Remove unnecessary denormalizer exception checks and deprecated funct… (

#577) * Remove unnecessary denormalizer exception checks and deprecated functions This commit removes unnecessary checks for denormalizer nullity and throws subsequent exceptions. The checks were removed in various Denormalizer files, resulting in a cleaner codebase. * Update phpstan-baseline.neon file The phpstan-baseline.neon file has been updated to reflect recent changes. Messages that referenced a strict comparison between a DenormalizerInterface and null have been removed as these were always evaluating to false. Additionally, a new message has been added in the path of FidoAllianceCompliantMetadataService. * Refactor AuthenticationExtensionsDenormalizer and update type hints This commit refactors the 'denormalize' method in the AuthenticationExtensionsDenormalizer class, ensuring that all data passed to the method is an array by using a new assert statement. Changes have also been made to the AuthenticationExtensions class, updating type hints arrays. These improvements in type validation have led to the removal of certain error messages from the phpstan-baseline.neon file.
web-auth · Mar 22, 2024 · b001705 · b001705
1 parent 174df5a
commit b001705
Show file tree

Hide file tree

Showing 15 changed files with 13 additions and 133 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -136,6 +136,11 @@ parameters:
 			count: 1
 			path: src/metadata-service/src/Service/FidoAllianceCompliantMetadataService.php
 
+		-
+			message: "#^Parameter &\\$rootCertificates by\\-ref type of method Webauthn\\\\MetadataService\\\\Service\\\\FidoAllianceCompliantMetadataService\\:\\:getJwsPayload\\(\\) expects array\\<string\\>, array given\\.$#"
+			count: 1
+			path: src/metadata-service/src/Service/FidoAllianceCompliantMetadataService.php
+
 		-
 			message: """
 				#^Call to deprecated method createFromString\\(\\) of class Webauthn\\\\MetadataService\\\\Statement\\\\MetadataStatement\\:
@@ -2326,11 +2331,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/AttestationObjectDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AttestationObjectDenormalizer.php
-
 		-
 			message: "#^Cannot access offset 'fmt' on mixed\\.$#"
 			count: 1
@@ -2356,16 +2356,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/AttestationStatementDenormalizer.php
 
-		-
-			message: "#^Argument of an invalid type mixed supplied for foreach, only iterables are supported\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php
-
-		-
-			message: "#^Cannot access offset string on mixed\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php
-
 		-
 			message: """
 				#^Fetching class constant class of deprecated class Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtensionsClientInputs\\:
@@ -2392,16 +2382,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php
 
-		-
-			message: "#^Parameter \\#1 \\$extensions of static method Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtensions\\:\\:create\\(\\) expects array\\<int\\|string, Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtension\\>, mixed given\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php
-
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php
-
 		-
 			message: "#^Cannot access offset 'attestationObject' on mixed\\.$#"
 			count: 1
@@ -2472,11 +2452,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/AuthenticatorAssertionResponseDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticatorAssertionResponseDenormalizer.php
-
 		-
 			message: "#^Cannot access offset 'attestationObject' on mixed\\.$#"
 			count: 2
@@ -2527,11 +2502,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/AuthenticatorAttestationResponseDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticatorAttestationResponseDenormalizer.php
-
 		-
 			message: "#^Cannot access offset 1 on array\\|false\\.$#"
 			count: 2
@@ -2577,11 +2547,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/AuthenticatorDataDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticatorDataDenormalizer.php
-
 		-
 			message: "#^Method Webauthn\\\\Denormalizer\\\\AuthenticatorResponseDenormalizer\\:\\:denormalize\\(\\) has parameter \\$context with no value type specified in iterable type array\\.$#"
 			count: 1
@@ -2597,11 +2562,6 @@ parameters:
 			count: 2
 			path: src/webauthn/src/Denormalizer/AuthenticatorResponseDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/AuthenticatorResponseDenormalizer.php
-
 		-
 			message: "#^Method Webauthn\\\\Denormalizer\\\\CollectedClientDataDenormalizer\\:\\:denormalize\\(\\) has parameter \\$context with no value type specified in iterable type array\\.$#"
 			count: 1
@@ -2627,11 +2587,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/CollectedClientDataDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/CollectedClientDataDenormalizer.php
-
 		-
 			message: "#^Method Webauthn\\\\Denormalizer\\\\PublicKeyCredentialDenormalizer\\:\\:denormalize\\(\\) has parameter \\$context with no value type specified in iterable type array\\.$#"
 			count: 1
@@ -2652,11 +2607,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/PublicKeyCredentialDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/PublicKeyCredentialDenormalizer.php
-
 		-
 			message: "#^Argument of an invalid type mixed supplied for foreach, only iterables are supported\\.$#"
 			count: 1
@@ -2832,11 +2782,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/PublicKeyCredentialOptionsDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/PublicKeyCredentialOptionsDenormalizer.php
-
 		-
 			message: "#^Method Webauthn\\\\Denormalizer\\\\PublicKeyCredentialParametersDenormalizer\\:\\:denormalize\\(\\) has parameter \\$context with no value type specified in iterable type array\\.$#"
 			count: 1
@@ -3002,11 +2947,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/PublicKeyCredentialSourceDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/PublicKeyCredentialSourceDenormalizer.php
-
 		-
 			message: "#^Method Webauthn\\\\Denormalizer\\\\PublicKeyCredentialUserEntityDenormalizer\\:\\:denormalize\\(\\) has parameter \\$context with no value type specified in iterable type array\\.$#"
 			count: 1
@@ -3022,11 +2962,6 @@ parameters:
 			count: 1
 			path: src/webauthn/src/Denormalizer/PublicKeyCredentialUserEntityDenormalizer.php
 
-		-
-			message: "#^Strict comparison using \\=\\=\\= between Symfony\\\\Component\\\\Serializer\\\\Normalizer\\\\DenormalizerInterface and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/webauthn/src/Denormalizer/PublicKeyCredentialUserEntityDenormalizer.php
-
 		-
 			message: "#^Cannot access offset 'type' on mixed\\.$#"
 			count: 1
@@ -3114,7 +3049,7 @@ parameters:
 			path: src/webauthn/src/PublicKeyCredentialOptions.php
 
 		-
-			message: "#^Parameter \\#1 \\$extensions of static method Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtensions\\:\\:create\\(\\) expects array\\<int\\|string, Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtension\\>, array\\<int\\|string, mixed\\> given\\.$#"
+			message: "#^Parameter \\#1 \\$extensions of static method Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtensions\\:\\:create\\(\\) expects array\\<Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtension\\>, array\\<int\\|string, mixed\\> given\\.$#"
 			count: 1
 			path: src/webauthn/src/PublicKeyCredentialOptions.php
 

diff --git a/src/webauthn/src/AuthenticationExtensions/AuthenticationExtensions.php b/src/webauthn/src/AuthenticationExtensions/AuthenticationExtensions.php
@@ -29,7 +29,7 @@ class AuthenticationExtensions implements JsonSerializable, Countable, IteratorA
     public array $extensions;
 
     /**
-     * @param array<string|int, mixed|AuthenticationExtension> $extensions
+     * @param array<array-key, mixed|AuthenticationExtension> $extensions
      */
     public function __construct(array $extensions = [])
     {
@@ -50,7 +50,7 @@ public function __construct(array $extensions = [])
     }
 
     /**
-     * @param array<string|int, AuthenticationExtension> $extensions
+     * @param array<array-key, AuthenticationExtension> $extensions
      */
     public static function create(array $extensions = []): static
     {

diff --git a/src/webauthn/src/Denormalizer/AttestationObjectDenormalizer.php b/src/webauthn/src/Denormalizer/AttestationObjectDenormalizer.php
@@ -6,7 +6,6 @@
 
 use CBOR\Decoder;
 use CBOR\Normalizable;
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -22,9 +21,6 @@ final class AttestationObjectDenormalizer implements DenormalizerInterface, Deno
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
         $stream = new StringStream($data);
         $parsed = Decoder::create()->decode($stream);
 

diff --git a/src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php b/src/webauthn/src/Denormalizer/AuthenticationExtensionsDenormalizer.php
@@ -4,15 +4,16 @@
 
 namespace Webauthn\Denormalizer;
 
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
 use Webauthn\AuthenticationExtensions\AuthenticationExtension;
 use Webauthn\AuthenticationExtensions\AuthenticationExtensions;
 use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientInputs;
 use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientOutputs;
+use function assert;
 use function in_array;
+use function is_array;
 use function is_string;
 
 final class AuthenticationExtensionsDenormalizer implements DenormalizerInterface, DenormalizerAwareInterface
@@ -21,9 +22,10 @@ final class AuthenticationExtensionsDenormalizer implements DenormalizerInterfac
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
+        if ($data instanceof AuthenticationExtensions) {
+            return AuthenticationExtensions::create($data->extensions);
         }
+        assert(is_array($data), 'The data should be an array.');
         foreach ($data as $key => $value) {
             if (! is_string($key)) {
                 continue;

diff --git a/src/webauthn/src/Denormalizer/AuthenticatorAssertionResponseDenormalizer.php b/src/webauthn/src/Denormalizer/AuthenticatorAssertionResponseDenormalizer.php
@@ -5,7 +5,6 @@
 namespace Webauthn\Denormalizer;
 
 use ParagonIE\ConstantTime\Base64UrlSafe;
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -21,10 +20,6 @@ final class AuthenticatorAssertionResponseDenormalizer implements DenormalizerIn
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
-
         $data['authenticatorData'] = Base64::decode($data['authenticatorData']);
         $data['signature'] = Base64::decode($data['signature']);
         $data['clientDataJSON'] = Base64UrlSafe::decodeNoPadding($data['clientDataJSON']);

diff --git a/src/webauthn/src/Denormalizer/AuthenticatorAttestationResponseDenormalizer.php b/src/webauthn/src/Denormalizer/AuthenticatorAttestationResponseDenormalizer.php
@@ -5,7 +5,6 @@
 namespace Webauthn\Denormalizer;
 
 use ParagonIE\ConstantTime\Base64UrlSafe;
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -20,10 +19,6 @@ final class AuthenticatorAttestationResponseDenormalizer implements Denormalizer
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
-
         $data['clientDataJSON'] = Base64UrlSafe::decodeNoPadding($data['clientDataJSON']);
         $data['attestationObject'] = Base64::decode($data['attestationObject']);
 

diff --git a/src/webauthn/src/Denormalizer/AuthenticatorDataDenormalizer.php b/src/webauthn/src/Denormalizer/AuthenticatorDataDenormalizer.php
@@ -11,7 +11,6 @@
 use CBOR\NegativeIntegerObject;
 use CBOR\TextStringObject;
 use CBOR\UnsignedIntegerObject;
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -38,10 +37,6 @@ public function __construct()
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
-
         $authData = $this->fixIncorrectEdDSAKey($data);
         $authDataStream = new StringStream($authData);
         $rp_id_hash = $authDataStream->read(32);

diff --git a/src/webauthn/src/Denormalizer/AuthenticatorResponseDenormalizer.php b/src/webauthn/src/Denormalizer/AuthenticatorResponseDenormalizer.php
@@ -4,7 +4,6 @@
 
 namespace Webauthn\Denormalizer;
 
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -20,10 +19,6 @@ final class AuthenticatorResponseDenormalizer implements DenormalizerInterface,
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
-
         $realType = match (true) {
             array_key_exists('attestationObject', $data) && ! array_key_exists(
                 'signature',

diff --git a/src/webauthn/src/Denormalizer/CollectedClientDataDenormalizer.php b/src/webauthn/src/Denormalizer/CollectedClientDataDenormalizer.php
@@ -4,7 +4,6 @@
 
 namespace Webauthn\Denormalizer;
 
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -17,10 +16,6 @@ final class CollectedClientDataDenormalizer implements DenormalizerInterface, De
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
-
         return CollectedClientData::create($data, json_decode($data, true, flags: JSON_THROW_ON_ERROR));
     }
 

diff --git a/src/webauthn/src/Denormalizer/PublicKeyCredentialDenormalizer.php b/src/webauthn/src/Denormalizer/PublicKeyCredentialDenormalizer.php
@@ -5,7 +5,6 @@
 namespace Webauthn\Denormalizer;
 
 use ParagonIE\ConstantTime\Base64UrlSafe;
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -21,9 +20,6 @@ final class PublicKeyCredentialDenormalizer implements DenormalizerInterface, De
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
         if (! array_key_exists('id', $data)) {
             return $data;
         }

diff --git a/src/webauthn/src/Denormalizer/PublicKeyCredentialOptionsDenormalizer.php b/src/webauthn/src/Denormalizer/PublicKeyCredentialOptionsDenormalizer.php
@@ -26,9 +26,6 @@ final class PublicKeyCredentialOptionsDenormalizer implements DenormalizerInterf
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
         if (array_key_exists('challenge', $data)) {
             $data['challenge'] = Base64UrlSafe::decodeNoPadding($data['challenge']);
         }

diff --git a/src/webauthn/src/Denormalizer/PublicKeyCredentialSourceDenormalizer.php b/src/webauthn/src/Denormalizer/PublicKeyCredentialSourceDenormalizer.php
@@ -4,7 +4,6 @@
 
 namespace Webauthn\Denormalizer;
 
-use Symfony\Component\Serializer\Exception\BadMethodCallException;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
@@ -21,9 +20,6 @@ final class PublicKeyCredentialSourceDenormalizer implements DenormalizerInterfa
 
     public function denormalize(mixed $data, string $type, string $format = null, array $context = []): mixed
     {
-        if ($this->denormalizer === null) {
-            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
-        }
         $keys = ['publicKeyCredentialId', 'credentialPublicKey', 'userHandle'];
         foreach ($keys as $key) {
             array_key_exists($key, $data) || throw InvalidDataException::create($data, 'Missing ' . $key);