant);
+            }, $grantStrings))
+            ->setScopes(...array_map(static function (string $scope): Scope {
+                return new Scope($scope);
+            }, $scopeStrings))
+        ;
     }
 }

src/Controller/AuthorizationController.php

@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\Event\AuthorizationRequestResolveEvent;
 use League\Bundle\OAuth2ServerBundle\Event\AuthorizationRequestResolveEventFactory;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Model\Client;
 use League\Bundle\OAuth2ServerBundle\OAuth2Events;
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
@@ -18,10 +19,29 @@
 
 final class AuthorizationController
 {
+    /**
+     * @var AuthorizationServer
+     */
     private $server;
+
+    /**
+     * @var EventDispatcherInterface
+     */
     private $eventDispatcher;
+
+    /**
+     * @var AuthorizationRequestResolveEventFactory
+     */
     private $eventFactory;
+
+    /**
+     * @var UserConverterInterface
+     */
     private $userConverter;
+
+    /**
+     * @var ClientManagerInterface
+     */
     private $clientManager;
 
     public function __construct(
@@ -46,6 +66,7 @@ public function indexAction(ServerRequestInterface $serverRequest, ResponseFacto
             $authRequest = $this->server->validateAuthorizationRequest($serverRequest);
 
             if ('plain' === $authRequest->getCodeChallengeMethod()) {
+                /** @var Client $client */
                 $client = $this->clientManager->find($authRequest->getClient()->getIdentifier());
                 if (!$client->isPlainTextPkceAllowed()) {
                     return OAuthServerException::invalidRequest(
@@ -64,6 +85,7 @@ public function indexAction(ServerRequestInterface $serverRequest, ResponseFacto
             $authRequest->setUser($this->userConverter->toLeague($event->getUser()));
 
             if ($event->hasResponse()) {
+                /** @var ResponseInterface */
                 return $event->getResponse();
             }