The @phpstan-return annotation on the processSLO method in src/Saml2/Auth.php (line 273) is incorrect.
Current annotation:
@return string|null
@phpstan-return ($stay is true ? string : never)
Problem:
This annotation states that when $stay is false, the method never returns (never). However, the method can return null implicitly in several code paths:
- When
$_GET['SAMLResponse'] is set (lines 281-300) - no explicit return, so returns null
- When
$_GET['SAMLRequest'] is set but invalid (lines 304-307) - no explicit return, so returns null
Only when $_GET['SAMLRequest'] is valid does the method call redirectTo() (line 336), which follows the documented behavior.
Expected behavior:
The @phpstan-return should account for the implicit null returns, or be removed entirely since @return string|null is more accurate.
The @phpstan-return annotation on the processSLO method in src/Saml2/Auth.php (line 273) is incorrect.
Current annotation:
Problem:
This annotation states that when $stay is false, the method never returns (never). However, the method can return null implicitly in several code paths:
$_GET['SAMLResponse']is set (lines 281-300) - no explicit return, so returns null$_GET['SAMLRequest']is set but invalid (lines 304-307) - no explicit return, so returns nullOnly when
$_GET['SAMLRequest']is valid does the method call redirectTo() (line 336), which follows the documented behavior.Expected behavior:
The @phpstan-return should account for the implicit null returns, or be removed entirely since @return string|null is more accurate.