Add support for php8.4 and other improvements

.gitattributes

@@ -1,10 +1,10 @@
 * text=auto eol=lf
 
-/tests            export-ignore
-.editorconfig     export-ignore
-.gitattributes    export-ignore
-.gitignore        export-ignore
-.php_cs           export-ignore
-.travis.yml       export-ignore
-phpcs.xml.dist    export-ignore
-phpunit.xml.dist  export-ignore
+/tests               export-ignore
+.editorconfig        export-ignore
+.gitattributes       export-ignore
+.gitignore           export-ignore
+.php-cs-fixer.php    export-ignore
+phpcs.xml.dist       export-ignore
+phpunit.xml.dist     export-ignore
+.phpstan.neon        export-ignore

.github/workflows/main.yaml

@@ -1,10 +1,10 @@
 name: "testing"
 
 on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
+    push:
+        branches: [ master ]
+    pull_request:
+        branches: [ master ]
 
 jobs:
     qa:
@@ -13,19 +13,19 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
 
             - name: Validate composer.json and composer.lock
               run: composer validate
 
             - name: Cache Composer packages
               id: composer-cache
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
-                path: vendor
-                key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
-                restore-keys: |
-                  ${{ runner.os }}-php-
+                  path: vendor
+                  key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+                  restore-keys: |
+                      ${{ runner.os }}-php-
 
             - name: Install dependencies
               if: steps.composer-cache.outputs.cache-hit != 'true'
@@ -40,27 +40,27 @@ jobs:
 
         strategy:
             matrix:
-              php:
-                - 7.2
-                - 7.3
-                - 7.4
-                - 8.0
-                - 8.1
-                - 8.2
-                - 8.3
-            fail-fast: false
+                php:
+                    - 7.2
+                    - 7.3
+                    - 7.4
+                    - 8.0
+                    - 8.1
+                    - 8.2
+                    - 8.3
+                    - 8.4
 
         steps:
             - name: Checkout
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
 
             - name: Install PHP
               uses: shivammathur/setup-php@v2
               with:
                   php-version: ${{ matrix.php }}
 
             - name: Cache PHP dependencies
-              uses: actions/cache@v2
+              uses: actions/cache@v4
               with:
                   path: vendor
                   key: ${{ runner.os }}-php-${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
@@ -71,6 +71,3 @@ jobs:
 
             - name: Tests
               run: composer test
-
-            - name: Tests coverage
-              run: composer coverage

.gitignore

@@ -2,3 +2,5 @@ vendor
 composer.lock
 coverage
 *.cache
+.idea
+kit

.php-cs-fixer.php

@@ -0,0 +1,10 @@
+<?php
+
+return My\PhpCsFixerConfig::create()
+    ->setFinder(
+        PhpCsFixer\Finder::create()
+            ->files()
+            ->name('*.php')
+            ->in(__DIR__.'/src')
+            ->in(__DIR__.'/tests')
+    );

.phpstan.neon

@@ -0,0 +1,6 @@
+parameters:
+    level: 8
+    paths:
+        - src
+        - tests
+    treatPhpDocTypesAsCertain: false

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.2.0] - 2025-03-21
+### Added
+- Support for PHP 8.4
+
 ## [2.1.2] - 2024-01-12
 ### Fixed
 - Updated dependencies.
@@ -72,6 +76,7 @@ First version
 
 [#2]: https://github.com/middlewares/http-authentication/issues/2
 
+[2.2.0]: https://github.com/middlewares/http-authentication/compare/v2.1.2...v2.2.0
 [2.1.2]: https://github.com/middlewares/http-authentication/compare/v2.1.1...v2.1.2
 [2.1.1]: https://github.com/middlewares/http-authentication/compare/v2.1.0...v2.1.1
 [2.1.0]: https://github.com/middlewares/http-authentication/compare/v2.0.0...v2.1.0

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2019
+Copyright (c) 2019-2025
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

composer.json

@@ -19,16 +19,16 @@
     },
     "require": {
         "php": "^7.2 || ^8.0",
-        "middlewares/utils": "^3.0 || ^4.0",
-        "psr/http-server-middleware": "^1.0"
+        "middlewares/utils": "^2 || ^3 || ^4",
+        "psr/http-server-middleware": "^1"
     },
     "require-dev": {
         "phpunit/phpunit": "^8 || ^9",
-        "laminas/laminas-diactoros": "^2.2 || ^3.0",
-        "friendsofphp/php-cs-fixer": "^2.0",
-        "squizlabs/php_codesniffer": "^3.0",
-        "oscarotero/php-cs-fixer-config": "^1.0",
-        "phpstan/phpstan": "^0.12"
+        "laminas/laminas-diactoros": "^2 || ^3",
+        "friendsofphp/php-cs-fixer": "^3",
+        "squizlabs/php_codesniffer": "^3",
+        "oscarotero/php-cs-fixer-config": "^2",
+        "phpstan/phpstan": "^1 || ^2"
     },
     "autoload": {
         "psr-4": {
@@ -48,4 +48,4 @@
         "coverage": "phpunit --coverage-text",
         "coverage-html": "phpunit --coverage-html=coverage"
     }
-}
+}

phpcs.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<ruleset name="Middlewares coding standard">
+    <description>Middlewares coding standard</description>
+
+    <!-- display progress -->
+    <arg value="p"/>
+    <arg name="report" value="full"/>
+    <arg name="colors"/>
+
+    <!-- coding standard -->
+    <rule ref="PSR2"/>
+
+    <!-- Paths to check -->
+    <file>src</file>
+    <file>tests</file>
+</ruleset>

phpunit.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit bootstrap="vendor/autoload.php"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
+         backupGlobals="false"
+         backupStaticAttributes="false"
+         beStrictAboutOutputDuringTests="true"
+         beStrictAboutTestsThatDoNotTestAnything="true"
+         beStrictAboutTodoAnnotatedTests="true"
+         colors="true"
+         verbose="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         failOnWarning="true">
+    <testsuites>
+        <testsuite name="HttpAuthentication test suite">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+
+    <filter>
+        <whitelist addUncoveredFilesFromWhitelist="true" processUncoveredFilesFromWhitelist="true">
+            <directory>./src</directory>
+            <exclude>
+                <directory>./tests</directory>
+                <directory>./vendor</directory>
+            </exclude>
+        </whitelist>
+    </filter>
+</phpunit>

src/BasicAuthentication.php

@@ -10,6 +10,7 @@
 
 class BasicAuthentication extends HttpAuthentication implements MiddlewareInterface
 {
+    /** @var bool */
     private $verifyHash = false;
 
     /**
@@ -31,7 +32,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         return $handler->handle($request);
     }
 
-    public function verifyHash($verifyHash = true): self
+    public function verifyHash(bool $verifyHash = true): self
     {
         $this->verifyHash = $verifyHash;
 
@@ -50,8 +51,8 @@ private function login(ServerRequestInterface $request): ?string
             return null;
         }
 
-        //Check the user
-        if (!isset($this->users[$authorization['username']])) {
+        //Check the user and password
+        if (!isset($this->users[$authorization['username']]) || !isset($authorization['password'])) {
             return null;
         }
 
@@ -68,14 +69,22 @@ private function login(ServerRequestInterface $request): ?string
 
     /**
      * Parses the authorization header for a basic authentication.
+     *
+     * @return ?array<string, string>
      */
     private function parseHeader(string $header): ?array
     {
         if (strpos($header, 'Basic') !== 0) {
             return null;
         }
 
-        $header = base64_decode(substr($header, 6));
+        $userAndPassword = substr($header, 6);
+        if (!$userAndPassword) {
+            return null;
+        }
+
+        /** @var string|false $header */
+        $header = base64_decode($userAndPassword);
 
         if ($header === false) {
             return null;
@@ -85,7 +94,7 @@ private function parseHeader(string $header): ?array
 
         return [
             'username' => $header[0],
-            'password' => isset($header[1]) ? $header[1] : null,
+            'password' => $header[1],
         ];
     }
 }

src/DigestAuthentication.php

@@ -78,6 +78,8 @@ private function login(ServerRequestInterface $request): ?string
 
     /**
      * Validates the authorization.
+     *
+     * @param array<string,string> $authorization
      */
     private function isValid(array $authorization, string $method, string $password): bool
     {
@@ -96,6 +98,8 @@ private function isValid(array $authorization, string $method, string $password)
 
     /**
      * Parses the authorization header for a basic authentication.
+     *
+     * @return array<string, string>|null $header
      */
     private function parseHeader(string $header): ?array
     {
@@ -120,6 +124,7 @@ private function parseHeader(string $header): ?array
 
         if ($matches) {
             foreach ($matches as $m) {
+                // @phpstan-ignore-next-line
                 $data[$m[1]] = $m[3] ?: $m[4];
                 unset($needed_parts[$m[1]]);
             }

src/HttpAuthentication.php

@@ -11,7 +11,7 @@
 abstract class HttpAuthentication
 {
     /**
-     * @var array|ArrayAccess The available users
+     * @var array<string, string>|ArrayAccess<string, string> The available users
      */
     protected $users;
 
@@ -31,11 +31,11 @@ abstract class HttpAuthentication
     protected $responseFactory;
 
     /**
-     * @param array|ArrayAccess $users [username => password]
+     * @param array<string, string>|ArrayAccess<string, string> $users [username => password]
      */
-    public function __construct($users, ResponseFactoryInterface $responseFactory = null)
+    public function __construct($users, ?ResponseFactoryInterface $responseFactory = null)
     {
-        if (!is_array($users) && !($users instanceof ArrayAccess)) {
+        if (!is_array($users) && !$users instanceof ArrayAccess) {
             throw new InvalidArgumentException(
                 'The users argument must be an array or implement the ArrayAccess interface'
             );