WIP fixing stan

chav170 · chav170 · commit 9de7bd67ecd1 · 2025-05-05T10:41:03.000+01:00
diff --git a/composer.json b/composer.json
@@ -36,12 +36,14 @@
     },
     "require-dev": {
         "cakephp/cakephp-codesniffer": "^4.5",
+        "google/recaptcha": "@stable",
         "league/flysystem-vfs": "^1.0",
         "laminas/laminas-diactoros": "^3.0",
         "phpunit/phpunit": "^10.0",
         "phpstan/phpstan": "^1.8",
         "robthree/twofactorauth": "^1.6",
-        "vlucas/phpdotenv": "^3.3"
+        "vlucas/phpdotenv": "^3.3",
+        "web-auth/webauthn-lib": "^5.0"
     },
     "autoload": {
         "psr-4": {
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -17,11 +17,6 @@ parameters:
 			count: 1
 			path: src\Service\Action\Auth\ResetPasswordAction.php
 
-		-
-			message: "#^Call to an undefined method Cake\\\\ORM\\\\Table\\:\\:validationPasswordConfirm\\(\\)\\.$#"
-			count: 1
-			path: src\Service\Action\Auth\ResetPasswordAction.php
-
 		-
 			message: "#^Call to an undefined method Cake\\\\ORM\\\\Table\\:\\:changePassword\\(\\)\\.$#"
 			count: 1
@@ -46,5 +41,3 @@ parameters:
 			message: "#^Call to an undefined method Cake\\\\ORM\\\\Table\\:\\:resetToken\\(\\)\\.$#"
 			count: 1
 			path: src\Service\Action\Auth\ValidateAccountRequestAction.php
-
-
diff --git a/src/Model/Entity/AuthStore.php b/src/Model/Entity/AuthStore.php
@@ -24,7 +24,7 @@ class AuthStore extends Entity
      *
      * @var array<string, bool>
      */
-    protected $_accessible = [
+    protected array $_accessible = [
         'id' => true,
         'store' => true,
         'created' => true,
diff --git a/src/Rbac/Rules/TwoFactorPassedScope.php b/src/Rbac/Rules/TwoFactorPassedScope.php
@@ -22,13 +22,13 @@
  */
 class TwoFactorPassedScope extends AbstractRule
 {
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
     ];
 
     /**
      * @inheritDoc
      */
-    public function allowed($user, $role, ServerRequestInterface $request)
+    public function allowed(array|\ArrayAccess $user, string $role, ServerRequestInterface $request): bool
     {
         $authentication = $request->getAttribute('authentication');
         if ($authentication === null) {
diff --git a/src/Rbac/Rules/TwoFactorScope.php b/src/Rbac/Rules/TwoFactorScope.php
@@ -22,13 +22,13 @@
  */
 class TwoFactorScope extends AbstractRule
 {
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
     ];
 
     /**
      * @inheritDoc
      */
-    public function allowed($user, $role, ServerRequestInterface $request)
+    public function allowed(array|\ArrayAccess $user, string $role, ServerRequestInterface $request): bool
     {
         $authentication = $request->getAttribute('authentication');
         if ($authentication === null) {
diff --git a/src/Service/Action/Auth/OtpVerifyCheckAction.php b/src/Service/Action/Auth/OtpVerifyCheckAction.php
@@ -48,7 +48,7 @@ public function execute()
         unset($user['secret']);
 
         if (!$user['secret_verified']) {
-            $this->getUsersTable()->query()->update()
+            $this->getUsersTable()->updateQuery()
                 ->set(['secret_verified' => true])
                 ->where(['id' => $user['id']])
                 ->execute();
diff --git a/src/Service/Action/Auth/OtpVerifyGetAction.php b/src/Service/Action/Auth/OtpVerifyGetAction.php
@@ -67,8 +67,8 @@ protected function onVerifyGetSecret($user)
 
         $secret = $this->createSecret();
         try {
-            $query = $this->getUsersTable()->query();
-            $query->update()
+            $query = $this->getUsersTable()->updateQuery();
+            $query
                 ->set(['secret' => $secret])
                 ->where(['id' => $user['id']]);
             $query->execute();
diff --git a/src/Service/Action/Auth/ResetPasswordAction.php b/src/Service/Action/Auth/ResetPasswordAction.php
@@ -118,6 +118,7 @@ public function execute()
      */
     protected function _changePassword($userId)
     {
+        /** @var \CakeDC\Users\Model\Entity\User $user */
         $user = $this->getUsersTable()->newEntity([], ['validate' => false]);
         $user->id = $userId;
         try {
diff --git a/src/Service/Action/Auth/Webauthn2faAuthAction.php b/src/Service/Action/Auth/Webauthn2faAuthAction.php
@@ -13,6 +13,7 @@
 
 namespace CakeDC\Api\Service\Action\Auth;
 
+use Cake\Log\Log;
 use CakeDC\Api\Service\Action\Action;
 use CakeDC\Api\Webauthn\AuthenticateAdapter;
 use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;
@@ -31,6 +32,7 @@ class Webauthn2faAuthAction extends Action
      * Execute action.
      *
      * @return mixed
+     * @throws \Throwable
      */
     public function execute()
     {
diff --git a/src/Service/Action/Auth/Webauthn2faRegisterAction.php b/src/Service/Action/Auth/Webauthn2faRegisterAction.php
@@ -13,6 +13,7 @@
 
 namespace CakeDC\Api\Service\Action\Auth;
 
+use Cake\Http\Exception\BadRequestException;
 use CakeDC\Api\Service\Action\Action;
 use CakeDC\Api\Webauthn\RegisterAdapter;
 use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;
diff --git a/src/Service/Action/Extension/AuthorizationExtension.php_ b/src/Service/Action/Extension/AuthorizationExtension.php_
@@ -37,7 +37,7 @@ class AuthorizationExtension extends Extension implements EventListenerInterface
      *
      * @var array
      */
-    protected $_defaultConfig = [
+    protected array $_defaultConfig = [
         'identityAttribute' => 'identity',
         'serviceAttribute' => 'authorization',
         'authorizationEvent' => 'Action.Auth.onAuthorization',
diff --git a/src/Service/Action/Recaptcha/ValidateAction.php b/src/Service/Action/Recaptcha/ValidateAction.php
@@ -29,7 +29,6 @@ class ValidateAction extends Action
      * Execute action.
      *
      * @return mixed
-     * @throws \CakeDC\Api\Service\Action\Exception
      */
     public function execute()
     {
diff --git a/src/Webauthn/AuthenticateAdapter.php b/src/Webauthn/AuthenticateAdapter.php
@@ -13,6 +13,7 @@
 
 namespace CakeDC\Api\Webauthn;
 
+use Cake\Log\Log;
 use Webauthn\PublicKeyCredentialRequestOptions;
 use Webauthn\PublicKeyCredentialSource;
 
@@ -27,19 +28,19 @@ public function getOptions(): PublicKeyCredentialRequestOptions
         $allowed = array_map(function (PublicKeyCredentialSource $credential) {
             return $credential->getPublicKeyCredentialDescriptor();
         }, $this->repository->findAllForUserEntity($userEntity));
-        \Cake\Log\Log::error(print_r($allowed, true));
+        Log::error(print_r($allowed, true));
 
         $options = $this->server->generatePublicKeyCredentialRequestOptions(
             PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED,
             $allowed
         );
         $storeEntity = $this->readStore();
-        \Cake\Log\Log::error(print_r($storeEntity, true));
+        Log::error(print_r($storeEntity, true));
         $storeEntity['store'] = [];
         $storeEntity = $this->patchStore($storeEntity, 'authenticateOptions', base64_encode(serialize($options)));
         $res = $this->store->save($storeEntity);
-        \Cake\Log\Log::error(print_r($storeEntity, true));
-        \Cake\Log\Log::error(print_r($res, true));
+        Log::error(print_r($storeEntity, true));
+        Log::error(print_r($res, true));
 
         return $options;
     }
@@ -52,12 +53,12 @@ public function getOptions(): PublicKeyCredentialRequestOptions
     public function verifyResponse(): \Webauthn\PublicKeyCredentialSource
     {
         $storeEntity = $this->readStore();
-        \Cake\Log\Log::error(print_r($storeEntity, true));
+        Log::error(print_r($storeEntity, true));
         $options = $this->getStore($storeEntity, 'authenticateOptions');
         if ($options) {
             $options = unserialize(base64_decode($options));
         }
-        \Cake\Log\Log::error(print_r($options, true));
+        Log::error(print_r($options, true));
 
         return $this->loadAndCheckAssertionResponse($options);
     }
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
@@ -83,15 +83,21 @@ function def($name, $value)
 // Cake\Core\Configure::write('App.encoding', 'UTF-8');
 Cake\Core\Configure::write('debug', true);
 
-mkdir(TMP . 'cache/models', 0777);
-mkdir(TMP . 'cache/persistent', 0777);
-mkdir(TMP . 'cache/views', 0777);
+if (!file_exists(TMP . 'cache/models')) {
+    mkdir(TMP . 'cache/models', 0777);
+}
+if (!file_exists(TMP . 'cache/persistent')) {
+    mkdir(TMP . 'cache/persistent', 0777);
+}
+if (!file_exists(TMP . 'cache/views')) {
+    mkdir(TMP . 'cache/views', 0777);
+}
 
 $cache = [
     'default' => [
         'engine' => 'File',
     ],
-    '_cake_core_' => [
+    '_cake_translations_' => [
         'className' => 'File',
         'prefix' => 'api_app_cake_core_',
         'path' => CACHE . 'persistent/',

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ class AuthStore extends Entity`
`24`	`24`	`*`
`25`	`25`	`* @var array<string, bool>`
`26`	`26`	`*/`
`27`		`- protected $_accessible = [`
	`27`	`+ protected array $_accessible = [`
`28`	`28`	`'id' => true,`
`29`	`29`	`'store' => true,`
`30`	`30`	`'created' => true,`
Original file line number	Diff line number	Diff line change
`@@ -118,6 +118,7 @@ public function execute()`
`118`	`118`	`*/`
`119`	`119`	`protected function _changePassword($userId)`
`120`	`120`	`{`
	`121`	`+ /** @var \CakeDC\Users\Model\Entity\User $user */`
`121`	`122`	`$user = $this->getUsersTable()->newEntity([], ['validate' => false]);`
`122`	`123`	`$user->id = $userId;`
`123`	`124`	`try {`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`
`14`	`14`	`namespace CakeDC\Api\Service\Action\Auth;`
`15`	`15`
	`16`	`+use Cake\Log\Log;`
`16`	`17`	`use CakeDC\Api\Service\Action\Action;`
`17`	`18`	`use CakeDC\Api\Webauthn\AuthenticateAdapter;`
`18`	`19`	`use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;`
`@@ -31,6 +32,7 @@ class Webauthn2faAuthAction extends Action`
`31`	`32`	`* Execute action.`
`32`	`33`	`*`
`33`	`34`	`* @return mixed`
	`35`	`+ * @throws \Throwable`
`34`	`36`	`*/`
`35`	`37`	`public function execute()`
`36`	`38`	`{`