From 927bea2b4db43dc95889fd47421c9da560419b74 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 9 Jan 2026 18:02:21 +0100
Subject: [PATCH] fix(psalm): Satisfy psalm

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 build/psalm-baseline.xml                   | 6 ++++++
 core/AppInfo/Capabilities.php              | 2 +-
 core/Controller/AppPasswordController.php  | 4 ++--
 lib/private/User/Session.php               | 1 +
 lib/public/Authentication/Token/IToken.php | 2 +-
 5 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml
index eb736b1e1dd..cbfb3000677 100644
--- a/build/psalm-baseline.xml
+++ b/build/psalm-baseline.xml
@@ -4237,6 +4237,12 @@
     <ImplementedReturnTypeMismatch>
       <code><![CDATA[boolean|null]]></code>
     </ImplementedReturnTypeMismatch>
+    <LessSpecificReturnStatement>
+      <code><![CDATA[$this->tokenProvider->getToken($password)]]></code>
+    </LessSpecificReturnStatement>
+    <MoreSpecificReturnType>
+      <code><![CDATA[?IToken]]></code>
+    </MoreSpecificReturnType>
     <NoInterfaceProperties>
       <code><![CDATA[$request->server]]></code>
       <code><![CDATA[$request->server]]></code>
diff --git a/core/AppInfo/Capabilities.php b/core/AppInfo/Capabilities.php
index 503ebe86818..1596b8fbe5e 100644
--- a/core/AppInfo/Capabilities.php
+++ b/core/AppInfo/Capabilities.php
@@ -27,7 +27,7 @@ class Capabilities implements ICapability {
 	/**
 	 * Return the core capabilities
 	 *
-	 * @return array{core: array{'user'?: array{language: string, locale: string, timezone: string} } }
+	 * @return array{core: array{'user'?: array{language: string, locale: string, timezone: string}, 'can-create-app-token'?: bool } }
 	 */
 	public function getCapabilities(): array {
 		$capabilities = [];
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 2d426321333..9f2707e75c2 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -25,6 +25,7 @@ use OCP\Authentication\Exceptions\CredentialsUnavailableException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\Exceptions\PasswordUnavailableException;
 use OCP\Authentication\LoginCredentials\IStore;
+use OCP\Authentication\Token\IToken as OCPIToken;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IConfig;
 use OCP\IRequest;
@@ -233,8 +234,7 @@ class AppPasswordController extends OCSController {
 			$credentials->getLoginName(),
 			$password,
 			$userAgent,
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
+			OCPIToken::PERMANENT_TOKEN,
 		);
 
 		$this->eventDispatcher->dispatchTyped(
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index eb399a02fe6..b31ad6e83d3 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -24,6 +24,7 @@ use OCP\AppFramework\Db\TTransactional;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\Exceptions\ExpiredTokenException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Token\IToken as OCPIToken;
 use OCP\EventDispatcher\GenericEvent;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\NotPermittedException;
diff --git a/lib/public/Authentication/Token/IToken.php b/lib/public/Authentication/Token/IToken.php
index 24c10a2e5b1..546e6a42255 100644
--- a/lib/public/Authentication/Token/IToken.php
+++ b/lib/public/Authentication/Token/IToken.php
@@ -26,7 +26,7 @@ interface IToken extends JsonSerializable {
 	 */
 	public const WIPE_TOKEN = 2;
 	/**
-	 * @since 32.0.0
+	 * @since 33.0.0
 	 */
 	public const ONETIME_TOKEN = 3;
 	/**