search

WP-API / jwt-auth

Enable JSON Web Token authentication for the WordPress REST API.
GNU General Public License v2.0
104 stars 24 forks source link

Static analysis says #14

Open szepeviktor opened 5 years ago

szepeviktor commented 5 years ago

Hello! This is PHPStan config

# Start command: composer require --dev szepeviktor/phpstan-wordpress && vendor/bin/phpstan analyze

includes:
    - vendor/phpstan/phpstan/conf/bleedingEdge.neon
    - vendor/szepeviktor/phpstan-wordpress/extension.neon
parameters:
    level: max
    paths:
        - %currentWorkingDirectory%/wp-includes/
    autoload_directories:
        - %currentWorkingDirectory%/wp-includes/
        - %currentWorkingDirectory%/wp-admin/includes/
    ignoreErrors:
        # Uses func_get_args()
        - '#^Function apply_filters invoked with [34567] parameters, 2 required\.$#'
        - '#^Function current_user_can invoked with 2 parameters, 1 required\.$#'
szepeviktor commented 5 years ago

These are the findings

 ------ -----------------------------------------------------------------------------------------------------------------
  Line   php-jwt/JWT.php
 ------ -----------------------------------------------------------------------------------------------------------------
  81     Strict comparison using === between null and object will always evaluate to false.
  84     Strict comparison using === between null and object will always evaluate to false.
  87     Strict comparison using === between false and string will always evaluate to false.
  99     Instanceof between string and ArrayAccess will always evaluate to false.
  194    Method Firebase\JWT\JWT::sign() should return string but return statement is missing.
  196    Parameter #3 $key of function hash_hmac expects string, resource|string given.
  242    Parameter #3 $key of function hash_hmac expects string, resource|string given.
  282    Parameter #1 $json of function json_decode expects string, string|null given.
  310    Method Firebase\JWT\JWT::jsonEncode() should return string but returns string|false.
  327    Method Firebase\JWT\JWT::urlsafeB64Decode() should return string but returns string|false.
  372    PHPDoc tag @param has invalid value (string): Unexpected token "\n     *", expected TOKEN_VARIABLE at offset 88
 ------ -----------------------------------------------------------------------------------------------------------------

 ------ ----------------------------------------------------------------------------------------------
  Line   rest-api/auth/class-wp-rest-key-pair.php
 ------ ----------------------------------------------------------------------------------------------
  229    Constant JWT_AUTH_PLUGIN_URL not found.
  229    Constant JWT_AUTH_VERSION not found.
  230    Constant JWT_AUTH_PLUGIN_URL not found.
  230    Constant JWT_AUTH_VERSION not found.
  407    Access to an undefined property object::$data.
  428    Access to an undefined property object::$data.
  521    Parameter #1 $json of function json_decode expects string, string|false given.
  587    Method WP_REST_Key_Pair::delete_all_key_pairs() should return bool|WP_Error but returns int.
  590    Method WP_REST_Key_Pair::delete_all_key_pairs() should return bool|WP_Error but returns int.
  630    Method WP_REST_Key_Pair::set_user_key_pairs() should return bool but returns bool|int.
 ------ ----------------------------------------------------------------------------------------------

 ------ --------------------------------------------------------------------------------------------------
  Line   rest-api/auth/class-wp-rest-token.php
 ------ --------------------------------------------------------------------------------------------------
  248    Access to an undefined property object::$data.
  249    Access to an undefined property object::$data.
  284    Access to an undefined property object::$data.
  355    Access to an undefined property object::$api_key.
  379    Parameter #1 $haystack of function strpos expects string, string|false given.
  379    Parameter #1 $haystack of function strpos expects string, string|false given.
  395    Parameter #1 $haystack of function strpos expects string, string|false given.
  504    Access to an undefined property object::$data.
  659    Access to an undefined property object::$iss.
  683    Access to an undefined property object::$exp.
  687    Access to an undefined property object::$data.
  721    Access to an undefined property object::$iss.
  840    Access to an undefined property object::$data.
  850    Access to an undefined property object::$type.
  864    Access to an undefined property object::$user_login.
  874    Access to an undefined property object::$user_email.
  937    Parameter #1 $function of function call_user_func_array expects callable(): mixed, string given.
 ------ --------------------------------------------------------------------------------------------------

What do you think?