iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use specific ID parameter names in routes (#1023)

This commit is contained in:
Thomas Rupprecht 2022-12-11 18:01:34 +01:00 committed by GitHub
parent 61cff64d96
commit ce0ac6f823
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 228 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
config/routes.php
View File

@ -15,53 +15,83 @@ $route->post('/login', 'AuthController@postLogin');
$route->get('/logout', 'AuthController@logout'); $route->get('/logout', 'AuthController@logout');
// OAuth // OAuth
$route->get('/oauth/{provider}', 'OAuthController@index'); $route->addGroup(
$route->post('/oauth/{provider}/connect', 'OAuthController@connect'); '/oauth/{provider}',
$route->post('/oauth/{provider}/disconnect', 'OAuthController@disconnect'); function (RouteCollector $route) {
$route->get('', 'OAuthController@index');
$route->post('/connect', 'OAuthController@connect');
$route->post('/disconnect', 'OAuthController@disconnect');
}
);
// User settings // User settings
$route->get('/settings/profile', 'SettingsController@profile'); $route->addGroup(
$route->post('/settings/profile', 'SettingsController@saveProfile'); '/settings',
$route->get('/settings/password', 'SettingsController@password'); function (RouteCollector $route) {
$route->post('/settings/password', 'SettingsController@savePassword'); $route->get('/profile', 'SettingsController@profile');
$route->get('/settings/theme', 'SettingsController@theme'); $route->post('/profile', 'SettingsController@saveProfile');
$route->post('/settings/theme', 'SettingsController@saveTheme'); $route->get('/password', 'SettingsController@password');
$route->get('/settings/language', 'SettingsController@language'); $route->post('/password', 'SettingsController@savePassword');
$route->post('/settings/language', 'SettingsController@saveLanguage'); $route->get('/theme', 'SettingsController@theme');
$route->get('/settings/oauth', 'SettingsController@oauth'); $route->post('/theme', 'SettingsController@saveTheme');
$route->get('/language', 'SettingsController@language');
$route->post('/language', 'SettingsController@saveLanguage');
$route->get('/oauth', 'SettingsController@oauth');
}
);
// Password recovery // Password recovery
$route->get('/password/reset', 'PasswordResetController@reset'); $route->addGroup(
$route->post('/password/reset', 'PasswordResetController@postReset'); '/password/reset',
$route->get('/password/reset/{token:.+}', 'PasswordResetController@resetPassword'); function (RouteCollector $route) {
$route->post('/password/reset/{token:.+}', 'PasswordResetController@postResetPassword'); $route->get('', 'PasswordResetController@reset');
$route->post('', 'PasswordResetController@postReset');
$route->get('/{token:.+}', 'PasswordResetController@resetPassword');
$route->post('/{token:.+}', 'PasswordResetController@postResetPassword');
}
);
// Stats // Stats
$route->get('/metrics', 'Metrics\\Controller@metrics'); $route->get('/metrics', 'Metrics\\Controller@metrics');
$route->get('/stats', 'Metrics\\Controller@stats'); $route->get('/stats', 'Metrics\\Controller@stats');
// News // News
$route->get('/news', 'NewsController@index');
$route->get('/meetings', 'NewsController@meetings'); $route->get('/meetings', 'NewsController@meetings');
$route->get('/news/{id:\d+}', 'NewsController@show'); $route->addGroup(
$route->post('/news/{id:\d+}', 'NewsController@comment'); '/news',
$route->post('/news/comment/{id:\d+}', 'NewsController@deleteComment'); function (RouteCollector $route) {
$route->get('', 'NewsController@index');
$route->get('/{news_id:\d+}', 'NewsController@show');
$route->post('/{news_id:\d+}', 'NewsController@comment');
$route->post('/comment/{comment_id:\d+}', 'NewsController@deleteComment');
}
);
// FAQ // FAQ
$route->get('/faq', 'FaqController@index'); $route->get('/faq', 'FaqController@index');
// Questions // Questions
$route->get('/questions', 'QuestionsController@index'); $route->addGroup(
$route->post('/questions', 'QuestionsController@delete'); '/questions',
$route->get('/questions/new', 'QuestionsController@add'); function (RouteCollector $route) {
$route->post('/questions/new', 'QuestionsController@save'); $route->get('', 'QuestionsController@index');
$route->post('', 'QuestionsController@delete');
$route->get('/new', 'QuestionsController@add');
$route->post('/new', 'QuestionsController@save');
}
);
// Messages // Messages
$route->get('/messages', 'MessagesController@index'); $route->addGroup(
$route->post('/messages', 'MessagesController@redirectToConversation'); '/messages',
$route->get('/messages/{user_id:\d+}', 'MessagesController@messagesOfConversation'); function (RouteCollector $route) {
$route->post('/messages/{user_id:\d+}', 'MessagesController@send'); $route->get('', 'MessagesController@index');
$route->post('/messages/{user_id:\d+}/{msg_id:\d+}', 'MessagesController@delete'); $route->post('', 'MessagesController@redirectToConversation');
$route->get('/{user_id:\d+}', 'MessagesController@messagesOfConversation');
$route->post('/{user_id:\d+}', 'MessagesController@send');
$route->post('/{user_id:\d+}/{msg_id:\d+}', 'MessagesController@delete');
}
);
// API // API
$route->get('/api[/{resource:.+}]', 'ApiController@index'); $route->get('/api[/{resource:.+}]', 'ApiController@index');
@ -77,24 +107,29 @@ $route->addGroup(
$route->addGroup( $route->addGroup(
'/faq', '/faq',
function (RouteCollector $route) { function (RouteCollector $route) {
$route->get('[/{id:\d+}]', 'Admin\\FaqController@edit'); $route->get('[/{faq_id:\d+}]', 'Admin\\FaqController@edit');
$route->post('[/{id:\d+}]', 'Admin\\FaqController@save'); $route->post('[/{faq_id:\d+}]', 'Admin\\FaqController@save');
} }
); );
// Log // Log
$route->get('/logs', 'Admin\\LogsController@index'); $route->addGroup(
$route->post('/logs', 'Admin\\LogsController@index'); '/logs',
function (RouteCollector $route) {
$route->get('', 'Admin\\LogsController@index');
$route->post('', 'Admin\\LogsController@index');
}
);
// Schedule // Schedule
$route->addGroup( $route->addGroup(
'/schedule', '/schedule',
function (RouteCollector $route) { function (RouteCollector $route) {
$route->get('', 'Admin\\Schedule\\ImportSchedule@index'); $route->get('', 'Admin\\Schedule\\ImportSchedule@index');
$route->get('/edit[/{id:\d+}]', 'Admin\\Schedule\\ImportSchedule@edit'); $route->get('/edit[/{schedule_id:\d+}]', 'Admin\\Schedule\\ImportSchedule@edit');
$route->post('/edit[/{id:\d+}]', 'Admin\\Schedule\\ImportSchedule@save'); $route->post('/edit[/{schedule_id:\d+}]', 'Admin\\Schedule\\ImportSchedule@save');
$route->get('/load/{id:\d+}', 'Admin\\Schedule\\ImportSchedule@loadSchedule'); $route->get('/load/{schedule_id:\d+}', 'Admin\\Schedule\\ImportSchedule@loadSchedule');
$route->post('/import/{id:\d+}', 'Admin\\Schedule\\ImportSchedule@importSchedule'); $route->post('/import/{schedule_id:\d+}', 'Admin\\Schedule\\ImportSchedule@importSchedule');
} }
); );
@ -104,31 +139,39 @@ $route->addGroup(
function (RouteCollector $route) { function (RouteCollector $route) {
$route->get('', 'Admin\\QuestionsController@index'); $route->get('', 'Admin\\QuestionsController@index');
$route->post('', 'Admin\\QuestionsController@delete'); $route->post('', 'Admin\\QuestionsController@delete');
$route->get('/{id:\d+}', 'Admin\\QuestionsController@edit'); $route->get('/{question_id:\d+}', 'Admin\\QuestionsController@edit');
$route->post('/{id:\d+}', 'Admin\\QuestionsController@save'); $route->post('/{question_id:\d+}', 'Admin\\QuestionsController@save');
} }
); );
// User // User
$route->addGroup( $route->addGroup(
'/user/{id:\d+}', '/user/{user_id:\d+}',
function (RouteCollector $route) { function (RouteCollector $route) {
// Shirts // Shirts
$route->get('/shirt', 'Admin\\UserShirtController@editShirt'); $route->addGroup(
$route->post('/shirt', 'Admin\\UserShirtController@saveShirt'); '/shirt',
function (RouteCollector $route) {
$route->get('', 'Admin\\UserShirtController@editShirt');
$route->post('', 'Admin\\UserShirtController@saveShirt');
}
);
// Worklogs // Worklogs
$route->get('/worklog', 'Admin\\UserWorkLogController@editWorklog'); $route->addGroup(
$route->post('/worklog', 'Admin\\UserWorkLogController@saveWorklog'); '/worklog',
$route->get('/worklog/{worklog_id:\d+}', 'Admin\\UserWorkLogController@editWorklog'); function (RouteCollector $route) {
$route->post('/worklog/{worklog_id:\d+}', 'Admin\\UserWorkLogController@saveWorklog'); $route->get('[/{worklog_id:\d+}]', 'Admin\\UserWorkLogController@editWorklog');
$route->get( $route->post('[/{worklog_id:\d+}]', 'Admin\\UserWorkLogController@saveWorklog');
'/worklog/{worklog_id:\d+}/delete', $route->get(
'Admin\\UserWorkLogController@showDeleteWorklog' '/{worklog_id:\d+}/delete',
); 'Admin\\UserWorkLogController@showDeleteWorklog'
$route->post( );
'/worklog/{worklog_id:\d+}/delete', $route->post(
'Admin\\UserWorkLogController@deleteWorklog' '/{worklog_id:\d+}/delete',
'Admin\\UserWorkLogController@deleteWorklog'
);
}
); );
} }
); );
@ -137,8 +180,8 @@ $route->addGroup(
$route->addGroup( $route->addGroup(
'/news', '/news',
function (RouteCollector $route) { function (RouteCollector $route) {
$route->get('[/{id:\d+}]', 'Admin\\NewsController@edit'); $route->get('[/{news_id:\d+}]', 'Admin\\NewsController@edit');
$route->post('[/{id:\d+}]', 'Admin\\NewsController@save'); $route->post('[/{news_id:\d+}]', 'Admin\\NewsController@save');
} }
); );
} }

14
includes/pages/schedule/ImportSchedule.php
View File

@ -104,7 +104,9 @@ class ImportSchedule extends BaseController
*/ */
public function edit(Request $request): Response public function edit(Request $request): Response
{ {
$schedule = ScheduleUrl::find($request->getAttribute('id')); $scheduleId = $request->getAttribute('schedule_id'); // optional
$schedule = ScheduleUrl::find($scheduleId);
return $this->response->withView( return $this->response->withView(
'admin/schedule/edit.twig', 'admin/schedule/edit.twig',
@ -122,9 +124,10 @@ class ImportSchedule extends BaseController
*/ */
public function save(Request $request): Response public function save(Request $request): Response
{ {
$id = $request->getAttribute('id'); $scheduleId = $request->getAttribute('schedule_id'); // optional
/** @var ScheduleUrl $schedule */ /** @var ScheduleUrl $schedule */
$schedule = ScheduleUrl::findOrNew($id); $schedule = ScheduleUrl::findOrNew($scheduleId);
$data = $this->validate($request, [ $data = $this->validate($request, [
'name' => 'required', 'name' => 'required',
@ -437,9 +440,10 @@ class ImportSchedule extends BaseController
*/ */
protected function getScheduleData(Request $request) protected function getScheduleData(Request $request)
{ {
$id = $request->getAttribute('id'); $scheduleId = (int)$request->getAttribute('schedule_id');
/** @var ScheduleUrl $scheduleUrl */ /** @var ScheduleUrl $scheduleUrl */
$scheduleUrl = ScheduleUrl::findOrFail($id); $scheduleUrl = ScheduleUrl::findOrFail($scheduleId);
$scheduleResponse = $this->guzzle->get($scheduleUrl->url); $scheduleResponse = $this->guzzle->get($scheduleUrl->url);
if ($scheduleResponse->getStatusCode() != 200) { if ($scheduleResponse->getStatusCode() != 200) {

10
src/Controllers/Admin/FaqController.php
View File

@ -57,8 +57,9 @@ class FaqController extends BaseController
*/ */
public function edit(Request $request): Response public function edit(Request $request): Response
{ {
$id = $request->getAttribute('id'); $faqId = $request->getAttribute('faq_id'); // optional
$faq = $this->faq->find($id);
$faq = $this->faq->find($faqId);
return $this->showEdit($faq); return $this->showEdit($faq);
} }
@ -70,9 +71,10 @@ class FaqController extends BaseController
*/ */
public function save(Request $request): Response public function save(Request $request): Response
{ {
$id = $request->getAttribute('id'); $faqId = $request->getAttribute('faq_id'); // optional
/** @var Faq $faq */ /** @var Faq $faq */
$faq = $this->faq->findOrNew($id); $faq = $this->faq->findOrNew($faqId);
$data = $this->validate($request, [ $data = $this->validate($request, [
'question' => 'required', 'question' => 'required',

10
src/Controllers/Admin/NewsController.php
View File

@ -63,8 +63,9 @@ class NewsController extends BaseController
*/ */
public function edit(Request $request): Response public function edit(Request $request): Response
{ {
$id = $request->getAttribute('id'); $newsId = $request->getAttribute('news_id'); // optional
$news = $this->news->find($id);
$news = $this->news->find($newsId);
$isMeeting = $request->get('meeting', false); $isMeeting = $request->get('meeting', false);
return $this->showEdit($news, $isMeeting); return $this->showEdit($news, $isMeeting);
@ -95,9 +96,10 @@ class NewsController extends BaseController
*/ */
public function save(Request $request): Response public function save(Request $request): Response
{ {
$id = $request->getAttribute('id'); $newsId = $request->getAttribute('news_id'); // optional
/** @var News $news */ /** @var News $news */
$news = $this->news->findOrNew($id); $news = $this->news->findOrNew($newsId);
$data = $this->validate($request, [ $data = $this->validate($request, [
'title' => 'required', 'title' => 'required',

10
src/Controllers/Admin/QuestionsController.php
View File

@ -102,8 +102,9 @@ class QuestionsController extends BaseController
*/ */
public function edit(Request $request): Response public function edit(Request $request): Response
{ {
$id = $request->getAttribute('id'); $questionId = (int)$request->getAttribute('question_id');
$questions = $this->question->find($id);
$questions = $this->question->find($questionId);
return $this->showEdit($questions); return $this->showEdit($questions);
} }
@ -115,9 +116,10 @@ class QuestionsController extends BaseController
*/ */
public function save(Request $request): Response public function save(Request $request): Response
{ {
$id = $request->getAttribute('id'); $questionId = (int)$request->getAttribute('question_id');
/** @var Question $question */ /** @var Question $question */
$question = $this->question->findOrNew($id); $question = $this->question->findOrNew($questionId);
$data = $this->validate($request, [ $data = $this->validate($request, [
'text' => 'required', 'text' => 'required',

10
src/Controllers/Admin/UserShirtController.php
View File

@ -71,8 +71,9 @@ class UserShirtController extends BaseController
*/ */
public function editShirt(Request $request): Response public function editShirt(Request $request): Response
{ {
$id = $request->getAttribute('id'); $userId = (int)$request->getAttribute('user_id');
$user = $this->user->findOrFail($id);
$user = $this->user->findOrFail($userId);
return $this->response->withView( return $this->response->withView(
'admin/user/edit-shirt.twig', 'admin/user/edit-shirt.twig',
@ -87,9 +88,10 @@ class UserShirtController extends BaseController
*/ */
public function saveShirt(Request $request): Response public function saveShirt(Request $request): Response
{ {
$id = $request->getAttribute('id'); $userId = (int)$request->getAttribute('user_id');
/** @var User $user */ /** @var User $user */
$user = $this->user->findOrFail($id); $user = $this->user->findOrFail($userId);
$data = $this->validate($request, [ $data = $this->validate($request, [
'shirt_size' => 'required', 'shirt_size' => 'required',

52
src/Controllers/Admin/UserWorkLogController.php
View File

@ -78,14 +78,15 @@ class UserWorkLogController extends BaseController
*/ */
public function editWorklog(Request $request): Response public function editWorklog(Request $request): Response
{ {
$user_id = $request->getAttribute('id'); $userId = (int)$request->getAttribute('user_id');
$user = $this->user->findOrFail($user_id); $worklogId = $request->getAttribute('worklog_id'); // optional
$worklog_id = $request->getAttribute('worklog_id'); $user = $this->user->findOrFail($userId);
if (isset($worklog_id)) {
$worklog = $this->worklog->findOrFail($worklog_id);
if ($worklog->user->id != $user_id) { if (isset($worklogId)) {
$worklog = $this->worklog->findOrFail((int)$worklogId);
if ($worklog->user->id != $userId) {
throw new HttpNotFound(); throw new HttpNotFound();
} }
return $this->showEditWorklog($user, $worklog->worked_at, $worklog->hours, $worklog->comment, true); return $this->showEditWorklog($user, $worklog->worked_at, $worklog->hours, $worklog->comment, true);
@ -100,8 +101,10 @@ class UserWorkLogController extends BaseController
*/ */
public function saveWorklog(Request $request): Response public function saveWorklog(Request $request): Response
{ {
$user_id = $request->getAttribute('id'); $userId = (int)$request->getAttribute('user_id');
$user = $this->user->findOrFail($user_id); $worklogId = $request->getAttribute('worklog_id'); // optional
$user = $this->user->findOrFail($userId);
$data = $this->validate($request, [ $data = $this->validate($request, [
'work_date' => 'required|date:Y-m-d', 'work_date' => 'required|date:Y-m-d',
@ -109,11 +112,10 @@ class UserWorkLogController extends BaseController
'comment' => 'required|max:200', 'comment' => 'required|max:200',
]); ]);
$worklog_id = $request->getAttribute('worklog_id'); if (isset($worklogId)) {
if (isset($worklog_id)) { $worklog = $this->worklog->findOrFail((int)$worklogId);
$worklog = $this->worklog->findOrFail($worklog_id);
if ($worklog->user->id != $user_id) { if ($worklog->user->id != $userId) {
throw new HttpNotFound(); throw new HttpNotFound();
} }
} else { } else {
@ -126,9 +128,9 @@ class UserWorkLogController extends BaseController
$worklog->comment = $data['comment']; $worklog->comment = $data['comment'];
$worklog->save(); $worklog->save();
$this->addNotification(isset($worklog_id) ? 'worklog.edit.success' : 'worklog.add.success'); $this->addNotification(isset($worklogId) ? 'worklog.edit.success' : 'worklog.add.success');
return $this->redirect->to('/users?action=view&user_id=' . $user_id); return $this->redirect->to('/users?action=view&user_id=' . $userId);
// TODO Once User_view.php gets removed, change this to withView + getNotifications // TODO Once User_view.php gets removed, change this to withView + getNotifications
} }
@ -138,12 +140,13 @@ class UserWorkLogController extends BaseController
*/ */
public function showDeleteWorklog(Request $request): Response public function showDeleteWorklog(Request $request): Response
{ {
$user_id = $request->getAttribute('id'); $userId = (int)$request->getAttribute('user_id');
$user = $this->user->findOrFail($user_id); $worklogId = (int)$request->getAttribute('worklog_id');
$worklog_id = $request->getAttribute('worklog_id');
$worklog = $this->worklog->findOrFail($worklog_id);
if ($worklog->user->id != $user_id) { $user = $this->user->findOrFail($userId);
$worklog = $this->worklog->findOrFail($worklogId);
if ($worklog->user->id != $userId) {
throw new HttpNotFound(); throw new HttpNotFound();
} }
@ -159,18 +162,19 @@ class UserWorkLogController extends BaseController
*/ */
public function deleteWorklog(Request $request): Response public function deleteWorklog(Request $request): Response
{ {
$user_id = $request->getAttribute('id'); $userId = (int)$request->getAttribute('user_id');
$worklog_id = $request->getAttribute('worklog_id'); $worklogId = (int)$request->getAttribute('worklog_id');
$worklog = $this->worklog->findOrFail($worklog_id);
if ($worklog->user->id != $user_id) { $worklog = $this->worklog->findOrFail($worklogId);
if ($worklog->user->id != $userId) {
throw new HttpNotFound(); throw new HttpNotFound();
} }
$worklog->delete(); $worklog->delete();
$this->addNotification('worklog.delete.success'); $this->addNotification('worklog.delete.success');
return $this->redirect->to('/users?action=view&user_id=' . $user_id); return $this->redirect->to('/users?action=view&user_id=' . $userId);
// TODO Once User_view.php gets removed, change this to withView + getNotifications // TODO Once User_view.php gets removed, change this to withView + getNotifications
} }

13
src/Controllers/MessagesController.php
View File

@ -130,8 +130,10 @@ class MessagesController extends BaseController
*/ */
public function messagesOfConversation(Request $request): Response public function messagesOfConversation(Request $request): Response
{ {
$userId = (int)$request->getAttribute('user_id');
$currentUser = $this->auth->user(); $currentUser = $this->auth->user();
$otherUser = $this->user->findOrFail($request->getAttribute('user_id')); $otherUser = $this->user->findOrFail($userId);
$messages = $this->message $messages = $this->message
->where(function ($query) use ($currentUser, $otherUser) { ->where(function ($query) use ($currentUser, $otherUser) {
@ -166,11 +168,13 @@ class MessagesController extends BaseController
*/ */
public function send(Request $request): Response public function send(Request $request): Response
{ {
$userId = (int)$request->getAttribute('user_id');
$currentUser = $this->auth->user(); $currentUser = $this->auth->user();
$data = $this->validate($request, ['text' => 'required']); $data = $this->validate($request, ['text' => 'required']);
$otherUser = $this->user->findOrFail($request->getAttribute('user_id')); $otherUser = $this->user->findOrFail($userId);
$newMessage = new Message(); $newMessage = new Message();
$newMessage->sender()->associate($currentUser); $newMessage->sender()->associate($currentUser);
@ -188,9 +192,10 @@ class MessagesController extends BaseController
*/ */
public function delete(Request $request): Response public function delete(Request $request): Response
{ {
$otherUserId = (int)$request->getAttribute('user_id');
$msgId = (int)$request->getAttribute('msg_id');
$currentUser = $this->auth->user(); $currentUser = $this->auth->user();
$otherUserId = $request->getAttribute('user_id');
$msgId = $request->getAttribute('msg_id');
$msg = $this->message->findOrFail($msgId); $msg = $this->message->findOrFail($msgId);
if ($msg->user_id == $currentUser->id) { if ($msg->user_id == $currentUser->id) {

14
src/Controllers/NewsController.php
View File

@ -100,10 +100,12 @@ class NewsController extends BaseController
*/ */
public function show(Request $request): Response public function show(Request $request): Response
{ {
$newsId = (int)$request->getAttribute('news_id');
$news = $this->news $news = $this->news
->with('user') ->with('user')
->with('comments') ->with('comments')
->findOrFail($request->getAttribute('id')); ->findOrFail($newsId);
return $this->renderView('pages/news/news.twig', ['news' => $news]); return $this->renderView('pages/news/news.twig', ['news' => $news]);
} }
@ -114,12 +116,13 @@ class NewsController extends BaseController
*/ */
public function comment(Request $request): Response public function comment(Request $request): Response
{ {
$newsId = (int)$request->getAttribute('news_id');
$data = $this->validate($request, [ $data = $this->validate($request, [
'comment' => 'required', 'comment' => 'required',
]); ]);
$user = $this->auth->user(); $user = $this->auth->user();
$news = $this->news $news = $this->news->findOrFail($newsId);
->findOrFail($request->getAttribute('id'));
/** @var NewsComment $comment */ /** @var NewsComment $comment */
$comment = $news->comments()->create([ $comment = $news->comments()->create([
@ -147,7 +150,8 @@ class NewsController extends BaseController
*/ */
public function deleteComment(Request $request): Response public function deleteComment(Request $request): Response
{ {
$id = $request->getAttribute('id'); $commentId = (int)$request->getAttribute('comment_id');
$this->validate( $this->validate(
$request, $request,
[ [
@ -155,7 +159,7 @@ class NewsController extends BaseController
] ]
); );
$comment = $this->comment->findOrFail($id); $comment = $this->comment->findOrFail($commentId);
if ( if (
$comment->user->id != $this->auth->user()->id $comment->user->id != $this->auth->user()->id
&& !$this->auth->can('admin_news') && !$this->auth->can('admin_news')

14
src/Controllers/OAuthController.php
View File

@ -87,6 +87,7 @@ class OAuthController extends BaseController
public function index(Request $request): Response public function index(Request $request): Response
{ {
$providerName = $request->getAttribute('provider'); $providerName = $request->getAttribute('provider');
$provider = $this->getProvider($providerName); $provider = $this->getProvider($providerName);
$config = $this->config->get('oauth')[$providerName]; $config = $this->config->get('oauth')[$providerName];
@ -218,10 +219,11 @@ class OAuthController extends BaseController
*/ */
public function connect(Request $request): Response public function connect(Request $request): Response
{ {
$provider = $request->getAttribute('provider'); $providerName = $request->getAttribute('provider');
$this->requireProvider($provider);
$this->session->set('oauth2_connect_provider', $provider); $this->requireProvider($providerName);
$this->session->set('oauth2_connect_provider', $providerName);
return $this->index($request); return $this->index($request);
} }
@ -233,14 +235,14 @@ class OAuthController extends BaseController
*/ */
public function disconnect(Request $request): Response public function disconnect(Request $request): Response
{ {
$provider = $request->getAttribute('provider'); $providerName = $request->getAttribute('provider');
$this->oauth $this->oauth
->whereUserId($this->auth->user()->id) ->whereUserId($this->auth->user()->id)
->where('provider', $provider) ->where('provider', $providerName)
->delete(); ->delete();
$this->log->info('Disconnected OAuth from {provider}', ['provider' => $provider]); $this->log->info('Disconnected OAuth from {provider}', ['provider' => $providerName]);
$this->addNotification('oauth.disconnected'); $this->addNotification('oauth.disconnected');
return $this->redirector->back(); return $this->redirector->back();

1
src/Controllers/PasswordResetController.php
View File

@ -154,6 +154,7 @@ class PasswordResetController extends BaseController
protected function requireToken(Request $request): PasswordReset protected function requireToken(Request $request): PasswordReset
{ {
$token = $request->getAttribute('token'); $token = $request->getAttribute('token');
/** @var PasswordReset|null $reset */ /** @var PasswordReset|null $reset */
$reset = PasswordReset::whereToken($token)->first(); $reset = PasswordReset::whereToken($token)->first();

1
src/Middleware/RequestHandler.php
View File

@ -38,6 +38,7 @@ class RequestHandler implements MiddlewareInterface
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{ {
$requestHandler = $request->getAttribute('route-request-handler'); $requestHandler = $request->getAttribute('route-request-handler');
$requestHandler = $this->resolveRequestHandler($requestHandler); $requestHandler = $this->resolveRequestHandler($requestHandler);
if ($requestHandler instanceof CallableHandler) { if ($requestHandler instanceof CallableHandler) {

4
src/Middleware/SessionHandler.php
View File

@ -34,12 +34,14 @@ class SessionHandler implements MiddlewareInterface
*/ */
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{ {
$requestPath = $request->getAttribute('route-request-path');
$return = $handler->handle($request); $return = $handler->handle($request);
$cookies = $request->getCookieParams(); $cookies = $request->getCookieParams();
if ( if (
$this->session instanceof NativeSessionStorage $this->session instanceof NativeSessionStorage
&& in_array($request->getAttribute('route-request-path'), $this->paths) && in_array($requestPath, $this->paths)
&& !isset($cookies[$this->session->getName()]) && !isset($cookies[$this->session->getName()])
) { ) {
$this->destroyNative(); $this->destroyNative();

8
tests/Unit/Controllers/Admin/FaqControllerTest.php
View File

@ -25,7 +25,7 @@ class FaqControllerTest extends ControllerTest
*/ */
public function testEdit() public function testEdit()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('faq_id', 1);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
->willReturnCallback(function ($view, $data) { ->willReturnCallback(function ($view, $data) {
@ -63,7 +63,7 @@ class FaqControllerTest extends ControllerTest
*/ */
public function testSaveCreateEdit() public function testSaveCreateEdit()
{ {
$this->request->attributes->set('id', 2); $this->request->attributes->set('faq_id', 2);
$body = $this->data; $body = $this->data;
$this->request = $this->request->withParsedBody($body); $this->request = $this->request->withParsedBody($body);
@ -95,7 +95,7 @@ class FaqControllerTest extends ControllerTest
*/ */
public function testSavePreview() public function testSavePreview()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('faq_id', 1);
$this->request = $this->request->withParsedBody([ $this->request = $this->request->withParsedBody([
'question' => 'New question', 'question' => 'New question',
'text' => 'New text', 'text' => 'New text',
@ -132,7 +132,7 @@ class FaqControllerTest extends ControllerTest
*/ */
public function testSaveDelete() public function testSaveDelete()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('faq_id', 1);
$this->request = $this->request->withParsedBody([ $this->request = $this->request->withParsedBody([
'question' => '.', 'question' => '.',
'text' => '.', 'text' => '.',

10
tests/Unit/Controllers/Admin/NewsControllerTest.php
View File

@ -35,7 +35,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testEdit() public function testEdit()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('news_id', 1);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
->willReturnCallback(function ($view, $data) { ->willReturnCallback(function ($view, $data) {
@ -83,7 +83,7 @@ class NewsControllerTest extends ControllerTest
$controller->edit($this->request); $controller->edit($this->request);
// Should stay no meeting // Should stay no meeting
$this->request->attributes->set('id', 1); $this->request->attributes->set('news_id', 1);
$controller->edit($this->request); $controller->edit($this->request);
} }
@ -126,7 +126,7 @@ class NewsControllerTest extends ControllerTest
bool $isMeeting, bool $isMeeting,
int $id = null int $id = null
) { ) {
$this->request->attributes->set('id', $id); $this->request->attributes->set('news_id', $id);
$id = $id ?: 2; $id = $id ?: 2;
$body = [ $body = [
'title' => 'Some Title', 'title' => 'Some Title',
@ -166,7 +166,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testSavePreview() public function testSavePreview()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('news_id', 1);
$this->request = $this->request->withParsedBody([ $this->request = $this->request->withParsedBody([
'title' => 'New title', 'title' => 'New title',
'text' => 'New text', 'text' => 'New text',
@ -209,7 +209,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testSaveDelete() public function testSaveDelete()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('news_id', 1);
$this->request = $this->request->withParsedBody([ $this->request = $this->request->withParsedBody([
'title' => '.', 'title' => '.',
'text' => '.', 'text' => '.',

8
tests/Unit/Controllers/Admin/QuestionsControllerTest.php
View File

@ -100,7 +100,7 @@ class QuestionsControllerTest extends ControllerTest
*/ */
public function testEdit() public function testEdit()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('question_id', 1);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
->willReturnCallback(function (string $view, array $data) { ->willReturnCallback(function (string $view, array $data) {
@ -139,7 +139,7 @@ class QuestionsControllerTest extends ControllerTest
*/ */
public function testSaveCreateEdit() public function testSaveCreateEdit()
{ {
$this->request->attributes->set('id', 2); $this->request->attributes->set('question_id', 2);
$body = [ $body = [
'text' => 'Foo?', 'text' => 'Foo?',
'answer' => 'Bar!', 'answer' => 'Bar!',
@ -170,7 +170,7 @@ class QuestionsControllerTest extends ControllerTest
*/ */
public function testSavePreview() public function testSavePreview()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('question_id', 1);
$this->request = $this->request->withParsedBody([ $this->request = $this->request->withParsedBody([
'text' => 'Foo?', 'text' => 'Foo?',
'answer' => 'Bar!', 'answer' => 'Bar!',
@ -207,7 +207,7 @@ class QuestionsControllerTest extends ControllerTest
*/ */
public function testSaveDelete() public function testSaveDelete()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('question_id', 1);
$this->request = $this->request->withParsedBody([ $this->request = $this->request->withParsedBody([
'text' => '.', 'text' => '.',
'answer' => '.', 'answer' => '.',

4
tests/Unit/Controllers/Admin/UserShirtControllerTest.php
View File

@ -24,7 +24,7 @@ class UserShirtControllerTest extends ControllerTest
*/ */
public function testIndex() public function testIndex()
{ {
$request = $this->request->withAttribute('id', 1); $request = $this->request->withAttribute('user_id', 1);
/** @var Authenticator|MockObject $auth */ /** @var Authenticator|MockObject $auth */
$auth = $this->createMock(Authenticator::class); $auth = $this->createMock(Authenticator::class);
/** @var Redirector|MockObject $redirector */ /** @var Redirector|MockObject $redirector */
@ -62,7 +62,7 @@ class UserShirtControllerTest extends ControllerTest
public function testSaveShirt() public function testSaveShirt()
{ {
$request = $this->request $request = $this->request
->withAttribute('id', 1) ->withAttribute('user_id', 1)
->withParsedBody([ ->withParsedBody([
'shirt_size' => 'S', 'shirt_size' => 'S',
]); ]);

32
tests/Unit/Controllers/Admin/UserWorkLogControllerTest.php
View File

@ -35,7 +35,7 @@ class UserWorkLogControllerTest extends ControllerTest
*/ */
public function testShowAddWorklogWithUnknownUserIdThrows() public function testShowAddWorklogWithUnknownUserIdThrows()
{ {
$request = $this->request->withAttribute('id', 1234); $request = $this->request->withAttribute('user_id', 1234);
$this->expectException(ModelNotFoundException::class); $this->expectException(ModelNotFoundException::class);
$this->controller->editWorklog($request); $this->controller->editWorklog($request);
} }
@ -47,7 +47,7 @@ class UserWorkLogControllerTest extends ControllerTest
*/ */
public function testShowAddWorklog() public function testShowAddWorklog()
{ {
$request = $this->request->withAttribute('id', $this->user->id); $request = $this->request->withAttribute('user_id', $this->user->id);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
->willReturnCallback(function (string $view, array $data) { ->willReturnCallback(function (string $view, array $data) {
@ -70,7 +70,7 @@ class UserWorkLogControllerTest extends ControllerTest
*/ */
public function testShowAddWorklogWithSuggestedWorkDate($buildup_start, $event_start, $suggested_work_date) public function testShowAddWorklogWithSuggestedWorkDate($buildup_start, $event_start, $suggested_work_date)
{ {
$request = $this->request->withAttribute('id', $this->user->id); $request = $this->request->withAttribute('user_id', $this->user->id);
config(['buildup_start' => $buildup_start]); config(['buildup_start' => $buildup_start]);
config(['event_start' => $event_start]); config(['event_start' => $event_start]);
$this->response->expects($this->once()) $this->response->expects($this->once())
@ -93,7 +93,7 @@ class UserWorkLogControllerTest extends ControllerTest
$worklog = Worklog::factory(['user_id' => $user2->id])->create(); $worklog = Worklog::factory(['user_id' => $user2->id])->create();
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id); ->withAttribute('worklog_id', $worklog->id);
$this->expectException(HttpNotFound::class); $this->expectException(HttpNotFound::class);
$this->controller->editWorklog($request); $this->controller->editWorklog($request);
@ -113,7 +113,7 @@ class UserWorkLogControllerTest extends ControllerTest
])->create(); ])->create();
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id); ->withAttribute('worklog_id', $worklog->id);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
@ -133,7 +133,7 @@ class UserWorkLogControllerTest extends ControllerTest
*/ */
public function testSaveWorklogWithUnkownUserIdThrows() public function testSaveWorklogWithUnkownUserIdThrows()
{ {
$request = $this->request->withAttribute('id', 1234)->withParsedBody([]); $request = $this->request->withAttribute('user_id', 1234)->withParsedBody([]);
$this->expectException(ModelNotFoundException::class); $this->expectException(ModelNotFoundException::class);
$this->controller->saveWorklog($request); $this->controller->saveWorklog($request);
} }
@ -145,7 +145,7 @@ class UserWorkLogControllerTest extends ControllerTest
*/ */
public function testSaveWorklogWithInvalidParamsThrows($body) public function testSaveWorklogWithInvalidParamsThrows($body)
{ {
$request = $this->request->withAttribute('id', $this->user->id)->withParsedBody($body); $request = $this->request->withAttribute('user_id', $this->user->id)->withParsedBody($body);
$this->expectException(ValidationException::class); $this->expectException(ValidationException::class);
$this->controller->saveWorklog($request); $this->controller->saveWorklog($request);
} }
@ -159,7 +159,7 @@ class UserWorkLogControllerTest extends ControllerTest
$work_hours = 3.14; $work_hours = 3.14;
$comment = str_repeat('X', 200); $comment = str_repeat('X', 200);
$body = ['work_date' => $work_date, 'work_hours' => $work_hours, 'comment' => $comment]; $body = ['work_date' => $work_date, 'work_hours' => $work_hours, 'comment' => $comment];
$request = $this->request->withAttribute('id', $this->user->id)->withParsedBody($body); $request = $this->request->withAttribute('user_id', $this->user->id)->withParsedBody($body);
$this->setExpects($this->auth, 'user', null, $this->user, $this->any()); $this->setExpects($this->auth, 'user', null, $this->user, $this->any());
$this->redirect->expects($this->once()) $this->redirect->expects($this->once())
->method('to') ->method('to')
@ -184,7 +184,7 @@ class UserWorkLogControllerTest extends ControllerTest
{ {
$body = ['work_date' => Carbon::today(), 'work_hours' => 3.14, 'comment' => 'a comment']; $body = ['work_date' => Carbon::today(), 'work_hours' => 3.14, 'comment' => 'a comment'];
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', 1234) ->withAttribute('worklog_id', 1234)
->withParsedBody($body); ->withParsedBody($body);
$this->expectException(ModelNotFoundException::class); $this->expectException(ModelNotFoundException::class);
@ -203,7 +203,7 @@ class UserWorkLogControllerTest extends ControllerTest
$body = ['work_date' => Carbon::today(), 'work_hours' => 3.14, 'comment' => 'a comment']; $body = ['work_date' => Carbon::today(), 'work_hours' => 3.14, 'comment' => 'a comment'];
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id) ->withAttribute('worklog_id', $worklog->id)
->withParsedBody($body); ->withParsedBody($body);
$this->expectException(HttpNotFound::class); $this->expectException(HttpNotFound::class);
@ -223,7 +223,7 @@ class UserWorkLogControllerTest extends ControllerTest
$body = ['work_date' => $work_date, 'work_hours' => $work_hours, 'comment' => $comment]; $body = ['work_date' => $work_date, 'work_hours' => $work_hours, 'comment' => $comment];
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id) ->withAttribute('worklog_id', $worklog->id)
->withParsedBody($body); ->withParsedBody($body);
$this->setExpects($this->auth, 'user', null, $this->user, $this->any()); $this->setExpects($this->auth, 'user', null, $this->user, $this->any());
@ -252,7 +252,7 @@ class UserWorkLogControllerTest extends ControllerTest
$worklog = Worklog::factory(['user_id' => $user2->id])->create(); $worklog = Worklog::factory(['user_id' => $user2->id])->create();
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id); ->withAttribute('worklog_id', $worklog->id);
$this->expectException(HttpNotFound::class); $this->expectException(HttpNotFound::class);
$this->controller->showDeleteWorklog($request); $this->controller->showDeleteWorklog($request);
@ -267,7 +267,7 @@ class UserWorkLogControllerTest extends ControllerTest
$worklog = Worklog::factory(['user_id' => $this->user->id])->create(); $worklog = Worklog::factory(['user_id' => $this->user->id])->create();
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id); ->withAttribute('worklog_id', $worklog->id);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
@ -284,7 +284,7 @@ class UserWorkLogControllerTest extends ControllerTest
public function testDeleteWorklogWithUnknownWorkLogIdThrows() public function testDeleteWorklogWithUnknownWorkLogIdThrows()
{ {
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', 1234); ->withAttribute('worklog_id', 1234);
$this->expectException(ModelNotFoundException::class); $this->expectException(ModelNotFoundException::class);
$this->controller->deleteWorklog($request); $this->controller->deleteWorklog($request);
@ -301,7 +301,7 @@ class UserWorkLogControllerTest extends ControllerTest
$worklog = Worklog::factory(['user_id' => $user2->id])->create(); $worklog = Worklog::factory(['user_id' => $user2->id])->create();
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id); ->withAttribute('worklog_id', $worklog->id);
$this->expectException(HttpNotFound::class); $this->expectException(HttpNotFound::class);
$this->controller->deleteWorklog($request); $this->controller->deleteWorklog($request);
@ -316,7 +316,7 @@ class UserWorkLogControllerTest extends ControllerTest
$worklog = Worklog::factory(['user_id' => $this->user->id])->create(); $worklog = Worklog::factory(['user_id' => $this->user->id])->create();
$request = $this->request $request = $this->request
->withAttribute('id', $this->user->id) ->withAttribute('user_id', $this->user->id)
->withAttribute('worklog_id', $worklog->id); ->withAttribute('worklog_id', $worklog->id);
$this->setExpects($this->auth, 'user', null, $this->user, $this->any()); $this->setExpects($this->auth, 'user', null, $this->user, $this->any());
$this->redirect->expects($this->once()) $this->redirect->expects($this->once())

14
tests/Unit/Controllers/NewsControllerTest.php
View File

@ -129,7 +129,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testShow() public function testShow()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('news_id', 1);
$this->response->expects($this->once()) $this->response->expects($this->once())
->method('withView') ->method('withView')
->with('pages/news/news.twig') ->with('pages/news/news.twig')
@ -146,7 +146,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testShowNotFound() public function testShowNotFound()
{ {
$this->request->attributes->set('id', 42); $this->request->attributes->set('news_id', 42);
/** @var NewsController $controller */ /** @var NewsController $controller */
$controller = $this->app->make(NewsController::class); $controller = $this->app->make(NewsController::class);
@ -173,7 +173,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testCommentNewsNotFound() public function testCommentNewsNotFound()
{ {
$this->request->attributes->set('id', 42); $this->request->attributes->set('news_id', 42);
$this->request = $this->request->withParsedBody(['comment' => 'Foo bar!']); $this->request = $this->request->withParsedBody(['comment' => 'Foo bar!']);
$this->addUser(); $this->addUser();
@ -190,7 +190,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testComment() public function testComment()
{ {
$this->request->attributes->set('id', 1); $this->request->attributes->set('news_id', 1);
$this->request = $this->request->withParsedBody(['comment' => 'Foo bar!']); $this->request = $this->request->withParsedBody(['comment' => 'Foo bar!']);
$this->addUser(); $this->addUser();
@ -228,7 +228,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testDeleteCommentNotFound() public function testDeleteCommentNotFound()
{ {
$this->request = $this->request->withAttribute('id', 42)->withParsedBody(['delete' => '1']); $this->request = $this->request->withAttribute('news_id', 42)->withParsedBody(['delete' => '1']);
/** @var NewsController $controller */ /** @var NewsController $controller */
$controller = $this->app->get(NewsController::class); $controller = $this->app->get(NewsController::class);
@ -243,7 +243,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testDeleteCommentNotAllowed() public function testDeleteCommentNotAllowed()
{ {
$this->request = $this->request->withAttribute('id', 2)->withParsedBody(['delete' => '1']); $this->request = $this->request->withAttribute('comment_id', 2)->withParsedBody(['delete' => '1']);
$this->addUser(1); $this->addUser(1);
$this->addUser(2); $this->addUser(2);
@ -261,7 +261,7 @@ class NewsControllerTest extends ControllerTest
*/ */
public function testDeleteComment() public function testDeleteComment()
{ {
$this->request = $this->request->withAttribute('id', 1)->withParsedBody(['delete' => '1']); $this->request = $this->request->withAttribute('comment_id', 1)->withParsedBody(['delete' => '1']);
$this->setExpects($this->response, 'redirectTo', ['http://localhost/news/1'], $this->response); $this->setExpects($this->response, 'redirectTo', ['http://localhost/news/1'], $this->response);
$this->addUser(1); $this->addUser(1);