Passwords: correct internal phpdoc types

orisai · Mar 7, 2023 · 5c35575 · 5c35575
1 parent 9bbec30
commit 5c35575
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 13 deletions.
diff --git a/src/Passwords/Argon2PasswordHasher.php b/src/Passwords/Argon2PasswordHasher.php
@@ -4,6 +4,7 @@
 
 use Orisai\Utils\Dependencies\Dependencies;
 use Orisai\Utils\Dependencies\Exception\ExtensionRequired;
+use function assert;
 use function password_hash;
 use function password_needs_rehash;
 use function password_verify;
@@ -13,10 +14,13 @@
 final class Argon2PasswordHasher implements PasswordHasher
 {
 
+	/** @var int<1, max> */
 	private int $timeCost;
 
+	/** @var int<8, max> */
 	private int $memoryCost;
 
+	/** @var int<1, max> */
 	private int $threads;
 
 	/**
@@ -40,7 +44,11 @@ public function __construct(?int $timeCost = null, ?int $memoryCost = null, ?int
 
 	public function hash(string $raw): string
 	{
-		return password_hash($raw, PASSWORD_ARGON2ID, $this->getOptions());
+		$hash = password_hash($raw, PASSWORD_ARGON2ID, $this->getOptions());
+		assert($hash !== false); // Since php 7.4 password_hash cannot return false
+		assert($hash !== null); // All failing conditions are handled
+
+		return $hash;
 	}
 
 	public function needsRehash(string $hashed): bool
@@ -72,14 +80,14 @@ private function isArgonHashed(string $hashed): bool
 	}
 
 	/**
-	 * @return array<string, mixed>
+	 * @return array{time_cost: int<1, max>, memory_cost: int<8, max>, threads: int<1, max>}
 	 */
 	private function getOptions(): array
 	{
 		/** @infection-ignore-all */
 		return [
-			'memory_cost' => $this->memoryCost,
 			'time_cost' => $this->timeCost,
+			'memory_cost' => $this->memoryCost,
 			'threads' => $this->threads,
 		];
 	}

diff --git a/src/Passwords/BcryptPasswordHasher.php b/src/Passwords/BcryptPasswordHasher.php
@@ -2,6 +2,7 @@
 
 namespace Orisai\Auth\Passwords;
 
+use function assert;
 use function password_hash;
 use function password_needs_rehash;
 use function password_verify;
@@ -24,7 +25,11 @@ public function __construct(int $cost = 13)
 
 	public function hash(string $raw): string
 	{
-		return password_hash($raw, PASSWORD_BCRYPT, $this->getOptions());
+		$hash = password_hash($raw, PASSWORD_BCRYPT, $this->getOptions());
+		assert($hash !== false); // Since php 7.4 password_hash cannot return false
+		assert($hash !== null); // All failing conditions are handled
+
+		return $hash;
 	}
 
 	public function needsRehash(string $hashed): bool
@@ -46,7 +51,7 @@ public function isValid(string $raw, string $hashed): bool
 	}
 
 	/**
-	 * @return array<mixed>
+	 * @return array{cost: int<4, 31>}
 	 */
 	private function getOptions(): array
 	{

diff --git a/tools/phpstan.neon b/tools/phpstan.neon
@@ -21,14 +21,6 @@ parameters:
 			- Orisai\Exceptions\Check\CheckedException
 
 	ignoreErrors:
-		# Since php 7.4 password_hash cannot return false
-		# https://github.com/php/php-src/blob/901417f0ae02afc8bef904818edaf2b2db8f6b58/ext/standard/password.c#L655
-		-
-			message: '#^Method (.+)PasswordHasher\:\:hash\(\) should return string but returns string\|false\.$#'
-			paths:
-				- ../src/Passwords/Argon2PasswordHasher.php
-				- ../src/Passwords/BcryptPasswordHasher.php
-
 		# Should not be possible to get incorrect instance via firewall api
 		-
 			message: '#^Method (.+)BaseFirewall\:\:getIdentity\(\) should return I of (.+)Identity but returns (.+)Identity\.$#'