From 511944a05201cb60fd91b96f264642b57a631aea Mon Sep 17 00:00:00 2001
From: Antonio Carlos Ribeiro <acr@antoniocarlosribeiro.com>
Date: Mon, 21 Oct 2019 14:16:05 -0300
Subject: [PATCH] Fix static analysis

---
 src/Google2FA.php      | 44 ++++++++++++++++++++++--------------------
 src/Support/Base32.php |  2 +-
 src/Support/QRCode.php |  4 ++--
 tests/tools/analyse.sh |  2 +-
 4 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/src/Google2FA.php b/src/Google2FA.php
index 172616e..b9fe949 100644
--- a/src/Google2FA.php
+++ b/src/Google2FA.php
@@ -50,18 +50,18 @@ class Google2FA
     /**
      * Find a valid One Time Password.
      *
-     * @param string $secret
-     * @param string $key
-     * @param int $window
-     * @param int $startingTimestamp
-     * @param int $timestamp
-     * @param int|null $oldTimestamp
+     * @param string    $secret
+     * @param string    $key
+     * @param int|null  $window
+     * @param int       $startingTimestamp
+     * @param int       $timestamp
+     * @param int|null  $oldTimestamp
      *
      * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
      * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
      * @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
      *
-     * @return bool
+     * @return bool|int
      */
     public function findValidOTP(
         $secret,
@@ -219,7 +219,7 @@ public function getWindow($window = null)
     /**
      * Make a window based starting timestamp.
      *
-     * @param int $window
+     * @param int|null $window
      * @param int $timestamp
      * @param int|null $oldTimestamp
      *
@@ -290,8 +290,10 @@ public function oathTruncate($hash)
 
         $temp = unpack('N', substr($hash, $offset, 4));
 
+        $temp = $temp[1] & 0x7fffffff;
+
         return substr(
-            $temp[1] & 0x7fffffff,
+            (string) $temp,
             -$this->getOneTimePasswordLength()
         );
     }
@@ -301,7 +303,7 @@ public function oathTruncate($hash)
      *
      * @param string $string
      *
-     * @return string
+     * @return string|null
      */
     public function removeInvalidChars($string)
     {
@@ -389,11 +391,11 @@ public function setWindow($window)
      * Verifies a user inputted key against the current timestamp. Checks $window
      * keys either side of the timestamp.
      *
-     * @param string          $key          - User specified key
-     * @param null|string     $secret
-     * @param null|int        $window
-     * @param null|int        $timestamp
-     * @param null|string|int $oldTimestamp
+     * @param string        $key          - User specified key
+     * @param string        $secret
+     * @param null|int      $window
+     * @param null|int      $timestamp
+     * @param null|int      $oldTimestamp
      *
      * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
      * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
@@ -403,7 +405,7 @@ public function setWindow($window)
      */
     public function verify(
         $key,
-        $secret = null,
+        $secret,
         $window = null,
         $timestamp = null,
         $oldTimestamp = null
@@ -421,11 +423,11 @@ public function verify(
      * Verifies a user inputted key against the current timestamp. Checks $window
      * keys either side of the timestamp.
      *
-     * @param string          $secret
-     * @param string          $key          - User specified key
-     * @param null|int        $window
-     * @param null|int        $timestamp
-     * @param null|string|int $oldTimestamp
+     * @param string    $secret
+     * @param string    $key          - User specified key
+     * @param int|null  $window
+     * @param null|int  $timestamp
+     * @param null|int  $oldTimestamp
      *
      * @throws \PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException
      * @throws \PragmaRX\Google2FA\Exceptions\InvalidCharactersException
diff --git a/src/Support/Base32.php b/src/Support/Base32.php
index c90c5c1..65e2963 100644
--- a/src/Support/Base32.php
+++ b/src/Support/Base32.php
@@ -81,7 +81,7 @@ protected function isCharCountNotAPowerOfTwo($b32)
      * Pad string with random base 32 chars.
      *
      * @param string $string
-     * @param string $length
+     * @param int $length
      *
      * @throws \Exception
      *
diff --git a/src/Support/QRCode.php b/src/Support/QRCode.php
index 358a2bb..0c23eca 100644
--- a/src/Support/QRCode.php
+++ b/src/Support/QRCode.php
@@ -26,9 +26,9 @@ public function getQRCodeUrl($company, $holder, $secret)
             '&algorithm=' .
             rawurlencode(strtoupper($this->getAlgorithm())) .
             '&digits=' .
-            rawurlencode(strtoupper($this->getOneTimePasswordLength())) .
+            rawurlencode(strtoupper((string) $this->getOneTimePasswordLength())) .
             '&period=' .
-            rawurlencode(strtoupper($this->getKeyRegeneration())) .
+            rawurlencode(strtoupper((string) $this->getKeyRegeneration())) .
             '';
     }
 }
diff --git a/tests/tools/analyse.sh b/tests/tools/analyse.sh
index 74fdff0..478aee4 100755
--- a/tests/tools/analyse.sh
+++ b/tests/tools/analyse.sh
@@ -7,7 +7,7 @@ function main
 
     banner
 
-    $PHPSTAN analyse --level 4 src
+    $PHPSTAN analyse --level max src
 }
 
 function get_phpstan_path()