From 605549ec5745db4183906b5f43023d0a6dea7a80 Mon Sep 17 00:00:00 2001
From: Andrew Stowell <andrew@digitaladapt.com>
Date: Mon, 10 Aug 2020 11:51:12 -0400
Subject: [PATCH] Setup browser caching, added referral parameter to the
 script_src, to prevent over-caching.

Added customer_session_init event tracking, which required building a
separate Observer, common code between the observers was moved into a trait.
---
 Controller/Index/Index.php    |  1 +
 Observer/CustomerTracking.php | 48 +++++++++++++++++++++++++++++++++++
 Observer/PageTracking.php     | 11 +++-----
 SessionAdapter.php            |  4 +--
 Traits/TrackPage.php          | 27 ++++++++++++++++++++
 VigilantFormMagentoKit.php    | 21 ++++++++-------
 composer.json                 |  2 +-
 etc/frontend/events.xml       |  3 +++
 8 files changed, 98 insertions(+), 19 deletions(-)
 create mode 100644 Observer/CustomerTracking.php
 create mode 100644 Traits/TrackPage.php

diff --git a/Controller/Index/Index.php b/Controller/Index/Index.php
index 0266763..6c465fa 100644
--- a/Controller/Index/Index.php
+++ b/Controller/Index/Index.php
@@ -38,6 +38,7 @@ public function execute(): ResultInterface
 
         return $this->rawFactory->create()
             ->setHttpResponseCode(200)
+            ->setHeader('Cache-Control', 'private, max-age=15') /* browser may cache for 15 seconds */
             ->setHeader('Content-Type', 'application/javascript')
             ->setContents(<<<JS
 (function () {
diff --git a/Observer/CustomerTracking.php b/Observer/CustomerTracking.php
new file mode 100644
index 0000000..89abc9c
--- /dev/null
+++ b/Observer/CustomerTracking.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace VigilantForm\MagentoKit\Observer;
+
+use Magento\Customer\Model\Session;
+use Magento\Framework\Event\{Observer, ObserverInterface};
+use Magento\Framework\Filesystem\DirectoryList;
+use Psr\Log\LoggerInterface;
+use VigilantForm\MagentoKit\Traits\TrackPage;
+use VigilantForm\MagentoKit\VigilantFormMagentoKit;
+
+class CustomerTracking implements ObserverInterface
+{
+    use TrackPage;
+
+    /** @var DirectoryList */
+    protected $directory;
+
+    /** @var LoggerInterface */
+    protected $logger;
+
+    /** @var VigilantFormMagentoKit */
+    protected $vfmk;
+
+    /**
+     * @param DirectoryList $directory
+     * @param LoggerInterface $logger
+     */
+    public function __construct(DirectoryList $directory, LoggerInterface $logger)
+    {
+        $this->directory = $directory;
+        $this->logger = $logger;
+        $this->vfmk = null;
+    }
+
+    /**
+     * @param Observer $observer
+     */
+    public function execute(Observer $observer)
+    {
+        /* this allows us to work with the freshly created customer session */
+        $session = $observer->getData('customer_session');
+        if ($session instanceof Session) {
+            $this->vfmk = new VigilantFormMagentoKit($this->directory, $session, $this->logger);
+            $this->trackSource();
+        }
+    }
+}
diff --git a/Observer/PageTracking.php b/Observer/PageTracking.php
index 7c312a0..cf76179 100644
--- a/Observer/PageTracking.php
+++ b/Observer/PageTracking.php
@@ -3,10 +3,13 @@
 namespace VigilantForm\MagentoKit\Observer;
 
 use Magento\Framework\Event\{Observer, ObserverInterface};
+use VigilantForm\MagentoKit\Traits\TrackPage;
 use VigilantForm\MagentoKit\VigilantFormMagentoKit;
 
 class PageTracking implements ObserverInterface
 {
+    use TrackPage;
+
     /** @var VigilantFormMagentoKit */
     protected $vfmk;
 
@@ -23,12 +26,6 @@ public function __construct(VigilantFormMagentoKit $vfmk)
      */
     public function execute(Observer $observer)
     {
-        /* get the file extension of the uri, will be blank for extensionless filenames, such as directories */
-        $extension = pathinfo(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), PATHINFO_EXTENSION);
-
-        /* if extension contains "htm" or blank string (directory) */
-        if (stripos($extension, 'htm') !== false || $extension === '') {
-            $this->vfmk->trackSource();
-        }
+        $this->trackSource();
     }
 }
diff --git a/SessionAdapter.php b/SessionAdapter.php
index 301fa30..d83ebe2 100644
--- a/SessionAdapter.php
+++ b/SessionAdapter.php
@@ -16,8 +16,8 @@ public function __construct(SessionManagerInterface $session)
 
     public function exists(string $key): bool
     {
-        $getKey = "get{$key}";
-        return !!$this->session->$getKey();
+        $hasKey = "has{$key}";
+        return $this->session->$hasKey();
     }
 
     public function get(string $key, $default = null)
diff --git a/Traits/TrackPage.php b/Traits/TrackPage.php
new file mode 100644
index 0000000..ab1d1b8
--- /dev/null
+++ b/Traits/TrackPage.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace VigilantForm\MagentoKit\Traits;
+
+use VigilantForm\MagentoKit\VigilantFormMagentoKit;
+
+trait TrackPage
+{
+    /** @var VigilantFormMagentoKit */
+    protected $vfmk;
+
+    protected function trackSource(): void
+    {
+        /* get the file extension of the uri, will be blank for extensionless filenames, such as directories */
+        $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+        $extension = pathinfo($path, PATHINFO_EXTENSION);
+
+        /* if extension contains "htm" or blank string (directory) */
+        if (stripos($extension, 'htm') !== false || $extension === '') {
+            /* track page, if request is expected referral, flag it as such */
+            $this->vfmk->trackSource(
+                strpos($path, 'vigilant_form/index/index') !== false ||
+                strpos($path, 'customer/section/load') !== false
+            );
+        }
+    }
+}
\ No newline at end of file
diff --git a/VigilantFormMagentoKit.php b/VigilantFormMagentoKit.php
index 576a54f..87bd241 100644
--- a/VigilantFormMagentoKit.php
+++ b/VigilantFormMagentoKit.php
@@ -61,35 +61,38 @@ public function trackSource(bool $useReferral = false): void
     }
 
     /**
-     * Call once per html form, reusing the html multiple times will cause problems.
-     * If user has javascript disabled, to pass the honeypot, they'll be asked
-     * a simple math problem. If they have javascript, they will see nothing.
+     * Reusing the html multiple times is allowed, but only on the same page.
+     * If user has javascript disabled, they will failed the honeypot.
+     * Regardless of if they have javascript, they will see nothing.
      * @see VigilantFormKit::generateHoneypot()
      * @return string Returns chunk of html to insert into a form.
      */
     public function generateHoneypot(): string
     {
         $this->trackSource();
+        /* referral is only used to prevent over-caching */
+        $refPath = htmlentities(urlencode(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)));
         $data = (object)$this->getInstance()->getStatus(false);
         return <<<HTML
 <div class="{$data->script_class}"></div>
-<script src="{$data->script_src}"></script>
+<script src="{$data->script_src}?referral={$refPath}"></script>
 HTML;
     }
 
     /**
      * @see VigilantFormKit::submitForm()
-     * @param array $fields The user submission, such as $_POST.
-     * @param string $website Optional, name of the website that the form exists on.
-     * @param string $form_title Optional, name of the form was submitted.
+     * @param array|null $fields Optional, the user submission, defaults to $_POST.
+     * @param string|null $form_title Optional, name of the form was submitted, default from config.
+     * @param string|null $website Optional, name of the website that the form exists on, default from config.
      * @return bool Returns true on success, will throw an exception otherwise.
      * @throws UnexpectedValueException when attempt to store form is unsuccessful.
      */
-    public function submitForm(array $fields, string $website = null, string $form_title = null): bool
+    public function submitForm(array $fields = null, string $form_title = null, string $website = null): bool
     {
         $this->trackSource();
-        $website = $website ?? $this->getWebsite();
+        $fields     = $fields     ?? $_POST;
         $form_title = $form_title ?? $this->getFormTitle();
+        $website    = $website    ?? $this->getWebsite();
         return $this->getInstance()->submitForm($website, $form_title, $fields);
     }
 
diff --git a/composer.json b/composer.json
index 68dac52..a80d753 100644
--- a/composer.json
+++ b/composer.json
@@ -13,7 +13,7 @@
     ],
     "require": {
         "php": ">=7.1.0",
-        "digitaladapt/vigilant-form-kit": "^1.3.0-beta",
+        "digitaladapt/vigilant-form-kit": "^1.3.1",
         "ext-json": "*"
     },
     "autoload": {
diff --git a/etc/frontend/events.xml b/etc/frontend/events.xml
index e8265a5..6b2eba4 100644
--- a/etc/frontend/events.xml
+++ b/etc/frontend/events.xml
@@ -1,5 +1,8 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Event/etc/events.xsd">
+    <event name="customer_session_init">
+        <observer name="VigilantFormCustomerTracking" instance="VigilantForm\MagentoKit\Observer\CustomerTracking" disabled="false" />
+    </event>
     <event name="controller_front_send_response_before">
         <observer name="VigilantFormPageTracking" instance="VigilantForm\MagentoKit\Observer\PageTracking" disabled="false" />
     </event>