Merge branch 'develop' into psalm-5.14.0

thebiggive · Aug 1, 2023 · 9eea660 · 9eea660
2 parents 7ddf2b2 + 3ed0b04
commit 9eea660
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 11 deletions.
diff --git a/src/Application/Actions/DeletePaymentMethod.php b/src/Application/Actions/DeletePaymentMethod.php
@@ -6,6 +6,7 @@
 
 use Fig\Http\Message\StatusCodeInterface;
 use JetBrains\PhpStorm\Pure;
+use MatchBot\Application\Auth\PersonManagementAuthMiddleware;
 use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -30,7 +31,7 @@ public function __construct(
      */
     protected function action(Request $request, Response $response, array $args): Response
     {
-        $customerId = $request->getAttribute('pspId');
+        $customerId = $request->getAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME);
         \assert(is_string($customerId));
 
         $paymentMethodId = $args['payment_method_id'];

diff --git a/src/Application/Actions/Donations/Create.php b/src/Application/Actions/Donations/Create.php
@@ -12,6 +12,7 @@
 use MatchBot\Application\Actions\ActionPayload;
 use MatchBot\Application\Auth\DonationToken;
 use MatchBot\Application\Auth\PersonManagementAuthMiddleware;
+use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware;
 use MatchBot\Application\HttpModels\DonationCreate;
 use MatchBot\Application\HttpModels\DonationCreatedResponse;
 use MatchBot\Domain\Campaign;
@@ -51,7 +52,7 @@ protected function action(Request $request, Response $response, array $args): Re
         // as the person, and sets this attribute to the Stripe Customer ID based on JWS claims, all
         // in `PersonManagementAuthMiddleware`. If the legacy route was used or if no such ID was in the
         // JWS, this is null.
-        $customerId = $request->getAttribute('pspId');
+        $customerId = $request->getAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME);
 
         $body = (string) $request->getBody();
 

diff --git a/src/Application/Actions/GetPaymentMethods.php b/src/Application/Actions/GetPaymentMethods.php
@@ -5,6 +5,7 @@
 namespace MatchBot\Application\Actions;
 
 use JetBrains\PhpStorm\Pure;
+use MatchBot\Application\Auth\PersonManagementAuthMiddleware;
 use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -29,7 +30,7 @@ protected function action(Request $request, Response $response, array $args): Re
         // The route at `/people/{personId}/donations` validates that the donor has permission to act
         // as the person, and sets this attribute to the Stripe Customer ID based on JWS claims, all
         // in `PersonWithPasswordAuthMiddleware`.
-        $customerId = $request->getAttribute('pspId');
+        $customerId = $request->getAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME);
 
         $paymentMethods = $this->stripeClient->customers->allPaymentMethods(
             $customerId,

diff --git a/src/Application/Actions/UpdatePaymentMethod.php b/src/Application/Actions/UpdatePaymentMethod.php
@@ -4,6 +4,7 @@
 
 use Fig\Http\Message\StatusCodeInterface;
 use JetBrains\PhpStorm\Pure;
+use MatchBot\Application\Auth\PersonManagementAuthMiddleware;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Log\LoggerInterface;
@@ -23,7 +24,7 @@ public function __construct(
 
     protected function action(Request $request, Response $response, array $args): Response
     {
-        $customerId = $request->getAttribute('pspId');
+        $customerId = $request->getAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME);
         \assert(is_string($customerId));
 
         $paymentMethodId = $args['payment_method_id'];

diff --git a/src/Application/Auth/PersonManagementAuthMiddleware.php b/src/Application/Auth/PersonManagementAuthMiddleware.php
@@ -24,6 +24,7 @@ class PersonManagementAuthMiddleware implements MiddlewareInterface
 {
     use ErrorTrait;
 
+    public const PSP_ATTRIBUTE_NAME = 'pspId';
     protected ?string $jws = null;
 
     #[Pure]
@@ -57,7 +58,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
 
         $this->checkCompleteness($request);
 
-        return $handler->handle($request->withAttribute('pspId', IdentityToken::getPspId($this->jws)));
+        return $handler->handle($request->withAttribute(self::PSP_ATTRIBUTE_NAME, IdentityToken::getPspId($this->jws)));
     }
 
     protected function checkCompleteness(ServerRequestInterface $request): void

diff --git a/src/Domain/DonationRepository.php b/src/Domain/DonationRepository.php
@@ -28,7 +28,14 @@ class DonationRepository extends SalesforceWriteProxyRepository
     private CampaignRepository $campaignRepository;
     private FundRepository $fundRepository;
     private LockFactory $lockFactory;
-    private int $expirySeconds = 32 * 60; // 32 minutes: 30 min official timed window plus 2 mins grace.
+
+    /**
+     * If changing the value of EXPIRY_SECONDS make sure to update environment.reservationMinutes to match in
+     * donate-frontend (or consider making frontend use expiration dates generated by matchbot)
+     *
+     * @link https://github.com/thebiggive/donate-frontend/blob/8e689db34fb747d0b2fd15378543649a5c34074e/src/environments/environment.production.ts
+     */
+    private const EXPIRY_SECONDS = 32 * 60; // 32 minutes: 30 min official timed window plus 2 mins grace.
     /** @var int When using a locking matching adapter, maximum number of tries for real-time operations */
     private int $maxLockTries = 5;
     private Matching\Adapter $matchingAdapter;
@@ -365,7 +372,7 @@ function () use ($donation, $totalAmountReleased) {
      */
     public function findWithExpiredMatching(): array
     {
-        $cutoff = (new DateTime('now'))->sub(new \DateInterval("PT{$this->expirySeconds}S"));
+        $cutoff = (new DateTime('now'))->sub(new \DateInterval('PT' . self::EXPIRY_SECONDS . 'S'));
         $qb = $this->getEntityManager()->createQueryBuilder()
             ->select('d')
             ->from(Donation::class, 'd')

diff --git a/tests/Application/Actions/DeletePaymentMethodTest.php b/tests/Application/Actions/DeletePaymentMethodTest.php
@@ -4,6 +4,7 @@
 
 use Laminas\Diactoros\ServerRequest;
 use MatchBot\Application\Actions\DeletePaymentMethod;
+use MatchBot\Application\Auth\PersonManagementAuthMiddleware;
 use MatchBot\Tests\TestCase;
 use PHPUnit\Framework\MockObject\Stub;
 use Prophecy\Argument;
@@ -33,7 +34,7 @@ public function testItDeletesAPaymentMethod(): void
         $sut = new DeletePaymentMethod($fakeStripeClient, new NullLogger());
 
         $request = (new ServerRequest())
-            ->withAttribute('pspId', 'stripe_customer_id_12');
+            ->withAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12');
 
         // assert
         $stripePaymentMethodServiceProphecy->detach('stripe_payment_method_id_35')
@@ -58,7 +59,7 @@ public function testItRefusesToToDeletePaymentMethodThatDoesNotBelongToRquester(
         $sut = new DeletePaymentMethod($fakeStripeClient, new NullLogger());
 
         $request = (new ServerRequest())
-            ->withAttribute('pspId', 'stripe_customer_id_12');
+            ->withAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12');
 
         // assert
         $stripePaymentMethodServiceProphecy->detach(Argument::any())->shouldNotBeCalled();

diff --git a/tests/Application/Actions/UpdatePaymentMethodTest.php b/tests/Application/Actions/UpdatePaymentMethodTest.php
@@ -5,6 +5,7 @@
 use Laminas\Diactoros\ServerRequest;
 use MatchBot\Application\Actions\DeletePaymentMethod;
 use MatchBot\Application\Actions\UpdatePaymentMethod;
+use MatchBot\Application\Auth\PersonManagementAuthMiddleware;
 use MatchBot\Tests\TestCase;
 use PHPUnit\Framework\MockObject\Stub;
 use Prophecy\Argument;
@@ -45,7 +46,7 @@ public function testItUpdatesAPaymentMethod(): void
         ];
 
         $request = $this->createRequest('PUT', '/', \json_encode($updatedBillingDetails))
-            ->withAttribute('pspId', 'stripe_customer_id_12');
+            ->withAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12');
 
         // assert
         $stripePaymentMethodServiceProphecy->update('stripe_payment_method_id_35', $updatedBillingDetails)
@@ -70,7 +71,7 @@ public function testItRefusesToToUpdatePaymentMethodThatDoesNotBelongToRquester(
         $sut = new DeletePaymentMethod($fakeStripeClient, new NullLogger());
 
         $request = (new ServerRequest())
-            ->withAttribute('pspId', 'stripe_customer_id_12');
+            ->withAttribute(PersonManagementAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12');
 
         // assert
         $stripePaymentMethodServiceProphecy->detach(Argument::any())->shouldNotBeCalled();