Refactors lib/private/Security.

Mainly using PHP8's constructor property promotion.

Signed-off-by: Faraz Samapoor <fsa@adlas.at>

4 files changed, 21 insertions, 59 deletions

diff --git a/lib/private/Security/CSRF/CsrfToken.php b/lib/private/Security/CSRF/CsrfToken.php
index a76e169e5b9..45e628b3f3c 100644
--- a/lib/private/Security/CSRF/CsrfToken.php
+++ b/lib/private/Security/CSRF/CsrfToken.php
@@ -36,23 +36,19 @@ namespace OC\Security\CSRF;
  * @package OC\Security\CSRF
  */
 class CsrfToken {
-	/** @var string */
-	private $value;
-	/** @var string */
-	private $encryptedValue = '';
+	private string $encryptedValue = '';
 
 	/**
 	 * @param string $value Value of the token. Can be encrypted or not encrypted.
 	 */
-	public function __construct(string $value) {
-		$this->value = $value;
+	public function __construct(
+		private string $value,
+	) {
 	}
 
 	/**
 	 * Encrypted value of the token. This is used to mitigate BREACH alike
 	 * vulnerabilities. For display measures do use this functionality.
-	 *
-	 * @return string
 	 */
 	public function getEncryptedValue(): string {
 		if ($this->encryptedValue === '') {
@@ -66,8 +62,6 @@ class CsrfToken {
 	/**
 	 * The unencrypted value of the token. Used for decrypting an already
 	 * encrypted token.
-	 *
-	 * @return string
 	 */
 	public function getDecryptedValue(): string {
 		$token = explode(':', $this->value);
diff --git a/lib/private/Security/CSRF/CsrfTokenGenerator.php b/lib/private/Security/CSRF/CsrfTokenGenerator.php
index 0576fda9e06..c3d89247de1 100644
--- a/lib/private/Security/CSRF/CsrfTokenGenerator.php
+++ b/lib/private/Security/CSRF/CsrfTokenGenerator.php
@@ -34,21 +34,15 @@ use OCP\Security\ISecureRandom;
  * @package OC\Security\CSRF
  */
 class CsrfTokenGenerator {
-	/** @var ISecureRandom  */
-	private $random;
-
-	/**
-	 * @param ISecureRandom $random
-	 */
-	public function __construct(ISecureRandom $random) {
-		$this->random = $random;
+	public function __construct(
+		private ISecureRandom $random,
+	) {
 	}
 
 	/**
 	 * Generate a new CSRF token.
 	 *
 	 * @param int $length Length of the token in characters.
-	 * @return string
 	 */
 	public function generateToken(int $length = 32): string {
 		return $this->random->generate($length);
diff --git a/lib/private/Security/CSRF/CsrfTokenManager.php b/lib/private/Security/CSRF/CsrfTokenManager.php
index 2c6dd45866d..dceacf45e2a 100644
--- a/lib/private/Security/CSRF/CsrfTokenManager.php
+++ b/lib/private/Security/CSRF/CsrfTokenManager.php
@@ -34,27 +34,18 @@ use OC\Security\CSRF\TokenStorage\SessionStorage;
  * @package OC\Security\CSRF
  */
 class CsrfTokenManager {
-	/** @var CsrfTokenGenerator */
-	private $tokenGenerator;
-	/** @var SessionStorage */
-	private $sessionStorage;
-	/** @var CsrfToken|null */
-	private $csrfToken = null;
+	private SessionStorage $sessionStorage;
+	private ?CsrfToken $csrfToken = null;
 
-	/**
-	 * @param CsrfTokenGenerator $tokenGenerator
-	 * @param SessionStorage $storageInterface
-	 */
-	public function __construct(CsrfTokenGenerator $tokenGenerator,
-								SessionStorage $storageInterface) {
-		$this->tokenGenerator = $tokenGenerator;
+	public function __construct(
+		private CsrfTokenGenerator $tokenGenerator,
+		SessionStorage $storageInterface,
+	) {
 		$this->sessionStorage = $storageInterface;
 	}
 
 	/**
 	 * Returns the current CSRF token, if none set it will create a new one.
-	 *
-	 * @return CsrfToken
 	 */
 	public function getToken(): CsrfToken {
 		if (!\is_null($this->csrfToken)) {
@@ -74,8 +65,6 @@ class CsrfTokenManager {
 
 	/**
 	 * Invalidates any current token and sets a new one.
-	 *
-	 * @return CsrfToken
 	 */
 	public function refreshToken(): CsrfToken {
 		$value = $this->tokenGenerator->generateToken();
@@ -87,16 +76,13 @@ class CsrfTokenManager {
 	/**
 	 * Remove the current token from the storage.
 	 */
-	public function removeToken() {
+	public function removeToken(): void {
 		$this->csrfToken = null;
 		$this->sessionStorage->removeToken();
 	}
 
 	/**
 	 * Verifies whether the provided token is valid.
-	 *
-	 * @param CsrfToken $token
-	 * @return bool
 	 */
 	public function isTokenValid(CsrfToken $token): bool {
 		if (!$this->sessionStorage->hasToken()) {
diff --git a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
index ab05d5b1493..0ffe043e2f9 100644
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@@ -35,27 +35,18 @@ use OCP\ISession;
  * @package OC\Security\CSRF\TokenStorage
  */
 class SessionStorage {
-	/** @var ISession */
-	private $session;
-
-	/**
-	 * @param ISession $session
-	 */
-	public function __construct(ISession $session) {
-		$this->session = $session;
+	public function __construct(
+		private ISession $session,
+	) {
 	}
 
-	/**
-	 * @param ISession $session
-	 */
-	public function setSession(ISession $session) {
+	public function setSession(ISession $session): void {
 		$this->session = $session;
 	}
 
 	/**
 	 * Returns the current token or throws an exception if none is found.
 	 *
-	 * @return string
 	 * @throws \Exception
 	 */
 	public function getToken(): string {
@@ -69,23 +60,20 @@ class SessionStorage {
 
 	/**
 	 * Set the valid current token to $value.
-	 *
-	 * @param string $value
 	 */
-	public function setToken(string $value) {
+	public function setToken(string $value): void {
 		$this->session->set('requesttoken', $value);
 	}
 
 	/**
 	 * Removes the current token.
 	 */
-	public function removeToken() {
+	public function removeToken(): void {
 		$this->session->remove('requesttoken');
 	}
+
 	/**
 	 * Whether the storage has a storage.
-	 *
-	 * @return bool
 	 */
 	public function hasToken(): bool {
 		return $this->session->exists('requesttoken');