WIP

Author: marienfressinaud

src/controllers/BaseController.php

@@ -4,6 +4,7 @@
 
 use App\auth;
 use App\models;
+use App\utils;
 use Minz\Controller;
 use Minz\Request;
 use Minz\Response;
@@ -25,7 +26,7 @@ class BaseController
      * @throws errors\MissingCurrentUserError
      *     If the user is not logged in.
      */
-    public function requireCurrentUser(string $redirect_after_login): models\User
+    public function requireCurrentUser(string $redirect_after_login = ''): models\User
     {
         $current_user = auth\CurrentUser::get();
 
@@ -46,28 +47,15 @@ public function redirectOnMissingCurrentUser(
     ): Response {
         $redirect_to = $error->redirect_after_login;
 
-        if (!$redirect_to) {
-            $redirect_to = $request->selfUri();
+        if ($redirect_to === '') {
+            $redirect_to = utils\RequestHelper::from($request);
         }
 
-        return Response::redirect('login', [
-            'redirect_to' => $redirect_to,
-        ]);
-    }
-
-    public function isPathRedirectable(string $path): bool
-    {
-        $router = \Minz\Engine::router();
-
-        if ($router === null) {
-            return false;
+        $login_parameters = [];
+        if ($redirect_to) {
+            $login_parameters['redirect_to'] = $redirect_to;
         }
 
-        try {
-            $router->match('GET', $path);
-            return true;
-        } catch (\Minz\Errors\RouteNotFoundError $e) {
-            return false;
-        }
+        return Response::redirect('login', $login_parameters);
     }
 }

src/controllers/Links.php

@@ -26,13 +26,14 @@ class Links extends BaseController
      * @request_param string q
      * @request_param integer page
      *
-     * @response 302 /login?redirect_to=/links
-     *     if the user is not connected
      * @response 200
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the user is not connected.
      */
     public function index(Request $request): Response
     {
-        $user = $this->requireCurrentUser(redirect_after_login: \Minz\Url::for('links'));
+        $user = $this->requireCurrentUser();
 
         $query = $request->parameters->getString('q');
         $pagination_page = $request->parameters->getInteger('page', 1);
@@ -99,11 +100,13 @@ public function index(Request $request): Response
      *
      * @request_param string id
      *
-     * @response 302 /login?redirect_to=/links/:id
-     *     if user is not connected and the link is not public
      * @response 404
      *     if the link doesn't exist or is inaccessible to current user
      * @response 200
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the link exists but require the users to be logged in while
+     *     they are not.
      */
     public function show(Request $request): Response
     {
@@ -120,9 +123,7 @@ public function show(Request $request): Response
         if (!$can_view && $user) {
             return Response::notFound('not_found.phtml');
         } elseif (!$can_view) {
-            return Response::redirect('login', [
-                'redirect_to' => \Minz\Url::for('link', ['id' => $link_id]),
-            ]);
+            throw new errors\MissingCurrentUserError();
         }
 
         if ($user) {
@@ -148,20 +149,18 @@ public function show(Request $request): Response
      * @request_param string url The URL to prefill the URL input (default is '')
      * @request_param string collection_id Collection to check (default is bookmarks id)
      *
-     * @response 302 /login?redirect_to=/links/new if not connected
      * @response 200
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the user is not connected.
      */
     public function new(Request $request): Response
     {
+        $user = $this->requireCurrentUser();
+
         $default_url = $request->parameters->getString('url', '');
         $default_collection_id = $request->parameters->getString('collection_id');
 
-        $from = \Minz\Url::for('new link', [
-            'url' => $default_url,
-            'collection_id' => $default_collection_id,
-        ]);
-        $user = $this->requireCurrentUser(redirect_after_login: $from);
-
         $default_collection_ids = [];
         if ($default_collection_id) {
             $default_collection_ids[] = $default_collection_id;
@@ -183,24 +182,25 @@ public function new(Request $request): Response
      * @request_param string url
      * @request_param string[] collection_ids
      * @request_param string[] new_collection_names
+     * @request_param boolean read_later
      * @request_param boolean is_hidden
-     * @request_param string csrf
+     * @request_param string csrf_token
      *
-     * @response 302 /login?redirect_to=/links/new
-     *     If not connected.
      * @response 400
      *     If CSRF or the url is invalid, if one collection id doesn't exist
      *     or if both collection_ids and new_collection_names parameters are
      *     missing/empty.
      * @response 302 /links/:id
      *     On success.
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the user is not connected.
      */
     public function create(Request $request): Response
     {
         $url = $request->parameters->getString('url', '');
 
-        $from = \Minz\Url::for('new link', ['url' => $url]);
-        $user = $this->requireCurrentUser(redirect_after_login: $from);
+        $user = $this->requireCurrentUser();
 
         $link = $user->findOrBuildLink($url);
         $form = new forms\links\NewLink(model: $link);
@@ -244,19 +244,18 @@ public function create(Request $request): Response
      * Show the update link page.
      *
      * @request_param string id
-     * @request_param string from (default is /links/:id)
      *
-     * @response 302 /login?redirect_to=:from if not connected
      * @response 404 if the link doesn't exist or not associated to the current user
      * @response 200
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the user is not connected.
      */
     public function edit(Request $request): Response
     {
-        $link_id = $request->parameters->getString('id', '');
-        $from = $request->parameters->getString('from', \Minz\Url::for('link', ['id' => $link_id]));
-
-        $user = $this->requireCurrentUser(redirect_after_login: $from);
+        $user = $this->requireCurrentUser();
 
+        $link_id = $request->parameters->getString('id', '');
         $link = models\Link::find($link_id);
 
         if (!$link || !auth\LinksAccess::canUpdate($user, $link)) {
@@ -268,32 +267,31 @@ public function edit(Request $request): Response
         return Response::ok('links/edit.phtml', [
             'link' => $link,
             'form' => $form,
-            'from' => $from,
         ]);
     }
 
     /**
      * Update a link.
      *
-     * @request_param string csrf
      * @request_param string id
      * @request_param string title
      * @request_param integer reading_time
-     * @request_param string from (default is /links/:id)
+     * @request_param string csrf_token
      *
-     * @response 302 /login?redirect_to=/links/:id if not connected
      * @response 404 if the link doesn't exist or not associated to the current user
-     * @response 400 :from if csrf token or title are invalid
+     * @response 400 if csrf token or title are invalid
      * @response 302 :from
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the user is not connected.
      */
     public function update(Request $request): Response
     {
-        $link_id = $request->parameters->getString('id', '');
-        $from = $request->parameters->getString('from', \Minz\Url::for('link', ['id' => $link_id]));
-
-        $user = $this->requireCurrentUser(redirect_after_login: $from);
+        $user = $this->requireCurrentUser();
 
+        $link_id = $request->parameters->getString('id', '');
         $link = models\Link::find($link_id);
+
         if (!$link || !auth\LinksAccess::canUpdate($user, $link)) {
             return Response::notFound('not_found.phtml');
         }
@@ -305,36 +303,37 @@ public function update(Request $request): Response
             return Response::badRequest('links/edit.phtml', [
                 'link' => $link,
                 'form' => $form,
-                'from' => $from,
             ]);
         }
 
         $link = $form->model();
         $link->save();
 
-        return Response::found($from);
+        return Response::found(utils\RequestHelper::from($request));
     }
 
     /**
      * Delete a link.
      *
      * @request_param string id
-     * @request_param string from default is /links/:id
      * @request_param string csrf_token
      *
-     * @response 302 /login?redirect_to=:from if not connected
      * @response 404 if the link doesn’t exist or user hasn't access
-     * @response 302 :from if csrf is invalid
+     * @response 302 :from if csrf token is invalid
      * @response 302 :from on success
+     *
+     * @throws errors\MissingCurrentUserError
+     *     If the user is not connected.
      */
     public function delete(Request $request): Response
     {
-        $link_id = $request->parameters->getString('id', '');
-        $from = $request->parameters->getString('from', \Minz\Url::for('link', ['id' => $link_id]));
+        $user = $this->requireCurrentUser();
 
-        $user = $this->requireCurrentUser(redirect_after_login: $from);
+        $from = utils\RequestHelper::from($request);
 
+        $link_id = $request->parameters->getString('id', '');
         $link = models\Link::find($link_id);
+
         if (!$link || !auth\LinksAccess::canDelete($user, $link)) {
             return Response::notFound('not_found.phtml');
         }

src/controllers/Sessions.php

@@ -29,14 +29,22 @@ class Sessions extends BaseController
     public function new(Request $request): Response
     {
         $redirect_to = $request->parameters->getString('redirect_to', \Minz\Url::for('home'));
+
+        if (!utils\RequestHelper::isPathRedirectable($redirect_to)) {
+            $redirect_to = \Minz\Url::for('home');
+        }
+
         if (auth\CurrentUser::get()) {
             return Response::found($redirect_to);
         }
 
-        return Response::ok('sessions/new.phtml', [
-            'form' => new forms\Login(),
+        $form = new forms\Login([
             'redirect_to' => $redirect_to,
         ]);
+
+        return Response::ok('sessions/new.phtml', [
+            'form' => $form,
+        ]);
     }
 
     /**
@@ -56,36 +64,29 @@ public function new(Request $request): Response
      */
     public function create(Request $request): Response
     {
-        $redirect_to = $request->parameters->getString('redirect_to', \Minz\Url::for('home'));
-
-        if (!$this->isPathRedirectable($redirect_to)) {
-            $redirect_to = \Minz\Url::for('home');
-        }
-
-        if (auth\CurrentUser::get()) {
-            return Response::found($redirect_to);
-        }
-
         $form = new forms\Login();
         $form->handleRequest($request);
 
         if (!$form->validate()) {
             return Response::badRequest('sessions/new.phtml', [
                 'form' => $form,
-                'redirect_to' => $redirect_to,
             ]);
         }
 
-        $user = $form->user();
+        $response = Response::found($form->redirect_to);
 
-        $session = auth\CurrentUser::createBrowserSession($user, $request);
-        $session_token = $session->token();
+        if (!auth\CurrentUser::get()) {
+            $user = $form->user();
+
+            $session = auth\CurrentUser::createBrowserSession($user, $request);
+            $session_token = $session->token();
+
+            $response->setCookie('session_token', $session_token->token, [
+                'expires' => $session_token->expired_at->getTimestamp(),
+                'samesite' => 'Lax',
+            ]);
+        }
 
-        $response = Response::found($redirect_to);
-        $response->setCookie('session_token', $session_token->token, [
-            'expires' => $session_token->expired_at->getTimestamp(),
-            'samesite' => 'Lax',
-        ]);
         return $response;
     }
 

src/controllers/errors/MissingCurrentUserError.php

@@ -12,7 +12,7 @@
 class MissingCurrentUserError extends \RuntimeException
 {
     public function __construct(
-        public string $redirect_after_login
+        public string $redirect_after_login = '',
     ) {
         parent::__construct();
     }