phpstan and phpcs fixes

Author: skie

composer.json

@@ -35,9 +35,12 @@
         "firebase/php-jwt": "^6.3"
     },
     "require-dev": {
-        "cakephp/cakephp-codesniffer": "~4.4.0",
+        "cakephp/cakephp-codesniffer": "^4.5",
         "league/flysystem-vfs": "^1.0",
+        "laminas/laminas-diactoros": "^3.0",
         "phpunit/phpunit": "^10.0",
+        "phpstan/phpstan": "^1.8",
+        "robthree/twofactorauth": "^1.6",
         "vlucas/phpdotenv": "^3.3"
     },
     "autoload": {

phpstan.neon

@@ -2,7 +2,7 @@ includes:
     - phpstan-baseline.neon
 
 parameters:
-    level: 4
+    level: 2
     bootstrapFiles:
         - tests/bootstrap.php
     ignoreErrors:

src/Command/ServiceRoutesCommand.php

@@ -68,6 +68,7 @@ public function execute(Arguments $args, ConsoleIo $io): ?int
         $service = ServiceRegistry::getServiceLocator()->get($serviceName);
         if ($service === null) {
             $io->error(__('Service "{0}" not found', $serviceName));
+
             return Command::CODE_ERROR;
         }
 

src/Model/Entity/AuthStore.php

@@ -9,7 +9,7 @@
  * AuthStore Entity
  *
  * @property string $id
- * @property string|null $store
+ * @property array|null $store
  * @property \Cake\I18n\FrozenTime $created
  * @property \Cake\I18n\FrozenTime $modified
  */

src/Model/Table/AuthStoreTable.php

@@ -4,8 +4,6 @@
 namespace CakeDC\Api\Model\Table;
 
 use Cake\Database\Schema\TableSchemaInterface;
-use Cake\ORM\Query;
-use Cake\ORM\RulesChecker;
 use Cake\ORM\Table;
 use Cake\Validation\Validator;
 
@@ -25,7 +23,6 @@
  * @method \CakeDC\Api\Model\Entity\AuthStore[]|\Cake\Datasource\ResultSetInterface saveManyOrFail(iterable $entities, $options = [])
  * @method \CakeDC\Api\Model\Entity\AuthStore[]|\Cake\Datasource\ResultSetInterface|false deleteMany(iterable $entities, $options = [])
  * @method \CakeDC\Api\Model\Entity\AuthStore[]|\Cake\Datasource\ResultSetInterface deleteManyOrFail(iterable $entities, $options = [])
- *
  * @mixin \Cake\ORM\Behavior\TimestampBehavior
  */
 class AuthStoreTable extends Table
@@ -62,8 +59,6 @@ public function validationDefault(Validator $validator): Validator
         return $validator;
     }
 
-
-
     /**
      * Initialize schema
      *

src/Rbac/Rules/TwoFactorPassedScope.php

@@ -13,18 +13,15 @@
 namespace CakeDC\Api\Rbac\Rules;
 
 use Authentication\Authenticator\JwtAuthenticator;
-use CakeDC\Auth\Rbac\Rules\AbstractRule;
-use Cake\Utility\Hash;
 use Cake\Routing\Router;
-use OutOfBoundsException;
+use CakeDC\Auth\Rbac\Rules\AbstractRule;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
  * Owner rule class, used to match ownership permissions
  */
 class TwoFactorPassedScope extends AbstractRule
 {
-
     protected $_defaultConfig = [
     ];
 

src/Rbac/Rules/TwoFactorScope.php

@@ -13,18 +13,15 @@
 namespace CakeDC\Api\Rbac\Rules;
 
 use Authentication\Authenticator\JwtAuthenticator;
-use CakeDC\Auth\Rbac\Rules\AbstractRule;
-use Cake\Utility\Hash;
 use Cake\Routing\Router;
-use OutOfBoundsException;
+use CakeDC\Auth\Rbac\Rules\AbstractRule;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
  * Owner rule class, used to match ownership permissions
  */
 class TwoFactorScope extends AbstractRule
 {
-
     protected $_defaultConfig = [
     ];
 

src/Routing/ApiRouter.php

@@ -134,7 +134,7 @@ class ApiRouter extends Router
      * The stack of URL filters to apply against routing URLs before passing the
      * parameters to the route collection.
      *
-     * @var array<\Closure>
+     * @var array<callable(): mixed>
      */
     protected static array $_urlFilters = [];
 

src/Service/Action/Auth/JwtSocialLoginAction.php

@@ -28,6 +28,7 @@ class JwtSocialLoginAction extends Action
      * Execute action.
      *
      * @return mixed
+     * @throws \Exception
      */
     public function execute()
     {
@@ -37,6 +38,6 @@ public function execute()
             return false;
         }
 
-        return $this->generateTokenResponse($user);
+        return $this->generateTokenResponse($user, 'login');
     }
 }

src/Service/Action/Auth/JwtTokenTrait.php

@@ -18,20 +18,23 @@
 use Cake\Routing\Router;
 use Cake\Utility\Hash;
 use CakeDC\Api\Service\Auth\TwoFactorAuthentication\OneTimePasswordAuthenticationCheckerFactory;
-use CakeDC\Api\Service\Auth\TwoFactorAuthentication\Webauthn2fAuthenticationCheckerFactory;
+use CakeDC\Api\Service\Auth\TwoFactorAuthentication\Webauthn2FAuthenticationCheckerFactory;
 use DateInterval;
 use DateTimeImmutable;
 use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer\Hmac\Sha512;
 use Lcobucci\JWT\Signer\Key\InMemory;
 
+/**
+ * JwtTokenTrait
+ */
 trait JwtTokenTrait
 {
-
     /**
      * Generates token response.
      *
      * @param \Cake\Datasource\EntityInterface|array $user User info.
+     * @param string|null $type The type of token being generated.
      * @return array
      */
     public function generateTokenResponse($user, $type)
@@ -49,6 +52,13 @@ public function generateTokenResponse($user, $type)
         ]);
     }
 
+    /**
+     * Generates refresh token response.
+     *
+     * @param \Cake\Datasource\EntityInterface|array $user User info.
+     * @param array $payload Additional payload data.
+     * @return array
+     */
     public function generateRefreshTokenResponse($user, $payload)
     {
         $timestamp = new DateTimeImmutable();
@@ -65,6 +75,8 @@ public function generateRefreshTokenResponse($user, $payload)
      *
      * @param \Cake\Datasource\EntityInterface|array $user User info.
      * @param \DateTimeImmutable $timestamp Timestamp.
+     * @param string|null $type The type of token being generated.
+     * @param array|null $payload Additional payload data.
      * @return bool|string
      */
     public function generateAccessToken($user, $timestamp, $type, $payload = null)
@@ -92,6 +104,14 @@ public function generateAccessToken($user, $timestamp, $type, $payload = null)
         return $token->toString();
     }
 
+    /**
+     * Get the audience for the token.
+     *
+     * @param \Cake\Datasource\EntityInterface|array $user User info.
+     * @param string|null $type The type of token being generated.
+     * @param array|null $payload Additional payload data.
+     * @return string
+     */
     public function getAudience($user, $type, $payload)
     {
         if ($type === null && is_array($payload) && isset($payload['aud'])) {
@@ -106,11 +126,23 @@ public function getAudience($user, $type, $payload)
         return $audience;
     }
 
+    /**
+     * Check if 2FA is enabled for the user.
+     *
+     * @param \Cake\Datasource\EntityInterface|array $user User info.
+     * @return bool
+     */
     protected function is2FAEnabled($user)
     {
         return $this->isEnabledWebauthn2faAuthentication($user) || $this->isEnabledOneTimePasswordAuthentication($user);
     }
 
+    /**
+     * Check if Webauthn 2FA authentication is enabled for the user.
+     *
+     * @param \Cake\Datasource\EntityInterface|array $user User info.
+     * @return bool
+     */
     public function isEnabledWebauthn2faAuthentication($user)
     {
         $enabledTwoFactorVerify = Configure::read('Api.2fa.enabled');
@@ -122,6 +154,12 @@ public function isEnabledWebauthn2faAuthentication($user)
         return false;
     }
 
+    /**
+     * Check if One-Time Password authentication is enabled for the user.
+     *
+     * @param \Cake\Datasource\EntityInterface|array $user User info.
+     * @return bool
+     */
     public function isEnabledOneTimePasswordAuthentication($user)
     {
         $enabledTwoFactorVerify = Configure::read('Api.2fa.enabled');
@@ -133,6 +171,11 @@ public function isEnabledOneTimePasswordAuthentication($user)
         return false;
     }
 
+    /**
+     * Get the One-Time Password Authentication Checker.
+     *
+     * @return \CakeDC\Auth\Authentication\OneTimePasswordAuthenticationCheckerInterface
+     */
     protected function getOneTimePasswordAuthenticationChecker()
     {
         return (new OneTimePasswordAuthenticationCheckerFactory())->build();
@@ -153,6 +196,8 @@ protected function getWebauthn2fAuthenticationChecker()
      *
      * @param \Cake\Datasource\EntityInterface|array $user User info.
      * @param \DateTimeImmutable $timestamp Timestamp.
+     * @param string|null $type The type of token being generated.
+     * @param array|null $payload Additional payload data.
      * @return bool|string
      */
     public function generateRefreshToken($user, $timestamp, $type, $payload = null)
@@ -184,6 +229,7 @@ public function generateRefreshToken($user, $timestamp, $type, $payload = null)
         $model = $UsersTable->getAlias();
 
         $table = TableRegistry::getTableLocator()->get('CakeDC/Api.JwtRefreshTokens');
+        /** @var \CakeDC\Api\Model\Entity\JwtRefreshToken $entity */
         $entity = $table->find()->where([
             'model' => $model,
             'foreign_key' => $subject,