diff --git a/src/Application/Actions/DeletePaymentMethod.php b/src/Application/Actions/DeletePaymentMethod.php index 134438d9d..0f71c1c1a 100644 --- a/src/Application/Actions/DeletePaymentMethod.php +++ b/src/Application/Actions/DeletePaymentMethod.php @@ -30,7 +30,7 @@ public function __construct( */ protected function action(Request $request, Response $response, array $args): Response { - $customerId = $request->getAttribute('pspId'); + $customerId = $request->getAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME); \assert(is_string($customerId)); $paymentMethodId = $args['payment_method_id']; diff --git a/src/Application/Actions/Donations/Create.php b/src/Application/Actions/Donations/Create.php index b7c490956..b791059cf 100644 --- a/src/Application/Actions/Donations/Create.php +++ b/src/Application/Actions/Donations/Create.php @@ -12,6 +12,7 @@ use MatchBot\Application\Actions\ActionPayload; use MatchBot\Application\Auth\DonationToken; use MatchBot\Application\Auth\PersonManagementAuthMiddleware; +use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware; use MatchBot\Application\HttpModels\DonationCreate; use MatchBot\Application\HttpModels\DonationCreatedResponse; use MatchBot\Domain\Campaign; @@ -51,7 +52,7 @@ protected function action(Request $request, Response $response, array $args): Re // as the person, and sets this attribute to the Stripe Customer ID based on JWS claims, all // in `PersonManagementAuthMiddleware`. If the legacy route was used or if no such ID was in the // JWS, this is null. - $customerId = $request->getAttribute('pspId'); + $customerId = $request->getAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME); $body = (string) $request->getBody(); diff --git a/src/Application/Actions/GetPaymentMethods.php b/src/Application/Actions/GetPaymentMethods.php index 742104d6c..fa433b5c6 100644 --- a/src/Application/Actions/GetPaymentMethods.php +++ b/src/Application/Actions/GetPaymentMethods.php @@ -29,7 +29,7 @@ protected function action(Request $request, Response $response, array $args): Re // The route at `/people/{personId}/donations` validates that the donor has permission to act // as the person, and sets this attribute to the Stripe Customer ID based on JWS claims, all // in `PersonWithPasswordAuthMiddleware`. - $customerId = $request->getAttribute('pspId'); + $customerId = $request->getAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME); $paymentMethods = $this->stripeClient->customers->allPaymentMethods( $customerId, diff --git a/src/Application/Actions/UpdatePaymentMethod.php b/src/Application/Actions/UpdatePaymentMethod.php index 327114368..8ceb37f47 100644 --- a/src/Application/Actions/UpdatePaymentMethod.php +++ b/src/Application/Actions/UpdatePaymentMethod.php @@ -4,6 +4,7 @@ use Fig\Http\Message\StatusCodeInterface; use JetBrains\PhpStorm\Pure; +use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware; use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Log\LoggerInterface; @@ -23,7 +24,7 @@ public function __construct( protected function action(Request $request, Response $response, array $args): Response { - $customerId = $request->getAttribute('pspId'); + $customerId = $request->getAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME); \assert(is_string($customerId)); $paymentMethodId = $args['payment_method_id']; diff --git a/src/Application/Auth/PersonManagementAuthMiddleware.php b/src/Application/Auth/PersonManagementAuthMiddleware.php index b8ee46f60..bd9b962c0 100644 --- a/src/Application/Auth/PersonManagementAuthMiddleware.php +++ b/src/Application/Auth/PersonManagementAuthMiddleware.php @@ -24,6 +24,7 @@ class PersonManagementAuthMiddleware implements MiddlewareInterface { use ErrorTrait; + public const PSP_ATTRIBUTE_NAME = 'pspId'; protected ?string $jws = null; #[Pure] @@ -57,7 +58,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface $this->checkCompleteness($request); - return $handler->handle($request->withAttribute('pspId', IdentityToken::getPspId($this->jws))); + return $handler->handle($request->withAttribute(self::PSP_ATTRIBUTE_NAME, IdentityToken::getPspId($this->jws))); } protected function checkCompleteness(ServerRequestInterface $request): void diff --git a/tests/Application/Actions/DeletePaymentMethodTest.php b/tests/Application/Actions/DeletePaymentMethodTest.php index af7bd8f08..667ed4a2c 100644 --- a/tests/Application/Actions/DeletePaymentMethodTest.php +++ b/tests/Application/Actions/DeletePaymentMethodTest.php @@ -4,6 +4,7 @@ use Laminas\Diactoros\ServerRequest; use MatchBot\Application\Actions\DeletePaymentMethod; +use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware; use MatchBot\Tests\TestCase; use PHPUnit\Framework\MockObject\Stub; use Prophecy\Argument; @@ -33,7 +34,7 @@ public function testItDeletesAPaymentMethod(): void $sut = new DeletePaymentMethod($fakeStripeClient, new NullLogger()); $request = (new ServerRequest()) - ->withAttribute('pspId', 'stripe_customer_id_12'); + ->withAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12'); // assert $stripePaymentMethodServiceProphecy->detach('stripe_payment_method_id_35') @@ -58,7 +59,7 @@ public function testItRefusesToToDeletePaymentMethodThatDoesNotBelongToRquester( $sut = new DeletePaymentMethod($fakeStripeClient, new NullLogger()); $request = (new ServerRequest()) - ->withAttribute('pspId', 'stripe_customer_id_12'); + ->withAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12'); // assert $stripePaymentMethodServiceProphecy->detach(Argument::any())->shouldNotBeCalled(); diff --git a/tests/Application/Actions/UpdatePaymentMethodTest.php b/tests/Application/Actions/UpdatePaymentMethodTest.php index 46956aecc..9fbdf438d 100644 --- a/tests/Application/Actions/UpdatePaymentMethodTest.php +++ b/tests/Application/Actions/UpdatePaymentMethodTest.php @@ -5,6 +5,7 @@ use Laminas\Diactoros\ServerRequest; use MatchBot\Application\Actions\DeletePaymentMethod; use MatchBot\Application\Actions\UpdatePaymentMethod; +use MatchBot\Application\Auth\PersonWithPasswordAuthMiddleware; use MatchBot\Tests\TestCase; use PHPUnit\Framework\MockObject\Stub; use Prophecy\Argument; @@ -45,7 +46,7 @@ public function testItUpdatesAPaymentMethod(): void ]; $request = $this->createRequest('PUT', '/', \json_encode($updatedBillingDetails)) - ->withAttribute('pspId', 'stripe_customer_id_12'); + ->withAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12'); // assert $stripePaymentMethodServiceProphecy->update('stripe_payment_method_id_35', $updatedBillingDetails) @@ -70,7 +71,7 @@ public function testItRefusesToToUpdatePaymentMethodThatDoesNotBelongToRquester( $sut = new DeletePaymentMethod($fakeStripeClient, new NullLogger()); $request = (new ServerRequest()) - ->withAttribute('pspId', 'stripe_customer_id_12'); + ->withAttribute(PersonWithPasswordAuthMiddleware::PSP_ATTRIBUTE_NAME, 'stripe_customer_id_12'); // assert $stripePaymentMethodServiceProphecy->detach(Argument::any())->shouldNotBeCalled();