Psalm issue after update to 2.14.1

[tarlepp]

Noticed that Psalm complains following;

psalm: MissingDependency: Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse depends on class or interface lexik\bundle\jwtauthenticationbundle\response\jwtcompatauthenticationfailureresponse that does not exist

Related code;

public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
{
    $event = new AuthenticationFailureEvent(
        $exception,
        new JWTAuthenticationFailureResponse(
            $this->translator->trans('Invalid credentials.', [], 'security')
        )
    );

    $this->dispatcher->dispatch($event);

    return $event->getResponse();
}

Although everything works as expected - Should I raise an issue to Psalm repository about this?

[chalasr]

Thanks for the report. This is due to a compatibility layer implying some ugly hacks, I don't think psalm should care.
I'll try to fix that here.

[tarlepp]

@chalasr awesome! And really big thanks for quick replies on issues and PR's to fix those!

[tarlepp]

And just noticed that after updating PHPStan to version 1.6.0 it also complains at this.

phpstan: Parameter #2 $response of class Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationFailureEvent constructor expects Symfony\Component\HttpFoundation\Response, Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse given.

So currently I'm using following to "fix" this:

public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
{
    /**
     * @psalm-suppress MissingDependency, InvalidArgument
     */
    $event = new AuthenticationFailureEvent(
        $exception,
        new JWTAuthenticationFailureResponse( // @phpstan-ignore-line
            $this->translator->trans('Invalid credentials.', [], 'security')
        )
    );

    $this->dispatcher->dispatch($event);

    return $event->getResponse();
}

[chalasr]

I wouldn't have expected that, but our hack-ish BC layers may be handled by PHPStan phpstan/phpstan#7157. Let's see how it goes and eventually propose the same for psalm

[ondrejmirtes]

The problem isn't in eval - the problem is that Lexik\Bundle\JWTAuthenticationBundle\Response\JWTCompatAuthenticationFailureResponse isn't defined acording to PSR-4 rules configured in that package's composer.json. If you put it to a separate file with the right filename, it's going to work.

[GErpeldinger]

Oh yeah, separate JWTCompatAuthenticationFailureResponse from JWTAuthenticationFailureResponse resolve the problem on phpstan, thanks ! But it doesn't seem to solve it on psalm unfortunately.

[GErpeldinger]

After some tests, it seems that psalm does not appreciate the eval(), is it really necessary?

[GErpeldinger]

I have an oddity, psalm passes without any problem when I remove one of the two conditions of the "if" or the eval().

I tried to put if(true && true"), it returns me the error:

ERROR: MissingDependency - Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationFailureResponse depends on class or interface lexik\bundle\jwtauthenticationbundle\response\jwtcompatauthenticationfailureresponse that does not exist (see https://psalm.dev/157)

But just if(true) is good...

Also if i modify the && to AND, it works...

[GErpeldinger]

Ok, I don't have this error before psalm 4.8, it seems that in this version or a minor version of 4.7 that introduced the problem.

Update: Ok it's the minor version 4.7.1 who introduced the problem, gonna open an issue.

What to do in the meantime, change the && to AND?

[ondrejmirtes]

I managed to make PHPStan discover Lexik\Bundle\JWTAuthenticationBundle\Response\JWTCompatAuthenticationFailureResponse even with the current release of lexik/jwt-authentication-bundle: phpstan/phpstan-src@e40474b