fix: Use stricter typing and increase psalm level

REUSE.toml

@@ -18,7 +18,7 @@ SPDX-FileCopyrightText = "2019 Nextcloud translators"
 SPDX-License-Identifier = "AGPL-3.0-or-later"
 
 [[annotations]]
-path = [".tx/config", ".eslintrc.json", "vendor-bin/cs-fixer/composer.json", "vendor-bin/cs-fixer/composer.lock", "vendor-bin/psalm/composer.json", "vendor-bin/psalm/composer.lock", "vendor-bin/rector/composer.json", "vendor-bin/rector/composer.lock"]
+path = [".tx/config", ".eslintrc.json", "vendor-bin/cs-fixer/composer.json", "vendor-bin/cs-fixer/composer.lock", "vendor-bin/psalm/composer.json", "vendor-bin/psalm/composer.lock", "vendor-bin/rector/composer.json", "vendor-bin/rector/composer.lock", "tests/psalm-baseline.xml"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2024 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"

composer.json

@@ -18,7 +18,8 @@
         "psalm": "psalm",
         "psalm:fix": "psalm --alter --issues=InvalidReturnType,InvalidNullableReturnType,MissingParamType,InvalidFalsableReturnType",
         "psalm:update-baseline": "psalm --threads=1 --update-baseline",
-        "test:integration": "cd tests/integration && ./run.sh"
+        "test:integration": "cd tests/integration && ./run.sh",
+		"rector": "rector && composer cs:fix"
     },
     "license": "AGPLv3",
     "authors": [

lib/AppInfo/Application.php

@@ -1,10 +1,12 @@
 <?php
 
 declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+
 namespace OCA\LdapWriteSupport\AppInfo;
 
 use OCA\LdapWriteSupport\Listener\GroupBackendRegisteredListener;

lib/Command/GroupAdminsToLdap.php

@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2019 Cooperativa EITA <eita.org.br>
@@ -22,37 +24,23 @@ class GroupAdminsToLdap extends Command {
 	/**
 	 * This adds/removes group subadmins as ldap group owners
 	 */
-	private $simulate = false;
-	private $verbose = false;
-
-	/** @var SubAdmin */
-	private $subAdmin;
-	/** @var IConfig */
-	private $ocConfig;
-	/** @var Helper */
-	private $helper;
-	/** @var Group_Proxy */
-	private $groupProxy;
+	private bool $simulate = false;
+	private bool $verbose = false;
 
 	/**
 	 * GroupAdminsToLdap constructor.
 	 */
 	public function __construct(
-		SubAdmin $subAdmin,
-		IConfig $ocConfig,
-		Helper $helper,
-		Group_Proxy $groupProxy,
+		private readonly SubAdmin $subAdmin,
+		private readonly IConfig $ocConfig,
+		private readonly Helper $helper,
+		private readonly Group_Proxy $groupProxy,
 	) {
 		parent::__construct();
-
-		$this->subAdmin = $subAdmin;
-		$this->ocConfig = $ocConfig;
-		$this->helper = $helper;
-		$this->groupProxy = $groupProxy;
 	}
 
 	#[\Override]
-	protected function configure() {
+	protected function configure(): void {
 		$this
 			->setName('ldap-ext:sync-group-admins')
 			->setDescription('syncs group admin informations to ldap')
@@ -147,6 +135,9 @@ function diff_user_arrays($array1, $array2) {
 
 			foreach ($onlyInNC as $gid => $users) {
 				$groupDN = $access->getGroupMapper()->getDNByName($gid);
+				if ($groupDN === false) {
+					throw new Exception('Failed to find group ' . $gid);
+				}
 				foreach ($users as $uid) {
 					$userDN = $access->getUserMapper()->getDNByName($uid);
 					$entry = [
@@ -163,6 +154,9 @@ function diff_user_arrays($array1, $array2) {
 
 			foreach ($onlyInLDAP as $gid => $users) {
 				$groupDN = $access->getGroupMapper()->getDNByName($gid);
+				if ($groupDN === false) {
+					throw new Exception('Failed to find group ' . $gid);
+				}
 				foreach ($users as $uid) {
 					$userDN = $access->getUserMapper()->getDNByName($uid);
 					$entry = [

lib/LDAPConnect.php

@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2017 Cooperativa EITA <eita.org.br>
@@ -9,33 +11,31 @@
 namespace OCA\LdapWriteSupport;
 
 use LDAP\Connection;
+use LDAP\Result;
 use OC\ServerNotAvailableException;
 use OCA\LdapWriteSupport\AppInfo\Application;
 use OCA\User_LDAP\Configuration;
 use OCA\User_LDAP\Helper;
 use Psr\Log\LoggerInterface;
 
 class LDAPConnect {
-	/** @var Configuration */
-	private $ldapConfig;
-	/** @var bool|null */
-	private $passwdSupport;
+	private readonly Configuration $ldapConfig;
+	private ?bool $passwdSupport;
 
 	public function __construct(
 		Helper $ldapBackendHelper,
-		private LoggerInterface $logger,
+		private readonly LoggerInterface $logger,
 	) {
 		$this->passwdSupport = null;
 		$ldapConfigPrefixes = $ldapBackendHelper->getServerConfigurationPrefixes(true);
-		$prefix = array_shift($ldapConfigPrefixes);
+		$prefix = array_shift($ldapConfigPrefixes) ?? '';
 		$this->ldapConfig = new Configuration($prefix);
 	}
 
 	/**
-	 * @return resource|Connection
 	 * @throws ServerNotAvailableException
 	 */
-	public function connect() {
+	public function connect(): Connection {
 		$ldapHost = $this->ldapConfig->ldapHost;
 		$ldapPort = $this->ldapConfig->ldapPort;
 
@@ -51,7 +51,7 @@ public function connect() {
 
 		// Connecting to LDAP - TODO: connect directly via LDAP plugin
 		$cr = ldap_connect($ldapHost);
-		if (!is_resource($cr) && !is_object($cr)) {
+		if (!is_object($cr)) {
 			$this->logger->error('Unable to connect to LDAP host {ldapHost}:{ldapPort}',
 				[
 					'app' => Application::APP_ID,
@@ -72,10 +72,9 @@ public function connect() {
 	}
 
 	/**
-	 * @return false|resource|Connection
 	 * @throws ServerNotAvailableException
 	 */
-	public function bind() {
+	public function bind(): Connection|false {
 		$ds = $this->connect();
 		$dn = $this->ldapConfig->ldapAgentName;
 		$secret = $this->ldapConfig->ldapAgentPassword;
@@ -95,10 +94,9 @@ public function bind() {
 	}
 
 	/**
-	 * @return false|resource|Connection
 	 * @throws ServerNotAvailableException
 	 */
-	public function getLDAPConnection() {
+	public function getLDAPConnection(): Connection|false {
 		return $this->bind();
 	}
 
@@ -142,11 +140,12 @@ public function hasPasswordPolicy(): bool {
 	 * checks whether the LDAP server supports the passwd exop
 	 *
 	 * @param Connection $connection LDAP connection to check
-	 * @return boolean either the user can or cannot
+	 * @return bool either the user can or cannot
 	 */
-	public function hasPasswdExopSupport($connection): bool {
+	public function hasPasswdExopSupport(Connection $connection): bool {
 		// TODO: We should cache this by ldap prefix, but currently we have no access to it.
 		if (is_null($this->passwdSupport)) {
+			/** @var Result|false */
 			$ret = ldap_read($connection, '', '(objectclass=*)', ['supportedExtension']);
 			if ($ret === false) {
 				$this->passwdSupport = false;

lib/LDAPGroupManager.php

@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2017-2019 Cooperativa EITA <eita.org.br>
@@ -18,10 +20,10 @@
 
 class LDAPGroupManager implements ILDAPGroupPlugin {
 	public function __construct(
-		private IGroupManager $groupManager,
-		private LDAPConnect $ldapConnect,
-		private LoggerInterface $logger,
-		private ILDAPProvider $ldapProvider,
+		private readonly IGroupManager $groupManager,
+		private readonly LDAPConnect $ldapConnect,
+		private readonly LoggerInterface $logger,
+		private readonly ILDAPProvider $ldapProvider,
 	) {
 		if ($this->ldapConnect->groupsEnabled()) {
 			$this->makeLdapBackendFirst();