Replace psalm with phpstan

Author: tvdijen

.github/workflows/php.yml

@@ -86,26 +86,13 @@ jobs:
       - name: PHP Code Sniffer
         run: phpcs
 
-      - name: Psalm
+      - name: PHPStan
         run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan.neon
 
-      - name: Psalm (testsuite)
+      - name: PHPStan (testsuite)
         run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalter
-        run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan-dev.neon
 
   security:
     name: Security checks

phpstan-dev.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 5
+  paths:
+    - tests

phpstan.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 6
+  paths:
+    - src

psalm.xml

@@ -47,7 +47,7 @@ class Authorize extends Auth\ProcessingFilter
     /**
      * Array of localised rejection messages
      *
-     * @var array
+     * @var string[]
      */
     protected array $reject_msg = [];
 
@@ -60,9 +60,9 @@ class Authorize extends Auth\ProcessingFilter
 
     /**
      * Array of valid users. Each element is a regular expression. You should
-     * user \ to escape special chars, like '.' etc.
+     * use \ to escape special chars, like '.' etc.
      *
-     * @param array
+     * @var array<mixed>
      */
     protected array $valid_attribute_values = [];
 
@@ -82,7 +82,7 @@ class Authorize extends Auth\ProcessingFilter
      * Initialize this filter.
      * Validate configuration parameters.
      *
-     * @param array $config  Configuration information about this filter.
+     * @param array<mixed> $config  Configuration information about this filter.
      * @param mixed $reserved  For future use.
      */
     public function __construct(array $config, $reserved)
@@ -155,7 +155,7 @@ public function __construct(array $config, $reserved)
     /**
      * Apply filter to validate attributes.
      *
-     * @param array &$state  The current request
+     * @param array<mixed> &$state  The current request
      */
     public function process(array &$state): void
     {
@@ -225,7 +225,7 @@ public function process(array &$state): void
      * thinking in case a "chained" ACL is needed, more complex
      * permission logic.
      *
-     * @param array $state
+     * @param array<mixed> $state
      */
     protected function unauthorized(array &$state): void
     {

src/Auth/Process/Authorize.php

@@ -51,7 +51,7 @@ public function forbidden(Request $request): Template
             throw new Error\BadRequest('Missing required StateId query parameter.');
         }
 
-        /** @var array $state */
+        /** @var array<mixed> $state */
         $state = Auth\State::loadState($stateId, 'authorize:Authorize');
 
         $t = new Template($this->config, 'authorize:authorize_403.twig');
@@ -108,7 +108,7 @@ public function reauthenticate(Request $request): void
         if (!is_string($stateId)) {
             throw new Error\BadRequest('Missing required StateId query parameter.');
         }
-        /** @var array $state */
+        /** @var array<mixed> $state */
         $state = Auth\State::loadState($stateId, 'authorize:Authorize');
 
         $authSource = $state['Source']['auth'];