Address level 5 PHPStan issues

Three warnings have been ignored. They are regarding a hidden use of
three RegistraoinAuthority fields. Static analysis does not evaluate
that they are written when persisted to db storage

The rest of the fixes are mainly removal of unused code fragments. Or
removal of redundant sections of logical expressions.

src/Surfnet/Stepup/DateTime/DateTime.php

@@ -22,6 +22,7 @@
 use DateTime as CoreDateTime;
 use Stringable;
 use Surfnet\Stepup\Exception\InvalidArgumentException;
+use TypeError;
 
 /**
  * @SuppressWarnings(PHPMD.TooManyMethods)
@@ -37,14 +38,15 @@ class DateTime implements Stringable
 
     /**
      * Allows for mocking of time.
-     *
+     * @see DateTimeHelper::setCurrentTime here you can see how now can be overridden using reflection
      * @var self|null
      */
-    private static ?DateTime $now;
+    private static ?DateTime $now; // @phpstan-ignore-line PHPStan can not see that the DateTimeHelper is able to set the now value using reflection
 
     private readonly CoreDateTime $dateTime;
 
     /**
+     * @see DateTimeHelper::setCurrentTime here you can see how now can be overridden using reflection
      * @return self
      */
     public static function now(): DateTime
@@ -118,34 +120,17 @@ public function comesBeforeOrIsEqual(DateTime $dateTime): bool
 
     public function comesAfter(DateTime $dateTime): bool
     {
-        $end = $this->dateTime->getTimestamp();
-        $start = $dateTime->dateTime->getTimestamp();
-        return $end > $start;
+        return $this->dateTime > $dateTime->dateTime;
     }
 
     public function comesAfterOrIsEqual(DateTime $dateTime): bool
     {
         return $this->dateTime >= $dateTime->dateTime;
     }
 
-    /**
-     * @param $format
-     * @return string
-     */
-    public function format($format): string
+    public function format(string $format): string
     {
-        $formatted = $this->dateTime->format($format);
-
-        if ($formatted === false) {
-            throw new InvalidArgumentException(
-                sprintf(
-                    'Given format "%s" is not a valid format for DateTime',
-                    $format,
-                ),
-            );
-        }
-
-        return $formatted;
+        return $this->dateTime->format($format);
     }
 
     /**

src/Surfnet/Stepup/Identity/AuditLog/Metadata.php

@@ -39,36 +39,20 @@ final class Metadata
      */
     public Institution $identityInstitution;
 
-    /**
-     * @var Institution
-     */
-    public Institution $raInstitution;
+    public ?Institution $raInstitution;
 
-    /**
-     * @var SecondFactorId|null
-     */
     public ?SecondFactorId $secondFactorId;
 
-    /**
-     * @var SecondFactorType|null
-     */
     public ?SecondFactorType $secondFactorType;
 
     /**
      * @var SecondFactorIdentifier|null
      */
     public ?SecondFactorIdentifier $secondFactorIdentifier;
 
-    /** @var VettingType */
-    public VettingType $vettingType;
+    public ?VettingType $vettingType;
 
-    /**
-     * @var RecoveryTokenId
-     */
-    public RecoveryTokenId $recoveryTokenId;
+    public ?RecoveryTokenId $recoveryTokenId;
 
-    /**
-     * @var RecoveryTokenType
-     */
-    public RecoveryTokenType $recoveryTokenType;
+    public ?RecoveryTokenType $recoveryTokenType;
 }

src/Surfnet/Stepup/Identity/Entity/RegistrationAuthority.php

@@ -31,11 +31,11 @@ final class RegistrationAuthority extends SimpleEventSourcedEntity
 {
     private ?RegistrationAuthorityRole $role = null;
 
-    private ?Location $location = null;
+    private ?Location $location = null; // @phpstan-ignore-line PHPStan can not see that this field is written when serialized to the database
 
-    private ?ContactInformation $contactInformation = null;
+    private ?ContactInformation $contactInformation = null; // @phpstan-ignore-line PHPStan can not see that this field is written when serialized to the database
 
-    private ?Institution $institution = null;
+    private ?Institution $institution = null; // @phpstan-ignore-line PHPStan can not see that this field is written when serialized to the database
 
     public static function accreditWith(
         RegistrationAuthorityRole $role,

src/Surfnet/Stepup/Identity/Event/SecondFactorVettedEvent.php

@@ -88,8 +88,7 @@ class SecondFactorVettedEvent extends IdentityEvent implements Forgettable, Righ
      */
     public Locale $preferredLocale;
 
-    /** @var VettingType */
-    public VettingType $vettingType;
+    public ?VettingType $vettingType;
 
     /**
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)

src/Surfnet/Stepup/Identity/Event/SecondFactorVettedWithoutTokenProofOfPossession.php

@@ -96,8 +96,7 @@ class SecondFactorVettedWithoutTokenProofOfPossession extends IdentityEvent impl
      */
     public Locale $preferredLocale;
 
-    /** @var VettingType */
-    public VettingType $vettingType;
+    public ?VettingType $vettingType;
 
     /**
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)

src/Surfnet/Stepup/Identity/Identity.php

@@ -821,19 +821,21 @@ public function complyWithSecondFactorRevocation(SecondFactorId $secondFactorId,
     public function revokeRecoveryToken(RecoveryTokenId $recoveryTokenId): void
     {
         $this->assertNotForgotten();
-        $recoveryToken = $this->recoveryTokens->get($recoveryTokenId);
-        if (!$recoveryToken) {
-            throw new DomainException('Cannot revoke recovery token: no token with given id exists.');
+        try {
+            $recoveryToken = $this->recoveryTokens->get($recoveryTokenId);
+        } catch (DomainException $e) {
+            throw new DomainException('Cannot revoke recovery token: no token with given id exists.', 0, $e);
         }
         $recoveryToken->revoke();
     }
 
     public function complyWithRecoveryTokenRevocation(RecoveryTokenId $recoveryTokenId, IdentityId $authorityId): void
     {
         $this->assertNotForgotten();
-        $recoveryToken = $this->recoveryTokens->get($recoveryTokenId);
-        if (!$recoveryToken) {
-            throw new DomainException('Cannot revoke recovery token: no token with given id exists.');
+        try {
+            $recoveryToken = $this->recoveryTokens->get($recoveryTokenId);
+        } catch (DomainException $e) {
+            throw new DomainException('Cannot revoke recovery token: no token with given id exists.', 0, $e);
         }
         $recoveryToken->complyWithRevocation($authorityId);
     }

src/Surfnet/StepupMiddleware/ApiBundle/Authorization/Service/AuthorizationService.php

@@ -96,7 +96,7 @@ public function assertRegistrationOfSelfAssertedTokensIsAllowed(IdentityId $iden
         }
         // The Identity is not allowed to do a SAT when he had a RT, but lost it. And also currently has no SF
         $hasActiveRecoveryToken = $this->recoveryTokenService->identityHasActiveRecoveryToken($identity);
-        if ($options->possessedSelfAssertedToken && !$hasActiveRecoveryToken && !$hasVettedSecondFactorToken) {
+        if ($options->possessedSelfAssertedToken && !$hasActiveRecoveryToken) {
             return $this->deny('Identity lost both Recovery and Second Factor token, SAT is not allowed');
         }
 

src/Surfnet/StepupMiddleware/ApiBundle/Configuration/Projector/InstitutionAuthorizationProjector.php

@@ -34,7 +34,6 @@ final class InstitutionAuthorizationProjector extends Projector
 {
     public function __construct(
         private readonly InstitutionAuthorizationRepository $institutionAuthorizationRepository,
-        private readonly InstitutionConfigurationOptionsRepository $institutionConfigurationOptionsRepository,
     ) {
     }
 

src/Surfnet/StepupMiddleware/ApiBundle/Configuration/Projector/RaLocationProjector.php

@@ -88,10 +88,7 @@ public function applyInstitutionConfigurationRemovedEvent(InstitutionConfigurati
         $this->repository->removeRaLocationsFor($event->institution);
     }
 
-    /**
-     * @return RaLocation
-     */
-    private function fetchRaLocationById(RaLocationId $raLocationId)
+    private function fetchRaLocationById(RaLocationId $raLocationId): RaLocation
     {
         $raLocation = $this->repository->findByRaLocationId($raLocationId);
 
@@ -101,12 +98,6 @@ private function fetchRaLocationById(RaLocationId $raLocationId)
             );
         }
 
-        if (!$raLocation instanceof RaLocation) {
-            throw new RuntimeException(
-                'Tried to update an RA Locations contact information, but location is of the wrong type',
-            );
-        }
-
         return $raLocation;
     }
 }

src/Surfnet/StepupMiddleware/ApiBundle/Configuration/Repository/RaLocationRepository.php

@@ -55,10 +55,7 @@ public function search(RaLocationQuery $query)
             ->getResult();
     }
 
-    /**
-     * @return RaLocation[]
-     */
-    public function findByRaLocationId(RaLocationId $raLocationId)
+    public function findByRaLocationId(RaLocationId $raLocationId): ?RaLocation
     {
         return $this->createQueryBuilder('rl')
             ->where('rl.id = :id')
@@ -84,7 +81,7 @@ public function remove(RaLocation $raLocation): void
     /**
      * @return RaLocation[]
      */
-    public function findByInstitution(Institution $institution)
+    public function findByInstitution(Institution $institution): array
     {
         return $this->createQueryBuilder('rl')
             ->where('rl.institution = :institution')

src/Surfnet/StepupMiddleware/ApiBundle/Configuration/Service/AllowedSecondFactorListService.php

@@ -22,13 +22,11 @@
 use Surfnet\Stepup\Configuration\Value\Institution;
 use Surfnet\StepupMiddleware\ApiBundle\Configuration\Entity\AllowedSecondFactor;
 use Surfnet\StepupMiddleware\ApiBundle\Configuration\Repository\AllowedSecondFactorRepository;
-use Surfnet\StepupMiddleware\ApiBundle\Configuration\Repository\ConfiguredInstitutionRepository;
 
 class AllowedSecondFactorListService
 {
     public function __construct(
         private readonly AllowedSecondFactorRepository $allowedSecondFactorRepository,
-        private readonly ConfiguredInstitutionRepository $configuredInstitutionRepository,
     ) {
     }
 

src/Surfnet/StepupMiddleware/ApiBundle/Configuration/Service/RaLocationService.php

@@ -33,15 +33,12 @@ public function __construct(private readonly RaLocationRepository $repository)
     /**
      * @return null|RaLocation[]
      */
-    public function search(RaLocationQuery $query)
+    public function search(RaLocationQuery $query): ?array
     {
         return $this->repository->search($query);
     }
 
-    /**
-     * @return RaLocation[]
-     */
-    public function findByRaLocationId(RaLocationId $raLocationId)
+    public function findByRaLocationId(RaLocationId $raLocationId): ?RaLocation
     {
         return $this->repository->findByRaLocationId($raLocationId);
     }
@@ -50,7 +47,7 @@ public function findByRaLocationId(RaLocationId $raLocationId)
     /**
      * @return RaLocation[]
      */
-    public function listRaLocationsFor(Institution $institution)
+    public function listRaLocationsFor(Institution $institution): ?array
     {
         return $this->repository->findByInstitution($institution);
     }

src/Surfnet/StepupMiddleware/ApiBundle/Controller/IdentityController.php

@@ -18,9 +18,7 @@
 
 namespace Surfnet\StepupMiddleware\ApiBundle\Controller;
 
-use Surfnet\Stepup\Configuration\Value\InstitutionRole;
 use Surfnet\Stepup\Identity\Value\Institution;
-use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionRoleSet;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Entity\Identity;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Query\IdentityQuery;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\IdentityService;
@@ -33,14 +31,9 @@
 
 class IdentityController extends AbstractController
 {
-    private readonly InstitutionRoleSet $roleRequirements;
-
     public function __construct(
-        private IdentityService $identityService,
+        private readonly IdentityService $identityService,
     ) {
-        $this->roleRequirements = new InstitutionRoleSet(
-            [new InstitutionRole(InstitutionRole::ROLE_USE_RA), new InstitutionRole(InstitutionRole::ROLE_USE_RAA)],
-        );
     }
 
     public function get($id): JsonResponse

src/Surfnet/StepupMiddleware/ApiBundle/Identity/Entity/VettedSecondFactor.php

@@ -29,49 +29,30 @@
 #[ORM\Entity(repositoryClass: VettedSecondFactorRepository::class)]
 class VettedSecondFactor implements JsonSerializable
 {
-    /**
-     * @var string
-     */
     #[ORM\Id]
     #[ORM\Column(length: 36)]
     public string $id;
 
-    /**
-     * @var string
-     */
     #[ORM\Column(length: 36)]
     public string $identityId;
 
-    /**
-     * @var string
-     */
     #[ORM\Column(length: 16)]
     public string $type;
 
-    /**
-     * The second factor identifier, ie. telephone number, Yubikey public ID, Tiqr ID
-     * @var string
-     */
     #[ORM\Column(length: 255)]
     public string $secondFactorIdentifier;
 
-    /**
-     * @var string
-     */
     #[ORM\Column(length: 255, nullable: true)]
-    public string $vettingType;
+    public ?string $vettingType;
 
-    /**
-     * @return bool
-     */
     public function isEqual(VettedSecondFactor $vettedSecondFactor): bool
     {
         return $vettedSecondFactor->type == $this->type && $vettedSecondFactor->secondFactorIdentifier == $this->secondFactorIdentifier;
     }
 
     public function vettingType(): string
     {
-        if (is_null($this->vettingType)) {
+        if (!$this->vettingType) {
             return VettingType::TYPE_ON_PREMISE;
         }
         return $this->vettingType;

src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/AuditLogProjector.php

@@ -31,6 +31,7 @@
 use Surfnet\Stepup\Identity\Value\CommonName;
 use Surfnet\Stepup\Identity\Value\RecoveryTokenIdentifierFactory;
 use Surfnet\Stepup\Identity\Value\RecoveryTokenType;
+use Surfnet\Stepup\Identity\Value\VettingType;
 use Surfnet\StepupMiddleware\ApiBundle\Exception\RuntimeException;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Entity\AuditLogEntry;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Entity\Identity;
@@ -160,7 +161,7 @@ private function applyIdentityForgottenEvent(IdentityForgottenEvent $event): voi
 
     private function augmentActorCommonName(AuditLogEntry $entry, Metadata $auditLogMetadata): void
     {
-        if (property_exists($auditLogMetadata, 'vettingType') && !is_null($auditLogMetadata->vettingType)) {
+        if (property_exists($auditLogMetadata, 'vettingType') && $auditLogMetadata->vettingType instanceof VettingType) {
             $entry->actorCommonName = new CommonName(
                 $entry->actorCommonName->getCommonName() . $auditLogMetadata->vettingType->auditLog()
             );