Updates + compatibility table

.github/workflows/audit.yml

@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v4
         if: github.event_name == 'pull_request'
         with:
-          ref: ${{ github.event.pull_request.head.ref }}
+          ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
 
       - name: Setup PHP
@@ -38,29 +38,23 @@ jobs:
         run: echo "DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
           restore-keys: ${{ runner.os }}-composer-
 
       - name: Install dependencies
-        run: |
-          echo "::group::composer install"
-          composer install --no-interaction
-          echo "::endgroup::"
-          echo "::group::phpunit install"
-          vendor/bin/simple-phpunit install
-          echo "::endgroup::"
+        run: composer install --no-interaction
 
       - name: Auditor
-        uses: docker://nbgrp/auditor:0.23.1
+        uses: docker://nbgrp/auditor:0.26.0
 
       - name: Tests
-        run: vendor/bin/simple-phpunit
+        run: vendor/bin/phpunit
 
       - name: Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./clover.xml

.php-cs-fixer.php

@@ -76,6 +76,13 @@
                 'function',
             ],
         ],
+        'phpdoc_order' => [
+            'order' => [
+                'param',
+                'throws',
+                'return',
+            ],
+        ],
         'phpdoc_separation' => false,
         'phpdoc_summary' => false,
         'phpdoc_to_comment' => false,

README.md

@@ -21,6 +21,12 @@
 > use [hslavich/oneloginsaml-bundle](https://github.com/hslavich/OneloginSamlBundle)
 > which this bundle based on.
 
+### Compatibility
+| Branch  | Symfony   |
+|---------|-----------|
+| 1.x     | Symfony 6 |
+| **2.x** | Symfony 7 |
+
 ## Installation
 
 ```

composer.json

@@ -32,8 +32,8 @@
     },
     "require-dev": {
         "doctrine/orm": "^2.3 || ^3",
-        "symfony/event-dispatcher": "^7",
-        "symfony/phpunit-bridge": "^7"
+        "phpunit/phpunit": "^11.2",
+        "symfony/event-dispatcher": "^7"
     },
     "autoload": {
         "psr-4": {

phpstan.neon

@@ -3,8 +3,6 @@ parameters:
   paths:
     - src
     - tests
-  bootstrapFiles:
-    - vendor/bin/.phpunit/phpunit/vendor/autoload.php
 
   checkMissingIterableValueType: false
   checkGenericClassInNonGenericObjectType: false

phpunit.xml.dist

@@ -1,39 +1,31 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/11.2/phpunit.xsd" colors="true" bootstrap="vendor/autoload.php" cacheDirectory=".phpunit.cache">
+  <php>
+    <ini name="error_reporting" value="-1"/>
+    <server name="SYMFONY_PHPUNIT_REMOVE" value=""/>
+    <server name="SYMFONY_PHPUNIT_VERSION" value="11.2"/>
+    <env name="SYMFONY_DEPRECATIONS_HELPER" value="max[indirect]=1"/>
+  </php>
 
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="vendor/bin/.phpunit/phpunit.xsd"
-         colors="true"
-         bootstrap="vendor/autoload.php"
-        >
+  <testsuites>
+    <testsuite name="Onelogin SAML Bundle Test Suite">
+      <directory>./tests/</directory>
+    </testsuite>
+  </testsuites>
 
-    <php>
-        <ini name="error_reporting" value="-1" />
-        <server name="SYMFONY_PHPUNIT_VERSION" value="9.5" />
-        <env name="SYMFONY_DEPRECATIONS_HELPER" value="max[indirect]=1" />
-    </php>
+  <coverage>
+    <report>
+      <clover outputFile="clover.xml"/>
+    </report>
+  </coverage>
 
-    <testsuites>
-        <testsuite name="Onelogin SAML Bundle Test Suite">
-            <directory>./tests/</directory>
-        </testsuite>
-    </testsuites>
-
-    <coverage cacheDirectory=".phpunit.cache/code-coverage"
-              processUncoveredFiles="true"
-    >
-        <include>
-            <directory suffix=".php">src</directory>
-        </include>
-        <exclude>
-            <directory>src/Resources</directory>
-            <file>src/NbgrpOneloginSamlBundle.php</file>
-        </exclude>
-        <report>
-            <clover outputFile="clover.xml" />
-        </report>
-    </coverage>
-
-    <listeners>
-        <listener class="Symfony\Bridge\PhpUnit\SymfonyTestsListener" />
-    </listeners>
+  <source>
+    <include>
+      <directory suffix=".php">src</directory>
+    </include>
+    <exclude>
+      <directory>src/Resources</directory>
+      <file>src/NbgrpOneloginSamlBundle.php</file>
+    </exclude>
+  </source>
 </phpunit>

src/Controller/Login.php

@@ -16,10 +16,10 @@
 use Symfony\Component\Security\Http\SecurityRequestAttributes;
 
 #[AsController]
-class Login
+readonly class Login
 {
     public function __construct(
-        private readonly FirewallMap $firewallMap,
+        private FirewallMap $firewallMap,
     ) {}
 
     public function __invoke(Request $request, Auth $auth): RedirectResponse
@@ -51,7 +51,7 @@ public function __invoke(Request $request, Auth $auth): RedirectResponse
     private function getTargetPath(Request $request, SessionInterface $session): ?string
     {
         $firewallName = $this->firewallMap->getFirewallConfig($request)?->getName();
-        if (!$firewallName) {
+        if ($firewallName === null || $firewallName === '') {
             throw new ServiceUnavailableHttpException(message: 'Unknown firewall.');
         }
 
@@ -62,15 +62,13 @@ private function getTargetPath(Request $request, SessionInterface $session): ?st
     private function processLoginAndGetRedirectUrl(Auth $auth, ?string $targetPath, ?SessionInterface $session): string
     {
         $redirectUrl = $auth->login(returnTo: $targetPath, stay: true);
-        if ($redirectUrl === null) {
-            throw new \RuntimeException('Login cannot be performed: Auth did not returned redirect url.');
-        }
 
         $security = $auth->getSettings()->getSecurityData();
-        if (($security['rejectUnsolicitedResponsesWithInResponseTo'] ?? false) && $session instanceof SessionInterface) {
+        if (($security['rejectUnsolicitedResponsesWithInResponseTo'] ?? false) !== false && $session instanceof SessionInterface) {
             $session->set(SamlAuthenticator::LAST_REQUEST_ID, $auth->getLastRequestID());
         }
 
+        // @phan-suppress-next-line PhanPossiblyNullTypeReturn
         return $redirectUrl;
     }
 }

src/EventListener/Security/SamlLogoutListener.php

@@ -17,18 +17,18 @@
 /**
  * Process Single Logout by current OneLogin Auth service on user logout.
  */
-final class SamlLogoutListener
+final readonly class SamlLogoutListener
 {
     public function __construct(
-        private readonly AuthRegistryInterface $authRegistry,
-        private readonly IdpResolverInterface $idpResolver,
+        private AuthRegistryInterface $authRegistry,
+        private IdpResolverInterface $idpResolver,
     ) {}
 
     #[AsEventListener(LogoutEvent::class)]
     public function processSingleLogout(LogoutEvent $event): void
     {
         $authService = $this->getAuthService($event->getRequest());
-        if (!$authService) {
+        if ($authService === null) {
             return;
         }
 
@@ -40,20 +40,23 @@
         try {
             $authService->processSLO();
         } catch (\OneLogin\Saml2\Error) {
-            if (!empty($authService->getSLOurl())) {
-                /** @var string|null $sessionIndex */
-                $sessionIndex = $token->hasAttribute(SamlAuthenticator::SESSION_INDEX_ATTRIBUTE)
-                    ? $token->getAttribute(SamlAuthenticator::SESSION_INDEX_ATTRIBUTE)
-                    : null;
-                $authService->logout(null, [], $token->getUserIdentifier(), $sessionIndex);
+            $sloUrl = $authService->getSLOurl();
+            if ($sloUrl === null || $sloUrl === '') {
+                return;
             }
+
+            /** @var string|null $sessionIndex */
+            $sessionIndex = $token->hasAttribute(SamlAuthenticator::SESSION_INDEX_ATTRIBUTE)
+                ? $token->getAttribute(SamlAuthenticator::SESSION_INDEX_ATTRIBUTE)
+                : null;
+            $authService->logout(null, [], $token->getUserIdentifier(), $sessionIndex);
         }
     }
 
     private function getAuthService(Request $request): ?Auth
     {
         $idp = $this->idpResolver->resolve($request);
-        if (!$idp) {
+        if ($idp === null || $idp === '') {
             return $this->authRegistry->getDefaultService();
         }
 

src/Idp/IdpResolver.php

@@ -7,10 +7,10 @@
 
 use Symfony\Component\HttpFoundation\Request;
 
-final class IdpResolver implements IdpResolverInterface
+final readonly class IdpResolver implements IdpResolverInterface
 {
     public function __construct(
-        private readonly string $idpParameterName,
+        private string $idpParameterName,
     ) {}
 
     public function resolve(Request $request): ?string

src/Onelogin/AuthArgumentResolver.php

@@ -17,11 +17,11 @@
  * Yields the OneLogin Auth instance for current request
  * (default or according to an idp parameter).
  */
-final class AuthArgumentResolver implements ValueResolverInterface
+final readonly class AuthArgumentResolver implements ValueResolverInterface
 {
     public function __construct(
-        private readonly AuthRegistryInterface $authRegistry,
-        private readonly IdpResolverInterface $idpResolver,
+        private AuthRegistryInterface $authRegistry,
+        private IdpResolverInterface $idpResolver,
     ) {}
 
     public function resolve(Request $request, ArgumentMetadata $argument): iterable
@@ -31,12 +31,12 @@ public function resolve(Request $request, ArgumentMetadata $argument): iterable
         }
 
         $idp = $this->idpResolver->resolve($request);
-        if ($idp && !$this->authRegistry->hasService($idp)) {
+        if (($idp !== null && $idp !== '') && !$this->authRegistry->hasService($idp)) {
             throw new BadRequestHttpException('There is no OneLogin PHP toolkit settings for IdP "'.$idp.'". See nbgrp_onelogin_saml config ("onelogin_settings" section).');
         }
 
         try {
-            yield $idp
+            yield ($idp !== null && $idp !== '')
                 ? $this->authRegistry->getService($idp)
                 : $this->authRegistry->getDefaultService();
         } catch (\RuntimeException $exception) {

src/Security/Http/Authenticator/Passport/Badge/SamlAttributesBadge.php

@@ -10,10 +10,10 @@
 /**
  * Allows to add SAML attributes to a passport.
  */
-class SamlAttributesBadge implements BadgeInterface
+readonly class SamlAttributesBadge implements BadgeInterface
 {
     public function __construct(
-        private readonly array $attributes,
+        private array $attributes,
     ) {}
 
     public function getAttributes(): array

src/Security/Http/Authenticator/SamlAuthenticator.php

@@ -68,7 +68,7 @@ public function start(Request $request, ?AuthenticationException $authException
     {
         $uri = $this->httpUtils->generateUri($request, (string) $this->options['login_path']);
         $idp = $this->idpResolver->resolve($request);
-        if ($idp) {
+        if ($idp !== null && $idp !== '') {
             $uri .= '?'.$this->idpParameterName.'='.$idp;
         }
 
@@ -126,7 +126,7 @@ protected function processResponse(Auth $oneLoginAuth, SessionInterface $session
     {
         $requestId = null;
         $security = $oneLoginAuth->getSettings()->getSecurityData();
-        if ($security['rejectUnsolicitedResponsesWithInResponseTo'] ?? false) {
+        if (($security['rejectUnsolicitedResponsesWithInResponseTo'] ?? false) !== false) {
             /** @var string $requestId */
             $requestId = $session->get(self::LAST_REQUEST_ID);
         }
@@ -179,7 +179,7 @@ function (string $identifier) use ($deferredEventBadge, $attributes) {
 
     protected function extractAttributes(Auth $oneLoginAuth): array
     {
-        $attributes = $this->options['use_attribute_friendly_name'] ?? false
+        $attributes = ($this->options['use_attribute_friendly_name'] ?? false) !== false
             ? $oneLoginAuth->getAttributesWithFriendlyName()
             : $oneLoginAuth->getAttributes();
         $attributes[self::SESSION_INDEX_ATTRIBUTE] = $oneLoginAuth->getSessionIndex();
@@ -215,7 +215,7 @@ private function getOneLoginAuth(Request $request): Auth
     {
         try {
             $idp = $this->idpResolver->resolve($request);
-            $authService = $idp
+            $authService = ($idp !== null && $idp !== '')
                 ? $this->authRegistry->getService($idp)
                 : $this->authRegistry->getDefaultService();
         } catch (\RuntimeException $exception) {

src/Security/User/SamlUserFactory.php

@@ -7,15 +7,15 @@
 
 use Symfony\Component\Security\Core\User\UserInterface;
 
-final class SamlUserFactory implements SamlUserFactoryInterface
+final readonly class SamlUserFactory implements SamlUserFactoryInterface
 {
     /**
      * @param class-string<UserInterface> $userClass
      * @param array<string, mixed>        $mapping
      */
     public function __construct(
-        private readonly string $userClass,
-        private readonly array $mapping,
+        private string $userClass,
+        private array $mapping,
     ) {}
 
     public function createUser(string $identifier, array $attributes): UserInterface