Use safe methods for OAuth\Server

Author: trasher

.phpstan-baseline.php

@@ -5941,24 +5941,6 @@
 	'count' => 2,
 	'path' => __DIR__ . '/src/Glpi/OAuth/Server.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Function file_put_contents is unsafe to use\\. It can return FALSE instead of throwing an exception\\. Please add \'use function Safe\\\\file_put_contents;\' at the beginning of the file to use the variant provided by the \'thecodingmachine/safe\' library\\.$#',
-	'identifier' => 'theCodingMachineSafe.function',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Glpi/OAuth/Server.php',
-];
-$ignoreErrors[] = [
-	'message' => '#^Function openssl_pkey_export_to_file is unsafe to use\\. It can return FALSE instead of throwing an exception\\. Please add \'use function Safe\\\\openssl_pkey_export_to_file;\' at the beginning of the file to use the variant provided by the \'thecodingmachine/safe\' library\\.$#',
-	'identifier' => 'theCodingMachineSafe.function',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Glpi/OAuth/Server.php',
-];
-$ignoreErrors[] = [
-	'message' => '#^Function openssl_pkey_new is unsafe to use\\. It can return FALSE instead of throwing an exception\\. Please add \'use function Safe\\\\openssl_pkey_new;\' at the beginning of the file to use the variant provided by the \'thecodingmachine/safe\' library\\.$#',
-	'identifier' => 'theCodingMachineSafe.function',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Glpi/OAuth/Server.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Function unlink is unsafe to use\\. It can return FALSE instead of throwing an exception\\. Please add \'use function Safe\\\\unlink;\' at the beginning of the file to use the variant provided by the \'thecodingmachine/safe\' library\\.$#',
 	'identifier' => 'theCodingMachineSafe.function',

src/Glpi/OAuth/Server.php

@@ -43,8 +43,14 @@
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
 use League\OAuth2\Server\ResourceServer;
 use RuntimeException;
+use Safe\Exceptions\FilesystemException;
+use Safe\Exceptions\OpensslException;
 use Throwable;
 
+use function Safe\file_put_contents;
+use function Safe\openssl_pkey_export_to_file;
+use function Safe\openssl_pkey_new;
+
 final class Server
 {
     private const PRIVATE_KEY_PATH = GLPI_CONFIG_DIR . '/oauth.pem';
@@ -226,16 +232,17 @@ private static function doGenerateKeys(): void
         ];
 
         // Generate key
-        $key = openssl_pkey_new($config);
-        if ($key === false) {
-            $error = openssl_error_string();
-            throw new RuntimeException("Unable to generate keys: $error");
+        try {
+            $key = openssl_pkey_new($config);
+        } catch (OpensslException $e) {
+            throw new RuntimeException("Unable to generate keys: " . $e->getMessage());
         }
 
         // Export private key to file
-        if (!openssl_pkey_export_to_file($key, self::PRIVATE_KEY_PATH)) {
-            $error = openssl_error_string();
-            throw new RuntimeException("Unable to export private key: $error");
+        try {
+            openssl_pkey_export_to_file($key, self::PRIVATE_KEY_PATH);
+        } catch (OpensslException $e) {
+            throw new RuntimeException("Unable to export private key: " . $e->getMessage());
         }
 
         // Get public key
@@ -246,11 +253,12 @@ private static function doGenerateKeys(): void
         }
 
         // Export public key to file
-        $written_bytes = file_put_contents(self::PUBLIC_KEY_PATH, $pubkey['key']);
-        if (
-            $written_bytes === false
-            || $written_bytes !== strlen($pubkey['key'])
-        ) {
+        try {
+            $written_bytes = file_put_contents(self::PUBLIC_KEY_PATH, $pubkey['key']);
+        } catch (FilesystemException $e) {
+            throw new RuntimeException("Unable to export public key: " . $e->getMessage());
+        }
+        if ($written_bytes !== strlen($pubkey['key'])) {
             throw new RuntimeException('Unable to export public key');
         }