Fix tests

.github/workflows/unit-tests.yml

@@ -14,25 +14,17 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                #Stable supported versions
-                php: ['8.1', '8.2']
-                symfony: ['5.4.*', '6.2.*']
-                composer-flags: ['--prefer-stable']
-                can-fail: [false]
-                exclude:
-                    - php: '8.1'
-                      symfony: '6.2.*'
                 include:
-                    # Lowest supported versions
-                    - php: '8.1'
-                      symfony: '5.4.*'
-                      composer-flags: '--prefer-stable --prefer-lowest'
+                    # Lowest Deps
+                    - php: 8.1
+                      symfony: 5.4.*
+                      composer-flags: '--prefer-stable'
+                      can-fail: false
+                    # Stable deps
+                    - php: 8.2
+                      symfony: 6.3.*
+                      composer-flags: '--prefer-stable'
                       can-fail: false
-                    # Development versions
-                    - php: '8.3'
-                      symfony: '6.3.x-dev'
-                      composer-flags: ''
-                      can-fail: true
 
         name: "PHP ${{ matrix.php }} - Symfony ${{ matrix.symfony }}${{ matrix.composer-flags != '' && format(' - Composer {0}', matrix.composer-flags) || '' }}"
 

docs/index.md

@@ -12,7 +12,7 @@ For implementation into Symfony projects, please see [bundle documentation](basi
 
 ## Requirements
 
-* [PHP 7.2](http://php.net/releases/7_2_0.php) or greater
+* [PHP 8.1](http://php.net/releases/8_1_0.php) or greater
 * [Symfony 5.4](https://symfony.com/roadmap/5.4) or greater
 
 ## Installation

psalm.xml

@@ -2,7 +2,7 @@
 <psalm
     errorLevel="1"
     strictBinaryOperands="true"
-    phpVersion="7.2"
+    phpVersion="8.1"
     allowStringToStandInForClass="true"
     rememberPropertyAssignmentsAfterCall="false"
     checkForThrowsInGlobalScope="true"

src/Command/CreateClientCommand.php

@@ -6,6 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
+use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Grant;
 use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
@@ -117,20 +118,16 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         return 0;
     }
 
-    private function buildClientFromInput(InputInterface $input): AbstractClient
+    private function buildClientFromInput(InputInterface $input): ClientInterface
     {
         $name = $input->getArgument('name');
-
-        /** @var string $identifier */
-        $identifier = $input->getArgument('identifier') ?? hash('md5', random_bytes(16));
-
+        $identifier = (string) $input->getArgument('identifier') ?: hash('md5', random_bytes(16));
         $isPublic = $input->getOption('public');
 
         if ($isPublic && null !== $input->getArgument('secret')) {
             throw new \InvalidArgumentException('The client cannot have a secret and be public.');
         }
 
-        /** @var string $secret */
         $secret = $isPublic ? null : $input->getArgument('secret') ?? hash('sha512', random_bytes(32));
 
         /** @var AbstractClient $client */

src/Converter/UserConverter.php

@@ -12,6 +12,7 @@ final class UserConverter implements UserConverterInterface
 {
     /**
      * @psalm-suppress DeprecatedMethod
+     * @psalm-suppress UndefinedInterfaceMethod
      */
     public function toLeague(?UserInterface $user): UserEntityInterface
     {

src/DBAL/Type/ImplodedArray.php

@@ -20,7 +20,7 @@ abstract class ImplodedArray extends TextType
     /**
      * @psalm-suppress MixedArgumentTypeCoercion
      */
-    public function convertToDatabaseValue($value, AbstractPlatform $platform): ?string
+    public function convertToDatabaseValue(mixed $value, AbstractPlatform $platform): ?string
     {
         if (!\is_array($value)) {
             throw new \LogicException('This type can only be used in combination with arrays.');
@@ -41,7 +41,7 @@ public function convertToDatabaseValue($value, AbstractPlatform $platform): ?str
     /**
      * @psalm-return list<T>
      */
-    public function convertToPHPValue($value, AbstractPlatform $platform): array
+    public function convertToPHPValue(mixed $value, AbstractPlatform $platform): array
     {
         if (null === $value) {
             return [];

src/Entity/Scope.php

@@ -12,7 +12,7 @@ final class Scope implements ScopeEntityInterface
     use EntityTrait;
 
     #[\ReturnTypeWillChange]
-    public function jsonSerialize()
+    public function jsonSerialize(): mixed
     {
         return $this->getIdentifier();
     }

src/Event/AuthorizationRequestResolveEvent.php

@@ -4,7 +4,7 @@
 
 namespace League\Bundle\OAuth2ServerBundle\Event;
 
-use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
+use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
 use Symfony\Component\HttpFoundation\Response;
@@ -27,7 +27,7 @@ final class AuthorizationRequestResolveEvent extends Event
     private $scopes;
 
     /**
-     * @var AbstractClient
+     * @var ClientInterface
      */
     private $client;
 
@@ -49,7 +49,7 @@ final class AuthorizationRequestResolveEvent extends Event
     /**
      * @param Scope[] $scopes
      */
-    public function __construct(AuthorizationRequest $authorizationRequest, array $scopes, AbstractClient $client)
+    public function __construct(AuthorizationRequest $authorizationRequest, array $scopes, ClientInterface $client)
     {
         $this->authorizationRequest = $authorizationRequest;
         $this->scopes = $scopes;
@@ -94,7 +94,7 @@ public function getGrantTypeId(): string
     /**
      * @psalm-mutation-free
      */
-    public function getClient(): AbstractClient
+    public function getClient(): ClientInterface
     {
         return $this->client;
     }

src/LeagueOAuth2ServerBundle.php

@@ -33,6 +33,9 @@ public function getContainerExtension(): ExtensionInterface
         return new LeagueOAuth2ServerExtension();
     }
 
+    /**
+     * @psalm-suppress UndefinedMethod
+     */
     private function configureSecurityExtension(ContainerBuilder $container): void
     {
         /** @var SecurityExtension $extension */
@@ -61,6 +64,7 @@ private function configureDoctrineExtension(ContainerBuilder $container): void
                 'league.oauth2_server.persistence.doctrine.enabled'
             )
         );
+
         $container->addCompilerPass(new EncryptionKeyPass());
     }
 }

src/Manager/Null/AccessTokenManager.php

@@ -6,6 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
+use League\Bundle\OAuth2ServerBundle\Model\AccessTokenInterface;
 
 final class AccessTokenManager implements AccessTokenManagerInterface
 {
@@ -14,7 +15,7 @@ public function find(string $identifier): ?AccessToken
         return null;
     }
 
-    public function save(AccessToken $accessToken): void
+    public function save(AccessTokenInterface $accessToken): void
     {
     }
 

src/Model/AbstractClient.php

@@ -114,11 +114,6 @@ public function setRedirectUris(RedirectUri ...$redirectUris): ClientInterface
         return $this;
     }
 
-    /**
-     * @return list<Grant>
-     *
-     * @psalm-mutation-free
-     */
     public function getGrants(): array
     {
         return $this->grants;

src/Model/ClientInterface.php

@@ -8,20 +8,38 @@
 use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
 
+/**
+ * @method string getName()
+ */
 interface ClientInterface
 {
     public function getIdentifier(): string;
 
     public function getSecret(): ?string;
 
+    /**
+     * @return list<RedirectUri>
+     *
+     * @psalm-mutation-free
+     */
     public function getRedirectUris(): array;
 
     public function setRedirectUris(RedirectUri ...$redirectUris): self;
 
+    /**
+     * @return list<Grant>
+     *
+     * @psalm-mutation-free
+     */
     public function getGrants(): array;
 
     public function setGrants(Grant ...$grants): self;
 
+    /**
+     * @return list<Scope>
+     *
+     * @psalm-mutation-free
+     */
     public function getScopes(): array;
 
     public function setScopes(Scope ...$scopes): self;

src/Repository/ClientRepository.php

@@ -6,7 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Entity\Client as ClientEntity;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
-use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
+use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 
 final class ClientRepository implements ClientRepositoryInterface
@@ -55,7 +55,7 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType): bo
         return false;
     }
 
-    private function buildClientEntity(AbstractClient $client): ClientEntity
+    private function buildClientEntity(ClientInterface $client): ClientEntity
     {
         $clientEntity = new ClientEntity();
         $clientEntity->setName($client->getName());
@@ -67,7 +67,7 @@ private function buildClientEntity(AbstractClient $client): ClientEntity
         return $clientEntity;
     }
 
-    private function isGrantSupported(AbstractClient $client, ?string $grant): bool
+    private function isGrantSupported(ClientInterface $client, ?string $grant): bool
     {
         if (null === $grant) {
             return true;

src/Security/Authenticator/OAuth2Authenticator.php

@@ -101,12 +101,16 @@ public function doAuthenticate(Request $request) /* : Passport */
         /** @var string $oauthClientId */
         $oauthClientId = $psr7Request->getAttribute('oauth_client_id', '');
 
+        /** @psalm-suppress MixedInferredReturnType */
         $userLoader = function (string $userIdentifier): UserInterface {
             if ('' === $userIdentifier) {
                 return new NullUser();
             }
             if (!method_exists($this->userProvider, 'loadUserByIdentifier')) {
-                /** @psalm-suppress DeprecatedMethod */
+                /**
+                 * @psalm-suppress DeprecatedMethod
+                 * @psalm-suppress MixedReturnStatement
+                 */
                 return $this->userProvider->loadUserByUsername($userIdentifier);
             }
 
@@ -127,6 +131,9 @@ public function doAuthenticate(Request $request) /* : Passport */
      * @return OAuth2Token
      *
      * @psalm-suppress DeprecatedInterface
+     * @psalm-suppress UndefinedClass
+     * @psalm-suppress MixedInferredReturnType
+     * @psalm-suppress RedundantCondition
      */
     public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
     {
@@ -135,6 +142,10 @@ public function createAuthenticatedToken(PassportInterface $passport, string $fi
         }
 
         $token = $this->createToken($passport, $firewallName);
+        /**
+         * @psalm-suppress TooManyArguments
+         * @psalm-suppress UndefinedMethod
+         */
         $token->setAuthenticated(true);
 
         return $token;
@@ -157,7 +168,10 @@ public function createToken(Passport $passport, string $firewallName): TokenInte
         $token = new OAuth2Token($passport->getUser(), $accessTokenId, $oauthClientId, $scopeBadge->getScopes(), $this->rolePrefix);
         if (method_exists(AuthenticatorInterface::class, 'createAuthenticatedToken') && !method_exists(AuthenticatorInterface::class, 'createToken')) {
             // symfony 5.4 only
-            /** @psalm-suppress TooManyArguments */
+            /**
+             * @psalm-suppress TooManyArguments
+             * @psalm-suppress UndefinedMethod
+             */
             $token->setAuthenticated(true, false);
         }
 

src/Security/EventListener/CheckScopeListener.php

@@ -9,7 +9,6 @@
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
 use Symfony\Component\Security\Http\Event\CheckPassportEvent;
 
 /**
@@ -29,8 +28,6 @@ public function __construct(RequestStack $requestStack)
     public function checkPassport(CheckPassportEvent $event): void
     {
         /**
-         * @var Passport $passport
-         *
          * @psalm-suppress DeprecatedInterface
          */
         $passport = $event->getPassport();

src/Service/CredentialsRevoker/DoctrineCredentialsRevoker.php

@@ -33,9 +33,13 @@ public function __construct(EntityManagerInterface $entityManager, ClientManager
 
     /**
      * @psalm-suppress DeprecatedMethod
+     * @psalm-suppress UndefinedInterfaceMethod
      */
     public function revokeCredentialsForUser(UserInterface $user): void
     {
+        /**
+         * @psalm-suppress MixedAssignment
+         */
         $userIdentifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
 
         $this->entityManager->createQueryBuilder()

tests/Acceptance/AbstractAcceptanceTest.php

@@ -4,6 +4,7 @@
 
 namespace League\Bundle\OAuth2ServerBundle\Tests\Acceptance;
 
+use Doctrine\DBAL\Platforms\SqlitePlatform;
 use League\Bundle\OAuth2ServerBundle\Tests\TestHelper;
 use Symfony\Bundle\FrameworkBundle\Console\Application;
 use Symfony\Bundle\FrameworkBundle\KernelBrowser;
@@ -30,7 +31,7 @@ protected function setUp(): void
         TestHelper::initializeDoctrineSchema($this->application);
 
         $connection = $this->client->getContainer()->get('database_connection');
-        if ('sqlite' === $connection->getDatabasePlatform()->getName()) {
+        if ($connection->getDatabasePlatform() instanceof SqlitePlatform) {
             // https://www.sqlite.org/foreignkeys.html
             $connection->executeQuery('PRAGMA foreign_keys = ON');
         }

tests/Fixtures/User.php

@@ -33,7 +33,7 @@ public function getUserIdentifier(): string
         return FixtureFactory::FIXTURE_USER;
     }
 
-    public function eraseCredentials()
+    public function eraseCredentials(): void
     {
     }
 }