Make build more strict

.scrutinizer.yml

@@ -8,7 +8,7 @@ build:
                 rabbitmq: false
                 mongodb: false
                 php:
-                    version: 7.1
+                    version: 7.2
             cache:
                 disabled: false
                 directories:

.travis.yml

@@ -3,8 +3,8 @@ sudo: false
 language: php
 
 php:
-  - 7.1
   - 7.2
+  - 7.3
   - nightly
 
 cache:
@@ -53,10 +53,10 @@ jobs:
         - mv ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/xdebug.ini{.disabled,}
         - if [[ ! $(php -m | grep -si xdebug) ]]; then echo "xdebug required for coverage"; exit 1; fi
       script:
-        - ./vendor/bin/infection --test-framework-options="--testsuite unit" -s --threads=4
+        - ./vendor/bin/infection --test-framework-options="--testsuite=unit" -s --threads=$(nproc) --min-msi=92 --min-covered-msi=93
 
     - stage: Metrics and quality
       env: STATIC_ANALYSIS
       script:
-        - ./vendor/bin/phpstan analyse -c phpstan.neon -l max src test
+        - ./vendor/bin/phpstan analyse
 

composer.json

@@ -17,7 +17,7 @@
         "BSD-3-Clause"
     ],
     "require": {
-        "php": "^7.1",
+        "php": "^7.2",
         "ext-gmp": "*",
         "ext-mbstring": "*",
         "ext-openssl": "*",
@@ -26,14 +26,15 @@
         "lcobucci/jose-parsing": "~2.1"
     },
     "require-dev": {
-        "doctrine/coding-standard": "^4.0",
-        "infection/infection": "^0.8",
+        "infection/infection": "^0.10",
+        "lcobucci/coding-standard": "^2.0",
         "mikey179/vfsStream": "^1.6",
         "phpbench/phpbench": "dev-master@dev",
         "phpmd/phpmd": "^2.5",
-        "phpstan/phpstan": "^0.9",
-        "phpstan/phpstan-phpunit": "^0.9",
-        "phpstan/phpstan-strict-rules": "^0.9",
+        "phpstan/phpstan": "^0.10",
+        "phpstan/phpstan-deprecation-rules": "^0.10",
+        "phpstan/phpstan-phpunit": "^0.10",
+        "phpstan/phpstan-strict-rules": "^0.10",
         "phpunit/php-invoker": "^1.1",
         "phpunit/phpunit": "^7.0",
         "squizlabs/php_codesniffer": "^3.2"

infection.json.dist

@@ -5,5 +5,11 @@
     "timeout": 3,
     "logs": {
         "text": "infection.txt"
+    },
+    "mutators": {
+        "@default": true,
+        "@function_signature": true,
+        "IdenticalEqual": false,
+        "NotIdenticalNotEqual": false
     }
 }

phpcs.xml.dist

@@ -10,25 +10,6 @@
     <file>src</file>
     <file>test</file>
 
-    <rule ref="Doctrine">
-        <exclude name="SlevomatCodingStandard.Commenting.RequireOneLinePropertyDocComment.MultiLinePropertyComment" />
-
-        <!-- temporarily disabling this one -->
-        <exclude name="SlevomatCodingStandard.Classes.SuperfluousExceptionNaming.SuperfluousSuffix" />
-    </rule>
-
-    <rule ref="SlevomatCodingStandard.TypeHints.DeclareStrictTypes">
-        <properties>
-            <property name="newlinesCountBetweenOpenTagAndDeclare" value="1"/>
-            <property name="spacesCountAroundEqualsSign" value="0"/>
-            <property name="newlinesCountAfterDeclare" value="2"/>
-        </properties>
-    </rule>
-
-    <rule ref="SlevomatCodingStandard.TypeHints.ReturnTypeHintSpacing">
-        <properties>
-            <property name="spacesCountBeforeColon" value="0"/>
-        </properties>
-    </rule>
+    <rule ref="Lcobucci" />
 </ruleset>
 

phpstan.neon.dist

@@ -0,0 +1,14 @@
+includes:
+    - vendor/phpstan/phpstan-phpunit/extension.neon
+    - vendor/phpstan/phpstan-phpunit/rules.neon
+    - vendor/phpstan/phpstan-strict-rules/rules.neon
+    - vendor/phpstan/phpstan-deprecation-rules/rules.neon
+
+parameters:
+    level: 7
+    paths:
+        - src
+        - test
+
+    ignoreErrors:
+        - '#FG\\ASN1\\Universal\\Integer constructor expects int, string given.#'

src/Builder.php

@@ -4,6 +4,7 @@
 namespace Lcobucci\JWT;
 
 use DateTimeImmutable;
+use InvalidArgumentException;
 use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\Token\Plain;
 
@@ -56,7 +57,7 @@ public function withHeader(string $name, $value): Builder;
      *
      * @param mixed $value
      *
-     * @throws \InvalidArgumentException When trying to set a registered claim.
+     * @throws InvalidArgumentException When trying to set a registered claim.
      */
     public function withClaim(string $name, $value): Builder;
 

src/Exception.php

@@ -3,6 +3,8 @@
 
 namespace Lcobucci\JWT;
 
-abstract class Exception extends \RuntimeException
+use RuntimeException;
+
+abstract class Exception extends RuntimeException
 {
 }

src/Signer/Ecdsa/Asn1.php

@@ -13,6 +13,7 @@
 use function gmp_init;
 use function gmp_strval;
 use function hex2bin;
+use function is_string;
 use function mb_strlen;
 use function mb_substr;
 use function str_pad;
@@ -35,7 +36,10 @@ public function fromEcPoint(string $signature, int $length): string
             $signature .= str_pad($this->decToHex($child->getContent()), $length, '0', STR_PAD_LEFT);
         }
 
-        return hex2bin($signature);
+        $result = hex2bin($signature);
+        assert(is_string($result));
+
+        return $result;
     }
 
     public function toEcPoint(string $points, int $length): string

src/Signer/Key.php

@@ -4,8 +4,10 @@
 namespace Lcobucci\JWT\Signer;
 
 use InvalidArgumentException;
-use function file_get_contents;
-use function is_readable;
+use SplFileObject;
+use Throwable;
+use function assert;
+use function is_string;
 use function strpos;
 use function substr;
 
@@ -40,17 +42,19 @@ private function setContent(string $content): void
     }
 
     /**
-     * @throws \InvalidArgumentException
+     * @throws InvalidArgumentException
      */
     private function readFile(string $content): string
     {
-        $file = substr($content, 7);
+        try {
+            $file    = new SplFileObject(substr($content, 7));
+            $content = $file->fread($file->getSize());
+            assert(is_string($content));
 
-        if (! is_readable($file)) {
-            throw new \InvalidArgumentException('You must inform a valid key file');
+            return $content;
+        } catch (Throwable $exception) {
+            throw new InvalidArgumentException('You must inform a valid key file', $exception->getCode(), $exception);
         }
-
-        return file_get_contents($file);
     }
 
     public function getContent(): string

src/Signer/OpenSSL.php

@@ -5,6 +5,8 @@
 
 use InvalidArgumentException;
 use Lcobucci\JWT\Signer;
+use function assert;
+use function is_resource;
 use function openssl_error_string;
 use function openssl_free_key;
 use function openssl_pkey_get_details;
@@ -44,6 +46,7 @@ private function getPrivateKey(string $pem, string $passphrase)
     {
         $privateKey = openssl_pkey_get_private($pem, $passphrase);
         $this->validateKey($privateKey);
+        assert(is_resource($privateKey));
 
         return $privateKey;
     }
@@ -67,6 +70,7 @@ private function getPublicKey(string $pem)
     {
         $publicKey = openssl_pkey_get_public($pem);
         $this->validateKey($publicKey);
+        assert(is_resource($publicKey));
 
         return $publicKey;
     }
@@ -80,7 +84,7 @@ private function getPublicKey(string $pem)
      */
     private function validateKey($key): void
     {
-        if ($key === false) {
+        if (! is_resource($key)) {
             throw new InvalidArgumentException(
                 'It was not possible to parse your key, reason: ' . openssl_error_string()
             );

src/Token/Builder.php

@@ -4,6 +4,7 @@
 namespace Lcobucci\JWT\Token;
 
 use DateTimeImmutable;
+use InvalidArgumentException;
 use Lcobucci\Jose\Parsing;
 use Lcobucci\JWT\Builder as BuilderInterface;
 use Lcobucci\JWT\Signer;
@@ -112,7 +113,7 @@ public function withHeader(string $name, $value): BuilderInterface
     public function withClaim(string $name, $value): BuilderInterface
     {
         if (in_array($name, RegisteredClaims::ALL, true)) {
-            throw new \InvalidArgumentException('You should use the correct methods to set registered claims');
+            throw new InvalidArgumentException('You should use the correct methods to set registered claims');
         }
 
         return $this->setClaim($name, $value);

src/Token/Parser.php

@@ -104,7 +104,13 @@ private function convertDate(string $value): DateTimeImmutable
             return new DateTimeImmutable('@' . $value);
         }
 
-        return DateTimeImmutable::createFromFormat('U.u', $value);
+        $date = DateTimeImmutable::createFromFormat('U.u', $value);
+
+        if ($date === false) {
+            throw new InvalidArgumentException('Given value is not in the allowed format: ' . $value);
+        }
+
+        return $date;
     }
 
     /**

src/Validation/Constraint.php

@@ -8,7 +8,7 @@
 interface Constraint
 {
     /**
-     * @throws ConstraintViolationException
+     * @throws ConstraintViolation
      */
     public function assert(Token $token): void;
 }

src/Validation/Constraint/IdentifiedBy.php

@@ -5,7 +5,7 @@
 
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Validation\Constraint;
-use Lcobucci\JWT\Validation\ConstraintViolationException;
+use Lcobucci\JWT\Validation\ConstraintViolation;
 
 final class IdentifiedBy implements Constraint
 {
@@ -25,7 +25,7 @@ public function __construct(string $id)
     public function assert(Token $token): void
     {
         if (! $token->isIdentifiedBy($this->id)) {
-            throw new ConstraintViolationException(
+            throw new ConstraintViolation(
                 'The token is not identified with the expected ID'
             );
         }

src/Validation/Constraint/IssuedBy.php

@@ -5,7 +5,7 @@
 
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Validation\Constraint;
-use Lcobucci\JWT\Validation\ConstraintViolationException;
+use Lcobucci\JWT\Validation\ConstraintViolation;
 
 final class IssuedBy implements Constraint
 {
@@ -25,7 +25,7 @@ public function __construct(string ...$issuers)
     public function assert(Token $token): void
     {
         if (! $token->hasBeenIssuedBy(...$this->issuers)) {
-            throw new ConstraintViolationException(
+            throw new ConstraintViolation(
                 'The token was not issued by the given issuers'
             );
         }

src/Validation/Constraint/PermittedFor.php

@@ -5,7 +5,7 @@
 
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Validation\Constraint;
-use Lcobucci\JWT\Validation\ConstraintViolationException;
+use Lcobucci\JWT\Validation\ConstraintViolation;
 
 final class PermittedFor implements Constraint
 {
@@ -25,7 +25,7 @@ public function __construct(string $audience)
     public function assert(Token $token): void
     {
         if (! $token->isPermittedFor($this->audience)) {
-            throw new ConstraintViolationException(
+            throw new ConstraintViolation(
                 'The token is not allowed to be used by this audience'
             );
         }

src/Validation/Constraint/RelatedTo.php

@@ -5,7 +5,7 @@
 
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Validation\Constraint;
-use Lcobucci\JWT\Validation\ConstraintViolationException;
+use Lcobucci\JWT\Validation\ConstraintViolation;
 
 final class RelatedTo implements Constraint
 {
@@ -25,7 +25,7 @@ public function __construct(string $subject)
     public function assert(Token $token): void
     {
         if (! $token->isRelatedTo($this->subject)) {
-            throw new ConstraintViolationException(
+            throw new ConstraintViolation(
                 'The token is not related to the expected subject'
             );
         }

src/Validation/Constraint/SignedWith.php

@@ -6,7 +6,7 @@
 use Lcobucci\JWT\Signer;
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Validation\Constraint;
-use Lcobucci\JWT\Validation\ConstraintViolationException;
+use Lcobucci\JWT\Validation\ConstraintViolation;
 
 final class SignedWith implements Constraint
 {
@@ -32,15 +32,15 @@ public function __construct(Signer $signer, Signer\Key $key)
     public function assert(Token $token): void
     {
         if (! $token instanceof Token\Plain) {
-            throw new ConstraintViolationException('You should pass a plain token');
+            throw new ConstraintViolation('You should pass a plain token');
         }
 
         if ($token->headers()->get('alg') !== $this->signer->getAlgorithmId()) {
-            throw new ConstraintViolationException('Token signer mismatch');
+            throw new ConstraintViolation('Token signer mismatch');
         }
 
         if (! $this->signer->verify($token->signature()->hash(), $token->payload(), $this->key)) {
-            throw new ConstraintViolationException('Token signature mismatch');
+            throw new ConstraintViolation('Token signature mismatch');
         }
     }
 }