Home  >  Q&A  >  body text

How to avoid warning: when correctly marking call_user_func in PhpStorm/Lumen, make sure to throw exception in corresponding 'try' block?

<p>I have authentication middleware in my Lumen application like this: </p> <pre class="brush:php;toolbar:false;">class Authenticate { public function handle(Request $request, Closure $next, string|null $guard = null): mixed { try { /**@var \Illuminate\Auth\RequestGuard $requestGuard*/ $requestGuard = $this->auth->guard($guard); $signedIn = $requestGuard->check(); // ... } catch (NoUserIdProvidedException) { // ... } // ... } }</pre> <p>It works fine, but PhpStorm reports that the exceptions (I removed most of them from the example, there are a few) are not thrown by the containing block, although they are. </p> <p>It seems that deep inside RequestGuard it uses call_user_func</p> <pre class="brush:php;toolbar:false;">return $this->user = call_user_func( $this->callback, $this->request, $this->getProvider() );</pre> <p>Call the closure set in the AuthServiceProvider, which uses a middleware method on the custom Security class: </p> <pre class="brush:php;toolbar:false;">class AuthServiceProvider extends ServiceProvider { public function boot(): void { $this->app['auth']->viaRequest('api', function ($request) { $security = new Security(); return $security->middleware($request); }); } }</pre> <p>In my opinion, the documentation block for the middleware is correct</p> <pre class="brush:php;toolbar:false;">/*** @param Request $request * @return bool|object|null * @throws InvalidDomainUser * @throws NoDomainUserException * @throws NoTokenOnRecordException * @throws NoTokenProvidedException * @throws NoUserException * @throws NoUserIdProvidedException*/ public function middleware(Request $request): object|bool|null {</pre> <p>Add a document block, for example: </p> <pre class="brush:php;toolbar:false;">/*** @throws NoUserIdProvidedException*/</pre> <p>In the closure, the authentication provider or handling code does not make the warning go away, is there a way to comment or type hint the code to avoid false positives? I don't want to just turn off the inspection. </p>
P粉009186469P粉009186469435 days ago479

reply all(1)I'll reply

  • P粉805535434

    P粉8055354342023-09-04 21:30:05

    The way the guard works seemed a bit too complicated for static analysis, so I refactored to move the underlying custom code out of the guard and directly into the middleware, which worked and is now correctly detected abnormal.

    class Authenticate
    {
        public function handle(Request $request, Closure $next, string|null $guard = null): mixed
        {
            try {
                $security = new Security();
                $user = $security->middleware($request);
                $signedIn = !empty($user->id);
    
                // ...
    
            } catch (NoUserIdProvidedException) {
                // ...
            }
    
            // ...
        }
    }

    The security class is custom logic. The important thing is that the document block with @throws is close enough to be found by the IDE

    class Security{
        /**
         * @param Request $request
         * @return bool|object|null
         * @throws InvalidDomainUser
         * @throws NoDomainUserException
         * @throws NoTokenOnRecordException
         * @throws NoTokenProvidedException
         * @throws NoUserException
         * @throws NoUserIdProvidedException
         */
        public function middleware(Request $request): object|bool|null
        {
          // ....
        }
    }

    reply
    0
  • Cancelreply