Merge branch 'main' into fix/cache-lock

Author: brendt

CHANGELOG.md

@@ -2,7 +2,30 @@
 
 All notable changes to this project will be documented in this file.
 
-## [2.12.0](https://github.com/tempestphp/tempest-framework/compare/v2.11.0..2.12.0)  —  2025-11-28
+## [2.13.0](https://github.com/tempestphp/tempest-framework/compare/v2.12.0..2.13.0)  —  2025-12-04
+
+### 🚀 Features
+
+- **auth**: add OAuth installer (#1674) ([9c82b71](https://github.com/tempestphp/tempest-framework/commit/9c82b715b448633a704591e9b78823da28debc98))
+- **cache**: make `assertLocked` ensure that the checked lock has an expiration (#1758) ([1a2e8fb](https://github.com/tempestphp/tempest-framework/commit/1a2e8fbe90259d2bd5a8a0876d4b8fed35c5dcd7))
+- **container**: make all container properties publicly readable (#1785) ([be93ec1](https://github.com/tempestphp/tempest-framework/commit/be93ec1388ec7d253637705d4335d13a78a39f00))
+- **database**: add support for self-referencing relations (#1745) ([df2dcdc](https://github.com/tempestphp/tempest-framework/commit/df2dcdc231384d2dd359f8b621f0ae1f31a3e703))
+- **http**: add support to mark Request properties as #[SensitiveField] (#1746) ([0000c99](https://github.com/tempestphp/tempest-framework/commit/0000c99251b31d0bfa84389fb101be1560d916c3))
+
+### 🐛 Bug fixes
+
+- **auth**: correctly map user in GitHub OAuth provider (#1751) ([ad2182a](https://github.com/tempestphp/tempest-framework/commit/ad2182ac40684b78752e7f7511228688f5093c1a))
+- **auth**: pass scopes/options to auth URL builder (#1750) ([cbe54d7](https://github.com/tempestphp/tempest-framework/commit/cbe54d7f3f7e137fe43e9ad7f8837bd2f7103e9a))
+- **auth**: update outdated authenticatable import (#1752) ([5c68b96](https://github.com/tempestphp/tempest-framework/commit/5c68b968763229dfb5a78c01a80df3b1b134e6c0))
+- **cache**: support enum tags (#1756) ([678b695](https://github.com/tempestphp/tempest-framework/commit/678b69582e526e25ff545c346179bda9636f1415))
+- **cache**: add descriptions to `cache:clear` arguments (#1755) ([e324f6e](https://github.com/tempestphp/tempest-framework/commit/e324f6e767b50acd6e76e8310be12422b85e782b))
+- **command-bus**: extract uuid from pending commands when not provided (#1761) ([b787c16](https://github.com/tempestphp/tempest-framework/commit/b787c16e57f60de3bd7883944561f02fce3a661a))
+- **console**: properly normalize boolean flag names (#1762) ([c6e6867](https://github.com/tempestphp/tempest-framework/commit/c6e6867ede678b9798386bab12e1e2afaef91bc8))
+- **core**: gracefully handle missing seeders when using `db:seed` (#1759) ([450ca75](https://github.com/tempestphp/tempest-framework/commit/450ca7576c6e5a8f4f5719dd27e7d4d4a29954c9))
+- **process**: properly return exit code if missing (#1776) ([9ad1587](https://github.com/tempestphp/tempest-framework/commit/9ad158747a810db490aef43a7a6c1bcfe062d900))
+
+
+## [2.12.0](https://github.com/tempestphp/tempest-framework/compare/v2.11.0..v2.12.0)  —  2025-11-28
 
 ### 🚀 Features
 
@@ -798,7 +821,7 @@ All notable changes to this project will be documented in this file.
 - rector (#680) ([7fdff1d](https://github.com/tempestphp/tempest-framework/commit/7fdff1d7be48ab91fb35e1a07434ae54ef47781c))
 
 
-## [1.0.0-alpha.3](https://github.com/tempestphp/tempest-framework/compare/v1.0.0-alpha.2..v1.0.0-alpha.3)  —  2024-10-30
+## [1.0.0-alpha.3](https://github.com/tempestphp/tempest-framework/compare/v1.0.0-alpha.2..v1.0.0-alpha.3)  —  2024-10-31
 
 ### 🚨 Breaking changes
 

composer.json

@@ -49,6 +49,7 @@
         "adam-paterson/oauth2-slack": "^1.1",
         "aws/aws-sdk-php": "^3.338.0",
         "azure-oss/storage-blob-flysystem": "^1.2",
+        "brianium/paratest": "^7.14",
         "carthage-software/mago": "1.0.0-beta.28",
         "depotwarehouse/oauth2-twitch": "^1.3",
         "guzzlehttp/psr7": "^2.6.1",
@@ -87,8 +88,7 @@
         "tempest/blade": "dev-main",
         "thenetworg/oauth2-azure": "^2.2",
         "twig/twig": "^3.16",
-        "wohali/oauth2-discord-new": "^1.2",
-        "brianium/paratest": "^7.14"
+        "wohali/oauth2-discord-new": "^1.2"
     },
     "replace": {
         "tempest/auth": "self.version",

docs/1-essentials/01-routing.md

@@ -241,7 +241,7 @@ public function docsRedirect(string $path): Redirect
 
 ## Generating URIs
 
-Tempest provides a `\Tempest\uri` function that can be used to generate a URI to a controller method. This function accepts the FQCN of the controller or a callable to a method as its first argument, and named parameters as [the rest of its arguments](https://www.php.net/manual/en/functions.arguments.php#functions.variable-arg-list).
+Tempest provides a `\Tempest\Router\uri` function that can be used to generate a URI to a controller method. This function accepts the FQCN of the controller or a callable to a method as its first argument, and named parameters as [the rest of its arguments](https://www.php.net/manual/en/functions.arguments.php#functions.variable-arg-list).
 
 ```php
 use function Tempest\Router\uri;
@@ -337,7 +337,7 @@ A core pattern of any web application is to access data from the current request
 
 In most situations, the data you expect to receive from a request is structured. You expect clients to send specific values, and you want them to follow specific rules.
 
-The idiomatic way to achieve this is by using request classes. They are classes with public properties that correspond to the data you want to retrieve from the request. Tempest will automatically validate these properties using PHP's type system, in addition to optional [validation attributes](../2-features/06-validation) if needed.
+The idiomatic way to achieve this is by using request classes. They are classes with public properties that correspond to the data you want to retrieve from the request. Tempest will automatically validate these properties using PHP's type system, in addition to optional [validation attributes](../2-features/03-validation) if needed.
 
 A request class must implement {`Tempest\Http\Request`} and should use the {`Tempest\Http\IsRequest`} trait, which provides the default implementation.
 
@@ -454,7 +454,7 @@ The JSON encoded header is available for when you're building APIs with Tempest.
 </x-form>
 ```
 
-`{html}<x-form>` is a view component that will automatically include the CSRF token, as well as default to sending `POST` requests. `{html}<x-input>` is a view component that renders a label, input field, and validation errors all at once. In practice, you'll likely want to make changes to these built-in view components. That's why you can run `./tempest install view-components` and select the components you want to pull into your project. You can [read more about installing view components here](/2.x/essentials/views#built-in-components).
+`{html}<x-form>` is a view component that will automatically include the CSRF token, as well as default to sending `POST` requests. `{html}<x-input>` is a view component that renders a label, input field, and validation errors all at once. In practice, you'll likely want to make changes to these built-in view components. That's why you can run `./tempest install view-components` and select the components you want to pull into your project. You can [read more about installing view components here](../1-essentials/02-views.md#built-in-components).
 
 ## Route middleware
 
@@ -946,7 +946,7 @@ return new DatabaseSessionConfig(
 
 Sessions expire based on the last activity time. This means that as long as a user is actively using your application, their session will remain valid.
 
-Outdated sessions must occasionally be cleaned up. Tempest comes with a built-in command to do so, `session:clean`. This command makes use of the [scheduler](/2.x/features/scheduling). If you have scheduling enabled, it will automatically run behind the scenes.
+Outdated sessions must occasionally be cleaned up. Tempest comes with a built-in command to do so, `session:clean`. This command makes use of the [scheduler](../2-features/11-scheduling.md). If you have scheduling enabled, it will automatically run behind the scenes.
 
 ## Deferring tasks
 

docs/1-essentials/03-database.md

@@ -219,6 +219,10 @@ final class Book
 }
 ```
 
+:::warning
+Relation types in docblocks must always be fully qualified, and not use short class names.
+:::
+
 Tempest will infer all the information it needs to build the right queries for you. However, there might be cases where property names and type information don't map one-to-one on your database schema. In that case you can use dedicated attributes to define relations.
 
 ### Relation attributes

docs/2-features/17-oauth.md

@@ -12,7 +12,21 @@ This implementation is built on top of the PHP league's [OAuth client](https://g
 
 ## Getting started
 
-To get started with OAuth, you will first need to create a configuration file for your desired OAuth provider.
+Tempest provides an installer to quickly set up OAuth in your project. You can run the installer using the following command:
+
+```sh
+./tempest install auth --oauth
+```
+
+The installer will:
+- Prompt you to select one or more OAuth providers from the available options
+- Publish the necessary configuration files and controller stubs
+- Optionally add the OAuth credentials to your `.env` and `.env.example` files
+- Optionally install the required Composer dependencies for the selected providers
+
+This is the quickest way to get started with OAuth in your Tempest application.
+
+Alternatively, you can manually create a configuration file for your desired OAuth provider.
 
 Tempest provides a [different configuration object for each provider](#available-providers). For instance, if you wish to authenticate users with GitHub, you may create a `github.config.php` file returning an instance of {b`Tempest\Auth\OAuth\Config\GitHubOAuthConfig`}:
 

packages/auth/src/Exceptions/AuthenticatableModelWasInvalid.php

@@ -3,7 +3,7 @@
 namespace Tempest\Auth\Exceptions;
 
 use Exception;
-use Tempest\Auth\Authenticatable;
+use Tempest\Auth\Authentication\Authenticatable;
 
 final class AuthenticatableModelWasInvalid extends Exception implements AuthenticationException
 {

packages/auth/src/Exceptions/OAuthProviderWasMissing.php

@@ -4,14 +4,8 @@
 
 namespace Tempest\Auth\Exceptions;
 
-use AdamPaterson\OAuth2\Client\Provider\Slack;
 use Exception;
-use League\OAuth2\Client\Provider\Apple;
-use League\OAuth2\Client\Provider\Facebook;
-use League\OAuth2\Client\Provider\Instagram;
-use League\OAuth2\Client\Provider\LinkedIn;
-use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
-use Wohali\OAuth2\Client\Provider\Discord;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
 
 final class OAuthProviderWasMissing extends Exception implements AuthenticationException
 {
@@ -28,15 +22,6 @@ public function __construct(
 
     private function getPackageName(): ?string
     {
-        return match ($this->missing) {
-            Facebook::class => 'league/oauth2-facebook',
-            Instagram::class => 'league/oauth2-instagram',
-            LinkedIn::class => 'league/oauth2-linkedin',
-            Apple::class => 'patrickbussmann/oauth2-apple',
-            Microsoft::class => 'stevenmaguire/oauth2-microsoft',
-            Discord::class => 'wohali/oauth2-discord-new',
-            Slack::class => 'adam-paterson/oauth2-slack',
-            default => null,
-        };
+        return SupportedOAuthProvider::tryFrom($this->missing)?->composerPackage();
     }
 }

packages/auth/src/Installer/AuthenticationInstaller.php

@@ -40,6 +40,10 @@ public function install(): void
                     migration: $this->container->get(to_fqcn($migration, root: root_path())),
                 );
             }
+
+            if ($this->shouldInstallOAuth()) {
+                $this->container->get(OAuthInstaller::class)->install();
+            }
         }
 
         private function shouldMigrate(): bool
@@ -52,5 +56,16 @@ private function shouldMigrate(): bool
 
             return (bool) $argument->value;
         }
+
+        private function shouldInstallOAuth(): bool
+        {
+            $argument = $this->consoleArgumentBag->get('oauth');
+
+            if ($argument === null || ! is_bool($argument->value)) {
+                return $this->console->confirm('Do you want to install OAuth?', default: false);
+            }
+
+            return (bool) $argument->value;
+        }
     }
 }

packages/auth/src/Installer/OAuthInstaller.php

@@ -0,0 +1,178 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\Installer;
+
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+use Tempest\Core\PublishesFiles;
+use Tempest\Process\ProcessExecutor;
+use Tempest\Support\Filesystem\Exceptions\PathWasNotFound;
+use Tempest\Support\Filesystem\Exceptions\PathWasNotReadable;
+use Tempest\Support\Str\ImmutableString;
+
+use function Tempest\root_path;
+use function Tempest\src_path;
+use function Tempest\Support\arr;
+use function Tempest\Support\Filesystem\read_file;
+use function Tempest\Support\Namespace\to_fqcn;
+use function Tempest\Support\str;
+
+final class OAuthInstaller
+{
+    use PublishesFiles;
+
+    public function __construct(
+        private readonly ProcessExecutor $processExecutor,
+    ) {}
+
+    public function install(): void
+    {
+        $providers = $this->getProviders();
+
+        if (count($providers) === 0) {
+            return;
+        }
+
+        $this->publishStubs(...$providers);
+
+        if ($this->confirm('Would you like to add the OAuth config variables to your .env file?', default: true)) {
+            $this->updateEnvFile(...$providers);
+        }
+
+        if ($this->confirm('Install composer dependencies?', default: true)) {
+            $this->installComposerDependencies(...$providers);
+        }
+
+        $this->console->instructions([
+            sprintf('<strong>The selected OAuth %s installed in your project</strong>', count($providers) > 1 ? 'providers are' : 'provider is'),
+            '',
+            'Next steps:',
+            '1. Update the .env file with your OAuth credentials',
+            '2. Implement the OAuth controller callback method',
+            '3. Review and customize the published files if needed',
+            '',
+            '<strong>Published files</strong>',
+            ...arr($this->publishedFiles)->map(fn (string $file) => '<style="fg-green">→</style> ' . $file),
+        ]);
+    }
+
+    /**
+     * @return list<SupportedOAuthProvider>
+     */
+    private function getProviders(): array
+    {
+        return $this->ask(
+            question: 'Please choose an OAuth provider',
+            options: SupportedOAuthProvider::cases(),
+            multiple: true,
+        );
+    }
+
+    private function publishStubs(SupportedOAuthProvider ...$providers): void
+    {
+        foreach ($providers as $provider) {
+            $this->publishController($provider);
+
+            $this->publishConfig($provider);
+
+            $this->publishImports();
+        }
+    }
+
+    private function publishConfig(SupportedOAuthProvider $provider): void
+    {
+        $name = strtolower($provider->name);
+        $source = __DIR__ . "/../Installer/oauth/{$name}.config.stub.php";
+
+        $this->publish(
+            source: $source,
+            destination: src_path("Authentication/OAuth/{$name}.config.php"),
+        );
+    }
+
+    private function publishController(SupportedOAuthProvider $provider): void
+    {
+        $fileName = str($provider->value)
+            ->classBasename()
+            ->replace('Provider', '')
+            ->append('Controller.php')
+            ->toString();
+
+        $this->publish(
+            source: __DIR__ . '/oauth/OAuthControllerStub.php',
+            destination: src_path("Authentication/OAuth/{$fileName}"),
+            callback: function (string $source, string $destination) use ($provider) {
+                $providerFqcn = $provider::class;
+                $name = strtolower($provider->name);
+                $userModelFqcn = to_fqcn(src_path('Authentication/User.php'), root: root_path());
+
+                $this->update(
+                    path: $destination,
+                    callback: fn (ImmutableString $contents) => $contents->replace(
+                        search: [
+                            "'tag_name'",
+                            'redirect-route',
+                            'callback-route',
+                            "'user-model-fqcn'",
+                            'provider_db_column',
+                        ],
+                        replace: [
+                            "\\{$providerFqcn}::{$provider->name}",
+                            "/auth/{$name}",
+                            "/auth/{$name}/callback",
+                            "\\{$userModelFqcn}::class",
+                            "{$name}_id",
+                        ],
+                    ),
+                );
+            },
+        );
+    }
+
+    private function installComposerDependencies(SupportedOAuthProvider ...$providers): void
+    {
+        $packages = arr($providers)
+            ->map(fn (SupportedOAuthProvider $provider) => $provider->composerPackage())
+            ->filter();
+
+        if ($packages->isNotEmpty()) {
+            $this->processExecutor->run("composer require {$packages->implode(' ')}");
+        }
+    }
+
+    private function updateEnvFile(SupportedOAuthProvider ...$providers): void
+    {
+        arr($providers)
+            ->map(fn (SupportedOAuthProvider $provider) => $this->extractSettings($provider))
+            ->filter()
+            ->flatten()
+            ->each(function (string $setting) {
+                foreach (['.env', '.env.example'] as $envFile) {
+                    $this->update(
+                        path: root_path($envFile),
+                        callback: static fn (ImmutableString $contents): ImmutableString => $contents->contains($setting)
+                            ? $contents
+                            : $contents->append(PHP_EOL, "{$setting}="),
+                        ignoreNonExisting: true,
+                    );
+                }
+            });
+    }
+
+    private function extractSettings(SupportedOAuthProvider $provider): array
+    {
+        $name = strtolower($provider->name);
+        $configPath = __DIR__ . "/../Installer/oauth/{$name}.config.stub.php";
+
+        try {
+            return str(read_file($configPath))
+                ->matchAll("/env\('(OAUTH_[^']*)'/", matches: 1)
+                ->map(fn (array $matches) => $matches[1] ?? null)
+                ->filter()
+                ->toArray();
+        } catch (PathWasNotFound|PathWasNotReadable) {
+            return [];
+        }
+    }
+}