Fix PHPStan errors

sstok · sstok · commit 8015b98a44bb · 2023-11-06T10:54:14.000+01:00
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -0,0 +1,16 @@
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Parameter \\#1 \\$hash of method Rollerworks\\\\Component\\\\SplitToken\\\\SplitToken\\:\\:verifyHash\\(\\) expects string, string\\|null given\\.$#"
+			count: 1
+			path: src/SplitToken.php
+
+		-
+			message: "#^Parameter \\#1 \\$selector of class Rollerworks\\\\Component\\\\SplitToken\\\\SplitTokenValueHolder constructor expects string, string\\|null given\\.$#"
+			count: 1
+			path: src/SplitTokenValueHolder.php
+
+		-
+			message: "#^Parameter \\#2 \\$verifierHash of class Rollerworks\\\\Component\\\\SplitToken\\\\SplitTokenValueHolder constructor expects string, string\\|null given\\.$#"
+			count: 1
+			path: src/SplitTokenValueHolder.php
diff --git a/phpstan.neon b/phpstan.neon
@@ -1,6 +1,6 @@
 includes:
     - vendor/rollerscapes/standards/phpstan.neon
-    #- phpstan-baseline.neon
+    - phpstan-baseline.neon
 
 parameters:
     #reportUnmatchedIgnoredErrors: false
@@ -13,4 +13,5 @@ parameters:
         - templates/
         - translations/
 
-    #ignoreErrors:
+    ignoreErrors:
+        - '#Attribute class Symfony\\Contracts\\Service\\Attribute\\Required does not exist#' # Not required
diff --git a/src/Argon2SplitToken.php b/src/Argon2SplitToken.php
@@ -37,10 +37,10 @@ protected function verifyHash(string $hash, string $verifier): bool
     /** @codeCoverageIgnore */
     protected function hashVerifier(string $verifier): string
     {
-        $passwordHash = password_hash($verifier, \PASSWORD_ARGON2ID, $this->config);
-
-        if ($passwordHash === false || $passwordHash === null) {
-            throw new \RuntimeException('Unrecoverable password hashing error.');
+        try {
+            $passwordHash = password_hash($verifier, \PASSWORD_ARGON2ID, $this->config);
+        } catch (\Throwable $e) {
+            throw new \RuntimeException('Unrecoverable password hashing error.', 0, $e);
         }
 
         return $passwordHash;
diff --git a/src/Argon2SplitTokenFactory.php b/src/Argon2SplitTokenFactory.php
@@ -24,7 +24,7 @@
 final class Argon2SplitTokenFactory extends AbstractSplitTokenFactory
 {
     /** @param array<string, int> $config */
-    public function __construct(private array $config = [], \DateInterval | string | null $defaultLifeTime = null)
+    public function __construct(private array $config = [], \DateInterval | string $defaultLifeTime = null)
     {
         parent::__construct($defaultLifeTime);
     }
diff --git a/src/FakeSplitTokenFactory.php b/src/FakeSplitTokenFactory.php
@@ -23,7 +23,7 @@ final class FakeSplitTokenFactory extends AbstractSplitTokenFactory
     public const VERIFIER = '_OR6OOnV1o8Vy_rWhDoxKNIt';
     public const FULL_TOKEN = self::SELECTOR . self::VERIFIER;
 
-    private $randomValue;
+    private string $randomValue;
 
     public static function randomInstance(): self
     {
@@ -34,7 +34,7 @@ public function __construct(string $randomValue = null, \DateInterval | string $
     {
         parent::__construct($defaultLifeTime);
 
-        $this->randomValue = $randomValue ?? hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d');
+        $this->randomValue = $randomValue ?? ((string) hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d'));
     }
 
     public function generate(\DateTimeImmutable | \DateInterval $expiresAt = null): SplitToken
diff --git a/src/SplitToken.php b/src/SplitToken.php
@@ -98,7 +98,7 @@ abstract class SplitToken
     private ?string $verifierHash = null;
     private ?\DateTimeImmutable $expiresAt = null;
 
-    private function __construct(HiddenString $token, string $selector, string $verifier)
+    final private function __construct(HiddenString $token, string $selector, string $verifier)
     {
         $this->token = $token;
         $this->selector = $selector;
@@ -189,7 +189,7 @@ public function token(): HiddenString
      */
     final public function matches(?SplitTokenValueHolder $token): bool
     {
-        if (SplitTokenValueHolder::isEmpty($token)) {
+        if ($token === null || SplitTokenValueHolder::isEmpty($token)) {
             return false;
         }
 
@@ -235,6 +235,8 @@ public function getExpirationTime(): ?\DateTimeImmutable
     /**
      * This method is called in create() before the verifier is hashed,
      * allowing to set-up configuration for the hashing method.
+     *
+     * @param array<string, mixed> $config
      */
     protected function configureHasher(array $config): void
     {
diff --git a/src/SplitTokenValueHolder.php b/src/SplitTokenValueHolder.php
@@ -27,11 +27,13 @@
  */
 final class SplitTokenValueHolder
 {
-    private $selector;
-    private $verifierHash;
-    private $expiresAt;
-    private $metadata = [];
+    private ?string $selector = null;
+    private ?string $verifierHash = null;
+    private ?\DateTimeImmutable $expiresAt = null;
+    /** @var array<string, scalar> */
+    private array $metadata = [];
 
+    /** @param array<string, scalar> $metadata */
     public function __construct(string $selector, string $verifierHash, \DateTimeImmutable $expiresAt = null, array $metadata = [])
     {
         $this->selector = $selector;
@@ -46,18 +48,22 @@ public static function isEmpty(?self $valueHolder): bool
             return true;
         }
 
+        // It's possible these values are empty when used as Embedded, because Embedded
+        // will always produce an object.
         return $valueHolder->selector === null || $valueHolder->verifierHash === null;
     }
 
     /**
      * Returns whether the current token (if any) can be replaced with the new token.
      *
      * This methods should only to be used to prevent setting a token when a token
-     * was already set, which has not expired, and the same metadata was given (type checked!).
+     * was already set, which has not expired, and the same metadata was given (strict checked!).
+     *
+     * @param array<string, scalar> $expectedMetadata
      */
     public static function mayReplaceCurrentToken(?self $valueHolder, array $expectedMetadata = []): bool
     {
-        if (self::isEmpty($valueHolder)) {
+        if ($valueHolder === null || self::isEmpty($valueHolder)) {
             return true;
         }
 
@@ -78,23 +84,29 @@ public function verifierHash(): ?string
         return $this->verifierHash;
     }
 
+    /** @param array<string, scalar> $metadata */
     public function withMetadata(array $metadata): self
     {
+        if (self::isEmpty($this)) {
+            throw new \RuntimeException('Incomplete TokenValueHolder.');
+        }
+
         return new self($this->selector, $this->verifierHash, $this->expiresAt, $metadata);
     }
 
+    /** @return array<string, scalar> */
     public function metadata(): array
     {
         return $this->metadata ?? [];
     }
 
-    public function isExpired(\DateTimeImmutable $datetime = null): bool
+    public function isExpired(\DateTimeImmutable $now = null): bool
     {
         if ($this->expiresAt === null) {
             return false;
         }
 
-        return $this->expiresAt->getTimestamp() < ($datetime ?? new \DateTimeImmutable())->getTimestamp();
+        return $this->expiresAt->getTimestamp() < ($now ?? new \DateTimeImmutable())->getTimestamp();
     }
 
     public function expiresAt(): ?\DateTimeImmutable
@@ -106,6 +118,7 @@ public function expiresAt(): ?\DateTimeImmutable
      * Compares if both objects are the same.
      *
      * Warning this method leaks timing information and the expiration date is ignored!
+     * This method should only be used to check if a new token is provided.
      */
     public function equals(self $other): bool
     {
diff --git a/tests/Argon2SplitTokenFactoryTest.php b/tests/Argon2SplitTokenFactoryTest.php
@@ -62,6 +62,7 @@ public function it_generates_with_default_expiration_as_string(): void
 
     private static function assertExpirationEquals(string $expected, SplitToken $actual): void
     {
+        self::assertNotNull($actual->getExpirationTime());
         self::assertSame($expected, $actual->getExpirationTime()->format('Y-m-d\TH:i:s'));
     }
 
diff --git a/tests/Argon2SplitTokenTest.php b/tests/Argon2SplitTokenTest.php
@@ -24,16 +24,16 @@ final class Argon2SplitTokenTest extends TestCase
     private const FULL_TOKEN = '1zUeXUvr4LKymANBB_bLEqiP5GPr-Pha_OR6OOnV1o8Vy_rWhDoxKNIt';
     private const SELECTOR = '1zUeXUvr4LKymANBB_bLEqiP5GPr-Pha';
 
-    private static $randValue;
+    private static HiddenString $randValue;
 
     #[BeforeClass]
-    public static function createRandomBytes()
+    public static function createRandomBytes(): void
     {
-        self::$randValue = new HiddenString(hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d'), false, true);
+        self::$randValue = new HiddenString((string) hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d'), false, true);
     }
 
     #[Test]
-    public function it_validates_the_correct_length_less()
+    public function it_validates_the_correct_length_less(): void
     {
         $this->expectException(\RuntimeException::class);
         $this->expectExceptionMessage('Invalid token-data provided, expected exactly 42 bytes.');
@@ -42,7 +42,7 @@ public function it_validates_the_correct_length_less()
     }
 
     #[Test]
-    public function it_validates_the_correct_length_more()
+    public function it_validates_the_correct_length_more(): void
     {
         $this->expectException(\RuntimeException::class);
         $this->expectExceptionMessage('Invalid token-data provided, expected exactly 42 bytes.');
@@ -51,7 +51,7 @@ public function it_validates_the_correct_length_more()
     }
 
     #[Test]
-    public function it_validates_the_correct_length_from_string_less()
+    public function it_validates_the_correct_length_from_string_less(): void
     {
         $this->expectException(\RuntimeException::class);
         $this->expectExceptionMessage('Invalid token provided.');
@@ -60,7 +60,7 @@ public function it_validates_the_correct_length_from_string_less()
     }
 
     #[Test]
-    public function it_validates_the_correct_length_from_string_more()
+    public function it_validates_the_correct_length_from_string_more(): void
     {
         $this->expectException(\RuntimeException::class);
         $this->expectExceptionMessage('Invalid token provided.');
@@ -69,7 +69,7 @@ public function it_validates_the_correct_length_from_string_more()
     }
 
     #[Test]
-    public function it_creates_a_split_token_without_id()
+    public function it_creates_a_split_token_without_id(): void
     {
         $splitToken = SplitToken::create(self::$randValue);
 
@@ -78,7 +78,7 @@ public function it_creates_a_split_token_without_id()
     }
 
     #[Test]
-    public function it_creates_a_split_token_with_id()
+    public function it_creates_a_split_token_with_id(): void
     {
         $splitToken = SplitToken::create($fullToken = self::$randValue);
 
@@ -87,7 +87,7 @@ public function it_creates_a_split_token_with_id()
     }
 
     #[Test]
-    public function it_compares_two_split_tokens()
+    public function it_compares_two_split_tokens(): void
     {
         $splitToken1 = SplitToken::create(self::$randValue);
 
@@ -97,43 +97,46 @@ public function it_compares_two_split_tokens()
     }
 
     #[Test]
-    public function it_creates_a_split_token_with_custom_config()
+    public function it_creates_a_split_token_with_custom_config(): void
     {
         $splitToken = SplitToken::create(self::$randValue, [
             'memory_cost' => 512,
             'time_cost' => 1,
             'threads' => 1,
         ]);
 
-        self::assertMatchesRegularExpression('/^\$argon2[id]+\$v=19\$m=512,t=1,p=1/', $splitToken->toValueHolder()->verifierHash());
+        self::assertNotNull($hash = $splitToken->toValueHolder()->verifierHash());
+        self::assertMatchesRegularExpression('/^\$argon2id+\$v=19\$m=512,t=1,p=1/', $hash);
     }
 
     #[Test]
-    public function it_produces_a_split_token_value_holder()
+    public function it_produces_a_split_token_value_holder(): void
     {
         $splitToken = SplitToken::create(self::$randValue);
 
         $value = $splitToken->toValueHolder();
 
         self::assertEquals($splitToken->selector(), $value->selector());
-        self::assertStringStartsWith('$argon2i', $value->verifierHash());
+        self::assertNotNull($hash = $splitToken->toValueHolder()->verifierHash());
+        self::assertStringStartsWith('$argon2id', $hash);
         self::assertEquals([], $value->metadata());
         self::assertFalse($value->isExpired());
         self::assertFalse($value->isExpired(new \DateTimeImmutable('-5 minutes')));
     }
 
     #[Test]
-    public function it_produces_a_split_token_value_holder_with_metadata()
+    public function it_produces_a_split_token_value_holder_with_metadata(): void
     {
         $splitToken = SplitToken::create(self::$randValue);
         $value = $splitToken->toValueHolder(['he' => 'now']);
 
-        self::assertStringStartsWith('$argon2i', $value->verifierHash());
+        self::assertNotNull($hash = $splitToken->toValueHolder()->verifierHash());
+        self::assertStringStartsWith('$argon2id', $hash);
         self::assertEquals(['he' => 'now'], $value->metadata());
     }
 
     #[Test]
-    public function it_produces_a_split_token_value_holder_with_expiration()
+    public function it_produces_a_split_token_value_holder_with_expiration(): void
     {
         $date = new \DateTimeImmutable('+5 minutes');
         $splitToken = SplitToken::create($fullToken = self::$randValue)->expireAt($date);
@@ -146,7 +149,7 @@ public function it_produces_a_split_token_value_holder_with_expiration()
     }
 
     #[Test]
-    public function it_reconstructs_from_string()
+    public function it_reconstructs_from_string(): void
     {
         $splitTokenReconstituted = SplitToken::fromString(self::FULL_TOKEN);
 
@@ -155,7 +158,7 @@ public function it_reconstructs_from_string()
     }
 
     #[Test]
-    public function it_fails_when_creating_holder_with_string_constructed()
+    public function it_fails_when_creating_holder_with_string_constructed(): void
     {
         $this->expectException(\RuntimeException::class);
         $this->expectExceptionMessage('toValueHolder() does not work with a SplitToken object when created with fromString().');
@@ -164,7 +167,7 @@ public function it_fails_when_creating_holder_with_string_constructed()
     }
 
     #[Test]
-    public function it_verifies_split_token()
+    public function it_verifies_split_token(): void
     {
         // Stored.
         $splitTokenHolder = SplitToken::create(self::$randValue)->toValueHolder();
@@ -176,15 +179,15 @@ public function it_verifies_split_token()
     }
 
     #[Test]
-    public function it_verifies_split_token_from_string_and_no_current_token_set()
+    public function it_verifies_split_token_from_string_and_no_current_token_set(): void
     {
         $fromString = SplitToken::fromString(self::FULL_TOKEN);
 
         self::assertFalse($fromString->matches(null));
     }
 
     #[Test]
-    public function it_verifies_split_token_from_string_selector()
+    public function it_verifies_split_token_from_string_selector(): void
     {
         // Stored.
         $splitTokenHolder = SplitToken::create(self::$randValue)->toValueHolder();
@@ -197,7 +200,7 @@ public function it_verifies_split_token_from_string_selector()
     }
 
     #[Test]
-    public function it_verifies_split_token_from_string_with_expiration()
+    public function it_verifies_split_token_from_string_with_expiration(): void
     {
         // Stored.
         $splitTokenHolder = SplitToken::create(self::$randValue)
diff --git a/tests/FakeSplitTokenFactoryTest.php b/tests/FakeSplitTokenFactoryTest.php
@@ -68,6 +68,7 @@ public function it_generates_with_default_expiration_date(): void
 
     private static function assertExpirationEquals(string $expected, SplitToken $actual): void
     {
+        self::assertNotNull($actual->getExpirationTime());
         self::assertSame($expected, $actual->getExpirationTime()->format('Y-m-d\TH:i:s'));
     }
 

Original file line number	Diff line number	Diff line change
`@@ -37,10 +37,10 @@ protected function verifyHash(string $hash, string $verifier): bool`
`37`	`37`	`/** @codeCoverageIgnore */`
`38`	`38`	`protected function hashVerifier(string $verifier): string`
`39`	`39`	`{`
`40`		`- $passwordHash = password_hash($verifier, \PASSWORD_ARGON2ID, $this->config);`
`41`		`-`
`42`		`- if ($passwordHash === false \|\| $passwordHash === null) {`
`43`		`- throw new \RuntimeException('Unrecoverable password hashing error.');`
	`40`	`+ try {`
	`41`	`+ $passwordHash = password_hash($verifier, \PASSWORD_ARGON2ID, $this->config);`
	`42`	`+ } catch (\Throwable $e) {`
	`43`	`+ throw new \RuntimeException('Unrecoverable password hashing error.', 0, $e);`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`return $passwordHash;`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@`
`24`	`24`	`final class Argon2SplitTokenFactory extends AbstractSplitTokenFactory`
`25`	`25`	`{`
`26`	`26`	`/** @param array<string, int> $config */`
`27`		`- public function __construct(private array $config = [], \DateInterval \| string \| null $defaultLifeTime = null)`
	`27`	`+ public function __construct(private array $config = [], \DateInterval \| string $defaultLifeTime = null)`
`28`	`28`	`{`
`29`	`29`	`parent::__construct($defaultLifeTime);`
`30`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ final class FakeSplitTokenFactory extends AbstractSplitTokenFactory`
`23`	`23`	`public const VERIFIER = '_OR6OOnV1o8Vy_rWhDoxKNIt';`
`24`	`24`	`public const FULL_TOKEN = self::SELECTOR . self::VERIFIER;`
`25`	`25`
`26`		`- private $randomValue;`
	`26`	`+ private string $randomValue;`
`27`	`27`
`28`	`28`	`public static function randomInstance(): self`
`29`	`29`	`{`
`@@ -34,7 +34,7 @@ public function __construct(string $randomValue = null, \DateInterval \| string $`
`34`	`34`	`{`
`35`	`35`	`parent::__construct($defaultLifeTime);`
`36`	`36`
`37`		`- $this->randomValue = $randomValue ?? hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d');`
	`37`	`+ $this->randomValue = $randomValue ?? ((string) hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d'));`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`public function generate(\DateTimeImmutable \| \DateInterval $expiresAt = null): SplitToken`
Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ abstract class SplitToken`
`98`	`98`	`private ?string $verifierHash = null;`
`99`	`99`	`private ?\DateTimeImmutable $expiresAt = null;`
`100`	`100`
`101`		`- private function __construct(HiddenString $token, string $selector, string $verifier)`
	`101`	`+ final private function __construct(HiddenString $token, string $selector, string $verifier)`
`102`	`102`	`{`
`103`	`103`	`$this->token = $token;`
`104`	`104`	`$this->selector = $selector;`
`@@ -189,7 +189,7 @@ public function token(): HiddenString`
`189`	`189`	`*/`
`190`	`190`	`final public function matches(?SplitTokenValueHolder $token): bool`
`191`	`191`	`{`
`192`		`- if (SplitTokenValueHolder::isEmpty($token)) {`
	`192`	`+ if ($token === null \|\| SplitTokenValueHolder::isEmpty($token)) {`
`193`	`193`	`return false;`
`194`	`194`	`}`
`195`	`195`
`@@ -235,6 +235,8 @@ public function getExpirationTime(): ?\DateTimeImmutable`
`235`	`235`	`/**`
`236`	`236`	`* This method is called in create() before the verifier is hashed,`
`237`	`237`	`* allowing to set-up configuration for the hashing method.`
	`238`	`+ *`
	`239`	`+ * @param array<string, mixed> $config`
`238`	`240`	`*/`
`239`	`241`	`protected function configureHasher(array $config): void`
`240`	`242`	`{`
Original file line number	Diff line number	Diff line change
`@@ -27,11 +27,13 @@`
`27`	`27`	`*/`
`28`	`28`	`final class SplitTokenValueHolder`
`29`	`29`	`{`
`30`		`- private $selector;`
`31`		`- private $verifierHash;`
`32`		`- private $expiresAt;`
`33`		`- private $metadata = [];`
	`30`	`+ private ?string $selector = null;`
	`31`	`+ private ?string $verifierHash = null;`
	`32`	`+ private ?\DateTimeImmutable $expiresAt = null;`
	`33`	`+ /** @var array<string, scalar> */`
	`34`	`+ private array $metadata = [];`
`34`	`35`
	`36`	`+ /** @param array<string, scalar> $metadata */`
`35`	`37`	`public function __construct(string $selector, string $verifierHash, \DateTimeImmutable $expiresAt = null, array $metadata = [])`
`36`	`38`	`{`
`37`	`39`	`$this->selector = $selector;`
`@@ -46,18 +48,22 @@ public static function isEmpty(?self $valueHolder): bool`
`46`	`48`	`return true;`
`47`	`49`	`}`
`48`	`50`
	`51`	`+ // It's possible these values are empty when used as Embedded, because Embedded`
	`52`	`+ // will always produce an object.`
`49`	`53`	`return $valueHolder->selector === null \|\| $valueHolder->verifierHash === null;`
`50`	`54`	`}`
`51`	`55`
`52`	`56`	`/**`
`53`	`57`	`* Returns whether the current token (if any) can be replaced with the new token.`
`54`	`58`	`*`
`55`	`59`	`* This methods should only to be used to prevent setting a token when a token`
`56`		`- * was already set, which has not expired, and the same metadata was given (type checked!).`
	`60`	`+ * was already set, which has not expired, and the same metadata was given (strict checked!).`
	`61`	`+ *`
	`62`	`+ * @param array<string, scalar> $expectedMetadata`
`57`	`63`	`*/`
`58`	`64`	`public static function mayReplaceCurrentToken(?self $valueHolder, array $expectedMetadata = []): bool`
`59`	`65`	`{`
`60`		`- if (self::isEmpty($valueHolder)) {`
	`66`	`+ if ($valueHolder === null \|\| self::isEmpty($valueHolder)) {`
`61`	`67`	`return true;`
`62`	`68`	`}`
`63`	`69`
`@@ -78,23 +84,29 @@ public function verifierHash(): ?string`
`78`	`84`	`return $this->verifierHash;`
`79`	`85`	`}`
`80`	`86`
	`87`	`+ /** @param array<string, scalar> $metadata */`
`81`	`88`	`public function withMetadata(array $metadata): self`
`82`	`89`	`{`
	`90`	`+ if (self::isEmpty($this)) {`
	`91`	`+ throw new \RuntimeException('Incomplete TokenValueHolder.');`
	`92`	`+ }`
	`93`	`+`
`83`	`94`	`return new self($this->selector, $this->verifierHash, $this->expiresAt, $metadata);`
`84`	`95`	`}`
`85`	`96`
	`97`	`+ /** @return array<string, scalar> */`
`86`	`98`	`public function metadata(): array`
`87`	`99`	`{`
`88`	`100`	`return $this->metadata ?? [];`
`89`	`101`	`}`
`90`	`102`
`91`		`- public function isExpired(\DateTimeImmutable $datetime = null): bool`
	`103`	`+ public function isExpired(\DateTimeImmutable $now = null): bool`
`92`	`104`	`{`
`93`	`105`	`if ($this->expiresAt === null) {`
`94`	`106`	`return false;`
`95`	`107`	`}`
`96`	`108`
`97`		`- return $this->expiresAt->getTimestamp() < ($datetime ?? new \DateTimeImmutable())->getTimestamp();`
	`109`	`+ return $this->expiresAt->getTimestamp() < ($now ?? new \DateTimeImmutable())->getTimestamp();`
`98`	`110`	`}`
`99`	`111`
`100`	`112`	`public function expiresAt(): ?\DateTimeImmutable`
`@@ -106,6 +118,7 @@ public function expiresAt(): ?\DateTimeImmutable`
`106`	`118`	`* Compares if both objects are the same.`
`107`	`119`	`*`
`108`	`120`	`* Warning this method leaks timing information and the expiration date is ignored!`
	`121`	`+ * This method should only be used to check if a new token is provided.`
`109`	`122`	`*/`
`110`	`123`	`public function equals(self $other): bool`
`111`	`124`	`{`
Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ public function it_generates_with_default_expiration_as_string(): void`
`62`	`62`
`63`	`63`	`private static function assertExpirationEquals(string $expected, SplitToken $actual): void`
`64`	`64`	`{`
	`65`	`+ self::assertNotNull($actual->getExpirationTime());`
`65`	`66`	`self::assertSame($expected, $actual->getExpirationTime()->format('Y-m-d\TH:i:s'));`
`66`	`67`	`}`
`67`	`68`
Original file line number	Diff line number	Diff line change
`@@ -24,16 +24,16 @@ final class Argon2SplitTokenTest extends TestCase`
`24`	`24`	`private const FULL_TOKEN = '1zUeXUvr4LKymANBB_bLEqiP5GPr-Pha_OR6OOnV1o8Vy_rWhDoxKNIt';`
`25`	`25`	`private const SELECTOR = '1zUeXUvr4LKymANBB_bLEqiP5GPr-Pha';`
`26`	`26`
`27`		`- private static $randValue;`
	`27`	`+ private static HiddenString $randValue;`
`28`	`28`
`29`	`29`	`#[BeforeClass]`
`30`		`- public static function createRandomBytes()`
	`30`	`+ public static function createRandomBytes(): void`
`31`	`31`	`{`
`32`		`- self::$randValue = new HiddenString(hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d'), false, true);`
	`32`	`+ self::$randValue = new HiddenString((string) hex2bin('d7351e5d4bebe0b2b298034107f6cb12a88fe463ebf8f85afce47a38e9d5d68f15cbfad6843a3128d22d'), false, true);`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`#[Test]`
`36`		`- public function it_validates_the_correct_length_less()`
	`36`	`+ public function it_validates_the_correct_length_less(): void`
`37`	`37`	`{`
`38`	`38`	`$this->expectException(\RuntimeException::class);`
`39`	`39`	`$this->expectExceptionMessage('Invalid token-data provided, expected exactly 42 bytes.');`
`@@ -42,7 +42,7 @@ public function it_validates_the_correct_length_less()`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`#[Test]`
`45`		`- public function it_validates_the_correct_length_more()`
	`45`	`+ public function it_validates_the_correct_length_more(): void`
`46`	`46`	`{`
`47`	`47`	`$this->expectException(\RuntimeException::class);`
`48`	`48`	`$this->expectExceptionMessage('Invalid token-data provided, expected exactly 42 bytes.');`
`@@ -51,7 +51,7 @@ public function it_validates_the_correct_length_more()`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`#[Test]`
`54`		`- public function it_validates_the_correct_length_from_string_less()`
	`54`	`+ public function it_validates_the_correct_length_from_string_less(): void`
`55`	`55`	`{`
`56`	`56`	`$this->expectException(\RuntimeException::class);`
`57`	`57`	`$this->expectExceptionMessage('Invalid token provided.');`
`@@ -60,7 +60,7 @@ public function it_validates_the_correct_length_from_string_less()`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`#[Test]`
`63`		`- public function it_validates_the_correct_length_from_string_more()`
	`63`	`+ public function it_validates_the_correct_length_from_string_more(): void`
`64`	`64`	`{`
`65`	`65`	`$this->expectException(\RuntimeException::class);`
`66`	`66`	`$this->expectExceptionMessage('Invalid token provided.');`
`@@ -69,7 +69,7 @@ public function it_validates_the_correct_length_from_string_more()`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`#[Test]`
`72`		`- public function it_creates_a_split_token_without_id()`
	`72`	`+ public function it_creates_a_split_token_without_id(): void`
`73`	`73`	`{`
`74`	`74`	`$splitToken = SplitToken::create(self::$randValue);`
`75`	`75`
`@@ -78,7 +78,7 @@ public function it_creates_a_split_token_without_id()`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`#[Test]`
`81`		`- public function it_creates_a_split_token_with_id()`
	`81`	`+ public function it_creates_a_split_token_with_id(): void`
`82`	`82`	`{`
`83`	`83`	`$splitToken = SplitToken::create($fullToken = self::$randValue);`
`84`	`84`
`@@ -87,7 +87,7 @@ public function it_creates_a_split_token_with_id()`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`#[Test]`
`90`		`- public function it_compares_two_split_tokens()`
	`90`	`+ public function it_compares_two_split_tokens(): void`
`91`	`91`	`{`
`92`	`92`	`$splitToken1 = SplitToken::create(self::$randValue);`
`93`	`93`
`@@ -97,43 +97,46 @@ public function it_compares_two_split_tokens()`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`#[Test]`
`100`		`- public function it_creates_a_split_token_with_custom_config()`
	`100`	`+ public function it_creates_a_split_token_with_custom_config(): void`
`101`	`101`	`{`
`102`	`102`	`$splitToken = SplitToken::create(self::$randValue, [`
`103`	`103`	`'memory_cost' => 512,`
`104`	`104`	`'time_cost' => 1,`
`105`	`105`	`'threads' => 1,`
`106`	`106`	`]);`
`107`	`107`
`108`		`- self::assertMatchesRegularExpression('/^\$argon2[id]+\$v=19\$m=512,t=1,p=1/', $splitToken->toValueHolder()->verifierHash());`
	`108`	`+ self::assertNotNull($hash = $splitToken->toValueHolder()->verifierHash());`
	`109`	`+ self::assertMatchesRegularExpression('/^\$argon2id+\$v=19\$m=512,t=1,p=1/', $hash);`
`109`	`110`	`}`
`110`	`111`
`111`	`112`	`#[Test]`
`112`		`- public function it_produces_a_split_token_value_holder()`
	`113`	`+ public function it_produces_a_split_token_value_holder(): void`
`113`	`114`	`{`
`114`	`115`	`$splitToken = SplitToken::create(self::$randValue);`
`115`	`116`
`116`	`117`	`$value = $splitToken->toValueHolder();`
`117`	`118`
`118`	`119`	`self::assertEquals($splitToken->selector(), $value->selector());`
`119`		`- self::assertStringStartsWith('$argon2i', $value->verifierHash());`
	`120`	`+ self::assertNotNull($hash = $splitToken->toValueHolder()->verifierHash());`
	`121`	`+ self::assertStringStartsWith('$argon2id', $hash);`
`120`	`122`	`self::assertEquals([], $value->metadata());`
`121`	`123`	`self::assertFalse($value->isExpired());`
`122`	`124`	`self::assertFalse($value->isExpired(new \DateTimeImmutable('-5 minutes')));`
`123`	`125`	`}`
`124`	`126`
`125`	`127`	`#[Test]`
`126`		`- public function it_produces_a_split_token_value_holder_with_metadata()`
	`128`	`+ public function it_produces_a_split_token_value_holder_with_metadata(): void`
`127`	`129`	`{`
`128`	`130`	`$splitToken = SplitToken::create(self::$randValue);`
`129`	`131`	`$value = $splitToken->toValueHolder(['he' => 'now']);`
`130`	`132`
`131`		`- self::assertStringStartsWith('$argon2i', $value->verifierHash());`
	`133`	`+ self::assertNotNull($hash = $splitToken->toValueHolder()->verifierHash());`
	`134`	`+ self::assertStringStartsWith('$argon2id', $hash);`
`132`	`135`	`self::assertEquals(['he' => 'now'], $value->metadata());`
`133`	`136`	`}`
`134`	`137`
`135`	`138`	`#[Test]`
`136`		`- public function it_produces_a_split_token_value_holder_with_expiration()`
	`139`	`+ public function it_produces_a_split_token_value_holder_with_expiration(): void`
`137`	`140`	`{`
`138`	`141`	`$date = new \DateTimeImmutable('+5 minutes');`
`139`	`142`	`$splitToken = SplitToken::create($fullToken = self::$randValue)->expireAt($date);`
`@@ -146,7 +149,7 @@ public function it_produces_a_split_token_value_holder_with_expiration()`
`146`	`149`	`}`
`147`	`150`
`148`	`151`	`#[Test]`
`149`		`- public function it_reconstructs_from_string()`
	`152`	`+ public function it_reconstructs_from_string(): void`
`150`	`153`	`{`
`151`	`154`	`$splitTokenReconstituted = SplitToken::fromString(self::FULL_TOKEN);`
`152`	`155`
`@@ -155,7 +158,7 @@ public function it_reconstructs_from_string()`
`155`	`158`	`}`
`156`	`159`
`157`	`160`	`#[Test]`
`158`		`- public function it_fails_when_creating_holder_with_string_constructed()`
	`161`	`+ public function it_fails_when_creating_holder_with_string_constructed(): void`
`159`	`162`	`{`
`160`	`163`	`$this->expectException(\RuntimeException::class);`
`161`	`164`	`$this->expectExceptionMessage('toValueHolder() does not work with a SplitToken object when created with fromString().');`
`@@ -164,7 +167,7 @@ public function it_fails_when_creating_holder_with_string_constructed()`
`164`	`167`	`}`
`165`	`168`
`166`	`169`	`#[Test]`
`167`		`- public function it_verifies_split_token()`
	`170`	`+ public function it_verifies_split_token(): void`
`168`	`171`	`{`
`169`	`172`	`// Stored.`
`170`	`173`	`$splitTokenHolder = SplitToken::create(self::$randValue)->toValueHolder();`
`@@ -176,15 +179,15 @@ public function it_verifies_split_token()`
`176`	`179`	`}`
`177`	`180`
`178`	`181`	`#[Test]`
`179`		`- public function it_verifies_split_token_from_string_and_no_current_token_set()`
	`182`	`+ public function it_verifies_split_token_from_string_and_no_current_token_set(): void`
`180`	`183`	`{`
`181`	`184`	`$fromString = SplitToken::fromString(self::FULL_TOKEN);`
`182`	`185`
`183`	`186`	`self::assertFalse($fromString->matches(null));`
`184`	`187`	`}`
`185`	`188`
`186`	`189`	`#[Test]`
`187`		`- public function it_verifies_split_token_from_string_selector()`
	`190`	`+ public function it_verifies_split_token_from_string_selector(): void`
`188`	`191`	`{`
`189`	`192`	`// Stored.`
`190`	`193`	`$splitTokenHolder = SplitToken::create(self::$randValue)->toValueHolder();`
`@@ -197,7 +200,7 @@ public function it_verifies_split_token_from_string_selector()`
`197`	`200`	`}`
`198`	`201`
`199`	`202`	`#[Test]`
`200`		`- public function it_verifies_split_token_from_string_with_expiration()`
	`203`	`+ public function it_verifies_split_token_from_string_with_expiration(): void`
`201`	`204`	`{`
`202`	`205`	`// Stored.`
`203`	`206`	`$splitTokenHolder = SplitToken::create(self::$randValue)`
Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ public function it_generates_with_default_expiration_date(): void`
`68`	`68`
`69`	`69`	`private static function assertExpirationEquals(string $expected, SplitToken $actual): void`
`70`	`70`	`{`
	`71`	`+ self::assertNotNull($actual->getExpirationTime());`
`71`	`72`	`self::assertSame($expected, $actual->getExpirationTime()->format('Y-m-d\TH:i:s'));`
`72`	`73`	`}`
`73`	`74`