feat: add back form session error and original value management

Author: innocenzi

docs/1-essentials/01-routing.md

@@ -449,12 +449,12 @@ final readonly class AircraftController
 
 When users submit forms—like updating profile settings, or posting comments—the data needs validation before processing. Tempest automatically validates request objects using type hints and validation attributes, then provides errors back to users when something is wrong.
 
-On validation failure, Tempest either redirects back to the form (for web pages) or returns a 400 response (for stateless requests). Validation errors are available in two places:
+On validation failure, Tempest either redirects back to the form (for web pages) or returns a 422 response (for stateless requests). Validation errors are available in two places:
 
 - As a JSON encoded string in the `{txt}X-Validation` header
-- Within the session stored in `Session::VALIDATION_ERRORS`
+- Through the `b{Tempest\Http\Session\FormSession}` class
 
-The JSON-encoded header is available for APIs built with Tempest. The session errors are available for web pages. For web pages, Tempest provides built-in view components to display errors when they occur.
+For web pages, Tempest also provides built-in view components to display errors when they occur.
 
 ```html
 <x-form :action="uri(StorePostController::class)">
@@ -464,7 +464,7 @@ The JSON-encoded header is available for APIs built with Tempest. The session er
 </x-form>
 ```
 
-`{html}<x-form>` is a view component that automatically includes the CSRF token and defaults to sending `POST` requests. `{html}<x-input>` is a view component that renders a label, input field, and validation errors all at once.
+`{html}<x-form>` is a view component that defaults to sending `POST` requests. `{html}<x-input>` is a view component that renders a label, input field, and validation errors all at once.
 
 :::info
 These built-in view components can be customized. Run `./tempest install view-components` and select the components to pull into the project. [Read more about installing view components here](../1-essentials/02-views.md#built-in-components).

packages/http/src/Session/FormSession.php

@@ -0,0 +1,105 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Http\Session;
+
+use Tempest\Container\Singleton;
+use Tempest\Validation\FailingRule;
+
+/**
+ * Manages form validation errors and original input values in the session.
+ */
+#[Singleton]
+final readonly class FormSession
+{
+    private const string VALIDATION_ERRORS_KEY = '#validation_errors';
+    private const string ORIGINAL_VALUES_KEY = '#original_values';
+
+    public function __construct(
+        private Session $session,
+    ) {}
+
+    /**
+     * Stores validation errors for the next request.
+     *
+     * @param array<string,FailingRule[]> $errors
+     */
+    public function setErrors(array $errors): void
+    {
+        $this->session->flash(self::VALIDATION_ERRORS_KEY, $errors);
+    }
+
+    /**
+     * Gets all validation errors.
+     *
+     * @return array<string,FailingRule[]>
+     */
+    public function getErrors(): array
+    {
+        return $this->session->get(self::VALIDATION_ERRORS_KEY, []);
+    }
+
+    /**
+     * Gets validation errors for a specific field.
+     *
+     * @return FailingRule[]
+     */
+    public function getErrorsFor(string $field): array
+    {
+        return $this->getErrors()[$field] ?? [];
+    }
+
+    /**
+     * Checks if there are any validation errors.
+     */
+    public function hasErrors(): bool
+    {
+        return $this->getErrors() !== [];
+    }
+
+    /**
+     * Checks if a specific field has validation errors.
+     */
+    public function hasError(string $field): bool
+    {
+        return $this->getErrorsFor($field) !== [];
+    }
+
+    /**
+     * Stores each field's original form values for the next request.
+     *
+     * @param array<string,mixed> $values
+     */
+    public function setOriginalValues(array $values): void
+    {
+        $this->session->flash(self::ORIGINAL_VALUES_KEY, $values);
+    }
+
+    /**
+     * Gets all original form values. The keys are the form fields.
+     *
+     * @return array<string,mixed>
+     */
+    public function values(): array
+    {
+        return $this->session->get(self::ORIGINAL_VALUES_KEY, []);
+    }
+
+    /**
+     * Gets the original value for a specific field.
+     */
+    public function getOriginalValueFor(string $field, mixed $default = null): mixed
+    {
+        return $this->values()[$field] ?? $default;
+    }
+
+    /**
+     * Clears all validation errors and original values.
+     */
+    public function clear(): void
+    {
+        $this->session->remove(self::VALIDATION_ERRORS_KEY);
+        $this->session->remove(self::ORIGINAL_VALUES_KEY);
+    }
+}

packages/http/src/Session/ManageSessionLifecycleMiddleware.php

@@ -11,7 +11,7 @@
 /**
  * This middleware is responsible for creating the session and saving it on response.
  */
-#[Priority(Priority::FRAMEWORK)]
+#[Priority(Priority::FRAMEWORK - 20)]
 final readonly class ManageSessionLifecycleMiddleware implements HttpMiddleware
 {
     public function __construct(

packages/http/src/Session/Session.php

@@ -11,16 +11,6 @@
 
 final class Session
 {
-    /**
-     * The session key that holds validation errors.
-     */
-    public const string VALIDATION_ERRORS = '#validation_errors';
-
-    /**
-     * The session key that holds original input values.
-     */
-    public const string ORIGINAL_VALUES = '#original_values';
-
     /**
      * Stores the keys for session values that have expired.
      */
@@ -131,24 +121,6 @@ public function clear(): void
         $this->data = [];
     }
 
-    /**
-     * Gets the failing rules for the specified field.
-     *
-     * @return \Tempest\Validation\FailingRule[]
-     */
-    public function getErrorsFor(string $field): array
-    {
-        return $this->get(self::VALIDATION_ERRORS)[$field] ?? [];
-    }
-
-    /**
-     * Gets the original input value for the specified field.
-     */
-    public function getOriginalValueFor(string $field, mixed $default = ''): mixed
-    {
-        return $this->get(self::ORIGINAL_VALUES)[$field] ?? $default;
-    }
-
     public function __serialize(): array
     {
         return [

packages/router/src/Exceptions/HtmlExceptionRenderer.php

@@ -3,6 +3,7 @@
 namespace Tempest\Router\Exceptions;
 
 use Tempest\Auth\Exceptions\AccessWasDenied;
+use Tempest\Container\Container;
 use Tempest\Core\AppConfig;
 use Tempest\Core\Priority;
 use Tempest\Http\ContentType;
@@ -11,6 +12,7 @@
 use Tempest\Http\Request;
 use Tempest\Http\Response;
 use Tempest\Http\SensitiveField;
+use Tempest\Http\Session\FormSession;
 use Tempest\Http\Session\Session;
 use Tempest\Http\Status;
 use Tempest\Intl\Translator;
@@ -32,7 +34,7 @@ public function __construct(
         private Translator $translator,
         private Request $request,
         private Validator $validator,
-        private Session $session,
+        private Container $container,
     ) {}
 
     public function canRender(Throwable $throwable, Request $request): bool
@@ -123,8 +125,10 @@ private function renderValidationFailedResponse(ValidationFailed $exception): Re
             $status = Status::FOUND;
         }
 
-        $this->session->flash(Session::VALIDATION_ERRORS, $exception->failingRules);
-        $this->session->flash(Session::ORIGINAL_VALUES, $this->filterSensitiveFields($this->request, $exception->targetClass));
+        if ($this->container->has(Session::class)) {
+            $this->container->get(FormSession::class)->setErrors($exception->failingRules);
+            $this->container->get(FormSession::class)->setOriginalValues($this->filterSensitiveFields($this->request, $exception->targetClass));
+        }
 
         $errors = Arr\map_iterable($exception->failingRules, fn (array $failingRulesForField, string $field) => Arr\map_iterable(
             array: $failingRulesForField,

packages/router/src/GenericRouter.php

@@ -6,14 +6,12 @@
 
 use Psr\Http\Message\ServerRequestInterface as PsrRequest;
 use Tempest\Container\Container;
-use Tempest\Core\AppConfig;
 use Tempest\Http\Mappers\PsrRequestToGenericRequestMapper;
 use Tempest\Http\Request;
 use Tempest\Http\Response;
 use Tempest\Http\Responses\Ok;
 use Tempest\Router\Exceptions\ControllerActionHadNoReturn;
 use Tempest\Router\Exceptions\MatchedRouteCouldNotBeResolved;
-use Tempest\Router\Routing\Matching\RouteMatcher;
 use Tempest\View\View;
 
 use function Tempest\Mapper\map;
@@ -22,8 +20,6 @@
 {
     public function __construct(
         private Container $container,
-        private RouteMatcher $routeMatcher,
-        private AppConfig $appConfig,
         private RouteConfig $routeConfig,
     ) {}
 

packages/view/src/Components/x-input.view.php

@@ -7,14 +7,14 @@
  * @var string|null $default
  */
 
-use Tempest\Http\Session\Session;
+use Tempest\Http\Session\FormSession;
 use Tempest\Validation\Validator;
 
 use function Tempest\get;
 use function Tempest\Support\str;
 
-/** @var Session $session */
-$session = get(Session::class);
+/** @var FormSession $formSession */
+$formSession = get(FormSession::class);
 
 /** @var Validator $validator */
 $validator = get(Validator::class);
@@ -24,8 +24,8 @@
 $type ??= 'text';
 $default ??= null;
 
-$errors = $session->getErrorsFor($name);
-$original = $session->getOriginalValueFor($name, $default);
+$errors = $formSession->getErrorsFor($name);
+$original = $formSession->getOriginalValueFor($name, $default);
 ?>
 
 <div>

src/Tempest/Framework/Testing/Http/TestResponseHelper.php

@@ -14,6 +14,7 @@
 use Tempest\Http\Cookie\Cookie;
 use Tempest\Http\Request;
 use Tempest\Http\Response;
+use Tempest\Http\Session\FormSession;
 use Tempest\Http\Session\Session;
 use Tempest\Http\Status;
 use Tempest\Support\Arr;
@@ -203,6 +204,55 @@ public function assertDoesNotHaveCookie(string $key, null|string|Closure $value
         return $this;
     }
 
+    public function assertHasForm(Closure $closure): self
+    {
+        $this->assertHasContainer();
+
+        $formSession = $this->container->get(FormSession::class);
+
+        if (false === $closure($formSession)) {
+            Assert::fail('Failed validating form session.');
+        }
+
+        return $this;
+    }
+
+    /**
+     * Asserts that the original form values in the session match the given values.
+     */
+    public function assertHasFormOriginalValues(array $values): self
+    {
+        $this->assertHasContainer();
+
+        $formSession = $this->container->get(FormSession::class);
+        $originalValues = $formSession->values();
+
+        foreach ($values as $key => $expectedValue) {
+            Assert::assertArrayHasKey(
+                key: $key,
+                array: $originalValues,
+                message: sprintf(
+                    'No original form value was set for [%s], available original form values: %s',
+                    $key,
+                    implode(', ', array_keys($originalValues)),
+                ),
+            );
+
+            Assert::assertEquals(
+                expected: $expectedValue,
+                actual: $originalValues[$key],
+                message: sprintf(
+                    'Original form value for [%s] does not match expected value. Expected: %s, Actual: %s',
+                    $key,
+                    var_export($expectedValue, return: true),
+                    var_export($originalValues[$key], return: true),
+                ),
+            );
+        }
+
+        return $this;
+    }
+
     public function assertHasSession(string $key, ?Closure $callback = null): self
     {
         $this->assertHasContainer();
@@ -253,8 +303,8 @@ public function assertHasValidationError(string $key, ?Closure $callback = null)
 
     public function assertHasNoValidationsErrors(): self
     {
-        $session = $this->container->get(Session::class);
-        $validationErrors = $session->get(Session::VALIDATION_ERRORS) ?? [];
+        $formSession = $this->container->get(FormSession::class);
+        $validationErrors = $formSession->getErrors();
 
         Assert::assertEmpty(
             actual: $validationErrors,