Symfony 6.4 support

.github/workflows/audit.yml

@@ -54,7 +54,7 @@ jobs:
           echo "::endgroup::"
 
       - name: Auditor
-        uses: docker://nbgrp/auditor:0.20.0
+        uses: docker://nbgrp/auditor:0.21.0
 
       - name: Tests
         run: vendor/bin/simple-phpunit

composer.json

@@ -19,26 +19,27 @@
         "php": "^8.1",
         "onelogin/php-saml": "^4",
         "psr/log": "^1 || ^2 || ^3",
-        "symfony/config": "^6",
-        "symfony/dependency-injection": "^6",
+        "symfony/config": "^6.4",
+        "symfony/dependency-injection": "^6.4",
         "symfony/deprecation-contracts": "^3",
         "symfony/event-dispatcher-contracts": "^3",
-        "symfony/http-foundation": "^6",
-        "symfony/http-kernel": "^6",
-        "symfony/routing": "^6",
-        "symfony/security-bundle": "^6",
-        "symfony/security-core": "^6",
-        "symfony/security-http": "^6"
+        "symfony/http-foundation": "^6.4",
+        "symfony/http-kernel": "^6.4",
+        "symfony/routing": "^6.4",
+        "symfony/security-bundle": "^6.4",
+        "symfony/security-core": "^6.4",
+        "symfony/security-http": "^6.4"
     },
     "require-dev": {
         "doctrine/orm": "^2.3 || ^3",
-        "symfony/event-dispatcher": "^6",
-        "symfony/phpunit-bridge": "^6"
+        "symfony/event-dispatcher": "^6.4",
+        "symfony/phpunit-bridge": "^6.4"
     },
     "conflict": {
         "symfony/http-kernel": "<6.2",
         "symfony/security-core": "<6.2"
     },
+    "minimum-stability": "dev",
     "autoload": {
         "psr-4": {
             "Nbgrp\\OneloginSamlBundle\\": "src/"

phpstan.neon

@@ -7,3 +7,4 @@ parameters:
     - vendor/bin/.phpunit/phpunit/vendor/autoload.php
 
   checkMissingIterableValueType: false
+  checkGenericClassInNonGenericObjectType: false

psalm.xml

@@ -4,6 +4,8 @@
     strictBinaryOperands="true"
     findUnusedPsalmSuppress="true"
     sealAllMethods="true"
+    findUnusedBaselineEntry="false"
+    findUnusedCode="false"
     xmlns="https://getpsalm.org/schema/config"
 >
     <projectFiles>

src/Controller/Login.php

@@ -7,13 +7,13 @@
 
 use Nbgrp\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator;
 use OneLogin\Saml2\Auth;
-use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpKernel\Attribute\AsController;
 use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 
 #[AsController]
 class Login
@@ -27,16 +27,16 @@ public function __invoke(Request $request, Auth $auth): RedirectResponse
         $targetPath = null;
         $session = null;
         /** @var \Throwable|null $error */
-        $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+        $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
 
         if ($request->hasSession()) {
             $session = $request->getSession();
             $targetPath = $this->getTargetPath($request, $session);
 
-            if ($session->has(Security::AUTHENTICATION_ERROR)) {
+            if ($session->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
                 /** @var \Throwable|null $error */
-                $error = $session->get(Security::AUTHENTICATION_ERROR);
-                $session->remove(Security::AUTHENTICATION_ERROR);
+                $error = $session->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
+                $session->remove(SecurityRequestAttributes::AUTHENTICATION_ERROR);
             }
         }
 

src/Security/Http/Authentication/SamlAuthenticationSuccessHandler.php

@@ -24,9 +24,10 @@ protected function determineTargetUrl(Request $request): string
             return (string) $this->options['default_target_path'];
         }
 
-        /** @psalm-suppress InvalidScalarArgument */
+        /** @psalm-suppress InvalidArgument */
         $relayState = $request->query->get(self::RELAY_STATE, $request->request->get(self::RELAY_STATE));
         if ($relayState !== null && $this->httpUtils instanceof HttpUtils) {
+            /** @psalm-suppress RedundantCastGivenDocblockType */
             $relayState = (string) $relayState;
             if ($relayState !== $this->httpUtils->generateUri($request, (string) $this->options['login_path'])) {
                 return $relayState;

src/Security/User/SamlUserProvider.php

@@ -11,11 +11,15 @@
 
 /**
  * Just instantiates user object with providing identifier and default roles.
+ *
+ * @template-covariant TUser of UserInterface
+ *
+ * @template-implements UserProviderInterface<TUser>
  */
 class SamlUserProvider implements UserProviderInterface
 {
     /**
-     * @param class-string<UserInterface> $userClass
+     * @param class-string<TUser> $userClass
      */
     public function __construct(
         protected string $userClass,

tests/Controller/LoginTest.php

@@ -10,13 +10,13 @@
 use OneLogin\Saml2\Auth;
 use OneLogin\Saml2\Settings;
 use PHPUnit\Framework\TestCase;
-use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
 use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
 use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 
 /**
  * @covers \Nbgrp\OneloginSamlBundle\Controller\Login
@@ -130,7 +130,7 @@ public function provideErrorExceptionCases(): iterable
         yield 'From attributes' => [
             'request' => (static function () {
                 $request = Request::create('/login');
-                $request->attributes->set(Security::AUTHENTICATION_ERROR, new \Exception('Error from attributes'));
+                $request->attributes->set(SecurityRequestAttributes::AUTHENTICATION_ERROR, new \Exception('Error from attributes'));
 
                 return $request;
             })(),
@@ -141,7 +141,7 @@ public function provideErrorExceptionCases(): iterable
             'request' => (static function () {
                 $request = Request::create('/login');
                 $session = new Session(new MockArraySessionStorage());
-                $session->set(Security::AUTHENTICATION_ERROR, new \Exception('Error from session'));
+                $session->set(SecurityRequestAttributes::AUTHENTICATION_ERROR, new \Exception('Error from session'));
                 $request->setSession($session);
 
                 return $request;