Feature/replace psalm

.github/workflows/documentation.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: [ubuntu-latest]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Lint markdown files
         uses: nosborn/github-action-markdown-cli@v3

.github/workflows/php.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ['ubuntu-latest']
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           # super-linter needs the full git history to get the
           # list of files that changed across commits
@@ -59,7 +59,7 @@ jobs:
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -86,26 +86,13 @@ jobs:
       - name: PHP Code Sniffer
         run: phpcs
 
-      - name: Psalm
+      - name: PHPStan
         run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan.neon
 
-      - name: Psalm (testsuite)
+      - name: PHPStan (testsuite)
         run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalter
-        run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan-dev.neon
 
   security:
     name: Security checks
@@ -124,7 +111,7 @@ jobs:
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -180,7 +167,7 @@ jobs:
           git config --global core.autocrlf false
           git config --global core.eol lf
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -226,7 +213,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml, zip
           tools: composer
           ini-values: error_reporting=E_ALL
           coverage: none
@@ -242,7 +229,7 @@ jobs:
           git config --global core.autocrlf false
           git config --global core.eol lf
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV"
@@ -265,7 +252,7 @@ jobs:
     runs-on: [ubuntu-latest]
     needs: [unit-tests-linux]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/download-artifact@v5
         with:

phpstan-dev.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 5
+  paths:
+    - tests

phpstan.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 6
+  paths:
+    - src

src/Auth/Process/Authorize.php

@@ -47,7 +47,7 @@ class Authorize extends Auth\ProcessingFilter
     /**
      * Array of localised rejection messages
      *
-     * @var array
+     * @var string[]
      */
     protected array $reject_msg = [];
 
@@ -60,9 +60,9 @@ class Authorize extends Auth\ProcessingFilter
 
     /**
      * Array of valid users. Each element is a regular expression. You should
-     * user \ to escape special chars, like '.' etc.
+     * use \ to escape special chars, like '.' etc.
      *
-     * @param array
+     * @var array<mixed>
      */
     protected array $valid_attribute_values = [];
 
@@ -82,7 +82,7 @@ class Authorize extends Auth\ProcessingFilter
      * Initialize this filter.
      * Validate configuration parameters.
      *
-     * @param array $config  Configuration information about this filter.
+     * @param array<mixed> $config  Configuration information about this filter.
      * @param mixed $reserved  For future use.
      */
     public function __construct(array $config, $reserved)
@@ -155,7 +155,7 @@ public function __construct(array $config, $reserved)
     /**
      * Apply filter to validate attributes.
      *
-     * @param array &$state  The current request
+     * @param array<mixed> &$state  The current request
      */
     public function process(array &$state): void
     {
@@ -225,7 +225,7 @@ public function process(array &$state): void
      * thinking in case a "chained" ACL is needed, more complex
      * permission logic.
      *
-     * @param array $state
+     * @param array<mixed> $state
      */
     protected function unauthorized(array &$state): void
     {

src/Controller/Authorize.php

@@ -51,7 +51,7 @@ public function forbidden(Request $request): Template
             throw new Error\BadRequest('Missing required StateId query parameter.');
         }
 
-        /** @var array $state */
+        /** @var array<mixed> $state */
         $state = Auth\State::loadState($stateId, 'authorize:Authorize');
 
         $t = new Template($this->config, 'authorize:authorize_403.twig');
@@ -108,7 +108,7 @@ public function reauthenticate(Request $request): void
         if (!is_string($stateId)) {
             throw new Error\BadRequest('Missing required StateId query parameter.');
         }
-        /** @var array $state */
+        /** @var array<mixed> $state */
         $state = Auth\State::loadState($stateId, 'authorize:Authorize');
 
         $authSource = $state['Source']['auth'];