fix: validation referer (#511)

brendt · web-flow · commit a3710a890bd9 · 2024-10-02T09:24:19.000+02:00
diff --git a/src/Tempest/Debug/src/Debug.php b/src/Tempest/Debug/src/Debug.php
@@ -82,14 +82,27 @@ private function writeToOut(array $items, string $callPath): void
                 $output = $this->createDump($item);
 
                 fwrite(STDOUT, $output);
+
+                fwrite(STDOUT, $callPath . PHP_EOL);
             } else {
+                echo sprintf(
+                    '<span style="
+                    display:inline-block; 
+                    color: #fff; 
+                    font-family: %s;
+                    padding: 2px 4px;
+                    font-size: 0.8rem;
+                    margin-bottom: -12px;
+                    background: #0071BC;"
+                >%s (%s)</span>',
+                    'Source Code Pro, ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, Liberation Mono, Courier New, monospace',
+                    $key,
+                    $callPath,
+                );
+
                 VarDumper::dump($item);
             }
         }
-
-        if (defined('STDOUT')) {
-            fwrite(STDOUT, $callPath . PHP_EOL);
-        }
     }
 
     private function createDump(mixed $input): string
diff --git a/src/Tempest/Http/src/HttpApplication.php b/src/Tempest/Http/src/HttpApplication.php
@@ -10,6 +10,7 @@
 use Tempest\Core\Kernel;
 use Tempest\Core\Tempest;
 use function Tempest\env;
+use Tempest\Http\Session\Session;
 use Tempest\Log\Channels\AppendLogChannel;
 use Tempest\Log\LogConfig;
 use Tempest\Support\PathHelper;
@@ -57,6 +58,8 @@ public function run(): void
             $responseSender->send(
                 $router->dispatch($psrRequest),
             );
+
+            $this->container->get(Session::class)->cleanup();
         } catch (Throwable $throwable) {
             foreach ($this->container->get(AppConfig::class)->exceptionHandlers as $exceptionHandler) {
                 $exceptionHandler->handle($throwable);
diff --git a/src/Tempest/Http/src/Responses/Invalid.php b/src/Tempest/Http/src/Responses/Invalid.php
@@ -4,6 +4,7 @@
 
 namespace Tempest\Http\Responses;
 
+use Exception;
 use Psr\Http\Message\ServerRequestInterface as PsrRequest;
 use Tempest\Http\IsResponse;
 use Tempest\Http\Request;
@@ -20,10 +21,10 @@ public function __construct(
         /** @var \Tempest\Validation\Rule[][] $failingRules */
         array $failingRules = [],
     ) {
-        $uri = $request instanceof PsrRequest ? (string)$request->getUri() : $request->getUri();
+        $referer = $request->getHeader('referer')[0] ?? throw new Exception("No referer found, could not redirect (this shouldn't happen, please create a bug report)");
         $body = $request instanceof PsrRequest ? $request->getParsedBody() : $request->getBody();
 
-        $this->addHeader('Location', $uri);
+        $this->addHeader('Location', $referer);
         $this->status = Status::FOUND;
         $this->flash(Session::VALIDATION_ERRORS, $failingRules);
         $this->flash(Session::ORIGINAL_VALUES, $body);
diff --git a/src/Tempest/Http/src/RouterInitializer.php b/src/Tempest/Http/src/RouterInitializer.php
@@ -8,7 +8,6 @@
 use Tempest\Container\Initializer;
 use Tempest\Container\Singleton;
 use Tempest\Http\Cookie\SetCookieMiddleware;
-use Tempest\Http\Session\SessionMiddleware;
 
 final readonly class RouterInitializer implements Initializer
 {
@@ -18,7 +17,6 @@ public function initialize(Container $container): Router
         $router = $container->get(GenericRouter::class);
 
         $router->addMiddleware(SetCookieMiddleware::class);
-        $router->addMiddleware(SessionMiddleware::class);
 
         return $router;
     }
diff --git a/src/Tempest/Http/src/Session/Session.php b/src/Tempest/Http/src/Session/Session.php
@@ -40,7 +40,7 @@ public function get(string $key, mixed $default = null): mixed
         $value = $this->getSessionManager()->get($this->id, $key, $default);
 
         if ($value instanceof FlashValue) {
-            $this->expiredKeys[] = $key;
+            $this->expiredKeys[$key] = $key;
             $value = $value->value;
         }
 
diff --git a/src/Tempest/Http/src/Session/SessionInitializer.php b/src/Tempest/Http/src/Session/SessionInitializer.php
@@ -6,9 +6,11 @@
 
 use Tempest\Container\Container;
 use Tempest\Container\Initializer;
+use Tempest\Container\Singleton;
 
 final readonly class SessionInitializer implements Initializer
 {
+    #[Singleton]
     public function initialize(Container $container): Session
     {
         $sessionManager = $container->get(SessionManager::class);
diff --git a/src/Tempest/Http/src/Session/SessionMiddleware.php b/src/Tempest/Http/src/Session/SessionMiddleware.php
diff --git a/tests/Fixtures/Modules/Form/FormController.php b/tests/Fixtures/Modules/Form/FormController.php
@@ -16,10 +16,10 @@
     #[Get('/form')]
     public function index(): View
     {
-        return view('Modules/Form/form.view.php');
+        return view(__DIR__ . '/../../Modules/Form/form.view.php');
     }
 
-    #[Post('/form')]
+    #[Post('/form/store')]
     public function store(FormRequest $request): Response
     {
         return new Ok('Ok!');
diff --git a/tests/Integration/Http/Responses/InvalidTest.php b/tests/Integration/Http/Responses/InvalidTest.php
@@ -4,6 +4,7 @@
 
 namespace Tests\Tempest\Integration\Http\Responses;
 
+use Psr\Http\Message\ServerRequestInterface as PsrRequest;
 use Tempest\Http\GenericRequest;
 use Tempest\Http\Mappers\RequestToPsrRequestMapper;
 use Tempest\Http\Method;
@@ -21,7 +22,9 @@ final class InvalidTest extends FrameworkIntegrationTestCase
 {
     public function test_invalid(): void
     {
+        /** @var PsrRequest $request */
         $request = map(new GenericRequest(Method::GET, '/original', ['foo' => 'bar']))->with(RequestToPsrRequestMapper::class);
+        $request = $request->withHeader('Referer', '/original');
 
         $response = new Invalid(
             $request,
diff --git a/tests/Integration/Http/SessionFromCookieTest.php b/tests/Integration/Http/SessionFromCookieTest.php
@@ -29,11 +29,6 @@ public function test_resolving_session_from_cookie(): void
         $sessionA = $this->container->get(Session::class);
         $sessionA->set('test', 'a');
 
-        $cookieManager->set('tempest_session_id', 'session_b');
-        $sessionB = $this->container->get(Session::class);
-        $this->assertNull($sessionB->get('test'));
-
-        $cookieManager->set('tempest_session_id', 'session_a');
         $sessionA = $this->container->get(Session::class);
         $this->assertEquals('a', $sessionA->get('test'));
     }
diff --git a/tests/Integration/Http/SessionFromHeaderTest.php b/tests/Integration/Http/SessionFromHeaderTest.php
@@ -17,7 +17,7 @@
  */
 final class SessionFromHeaderTest extends FrameworkIntegrationTestCase
 {
-    public function test_resolving_session_from_cookie(): void
+    public function test_resolving_session_from_header(): void
     {
         $this->container->config(new SessionConfig(
             path: __DIR__ . '/sessions',
@@ -28,11 +28,6 @@ public function test_resolving_session_from_cookie(): void
         $sessionA = $this->container->get(Session::class);
         $sessionA->set('test', 'a');
 
-        $this->setSessionId('session_b');
-        $sessionB = $this->container->get(Session::class);
-        $this->assertNull($sessionB->get('test'));
-
-        $this->setSessionId('session_a');
         $sessionA = $this->container->get(Session::class);
         $this->assertEquals('a', $sessionA->get('test'));
     }
diff --git a/tests/Integration/Http/ValidationResponseTest.php b/tests/Integration/Http/ValidationResponseTest.php
@@ -17,7 +17,11 @@ final class ValidationResponseTest extends FrameworkIntegrationTestCase
     public function test_validation_errors_are_listed_in_the_response_body(): void
     {
         $this->http
-            ->post(uri([ValidationController::class, 'store']), ['number' => 11, 'item.number' => 11])
+            ->post(
+                uri: uri([ValidationController::class, 'store']),
+                body: ['number' => 11, 'item.number' => 11],
+                headers: ['Referer' => uri([ValidationController::class, 'store'])],
+            )
             ->assertRedirect(uri([ValidationController::class, 'store']))
             ->assertHasValidationError('number');
     }
@@ -27,7 +31,11 @@ public function test_original_values(): void
         $values = ['number' => 11, 'item.number' => 11];
 
         $this->http
-            ->post(uri([ValidationController::class, 'store']), $values)
+            ->post(
+                uri: uri([ValidationController::class, 'store']),
+                body: $values,
+                headers: ['Referer' => uri([ValidationController::class, 'store'])],
+            )
             ->assertRedirect(uri([ValidationController::class, 'store']))
             ->assertHasValidationError('number')
             ->assertHasSession(Session::ORIGINAL_VALUES, function (Session $session, array $data) use ($values): void {

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@`
`8`	`8`	`use Tempest\Container\Initializer;`
`9`	`9`	`use Tempest\Container\Singleton;`
`10`	`10`	`use Tempest\Http\Cookie\SetCookieMiddleware;`
`11`		`-use Tempest\Http\Session\SessionMiddleware;`
`12`	`11`
`13`	`12`	`final readonly class RouterInitializer implements Initializer`
`14`	`13`	`{`
`@@ -18,7 +17,6 @@ public function initialize(Container $container): Router`
`18`	`17`	`$router = $container->get(GenericRouter::class);`
`19`	`18`
`20`	`19`	`$router->addMiddleware(SetCookieMiddleware::class);`
`21`		`- $router->addMiddleware(SessionMiddleware::class);`
`22`	`20`
`23`	`21`	`return $router;`
`24`	`22`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ public function get(string $key, mixed $default = null): mixed`
`40`	`40`	`$value = $this->getSessionManager()->get($this->id, $key, $default);`
`41`	`41`
`42`	`42`	`if ($value instanceof FlashValue) {`
`43`		`- $this->expiredKeys[] = $key;`
	`43`	`+ $this->expiredKeys[$key] = $key;`
`44`	`44`	`$value = $value->value;`
`45`	`45`	`}`
`46`	`46`
Original file line number	Diff line number	Diff line change
`@@ -6,9 +6,11 @@`
`6`	`6`
`7`	`7`	`use Tempest\Container\Container;`
`8`	`8`	`use Tempest\Container\Initializer;`
	`9`	`+use Tempest\Container\Singleton;`
`9`	`10`
`10`	`11`	`final readonly class SessionInitializer implements Initializer`
`11`	`12`	`{`
	`13`	`+ #[Singleton]`
`12`	`14`	`public function initialize(Container $container): Session`
`13`	`15`	`{`
`14`	`16`	`$sessionManager = $container->get(SessionManager::class);`
Original file line number	Diff line number	Diff line change
`@@ -16,10 +16,10 @@`
`16`	`16`	`#[Get('/form')]`
`17`	`17`	`public function index(): View`
`18`	`18`	`{`
`19`		`- return view('Modules/Form/form.view.php');`
	`19`	`+ return view(__DIR__ . '/../../Modules/Form/form.view.php');`
`20`	`20`	`}`
`21`	`21`
`22`		`- #[Post('/form')]`
	`22`	`+ #[Post('/form/store')]`
`23`	`23`	`public function store(FormRequest $request): Response`
`24`	`24`	`{`
`25`	`25`	`return new Ok('Ok!');`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`namespace Tests\Tempest\Integration\Http\Responses;`
`6`	`6`
	`7`	`+use Psr\Http\Message\ServerRequestInterface as PsrRequest;`
`7`	`8`	`use Tempest\Http\GenericRequest;`
`8`	`9`	`use Tempest\Http\Mappers\RequestToPsrRequestMapper;`
`9`	`10`	`use Tempest\Http\Method;`
`@@ -21,7 +22,9 @@ final class InvalidTest extends FrameworkIntegrationTestCase`
`21`	`22`	`{`
`22`	`23`	`public function test_invalid(): void`
`23`	`24`	`{`
	`25`	`+ /** @var PsrRequest $request */`
`24`	`26`	`$request = map(new GenericRequest(Method::GET, '/original', ['foo' => 'bar']))->with(RequestToPsrRequestMapper::class);`
	`27`	`+ $request = $request->withHeader('Referer', '/original');`
`25`	`28`
`26`	`29`	`$response = new Invalid(`
`27`	`30`	`$request,`