drop support for NC 30 and 31; add support for upcoming NC 34

.github/workflows/integration.yml

@@ -43,25 +43,25 @@ jobs:
       matrix:
         php-versions: [ "8.1", "8.2", "8.3", "8.4" ]
         databases: [ "mysql" ]
-        server-versions: [ "stable30", "stable31", "stable32", "stable33", "master" ]
+        server-versions: [ "stable32", "stable33", "master" ]
         exclude:
           - server-versions: "master"
             php-versions: "8.1"
             databases: "mysql"
           - server-versions: "stable33"
             php-versions: "8.1"
             databases: "mysql"
-          - server-versions: "stable30"
+          - server-versions: "stable33"
             php-versions: "8.2"
             databases: "mysql"
-          - server-versions: "stable30"
-            php-versions: "8.4"
+          - server-versions: "stable33"
+            php-versions: "8.3"
             databases: "mysql"
         include:
-          - server-versions: "stable30"
+          - server-versions: "stable32"
             php-versions: "8.3"
             databases: "sqlite"
-          - server-versions: "stable30"
+          - server-versions: "stable32"
             php-versions: "8.3"
             databases: "pgsql"
           - server-versions: "master"

appinfo/info.xml

@@ -20,7 +20,7 @@ The following providers are supported and tested at the moment:
 	* Any other provider that authenticates using the environment variable
 
 While theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.]]></description>
-	<version>7.1.3</version>
+	<version>8.0.0-dev.0</version>
 	<licence>agpl</licence>
 	<author>Lukas Reschke</author>
 	<namespace>User_SAML</namespace>
@@ -37,7 +37,7 @@ While theoretically any other authentication provider implementing either one of
 	<screenshot>https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/1.png</screenshot>
 	<screenshot>https://raw.githubusercontent.com/nextcloud/user_saml/master/screenshots/2.png</screenshot>
 	<dependencies>
-		<nextcloud min-version="30" max-version="33" />
+		<nextcloud min-version="32" max-version="34" />
 	</dependencies>
 	<background-jobs>
 		<job>OCA\User_SAML\Jobs\CleanSessionData</job>

lib/Command/UserAdd.php

@@ -20,7 +20,7 @@ class UserAdd extends Base {
 	public function __construct(
 		protected IUserManager $userManager,
 		protected UserBackend $backend,
-		private LoggerInterface $logger,
+		private readonly LoggerInterface $logger,
 	) {
 		parent::__construct();
 	}

lib/Controller/SAMLController.php

@@ -126,14 +126,14 @@ protected function assertGroupMemberships(): void {
 		$settings = $this->samlSettings->get($this->session->get('user_saml.Idp') ?? 1);
 
 		$rejectGroupsString = $settings['saml-user-filter-reject_groups'] ?? '';
-		$rejectGroups = array_map('trim', explode(',', $rejectGroupsString));
+		$rejectGroups = array_map(trim(...), explode(',', $rejectGroupsString));
 
 		if (!empty(array_intersect($groups, $rejectGroups))) {
 			throw new UserFilterViolationException('User is member of a rejection group.');
 		}
 
 		$requireGroupsString = trim($settings['saml-user-filter-require_groups'] ?? '');
-		$requireGroups = array_map('trim', explode(',', $requireGroupsString));
+		$requireGroups = array_map(trim(...), explode(',', $requireGroupsString));
 		if (!empty($requireGroupsString) && empty(array_intersect($groups, $requireGroups))) {
 			throw new UserFilterViolationException('User is not member of a required group.');
 		}
@@ -159,7 +159,7 @@ public function login(int $idp = 1): Http\RedirectResponse|Http\TemplateResponse
 				$settings = $this->samlSettings->getOneLoginSettingsArray($idp);
 				$auth = new Auth($settings);
 				$passthroughParamsString = trim($settings['idp']['passthroughParameters'] ?? '') ;
-				$passthroughParams = array_map('trim', explode(',', $passthroughParamsString));
+				$passthroughParams = array_map(trim(...), explode(',', $passthroughParamsString));
 
 				$passthroughValues = [];
 				foreach ($passthroughParams as $passthroughParam) {

lib/Controller/SettingsController.php

@@ -61,12 +61,12 @@ public function getSamlProviderSettings(int $providerId): array {
 			}
 			foreach ($content as $setting => $details) {
 				/* use security as category instead of security-* */
-				if (str_starts_with($category, 'security-')) {
+				if (str_starts_with((string)$category, 'security-')) {
 					$category = 'security';
 				}
 				// make sure we properly fetch the attribute mapping
 				// as this is the only category that has the saml- prefix on config keys
-				if (str_starts_with($category, 'attribute-mapping')) {
+				if (str_starts_with((string)$category, 'attribute-mapping')) {
 					$category = 'attribute-mapping';
 					$key = 'saml-attribute-mapping' . '-' . $setting;
 				} elseif ($category === 'name-id-formats') {

lib/Db/SessionData.php

@@ -35,7 +35,7 @@ public function setData(SessionDataModel $input): void {
 	}
 
 	public function getData(): SessionDataModel {
-		$deserialized = json_decode($this->data, true);
+		$deserialized = json_decode((string)$this->data, true);
 		return SessionDataModel::fromInputArray($deserialized);
 	}
 }

lib/Jobs/MigrateGroups.php

@@ -58,7 +58,7 @@ protected function run($argument) {
 	}
 
 	protected function migrateGroups(array $toMigrate): array {
-		return array_filter($toMigrate, fn ($gid) => $this->migrateGroup($gid));
+		return array_filter($toMigrate, $this->migrateGroup(...));
 	}
 
 	protected function migrateGroup(string $gid): bool {

lib/Migration/Version5000Date20211025124248.php

@@ -223,7 +223,7 @@ protected function fetchPrefixes(): array {
 		if ($prefixes === false) {
 			return [1]; // 1 is the default value for providerIds
 		}
-		return array_map('intval', explode(',', (string)$prefixes));
+		return array_map(intval(...), explode(',', (string)$prefixes));
 	}
 
 	protected function deletePrefixes(): void {

lib/SAMLSettings.php

@@ -197,9 +197,7 @@ public function get(int $id): array {
 	 * @throws InvalidArgumentException
 	 */
 	public function set(int $id, array $settings): void {
-		$settings = array_filter($settings, static function (string $configKey): bool {
-			return in_array($configKey, self::IDP_CONFIG_KEYS, true);
-		}, ARRAY_FILTER_USE_KEY);
+		$settings = array_filter($settings, static fn (string $configKey): bool => in_array($configKey, self::IDP_CONFIG_KEYS, true), ARRAY_FILTER_USE_KEY);
 
 		$this->mapper->set($id, $settings);
 	}

lib/Service/SessionService.php

@@ -47,7 +47,7 @@ public function restoreSession(string $oldSessionId): void {
 			$this->storeSessionDataInDatabase();
 			$this->logger->debug('SAML session successfully restored');
 			// we do not delete the old session automatically to avoid race conditions
-		} catch (DoesNotExistException|MultipleObjectsReturnedException|Exception $e) {
+		} catch (DoesNotExistException|MultipleObjectsReturnedException|Exception) {
 			return;
 		}
 	}

lib/UserData.php

@@ -67,7 +67,7 @@ public function getGroups(): array {
 
 		return is_array($this->attributes[$mapping])
 			? $this->attributes[$mapping]
-			: array_map('trim', explode(',', (string)$this->attributes[$mapping]));
+			: array_map(trim(...), explode(',', (string)$this->attributes[$mapping]));
 	}
 
 	protected function extractSamlUserId(): string {

lib/UserResolver.php

@@ -119,9 +119,9 @@ protected function sanitizeUserIdCandidate(string $rawUidCandidate): ?string {
 		// Remove accents
 		$sanitized = preg_replace('#&([A-Za-z])(?:acute|cedil|caron|circ|grave|orn|ring|slash|th|tilde|uml);#', '\1', $sanitized);
 		// Remove ligatures
-		$sanitized = preg_replace('#&([A-Za-z]{2})(?:lig);#', '\1', $sanitized);
+		$sanitized = preg_replace('#&([A-Za-z]{2})(?:lig);#', '\1', (string)$sanitized);
 		// Remove unknown leftover entities
-		$sanitized = preg_replace('#&[^;]+;#', '', $sanitized);
+		$sanitized = preg_replace('#&[^;]+;#', '', (string)$sanitized);
 
 		// Replacements
 		$sanitized = str_replace(' ', '_', $sanitized);

tests/integration/features/bootstrap/FeatureContext.php

@@ -423,7 +423,7 @@ public function theUserValueShouldBe(string $key, string $value): void {
 		if (is_array($actualValue)) {
 			// transform array to string, ensuring values are in the same order
 			$value = explode(',', $value);
-			$value = array_map('trim', $value);
+			$value = array_map(trim(...), $value);
 			sort($value);
 			$value = implode(',', $value);
 
@@ -469,8 +469,8 @@ public function theGroupHasExactlyTheMembers(string $group, string $memberList):
 			throw new UnexpectedValueException(sprintf('Expected 200 status code but got %d', $responseArray['meta']['statusCode']));
 		}
 
-		$expectedMembers = array_map('trim', explode(',', $memberList));
-		$actualMembers = array_map('trim', $responseArray['data']['users']);
+		$expectedMembers = array_map(trim(...), explode(',', $memberList));
+		$actualMembers = array_map(trim(...), $responseArray['data']['users']);
 
 		sort($expectedMembers);
 		sort($actualMembers);
@@ -563,7 +563,7 @@ public function theUserIsPartOfTheseGroups(string $userId, string $groups) {
 		);
 
 		$groupsActual = json_decode(trim($response), true)['groups'];
-		$groupsExpected = array_map('trim', explode(',', $groups));
+		$groupsExpected = array_map(trim(...), explode(',', $groups));
 
 		foreach ($groupsExpected as $expectedGroup) {
 			if (!in_array($expectedGroup, $groupsActual)) {

vendor-bin/psalm/composer.json

@@ -1,6 +1,6 @@
 {
     "require-dev": {
-        "nextcloud/ocp": "dev-stable30",
+        "nextcloud/ocp": "dev-stable32",
         "vimeo/psalm": "^6.14",
         "sabre/dav": "4.7.0"
     },