Fix deprecation: $request->get

$request->get is deprecated. $request->query->get for URL parameters or $request->request->get for POST should be used instead.

See https://symfony.com/blog/new-in-symfony-7-4-request-class-improvements

Phpstan: Fix get parameter types

Prior to this change, \Surfnet\StepupMiddleware\ApiBundle\Controller\RaCandidateController::search could receive `secondFactorTypes`, which could never be an array, yet the query expects an array.
This change ensures the query parameters for this property are read sa an array read.

Author: johanib

ci/qa/phpstan-baseline.neon

@@ -28,6 +28,7 @@ when@smoketest: &testOverride
         test: true
         profiler:
             collect: false
+            collect_serializer_data: true
         php_errors:
             log: false # prevents user deprecated warnings
         session:

config/packages/framework.yaml

@@ -128,7 +128,7 @@
  *     http_method_override?: bool, // Set true to enable support for the '_method' request parameter to determine the intended HTTP method on POST requests. // Default: false
  *     allowed_http_method_override?: list<string>|null,
  *     trust_x_sendfile_type_header?: scalar|null, // Set true to enable support for xsendfile in binary file responses. // Default: "%env(bool:default::SYMFONY_TRUST_X_SENDFILE_TYPE_HEADER)%"
- *     ide?: scalar|null, // Default: "%env(default::SYMFONY_IDE)%"
+ *     ide?: scalar|null, // Default: null
  *     test?: bool,
  *     default_locale?: scalar|null, // Default: "en"
  *     set_locale_from_accept_language?: bool, // Whether to use the Accept-Language HTTP header to set the Request locale (only when the "_locale" request attribute is not passed). // Default: false
@@ -285,7 +285,7 @@
  *         paths?: array<string, scalar|null>,
  *         excluded_patterns?: list<scalar|null>,
  *         exclude_dotfiles?: bool, // If true, any files starting with "." will be excluded from the asset mapper. // Default: true
- *         server?: bool, // If true, a "dev server" will return the assets from the public directory (true in "debug" mode only by default). // Default: true
+ *         server?: bool, // If true, a "dev server" will return the assets from the public directory (true in "debug" mode only by default). // Default: false
  *         public_prefix?: scalar|null, // The public path where the assets will be written to (and served from when "server" is true). // Default: "/assets/"
  *         missing_import_mode?: "strict"|"warn"|"ignore", // Behavior if an asset cannot be found when imported from JavaScript or CSS files - e.g. "import './non-existent.js'". "strict" means an exception is thrown, "warn" means a warning is logged, "ignore" means the import is left as-is. // Default: "warn"
  *         extensions?: array<string, scalar|null>,
@@ -405,7 +405,7 @@
  *     },
  *     php_errors?: array{ // PHP errors handling configuration
  *         log?: mixed, // Use the application logger instead of the PHP logger for logging PHP errors. // Default: true
- *         throw?: bool, // Throw PHP errors as \ErrorException instances. // Default: true
+ *         throw?: bool, // Throw PHP errors as \ErrorException instances. // Default: false
  *     },
  *     exceptions?: array<string, array{ // Default: []
  *         log_level?: scalar|null, // The level of log message. Null to let Symfony decide. // Default: null
@@ -468,7 +468,7 @@
  *     scheduler?: bool|array{ // Scheduler configuration
  *         enabled?: bool, // Default: false
  *     },
- *     disallow_search_engine_index?: bool, // Enabled by default when debug is enabled. // Default: true
+ *     disallow_search_engine_index?: bool, // Enabled by default when debug is enabled. // Default: false
  *     http_client?: bool|array{ // HTTP Client configuration
  *         enabled?: bool, // Default: false
  *         max_host_connections?: int, // The maximum number of connections to a single host.
@@ -1112,8 +1112,8 @@
  *             platform_service?: scalar|null, // Deprecated: The "platform_service" configuration key is deprecated since doctrine-bundle 2.9. DBAL 4 will not support setting a custom platform via connection params anymore.
  *             auto_commit?: bool,
  *             schema_filter?: scalar|null,
- *             logging?: bool, // Default: true
- *             profiling?: bool, // Default: true
+ *             logging?: bool, // Default: false
+ *             profiling?: bool, // Default: false
  *             profiling_collect_backtrace?: bool, // Enables collecting backtraces when profiling is enabled // Default: false
  *             profiling_collect_schema_errors?: bool, // Enables collecting schema errors when profiling is enabled // Default: true
  *             disable_type_comments?: bool,
@@ -1252,7 +1252,7 @@
  *                     pool?: scalar|null,
  *                 },
  *                 region_lock_lifetime?: scalar|null, // Default: 60
- *                 log_enabled?: bool, // Default: true
+ *                 log_enabled?: bool, // Default: false
  *                 region_lifetime?: scalar|null, // Default: 3600
  *                 enabled?: bool, // Default: true
  *                 factory?: scalar|null,

config/reference.php

@@ -20,7 +20,6 @@
 
 use Surfnet\Stepup\Identity\Value\IdentityId;
 use Surfnet\Stepup\Identity\Value\Institution;
-use Surfnet\StepupMiddleware\ApiBundle\Controller\AbstractController;
 use Surfnet\StepupMiddleware\ApiBundle\Exception\BadApiRequestException;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Query\SecondFactorAuditLogQuery;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\AuditLogService;
@@ -38,17 +37,17 @@ public function secondFactorAuditLog(Request $request, Institution $institution)
     {
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_READ']);
 
-        $identityId = $request->get('identityId');
+        $identityId = $request->query->get('identityId');
         if (empty($identityId)) {
             throw new BadApiRequestException(['This API-call MUST include the identityId as get parameter']);
         }
 
         $query = new SecondFactorAuditLogQuery();
         $query->identityInstitution = $institution;
         $query->identityId = new IdentityId($identityId);
-        $query->orderBy = $request->get('orderBy', $query->orderBy);
-        $query->orderDirection = $request->get('orderDirection', $query->orderDirection);
-        $query->pageNumber = $request->get('p', 1);
+        $query->orderBy = $request->query->get('orderBy', $query->orderBy);
+        $query->orderDirection = $request->query->get('orderDirection', $query->orderDirection);
+        $query->pageNumber = $request->query->getInt('p', 1);
 
         $paginator = $this->auditLogService->searchSecondFactorAuditLog($query);
 

src/Surfnet/StepupMiddleware/ApiBundle/Controller/AuditLogController.php

@@ -55,10 +55,10 @@ public function collection(Request $request, Institution $institution): JsonColl
 
         $query = new IdentityQuery();
         $query->institution = $institution;
-        $query->nameId = $request->get('NameID');
-        $query->commonName = $request->get('commonName');
-        $query->email = $request->get('email');
-        $query->pageNumber = (int)$request->get('p', 1);
+        $query->nameId = $request->query->get('NameID');
+        $query->commonName = $request->query->get('commonName');
+        $query->email = $request->query->get('email');
+        $query->pageNumber = $request->query->getInt('p', 1);
 
         $paginator = $this->identityService->search($query);
 

src/Surfnet/StepupMiddleware/ApiBundle/Controller/IdentityController.php

@@ -38,7 +38,7 @@ public function get(Request $request, string $identityId): JsonResponse
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_READ']);
 
         // Is the actor allowed to view the profile page?
-        $actorId = $request->get('actorId');
+        $actorId = $request->query->get('actorId');
         if ($identityId !== $actorId) {
             throw new AccessDeniedHttpException(
                 "Identity and actor id should match. It is not yet allowed to view the profile of somebody else.",

src/Surfnet/StepupMiddleware/ApiBundle/Controller/ProfileController.php

@@ -27,6 +27,7 @@
 use Surfnet\StepupMiddleware\ApiBundle\Response\JsonCollectionResponse;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use function sprintf;
 
@@ -45,15 +46,27 @@ public function search(Request $request): JsonCollectionResponse
     {
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_READ']);
 
-        $actorId = new IdentityId($request->get('actorId'));
+        $actorIdString = $request->query->get('actorId');
+        if (!is_string($actorIdString)) {
+            throw new BadRequestHttpException(sprintf('Invalid actorId "%s"', $actorIdString));
+        }
+        $actorId = new IdentityId($actorIdString);
+
+        $secondFactorTypes = $request->query->all('secondFactorTypes');
+        foreach ($secondFactorTypes as $type) {
+            if (!is_string($type)) {
+                throw new BadRequestHttpException(sprintf('Invalid secondFactorType "%s", string expected.', $type));
+            }
+        }
+        /** @var array<string> $secondFactorTypes */
 
         $query = new RaCandidateQuery();
-        $query->institution = $request->get('institution');
-        $query->commonName = $request->get('commonName');
-        $query->email = $request->get('email');
-        $query->secondFactorTypes = $request->get('secondFactorTypes');
-        $query->raInstitution = $request->get('raInstitution');
-        $query->pageNumber = (int)$request->get('p', 1);
+        $query->institution = $request->query->get('institution');
+        $query->commonName = $request->query->get('commonName');
+        $query->email = $request->query->get('email');
+        $query->secondFactorTypes = $secondFactorTypes;
+        $query->raInstitution = $request->query->get('raInstitution');
+        $query->pageNumber = $request->query->getInt('p', 1);
 
         $query->authorizationContext = $this->authorizationService->buildSelectRaaInstitutionAuthorizationContext(
             $actorId,
@@ -69,13 +82,17 @@ public function search(Request $request): JsonCollectionResponse
     /**
      * @return JsonResponse
      */
-    public function get(Request $request): JsonResponse
+    public function get(Request $request, string $identityId): JsonResponse
     {
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_READ']);
 
-        $actorId = new IdentityId($request->get('actorId'));
+        $actorIdString = $request->query->get('actorId');
+        if (!is_string($actorIdString)) {
+            throw new BadRequestHttpException(sprintf('Invalid actorId "%s"', $actorIdString));
+        }
+
+        $actorId = new IdentityId($actorIdString);
 
-        $identityId = $request->get('identityId');
 
         $authorizationContext = $this->authorizationService->buildInstitutionAuthorizationContext(
             $actorId,

src/Surfnet/StepupMiddleware/ApiBundle/Controller/RaCandidateController.php

@@ -22,13 +22,13 @@
 use Surfnet\Stepup\Identity\Value\Institution;
 use Surfnet\Stepup\Identity\Value\RegistrationAuthorityRole;
 use Surfnet\StepupMiddleware\ApiBundle\Authorization\Service\AuthorizationContextService;
-use Surfnet\StepupMiddleware\ApiBundle\Controller\AbstractController;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Entity\RaListing;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Query\RaListingQuery;
 use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\RaListingService;
 use Surfnet\StepupMiddleware\ApiBundle\Response\JsonCollectionResponse;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 class RaListingController extends AbstractController
@@ -39,12 +39,17 @@ public function __construct(
     ) {
     }
 
-    public function get(Request $request, string $identityId): JsonResponse
+    public function get(Request $request, string $identityId, string $institution): JsonResponse
     {
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_READ']);
 
-        $actorId = new IdentityId($request->get('actorId'));
-        $institution = new Institution($request->get('institution'));
+        $actorIdString = $request->query->get('actorId');
+        if (!is_string($actorIdString)) {
+            throw new BadRequestHttpException(sprintf('Invalid actorId "%s"', $actorIdString));
+        }
+        $actorId = new IdentityId($actorIdString);
+
+        $institutionObject = new Institution($institution);
 
         $authorizationContext = $this->authorizationService->buildInstitutionAuthorizationContext(
             $actorId,
@@ -53,7 +58,7 @@ public function get(Request $request, string $identityId): JsonResponse
 
         $raListing = $this->raListingService->findByIdentityIdAndRaInstitutionWithContext(
             new IdentityId($identityId),
-            $institution,
+            $institutionObject,
             $authorizationContext,
         );
 
@@ -71,37 +76,41 @@ public function search(Request $request): JsonCollectionResponse
     {
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_READ']);
 
-        $actorId = new IdentityId($request->get('actorId'));
+        $actorIdString = $request->query->get('actorId');
+        if (!is_string($actorIdString)) {
+            throw new BadRequestHttpException(sprintf('Invalid actorId "%s"', $actorIdString));
+        }
+        $actorId = new IdentityId($actorIdString);
 
         $query = new RaListingQuery();
 
-        if ($request->get('identityId')) {
-            $query->identityId = new IdentityId($request->get('identityId'));
+        if ($request->query->get('identityId')) {
+            $query->identityId = new IdentityId($request->query->get('identityId'));
         }
 
-        if ($request->get('institution')) {
-            $query->institution = $request->get('institution');
+        if ($request->query->get('institution')) {
+            $query->institution = $request->query->get('institution');
         }
 
-        if ($request->get('name')) {
-            $query->name = $request->get('name');
+        if ($request->query->get('name')) {
+            $query->name = $request->query->get('name');
         }
 
-        if ($request->get('email')) {
-            $query->email = $request->get('email');
+        if ($request->query->get('email')) {
+            $query->email = $request->query->get('email');
         }
 
-        if ($request->get('role')) {
-            $query->role = $request->get('role');
+        if ($request->query->get('role')) {
+            $query->role = $request->query->get('role');
         }
 
-        if ($request->get('raInstitution')) {
-            $query->raInstitution = $request->get('raInstitution');
+        if ($request->query->get('raInstitution')) {
+            $query->raInstitution = $request->query->get('raInstitution');
         }
 
-        $query->pageNumber = (int)$request->get('p', 1);
-        $query->orderBy = $request->get('orderBy');
-        $query->orderDirection = $request->get('orderDirection');
+        $query->pageNumber = $request->query->getInt('p', 1);
+        $query->orderBy = $request->query->getString('orderBy');
+        $query->orderDirection = $request->query->getString('orderDirection');
         $query->authorizationContext = $this->authorizationService->buildInstitutionAuthorizationContext(
             $actorId,
             RegistrationAuthorityRole::raa(),

src/Surfnet/StepupMiddleware/ApiBundle/Controller/RaListingController.php

@@ -40,21 +40,20 @@ public function search(Request $request, Institution $institution): JsonCollecti
 
         $query = new RaLocationQuery();
         $query->institution = $institution;
-        $query->orderBy = $request->get('orderBy', $query->orderBy);
-        $query->orderDirection = $request->get('orderDirection', $query->orderDirection);
+        $query->orderBy = $request->query->get('orderBy', $query->orderBy);
+        $query->orderDirection = $request->query->get('orderDirection', $query->orderDirection);
 
         $raLocations = $this->raLocationService->search($query);
         $count = count($raLocations);
 
         return new JsonCollectionResponse($count, 1, $count, $raLocations);
     }
 
-    public function get(Request $request): JsonResponse
+    public function get(string $raLocationId): JsonResponse
     {
         $this->denyAccessUnlessGrantedOneOff(['ROLE_RA', 'ROLE_SS', 'ROLE_READ']);
 
-        $raLocationId = new RaLocationId($request->get('raLocationId'));
-        $raLocation = $this->raLocationService->findByRaLocationId($raLocationId);
+        $raLocation = $this->raLocationService->findByRaLocationId(new RaLocationId($raLocationId));
 
         return new JsonResponse($raLocation);
     }

src/Surfnet/StepupMiddleware/ApiBundle/Controller/RaLocationController.php

@@ -27,6 +27,7 @@
 use Surfnet\StepupMiddleware\ApiBundle\Response\JsonCollectionResponse;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 final class RaSecondFactorController extends AbstractController
 {
@@ -65,18 +66,23 @@ public function export(Request $request): JsonResponse
      */
     private function buildRaSecondFactorQuery(Request $request): RaSecondFactorQuery
     {
-        $actorId = new IdentityId($request->get('actorId'));
+        $actorIdString = $request->query->get('actorId');
+        if (!is_string($actorIdString)) {
+            throw new BadRequestHttpException(sprintf('Invalid actorId "%s"', $actorIdString));
+        }
+
+        $actorId = new IdentityId($actorIdString);
 
         $query = new RaSecondFactorQuery();
-        $query->pageNumber = (int)$request->get('p', 1);
-        $query->name = $request->get('name');
-        $query->type = $request->get('type');
-        $query->secondFactorId = $request->get('secondFactorId');
-        $query->email = $request->get('email');
-        $query->institution = $request->get('institution');
-        $query->status = $request->get('status');
-        $query->orderBy = $request->get('orderBy');
-        $query->orderDirection = $request->get('orderDirection');
+        $query->pageNumber = $request->query->getInt('p', 1);
+        $query->name = $request->query->get('name');
+        $query->type = $request->query->get('type');
+        $query->secondFactorId = $request->query->get('secondFactorId');
+        $query->email = $request->query->get('email');
+        $query->institution = $request->query->get('institution');
+        $query->status = $request->query->get('status');
+        $query->orderBy = $request->query->get('orderBy');
+        $query->orderDirection = $request->query->get('orderDirection');
         $query->authorizationContext = $this->authorizationService->buildInstitutionAuthorizationContext(
             $actorId,
             RegistrationAuthorityRole::ra(),