Mark some arguments as with PHP 8.2 #[\SensitiveParameter]

ziming · Jul 16, 2024 · e12eacd · e12eacd
1 parent a1fa969
commit e12eacd
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 10 deletions.
diff --git a/src/LaravelMyinfoSg.php b/src/LaravelMyinfoSg.php
@@ -19,6 +19,7 @@ class LaravelMyinfoSg
 {
     public function __construct(
         private ?string $clientId = null,
+        #[\SensitiveParameter]
         private ?string $clientSecret = null,
         private ?string $attributes = null,
         private ?string $purpose = null,
@@ -61,7 +62,10 @@ public function generateAuthoriseApiUrl(string $state): string
      * @return array<string, mixed>|array<string, array>
      * @throws GuzzleException|Exception
      */
-    public function getMyinfoPersonData(string $code): array
+    public function getMyinfoPersonData(
+        #[\SensitiveParameter]
+        string $code
+    ): array
     {
         $tokenRequestResponse = $this->createTokenRequest($code);
 
@@ -81,7 +85,10 @@ public function getMyinfoPersonData(string $code): array
      *
      * @throws Exception|GuzzleException
      */
-    private function createTokenRequest(string $code): ResponseInterface
+    private function createTokenRequest(
+        #[\SensitiveParameter]
+        string $code
+    ): ResponseInterface
     {
         $guzzleClient = new Client;
 
@@ -141,7 +148,10 @@ private function createTokenRequest(string $code): ResponseInterface
      * @throws Exception
      * @return array<string, mixed>|array<string, array>
      */
-    private function callPersonAPI(string $accessToken): array
+    private function callPersonAPI(
+        #[\SensitiveParameter]
+        string $accessToken
+    ): array
     {
         $decoded = MyinfoSecurityService::verifyJWS($accessToken);
 
@@ -200,7 +210,12 @@ private function callPersonAPI(string $accessToken): array
      *
      * @throws Exception|GuzzleException
      */
-    private function createPersonRequest(string $sub, string $validAccessToken): ResponseInterface
+    private function createPersonRequest(
+        #[\SensitiveParameter]
+        string $sub,
+        #[\SensitiveParameter]
+        string $validAccessToken
+    ): ResponseInterface
     {
         $guzzleClient = new Client;
 

diff --git a/src/Services/MyinfoSecurityService.php b/src/Services/MyinfoSecurityService.php
@@ -25,7 +25,10 @@ final class MyinfoSecurityService
      *
      * @throws Exception
      */
-    public static function verifyJWS(string $accessToken): ?array
+    public static function verifyJWS(
+        #[\SensitiveParameter]
+        string $accessToken
+    ): ?array
     {
         $algorithmManager = new AlgorithmManager([new RS256]);
 
@@ -49,9 +52,15 @@ public static function verifyJWS(string $accessToken): ?array
      *
      * @throws Exception
      */
-    public static function generateAuthorizationHeader(string $url, array $params, string $method, string $contentType,
-                                                       string $authType, string $appId,
-                                                       string $passphrase): string
+    public static function generateAuthorizationHeader(string $url,
+                                                       array $params,
+                                                       string $method,
+                                                       string $contentType,
+                                                       string $authType,
+                                                       string $appId,
+                                                       #[\SensitiveParameter]
+                                                       string $passphrase
+    ): string
     {
         if ($authType === 'L2') {
             return self::generateSHA256withRSAHeader($url, $params, $method, $contentType, $appId, $passphrase);
@@ -65,7 +74,15 @@ public static function generateAuthorizationHeader(string $url, array $params, s
      *
      * @throws Exception
      */
-    private static function generateSHA256withRSAHeader(string $url, array $params, string $method, string $contentType, string $appId, string $passphrase): string
+    private static function generateSHA256withRSAHeader(
+        string $url,
+        array $params,
+        string $method,
+        string $contentType,
+        string $appId,
+        #[\SensitiveParameter]
+        string $passphrase
+    ): string
     {
         $nonce = random_int(PHP_INT_MIN, PHP_INT_MAX);
 
@@ -119,7 +136,12 @@ private static function generateSHA256withRSAHeader(string $url, array $params,
      *
      * @throws Exception
      */
-    public static function decryptJWE(string $personDataToken, string $passphrase = null): array|string
+    public static function decryptJWE(
+        #[\SensitiveParameter]
+        string $personDataToken,
+        #[\SensitiveParameter]
+        string $passphrase = null
+    ): array|string
     {
         // $passphrase is by default null for backward compatibility purpose as I want to avoid a major version bump
         $passphrase = ($passphrase === null) ? config('laravel-myinfo-sg.client_secret') : $passphrase;