Refactor error handling

Remove AlertStream from default UserMessageExceptionHandler  and implement backup AlertStreamExceptionHandler

Author: lcharette

packages/sprinkle-account/app/tests/Twig/AccountExtensionTest.php

@@ -14,7 +14,6 @@
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
 use PHPUnit\Framework\TestCase;
 use Slim\Views\Twig;
-use UserFrosting\Alert\AlertStream;
 use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
 use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface;
 use UserFrosting\Sprinkle\Account\Twig\AccountExtension;
@@ -78,7 +77,7 @@ public function testCheckAccess(): void
 
     public function testCurrentUser(): void
     {
-        // Define mock AlertStream and register with Container
+        // Define mock Authenticator and register with Container
         /** @var Authenticator */
         $authenticator = Mockery::mock(Authenticator::class);
 

packages/sprinkle-admin/app/tests/Controller/User/UserEditActionTest.php

@@ -13,7 +13,6 @@
 namespace UserFrosting\Sprinkle\Admin\Tests\Controller\User;
 
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
-use UserFrosting\Alert\AlertStream;
 use UserFrosting\Config\Config;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
 use UserFrosting\Sprinkle\Account\Testing\WithTestUser;
@@ -179,13 +178,6 @@ public function testPageForEmailInUse(): void
             'description' => 'Email <strong>' . $user->email . '</strong> is already in use.',
             'status'      => 400,
         ], $response);
-
-        // Test message
-        // TODO : AlertStream should not be used anymore, but there really is a message returned here.
-        /** @var AlertStream */
-        $ms = $this->ci->get(AlertStream::class);
-        $messages = $ms->getAndClearMessages();
-        $this->assertSame('danger', array_reverse($messages)[0]['type']);
     }
 
     public function testPageForFailedValidation(): void
@@ -215,11 +207,5 @@ public function testPageForFailedValidation(): void
             'description' => 'Invalid email address.',
             'status'      => 400,
         ], $response);
-
-        // Test message
-        /** @var AlertStream */
-        $ms = $this->ci->get(AlertStream::class);
-        $messages = $ms->getAndClearMessages();
-        $this->assertSame('danger', array_reverse($messages)[0]['type']);
     }
 }

packages/sprinkle-core/app/src/Error/Handler/AlertStreamExceptionHandler.php

@@ -0,0 +1,87 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * UserFrosting Core Sprinkle (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/sprinkle-core
+ * @copyright Copyright (c) 2013-2024 Alexander Weissman & Louis Charette
+ * @license   https://github.com/userfrosting/sprinkle-core/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Core\Error\Handler;
+
+use DI\Attribute\Inject;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Throwable;
+use UserFrosting\Alert\AlertStream;
+use UserFrosting\Sprinkle\Core\Exceptions\Contracts\UserMessageException;
+use UserFrosting\Support\Message\UserMessage;
+
+/**
+ * Handles exceptions intended to be shown to the end user via the Alert Stream
+ * service. Overrides the default behavior and status code.
+ */
+final class AlertStreamExceptionHandler extends ExceptionHandler
+{
+    #[Inject]
+    protected AlertStream $alert;
+
+    /**
+     * Don't log theses exceptions.
+     */
+    protected function shouldLogExceptions(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Don't display details for theses exceptions.
+     */
+    protected function displayErrorDetails(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Force the use if Exception code for AuthException.
+     */
+    protected function determineStatusCode(ServerRequestInterface $request, Throwable $exception): int
+    {
+        return intval($exception->getCode());
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * Adds the exception message to the alert stream.
+     */
+    public function handle(ServerRequestInterface $request, Throwable $exception): ResponseInterface
+    {
+        if ($exception instanceof UserMessageException) {
+            $title = $this->translateExceptionPart($exception->getTitle());
+            $description = $this->translateExceptionPart($exception->getDescription());
+            $this->alert->addMessage('danger', "$title: $description");
+        }
+
+        return parent::handle($request, $exception);
+    }
+
+    /**
+     * Translate a string or UserMessage to a string.
+     *
+     * @param string|UserMessage $message
+     *
+     * @return string
+     */
+    protected function translateExceptionPart(string|UserMessage $message): string
+    {
+        if ($message instanceof UserMessage) {
+            return $this->translator->translate($message->message, $message->parameters);
+        }
+
+        return $this->translator->translate($message);
+    }
+}

packages/sprinkle-core/app/src/Error/Handler/UserMessageExceptionHandler.php

@@ -12,23 +12,19 @@
 
 namespace UserFrosting\Sprinkle\Core\Error\Handler;
 
-use DI\Attribute\Inject;
-use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Throwable;
-use UserFrosting\Alert\AlertStream;
-use UserFrosting\Sprinkle\Core\Exceptions\Contracts\UserMessageException;
-use UserFrosting\Support\Message\UserMessage;
 
 /**
- * Generic handler for exceptions that will be presented to the end user.
- * Override the default behavior and status code.
+ * Handles exceptions intended to be presented to the end user. Overrides the
+ * default behavior and status code. Exceptions handled by this class are not
+ * logged and do not display detailed information. They include a developer-
+ * facing message and title, as well as a separate user-facing message. The
+ * user-facing message is displayed to the end user either as an HTML page or
+ * a JSON response.
  */
 final class UserMessageExceptionHandler extends ExceptionHandler
 {
-    #[Inject]
-    protected AlertStream $alert;
-
     /**
      * Don't log theses exceptions.
      */
@@ -52,36 +48,4 @@ protected function determineStatusCode(ServerRequestInterface $request, Throwabl
     {
         return intval($exception->getCode());
     }
-
-    /**
-     * {@inheritdoc}
-     *
-     * Adds the exception message to the alert stream.
-     */
-    public function handle(ServerRequestInterface $request, Throwable $exception): ResponseInterface
-    {
-        if ($exception instanceof UserMessageException) {
-            $title = $this->translateExceptionPart($exception->getTitle());
-            $description = $this->translateExceptionPart($exception->getDescription());
-            $this->alert->addMessage('danger', "$title: $description");
-        }
-
-        return parent::handle($request, $exception);
-    }
-
-    /**
-     * Translate a string or UserMessage to a string.
-     *
-     * @param string|UserMessage $message
-     *
-     * @return string
-     */
-    protected function translateExceptionPart(string|UserMessage $message): string
-    {
-        if ($message instanceof UserMessage) {
-            return $this->translator->translate($message->message, $message->parameters);
-        }
-
-        return $this->translator->translate($message);
-    }
 }

packages/sprinkle-core/app/src/ServicesProvider/ErrorHandlerService.php

@@ -21,6 +21,11 @@
 use UserFrosting\Sprinkle\Core\Error\Handler\UserMessageExceptionHandler;
 use UserFrosting\Sprinkle\Core\Exceptions\Contracts\UserMessageException;
 
+/**
+ * Note: Starting with UserFrosting 6.0, `UserMessageException` instances are
+ * no longer sent to the Alert Stream. To restore the behavior from
+ * UserFrosting 5, use the `AlertStreamExceptionHandler` instead.
+ */
 class ErrorHandlerService implements ServicesProviderInterface
 {
     public function register(): array

packages/sprinkle-core/app/tests/Integration/Csrf/CsrfGuardMiddlewareTest.php

@@ -15,7 +15,6 @@
 use Psr\Http\Message\ResponseInterface as Response;
 use Slim\App;
 use Slim\Views\Twig;
-use UserFrosting\Alert\AlertStream;
 use UserFrosting\Config\Config;
 use UserFrosting\Routes\RouteDefinitionInterface;
 use UserFrosting\Session\Session;
@@ -42,10 +41,6 @@ public function setUp(): void
 
     public function testFailCsrf(): void
     {
-        /** @var AlertStream */
-        $ms = $this->ci->get(AlertStream::class);
-        $ms->resetMessageStream();
-
         // Create request with method and url and fetch response
         $request = $this->createJsonRequest('POST', '/csrf');
         $response = $this->handleRequest($request);
@@ -54,11 +49,6 @@ public function testFailCsrf(): void
         $this->assertResponseStatus(400, $response);
         $this->assertJsonResponse('Bad Request', $response, 'title');
         $this->assertJsonResponse('Missing CSRF token. Try refreshing the page and then submitting again?', $response, 'description');
-
-        // Test message
-        $messages = $ms->getAndClearMessages();
-        $this->assertCount(1, $messages);
-        $this->assertSame('danger', end($messages)['type']); // @phpstan-ignore-line
     }
 
     public function testSuccessCsrf(): void
@@ -115,10 +105,6 @@ public function testCsrfBlacklist(): void
 
     public function testCsrfStorage(): void
     {
-        /** @var AlertStream */
-        $ms = $this->ci->get(AlertStream::class);
-        $ms->resetMessageStream();
-
         /** @var Config */
         $config = $this->ci->get(Config::class);
         $csrfKey = $config->getString('session.keys.csrf');
@@ -133,11 +119,6 @@ public function testCsrfStorage(): void
 
         // Assert response status & body
         $this->assertResponseStatus(400, $response);
-
-        // Test message
-        $messages = $ms->getAndClearMessages();
-        $this->assertCount(1, $messages);
-        $this->assertSame('danger', end($messages)['type']); // @phpstan-ignore-line
     }
 
     public function testTwigCsrf(): void

packages/sprinkle-core/app/tests/Integration/Error/Handler/AlertStreamExceptionHandlerTest.php

@@ -0,0 +1,106 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * UserFrosting Core Sprinkle (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/sprinkle-core
+ * @copyright Copyright (c) 2013-2024 Alexander Weissman & Louis Charette
+ * @license   https://github.com/userfrosting/sprinkle-core/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Core\Tests\Integration\Error\Handler;
+
+use Slim\App as SlimApp;
+use UserFrosting\Alert\AlertStream;
+use UserFrosting\Routes\RouteDefinitionInterface;
+use UserFrosting\Sprinkle\Core\Core;
+use UserFrosting\Sprinkle\Core\Error\ExceptionHandlerMiddleware;
+use UserFrosting\Sprinkle\Core\Error\Handler\AlertStreamExceptionHandler;
+use UserFrosting\Sprinkle\Core\Exceptions\UserFacingException;
+use UserFrosting\Sprinkle\Core\Tests\CoreTestCase as TestCase;
+use UserFrosting\Support\Message\UserMessage;
+
+/**
+ * Test the handler for AlertStreamExceptionHandler.
+ */
+class AlertStreamExceptionHandlerTest extends TestCase
+{
+    protected string $mainSprinkle = AlertStreamExceptionTestSprinkle::class;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        // Register the AlertStreamExceptionHandler
+        $handler = $this->ci->get(ExceptionHandlerMiddleware::class);
+        $handler->registerHandler(UserFacingException::class, AlertStreamExceptionHandler::class, true);
+    }
+
+    public function testHTML(): void
+    {
+        /** @var AlertStream */
+        $ms = $this->ci->get(AlertStream::class);
+        $ms->resetMessageStream();
+
+        // Create request with method and url and fetch response
+        $request = $this->createRequest('GET', '/UserFacingException');
+        $response = $this->handleRequest($request);
+
+        // Assert response status & body
+        $this->assertResponseStatus(400, $response);
+
+        // Test message
+        $messages = $ms->getAndClearMessages();
+        $this->assertCount(1, $messages);
+        $this->assertSame('danger', end($messages)['type']);
+        $this->assertSame('Foo: Bar is bar', end($messages)['message']);
+    }
+
+    public function testJson(): void
+    {
+        // Create request with method and url and fetch response
+        $request = $this->createJsonRequest('GET', '/UserFacingException');
+        $response = $this->handleRequest($request);
+
+        // Assert response status & body
+        $this->assertResponseStatus(400, $response);
+        $this->assertJsonResponse([
+            'title'       => 'Foo',
+            'description' => 'Bar is bar',
+            'status'      => 400
+        ], $response);
+
+        // Test message
+        /** @var AlertStream */
+        $ms = $this->ci->get(AlertStream::class);
+        $messages = $ms->getAndClearMessages();
+        $this->assertCount(1, $messages);
+        $this->assertSame('danger', end($messages)['type']);
+        $this->assertSame('Foo: Bar is bar', end($messages)['message']);
+    }
+}
+
+class AlertStreamExceptionTestRoutes implements RouteDefinitionInterface
+{
+    public function register(SlimApp $app): void
+    {
+        $app->get('/UserFacingException', function () {
+            $e = new UserFacingException();
+            $e->setTitle('Foo');
+            $e->setDescription(new UserMessage('Bar is {{foo}}', ['foo' => 'bar']));
+            throw $e;
+        });
+    }
+}
+
+class AlertStreamExceptionTestSprinkle extends Core
+{
+    public function getRoutes(): array
+    {
+        return [
+            AlertStreamExceptionTestRoutes::class,
+        ];
+    }
+}