diff --git a/.github/workflows/autolock-conversations.yml b/.github/workflows/autolock-conversations.yml index 3c7be52..66797ba 100644 --- a/.github/workflows/autolock-conversations.yml +++ b/.github/workflows/autolock-conversations.yml @@ -18,7 +18,7 @@ jobs: action: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v5 + - uses: dessant/lock-threads@v6 with: issue-inactive-days: '90' pr-inactive-days: '90' diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index a9e3c51..97ca7e0 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -19,7 +19,7 @@ jobs: runs-on: [ubuntu-latest] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Lint markdown files uses: nosborn/github-action-markdown-cli@v3 @@ -42,7 +42,7 @@ jobs: steps: - name: Run docs build if: github.event_name != 'pull_request' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: # Token has to be generated on a user account that controls the docs-repository. # The _only_ scope to select is "Access public repositories", nothing more. diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 798f65e..abfceb5 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -14,137 +14,38 @@ on: # yamllint disable-line rule:truthy workflow_dispatch: jobs: - linter: - name: Linter - runs-on: ['ubuntu-latest'] - - steps: - - uses: actions/checkout@v4 - with: - # super-linter needs the full git history to get the - # list of files that changed across commits - fetch-depth: 0 - - - name: Lint Code Base - uses: super-linter/super-linter/slim@v7 - env: - SAVE_SUPER_LINTER_OUTPUT: false - # To report GitHub Actions status checks - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - LINTER_RULES_PATH: 'tools/linters' - LOG_LEVEL: NOTICE - VALIDATE_ALL_CODEBASE: true - VALIDATE_CSS: true - VALIDATE_JAVASCRIPT_ES: true - VALIDATE_JSON: true - VALIDATE_PHP_BUILTIN: true - VALIDATE_YAML: true - VALIDATE_XML: true - VALIDATE_GITHUB_ACTIONS: true - - quality: - name: Quality control - runs-on: [ubuntu-latest] - - steps: - - name: Setup PHP, with composer and extensions - id: setup-php - # https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 - with: - # Should be the higest supported version, so we can use the newest tools - php-version: '8.4' - tools: composer, composer-require-checker, composer-unused, phpcs, phpstan - extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml - - - name: Setup problem matchers for PHP - run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - - uses: actions/checkout@v4 - - - name: Get composer cache directory - run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" - - - name: Cache composer dependencies - uses: actions/cache@v4 - with: - path: $COMPOSER_CACHE - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: ${{ runner.os }}-composer- - - - name: Validate composer.json and composer.lock - run: composer validate - - - name: Install Composer dependencies - run: composer install --no-progress --prefer-dist --optimize-autoloader - - - name: Check code for hard dependencies missing in composer.json - run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json - - - name: Check code for unused dependencies in composer.json - run: composer-unused - - - name: PHP Code Sniffer - run: phpcs - - - name: PHPStan - run: | - vendor/bin/phpstan analyze -c phpstan.neon --debug - - - name: PHPStan (testsuite) - run: | - vendor/bin/phpstan analyze -c phpstan-dev.neon --debug - - security: - name: Security checks - runs-on: [ubuntu-latest] - steps: - - name: Setup PHP, with composer and extensions - # https://github.com/shivammathur/setup-php - uses: shivammathur/setup-php@v2 - with: - # Should be the lowest supported version - php-version: '8.1' - extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml - tools: composer - coverage: none - - - name: Setup problem matchers for PHP - run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - - uses: actions/checkout@v4 + phplinter: + name: 'PHP-Linter' + strategy: + fail-fast: false + matrix: + php-version: ['8.3', '8.4', '8.5'] - - name: Get composer cache directory - run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" + uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.11.5 + with: + php-version: ${{ matrix.php-version }} - - name: Cache composer dependencies - uses: actions/cache@v4 - with: - path: $COMPOSER_CACHE - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: ${{ runner.os }}-composer- - - - name: Install Composer dependencies - run: composer install --no-progress --prefer-dist --optimize-autoloader - - - name: Security check for locked dependencies - run: composer audit + linter: + name: 'Linter' + strategy: + fail-fast: false - - name: Update Composer dependencies - run: composer update --no-progress --prefer-dist --optimize-autoloader - - - name: Security check for updated dependencies - run: composer audit + uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_linter.yml@v1.11.5 + with: + enable_eslinter: false + enable_jsonlinter: true + enable_stylelinter: false + enable_yamllinter: true unit-tests-linux: name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}" runs-on: ${{ matrix.operating-system }} - needs: [linter, quality, security] + needs: [phplinter, linter] strategy: fail-fast: false matrix: operating-system: [ubuntu-latest] - php-versions: ['8.1', '8.2', '8.3', '8.4'] + php-versions: ['8.3', '8.4', '8.5'] steps: - name: Setup PHP, with composer and extensions @@ -152,7 +53,8 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml + extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl,\ + pcre, posix, session, sodium, spl, xml tools: composer ini-values: error_reporting=E_ALL coverage: pcov @@ -168,32 +70,32 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: $COMPOSER_CACHE - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader - name: Run unit tests with coverage - if: ${{ matrix.php-versions == '8.4' }} + if: ${{ matrix.php-versions == '8.5' }} run: vendor/bin/phpunit - name: Run unit tests (no coverage) - if: ${{ matrix.php-versions != '8.4' }} + if: ${{ matrix.php-versions != '8.5' }} run: vendor/bin/phpunit --no-coverage - name: Save coverage data - if: ${{ matrix.php-versions == '8.4' }} - uses: actions/upload-artifact@v4 + if: ${{ matrix.php-versions == '8.5' }} + uses: actions/upload-artifact@v7 with: name: coverage-data path: ${{ github.workspace }}/build @@ -201,12 +103,12 @@ jobs: unit-tests-windows: name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}" runs-on: ${{ matrix.operating-system }} - needs: [linter, quality, security] + needs: [linter, phplinter] strategy: fail-fast: true matrix: operating-system: [windows-latest] - php-versions: ['8.1', '8.2', '8.3', '8.4'] + php-versions: ['8.3', '8.4', '8.5'] steps: - name: Setup PHP, with composer and extensions @@ -214,7 +116,8 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml + extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl,\ + pcre, posix, session, sodium, spl, xml, zip tools: composer ini-values: error_reporting=E_ALL coverage: none @@ -230,16 +133,16 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV" - name: Cache composer dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: $COMPOSER_CACHE - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + key: ${{ runner.os }}-composer-${{ hashFiles('**\composer.json') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies @@ -248,20 +151,118 @@ jobs: - name: Run unit tests run: vendor/bin/phpunit --no-coverage + quality: + name: Quality control + needs: [unit-tests-linux] + runs-on: [ubuntu-latest] + + steps: + - name: Setup PHP, with composer and extensions + id: setup-php + # https://github.com/shivammathur/setup-php + uses: shivammathur/setup-php@v2 + with: + # Should be the higest supported version, so we can use the newest tools + php-version: '8.5' + tools: composer, composer-require-checker, composer-unused, phpcs + extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl,\ + pcre, posix, session, sodium, spl, xml + + - name: Setup problem matchers for PHP + run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" + + - uses: actions/checkout@v6 + + - name: Get composer cache directory + run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" + + - name: Cache composer dependencies + uses: actions/cache@v5 + with: + path: $COMPOSER_CACHE + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} + restore-keys: ${{ runner.os }}-composer- + + - name: Validate composer.json and composer.lock + run: composer validate + + - name: Install Composer dependencies + run: composer install --no-progress --prefer-dist --optimize-autoloader + + - name: Check code for hard dependencies missing in composer.json + run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json + + - name: Check code for unused dependencies in composer.json + run: composer-unused + + - name: PHP Code Sniffer + run: vendor/bin/phpcs + + - name: PHPStan + run: | + vendor/bin/phpstan analyze -c phpstan.neon --debug + + - name: PHPStan (testsuite) + run: | + vendor/bin/phpstan analyze -c phpstan-dev.neon --debug + + security: + name: Security checks + needs: [unit-tests-linux] + runs-on: [ubuntu-latest] + steps: + - name: Setup PHP, with composer and extensions + # https://github.com/shivammathur/setup-php + uses: shivammathur/setup-php@v2 + with: + # Should be the lowest supported version + php-version: '8.3' + extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix,\ + session, sodium, spl, xml + tools: composer + coverage: none + + - name: Setup problem matchers for PHP + run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" + + - uses: actions/checkout@v6 + + - name: Get composer cache directory + run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" + + - name: Cache composer dependencies + uses: actions/cache@v5 + with: + path: $COMPOSER_CACHE + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} + restore-keys: ${{ runner.os }}-composer- + + - name: Install Composer dependencies + run: composer install --no-progress --prefer-dist --optimize-autoloader + + - name: Security check for locked dependencies + run: composer audit + + - name: Update Composer dependencies + run: composer update --no-progress --prefer-dist --optimize-autoloader + + - name: Security check for updated dependencies + run: composer audit + coverage: name: Code coverage runs-on: [ubuntu-latest] needs: [unit-tests-linux] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: coverage-data path: ${{ github.workspace }}/build - name: Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v6 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true @@ -277,6 +278,6 @@ jobs: (needs.unit-tests-linux.result == 'success' && needs.coverage.result == 'skipped') steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@v6 with: name: coverage-data diff --git a/.gitignore b/.gitignore index 0fa63d4..66ac39a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ +1 +2 +3 +.phplint.cache/ .phpunit.cache/ .phpunit.result.cache composer.lock diff --git a/composer.json b/composer.json index 93b652c..532a986 100644 --- a/composer.json +++ b/composer.json @@ -34,14 +34,14 @@ } }, "require": { - "php": "^8.1", + "php": "^8.3", - "simplesamlphp/assert": "^1.0", - "simplesamlphp/simplesamlphp": "^2.1", + "simplesamlphp/assert": "^2.0", + "simplesamlphp/simplesamlphp": "^2.5@dev", "whitehat101/apr1-md5": "~1.0" }, "require-dev": { - "simplesamlphp/simplesamlphp-test-framework": "^1.5" + "simplesamlphp/simplesamlphp-test-framework": "^1.11" }, "support": { "issues": "https://github.com/simplesamlphp/simplesamlphp-module-authcrypt/issues", diff --git a/src/Auth/Source/Hash.php b/src/Auth/Source/Hash.php index 890f4bb..655e507 100644 --- a/src/Auth/Source/Hash.php +++ b/src/Auth/Source/Hash.php @@ -5,8 +5,10 @@ namespace SimpleSAML\Module\authcrypt\Auth\Source; use Exception; -use SimpleSAML\{Error, Logger, Utils}; +use SimpleSAML\Error; +use SimpleSAML\Logger; use SimpleSAML\Module\core\Auth\UserPassBase; +use SimpleSAML\Utils; use function explode; use function is_string; diff --git a/src/Auth/Source/Htpasswd.php b/src/Auth/Source/Htpasswd.php index a8137eb..bb6d5e0 100644 --- a/src/Auth/Source/Htpasswd.php +++ b/src/Auth/Source/Htpasswd.php @@ -11,8 +11,10 @@ namespace SimpleSAML\Module\authcrypt\Auth\Source; use Exception; -use SimpleSAML\{Error, Logger, Utils}; +use SimpleSAML\Error; +use SimpleSAML\Logger; use SimpleSAML\Module\core\Auth\UserPassBase; +use SimpleSAML\Utils; use WhiteHat101\Crypt\APR1_MD5; use function array_merge; diff --git a/tools/linters/.yaml-lint.yml b/tools/linters/.yaml-lint.yml new file mode 100644 index 0000000..630095a --- /dev/null +++ b/tools/linters/.yaml-lint.yml @@ -0,0 +1,7 @@ +--- + +extends: default + +rules: + line-length: + max: 120