Fix: Add unit tests for controllers and Components (Contact, Hello, Identity, Menu).

[terabytesoftw]

Q	A
Is bugfix	✔️
New feature	❌
Breaks BC	❌

Summary by CodeRabbit

• New Features

  • Introduced user authentication system with login and logout actions, user identity management, and a login form with demo credentials.
  • Added Bootstrap 5 styled breadcrumbs and improved menu rendering for authenticated and guest users.
  • Enhanced theme toggling with persistent user preference and system color scheme support.
  • Added new asset bundles for Bootstrap Icons and improved asset management.
  • Added email sending functionality to the contact form via controller methods.

• Bug Fixes

  • Improved accessibility and UI consistency in forms and layout components.
  • Corrected menu and alert rendering logic for better integration with Bootstrap 5.

• Refactor

  • Simplified configuration structure for web and console applications.
  • Migrated from custom UI components to Yii's native Bootstrap 5 widgets.
  • Streamlined application and test configuration files for clarity and maintainability.
  • Refactored theme toggle script for better maintainability and accessibility.
  • Updated bootstrap and asset bundle class imports and property ordering.

• Chores

  • Updated dependencies and package metadata for npm and composer.
  • Enhanced static analysis and code style tooling configurations.
  • Added and updated changelog and documentation files.
  • Simplified GitHub workflow configurations.

• Tests

  • Added and improved unit and acceptance tests for user authentication, menu rendering, and contact form functionality.
  • Updated test namespaces and structure for consistency.
  • Removed obsolete test support classes and files.

• Revert

  • Removed obsolete configuration and test support files.

[coderabbitai]

Warning

Rate limit exceeded

@terabytesoftw has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 19 minutes and 50 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 267354e and 7fdcec2.

📒 Files selected for processing (1)

• package.json (1 hunks)

Walkthrough

This update introduces significant refactoring and modernization to the application's configuration, code structure, and testing setup. It replaces dynamic and parameter-driven configuration with explicit, static definitions, adopts lowercase namespaces, restructures authentication and menu logic, enhances asset and theme management, and overhauls the test suite for clarity and maintainability.

Changes

Files/Group	Change Summary
.github/workflows/*.yml	Simplified workflow configurations by removing explicit OS/PHP version parameters, adding or updating job-specific parameters.
CHANGELOG.md	Added initial changelog file with version entry.
codeception.yml, tests/Acceptance.suite.yml, tests/_bootstrap.php	Standardized namespaces, paths, and formatting; minor config tweaks.
composer.json, package.json	Updated dependencies to stable versions, added metadata, removed/added packages, and provided bower assets.
config/* (multiple files)	Refactored configuration: removed dynamic param files, consolidated and clarified component/module definitions, switched to explicit arrays, deleted unused config files.
ecs.php, phpstan.neon, rector.php	Updated code style, static analysis, and refactoring tool configurations for clarity and stricter checks.
public/index.php, yii	Simplified bootstrap: removed Yiisoft\Config, loaded config directly, eliminated DI container for app instantiation.
src/framework/ApplicationParameters.php	Added new static class for global app parameters and menu definitions.
src/framework/asset/*	Added/updated asset bundle classes, reorganized properties and imports, introduced BootstrapIconAsset.
src/framework/event/ContactEventHandler.php	Adjusted imports and translation function usage.
src/framework/resource/css/site.css, src/framework/resource/js/toggle-theme.js	Enhanced dark theme, added login info styles, refactored theme toggling for accessibility and persistence.
src/framework/resource/layout/component/*.php, main.php	Migrated to Yii Bootstrap 5 widgets for alerts, breadcrumbs, menus; improved code clarity and UI consistency.
src/usecase/contact/*	Moved mail sending logic from form to controller, updated action and view accordingly.
src/usecase/security/*	Introduced new identity, login, logout, and controller classes for authentication, along with supporting views and forms.
src/usecase/site/SiteController.php	Reorganized action methods for clarity and inheritance.
tests/Acceptance/*, tests/Functional/*, tests/Unit/*	Updated namespaces, improved assertions, added/renamed tests, removed redundant tester classes, clarified test logic.
tests/Support/*	Deleted generated tester classes and test user identity.
tests/_output/.gitignore	Removed output directory ignore rules.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Browser
    participant YiiApp
    participant SecurityController
    participant Identity
    participant UserComponent

    User->>Browser: Navigate to /security/login
    Browser->>YiiApp: HTTP GET /security/login
    YiiApp->>SecurityController: actions() → login
    SecurityController->>LoginAction: run()
    LoginAction->>UserComponent: getIsGuest()
    alt Not logged in
        LoginAction->>Browser: Render login form
        User->>Browser: Submit login form (username/password)
        Browser->>YiiApp: HTTP POST /security/login
        YiiApp->>SecurityController: actions() → login
        SecurityController->>LoginAction: run()
        LoginAction->>LoginForm: load POST data
        LoginAction->>Identity: findByUsername(username)
        Identity-->>LoginForm: Identity instance
        LoginAction->>LoginForm: validatePassword()
        alt Valid credentials
            LoginAction->>UserComponent: login(identity, duration)
            UserComponent-->>LoginAction: success
            LoginAction->>Browser: Redirect to previous page
        else Invalid credentials
            LoginAction->>Browser: Render login form with errors
        end
    else Already logged in
        LoginAction->>Browser: Redirect to home
    end

Loading

sequenceDiagram
    participant User
    participant Browser
    participant YiiApp
    participant ContactController
    participant ApplicationParameters
    participant Mailer

    User->>Browser: Fill and submit contact form
    Browser->>YiiApp: POST /contact
    YiiApp->>ContactController: sendEmail(form)
    ContactController->>ApplicationParameters: getMailerSender(), getMailerSenderName()
    ContactController->>Mailer: compose email (to, from, reply-to, subject, body)
    Mailer-->>ContactController: send() returns success/failure
    ContactController->>Browser: Render response (success/failure)

Loading

Possibly related PRs

• yii2-extensions/app-basic#87: Refactors namespaces from App\ and App\Tests\ to lowercase app\ and app\tests\, directly relating to the namespace changes in this PR.

Poem

In the warren where code once sprawled,
A rabbit hopped through configs enthralled.
With lowercase names and menus anew,
The login form sparkled, the tests all grew.
Theme toggles shine, assets align—
This patch makes the garden of Yii divine!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 18

🔭 Outside diff range comments (1)

ecs.php (1)

58-58: Fix syntax error: Missing space after colon.

There's a missing space after the colon in the comments parameter.

Apply this diff to fix the syntax error:

-        comments:true,
+        comments: true,

🧹 Nitpick comments (17)

CHANGELOG.md (1)

1-6: Align with “Keep a Changelog” conventions
Consider spelling the header as “Changelog” (one word) and trimming any trailing spaces so Markdown linters don’t complain. This also keeps the style consistent with the well-known “Keep a Changelog” format.

-# Change Log
+# Changelog

config/messages.php (1)

22-23: Nitpick: break long line for readability (optional).
Consider wrapping the sentence after “translated.” for better diff-ability, but it’s non-blocking.

src/framework/resource/layout/component/alert.php (1)

20-33: Consider safer flash removal pattern.

The current implementation removes flashes immediately after rendering, which could lead to message loss if the Alert widget throws an exception. Consider buffering the output or moving flash removal outside the widget rendering.

 foreach ($flashes as $type => $message) {
     if (isset($alertTypes[$type])) {
-        echo Alert::widget(
+        $alertHtml = Alert::widget(
             [
                 'body' => $message,
                 'options' => [
                     'class' => $alertTypes[$type],
                 ],
             ],
         );
+        
+        echo $alertHtml;
         Yii::$app->session->removeFlash($type);
     }
 }

tests/Unit/HelloControllerTest.php (1)

33-46: LGTM! Improved test method with better naming and error handling.

The improvements are excellent:

• Method renamed to testIndexActionOutputsHelloWorld for clarity
• Proper exception annotations for better error handling
• Variable name corrected from $helloControler to $helloControler (though it should be $helloController)
• Better assertion message for clearer test feedback

Consider fixing the variable name typo:

-        $helloControler = new HelloController('hello', Yii::$app);
+        $helloController = new HelloController('hello', Yii::$app);

-        $helloControler->runAction('index');
+        $helloController->runAction('index');

src/usecase/contact/IndexAction.php (2)

16-16: Consider dependency injection for better testability.

Direct instantiation of ContactForm makes the action harder to test and less flexible. Consider injecting the form factory or using a more testable approach.

-        $form = new ContactForm();
+        $form = $this->controller->createContactForm();

---

17-17: Direct controller property access increases coupling.

Accessing $this->controller->request directly creates tight coupling between the action and controller. Consider using dependency injection or method parameters for better separation of concerns.

src/usecase/security/LoginAction.php (2)

31-40: Consider security improvements for login logic.

The login method looks good but could benefit from additional security measures.

Consider adding:

• Rate limiting for login attempts
• Logging of failed login attempts
• More explicit error handling

 private function login(LoginForm $form): bool
 {
     $identity = $form->getIdentity();
 
     if ($identity instanceof Identity && $form->validate()) {
+        // Log successful login attempt
         return $this->controller->getUser()->login($identity, $form->rememberMe ? 3600 * 24 * 30 : 0);
     }
 
+    // Log failed login attempt
     return false;
 }

---

36-36: Remember me duration should be configurable.

The hardcoded 30-day remember me duration should be configurable for better flexibility.

-        return $this->controller->getUser()->login($identity, $form->rememberMe ? 3600 * 24 * 30 : 0);
+        $duration = $form->rememberMe ? $this->controller->getRememberMeDuration() : 0;
+        return $this->controller->getUser()->login($identity, $duration);

tests/Unit/MenuTest.php (1)

32-32: Consider making test user ID configurable.

The hardcoded user ID '100' should ideally be configurable or use a test fixture for better maintainability.

-        $identity = Identity::findIdentity('100');
+        $testUserId = $this->getTestUserId();
+        $identity = Identity::findIdentity($testUserId);

src/framework/ApplicationParameters.php (2)

72-85: Logout menu configuration needs consistency.

The logout menu item uses linkOptions while the guest menu uses different property names. Consider standardizing the property naming.

 [
     'label' => 'Logout',
     'url' => ['/security/logout'],
-    'linkOptions' => [
+    'linkAttributes' => [
         'class' => 'nav-link',
         'data-method' => 'post',
     ],
     'order' => 1,
 ],

---

17-17: Consider dependency injection over static methods.

While static methods provide simplicity, consider using dependency injection for better testability and configuration flexibility.

This would allow for easier testing and environment-specific configurations:

final class ApplicationParameters
{
    public function __construct(
        private readonly string $mailerSender,
        private readonly string $mailerSenderName,
        private readonly array $menuItems
    ) {}
    
    public function getMailerSender(): string
    {
        return $this->mailerSender;
    }
    
    // ... other methods
}

src/usecase/security/Identity.php (1)

61-61: Address unused parameter.

The $type parameter is not used in the method implementation. Either remove it or document why it's needed for interface compliance.

-public static function findIdentityByAccessToken($token, $type = null): IdentityInterface|null
+public static function findIdentityByAccessToken($token, $type = null): IdentityInterface|null

Add a comment explaining the unused parameter:

+// Note: $type parameter is required by IdentityInterface but not used in this implementation
 public static function findIdentityByAccessToken($token, $type = null): IdentityInterface|null

src/usecase/security/LoginForm.php (2)

63-63: Address unused parameter warning.

The $params parameter is required by Yii's validation interface but not used in this implementation.

Add a comment to document the unused parameter:

+// Note: $params parameter is required by Yii validation interface but not used here
 public function validatePassword($attribute, $params): void

---

23-23: Consider improving type annotation.

The $_identity property type annotation could be more specific to improve code clarity.

-private bool|null|IdentityInterface $_identity = false;
+private IdentityInterface|null|false $_identity = false;

This makes it clearer that false is used as a sentinel value for "not yet loaded".

src/framework/resource/js/toggle-theme.js (3)

8-8: Remove redundant 'use strict' directive.

The static analysis tool correctly identified that the 'use strict' directive is redundant in modern JavaScript modules where strict mode is automatically enabled.

-  'use strict'

---

69-72: Consider extracting repeated logic into a helper function.

The logic for determining the effective theme (handling 'auto' case) is repeated in multiple places. Consider extracting this into a helper function.

+  const getEffectiveTheme = (theme) => {
+    return theme === 'auto'
+      ? (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light')
+      : theme
+  }
+
-        const effectiveTheme = theme === 'auto'
-          ? (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light')
-          : theme
+        const effectiveTheme = getEffectiveTheme(theme)

---

32-82: Consider refactoring the large showActiveTheme function.

The showActiveTheme function is quite long and handles multiple responsibilities. Consider breaking it down into smaller, focused functions for better maintainability.

Consider splitting into:

• updateBootstrapThemeSwitcher(theme, focus)
• updateCustomThemeToggle(theme)
• showActiveTheme(theme, focus) (orchestrating function)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c480ee3 and 3c62ab9.

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

📒 Files selected for processing (69)

• .github/workflows/build.yml (1 hunks)
• .github/workflows/dependency-check.yml (0 hunks)
• .github/workflows/ecs.yml (0 hunks)
• .github/workflows/static.yml (1 hunks)
• CHANGELOG.md (1 hunks)
• codeception.yml (1 hunks)
• composer.json (3 hunks)
• config/build-test.php (0 hunks)
• config/common/components.php (1 hunks)
• config/common/container.php (0 hunks)
• config/config-plugin.php (0 hunks)
• config/console/app.php (1 hunks)
• config/messages.php (3 hunks)
• config/params-console.php (1 hunks)
• config/params-web.php (1 hunks)
• config/params.php (0 hunks)
• config/web/app.php (1 hunks)
• config/web/bootstrap.php (0 hunks)
• config/web/components.php (1 hunks)
• config/web/container.php (0 hunks)
• config/web/extension.php (0 hunks)
• ecs.php (2 hunks)
• package.json (1 hunks)
• phpstan.neon (1 hunks)
• public/index.php (2 hunks)
• rector.php (1 hunks)
• src/framework/ApplicationParameters.php (1 hunks)
• src/framework/asset/AppAsset.php (2 hunks)
• src/framework/asset/BootstrapIconAsset.php (1 hunks)
• src/framework/asset/LocaleAsset.php (1 hunks)
• src/framework/asset/ToggleThemeAsset.php (2 hunks)
• src/framework/event/ContactEventHandler.php (2 hunks)
• src/framework/resource/css/site.css (1 hunks)
• src/framework/resource/js/toggle-theme.js (1 hunks)
• src/framework/resource/layout/component/alert.php (1 hunks)
• src/framework/resource/layout/component/breadcrumbs.php (1 hunks)
• src/framework/resource/layout/component/footer-icons.php (2 hunks)
• src/framework/resource/layout/component/menu.php (1 hunks)
• src/framework/resource/layout/component/toggle_language.php (2 hunks)
• src/framework/resource/layout/main.php (2 hunks)
• src/usecase/Controller.php (1 hunks)
• src/usecase/contact/ContactController.php (2 hunks)
• src/usecase/contact/ContactForm.php (1 hunks)
• src/usecase/contact/IndexAction.php (1 hunks)
• src/usecase/contact/view/index.php (4 hunks)
• src/usecase/security/Identity.php (1 hunks)
• src/usecase/security/LoginAction.php (1 hunks)
• src/usecase/security/LoginForm.php (1 hunks)
• src/usecase/security/LogoutAction.php (1 hunks)
• src/usecase/security/SecurityController.php (1 hunks)
• src/usecase/security/view/login.php (1 hunks)
• src/usecase/site/SiteController.php (1 hunks)
• src/usecase/site/view/about.php (1 hunks)
• tests/Acceptance.suite.yml (0 hunks)
• tests/Acceptance/AboutCest.php (2 hunks)
• tests/Acceptance/ContactCest.php (2 hunks)
• tests/Acceptance/SiteCest.php (2 hunks)
• tests/Functional/ContactCest.php (2 hunks)
• tests/Support/AcceptanceTester.php (0 hunks)
• tests/Support/Data/UserIdentity.php (0 hunks)
• tests/Support/FunctionalTester.php (0 hunks)
• tests/Support/UnitTester.php (0 hunks)
• tests/Unit/ContactControllerTest.php (1 hunks)
• tests/Unit/HelloControllerTest.php (1 hunks)
• tests/Unit/IdentityTest.php (1 hunks)
• tests/Unit/MenuTest.php (1 hunks)
• tests/_bootstrap.php (1 hunks)
• tests/_output/.gitignore (0 hunks)
• yii (1 hunks)

💤 Files with no reviewable changes (15)

• tests/Acceptance.suite.yml
• tests/_output/.gitignore
• .github/workflows/dependency-check.yml
• config/web/container.php
• config/web/extension.php
• config/build-test.php
• tests/Support/AcceptanceTester.php
• config/web/bootstrap.php
• .github/workflows/ecs.yml
• config/config-plugin.php
• config/common/container.php
• tests/Support/UnitTester.php
• tests/Support/Data/UserIdentity.php
• tests/Support/FunctionalTester.php
• config/params.php

🧰 Additional context used

🧬 Code Graph Analysis (11)

src/framework/event/ContactEventHandler.php (2)

src/usecase/contact/ContactEvent.php (1)

• ContactEvent (9-12)

src/usecase/contact/IndexAction.php (1)

• IndexAction (12-27)

src/usecase/contact/ContactController.php (5)

src/framework/ApplicationParameters.php (3)

• ApplicationParameters (17-86)
• getMailerSender (19-22)
• getMailerSenderName (24-27)

src/usecase/Controller.php (1)

• Controller (10-36)

src/usecase/site/SiteController.php (1)

• getViewPath (33-36)

src/usecase/security/SecurityController.php (1)

• getViewPath (36-39)

src/usecase/contact/ContactForm.php (1)

• ContactForm (11-42)

config/web/app.php (4)

src/framework/event/ContactEventHandler.php (1)

• ContactEventHandler (12-33)

src/usecase/contact/ContactController.php (1)

• ContactController (13-53)

src/usecase/security/SecurityController.php (1)

• SecurityController (11-40)

src/usecase/site/SiteController.php (1)

• SiteController (11-37)

tests/Unit/HelloControllerTest.php (1)

src/usecase/hello/HelloController.php (1)

• HelloController (9-17)

src/usecase/security/view/login.php (1)

src/usecase/security/Identity.php (1)

• Identity (10-91)

src/usecase/security/SecurityController.php (5)

src/usecase/Controller.php (2)

• Controller (10-36)
• actions (14-21)

src/usecase/site/SiteController.php (2)

• actions (18-31)
• getViewPath (33-36)

src/usecase/contact/ContactController.php (2)

• actions (15-30)
• getViewPath (37-40)

src/usecase/security/LogoutAction.php (1)

• LogoutAction (13-21)

src/usecase/security/LoginAction.php (1)

• LoginAction (13-41)

config/console/app.php (1)

src/usecase/hello/HelloController.php (1)

• HelloController (9-17)

src/framework/resource/layout/component/menu.php (1)

src/framework/ApplicationParameters.php (3)

• ApplicationParameters (17-86)
• getMenuIsLogged (72-85)
• getMenuIsGuest (32-67)

src/usecase/security/Identity.php (1)

src/usecase/security/LoginForm.php (1)

• validatePassword (63-72)

tests/Unit/ContactControllerTest.php (2)

src/usecase/contact/ContactController.php (2)

• ContactController (13-53)
• sendEmail (42-52)

src/usecase/contact/ContactForm.php (1)

• ContactForm (11-42)

tests/Unit/IdentityTest.php (2)

src/usecase/security/Identity.php (6)

• Identity (10-91)
• findIdentityByAccessToken (61-70)
• getId (77-80)
• findByUsername (45-54)
• validateAuthKey (82-85)
• validatePassword (87-90)

src/usecase/security/LoginForm.php (1)

• validatePassword (63-72)

🪛 LanguageTool

CHANGELOG.md

[grammar] ~1-~1: Use correct spacing
Context: # Change Log ## 0.1.0 Under development - Initial rele...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

---

[grammar] ~3-~3: Use correct spacing
Context: # Change Log ## 0.1.0 Under development - Initial release

(QB_NEW_EN_OTHER_ERROR_IDS_5)

🪛 PHPMD (2.15.0)

src/usecase/security/Identity.php

61-61: Avoid unused parameters such as '$type'. (Unused Code Rules)

(UnusedFormalParameter)

src/usecase/security/LoginForm.php

63-63: Avoid unused parameters such as '$params'. (Unused Code Rules)

(UnusedFormalParameter)

🪛 Biome (1.9.4)

src/framework/resource/js/toggle-theme.js

[error] 8-8: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

🔇 Additional comments (109)

ecs.php (6)

5-5: LGTM: Consistent use of fully qualified class names.

The refactoring to use fully qualified class names instead of use statements is consistent with the overall approach in this file.

---

7-7: LGTM: Correct fixer class reference.

The fully qualified class name for ClassDefinitionFixer is correct and consistent.

---

13-34: LGTM: Comprehensive class element ordering configuration.

The detailed class element order configuration is well-structured and follows logical conventions:

• Traits first, then constants (public → protected → private)
• Properties in visibility order
• Special methods (construct, destruct, magic, phpunit)
• Regular methods in visibility order
• Alphabetical sorting algorithm is appropriate

This provides clear and predictable code organization.

---

35-41: LGTM: Standard import ordering configuration.

The OrderedImportsFixer configuration with class, function, const order and alphabetical sorting is a standard and appropriate setup.

---

43-43: LGTM: Correct fixer class reference.

The fully qualified class name for VisibilityRequiredFixer is correct and consistent with the refactoring approach.

---

65-67: LGTM: Consistent fully qualified class names in rules.

The withRules section maintains consistency with the fully qualified class name approach used throughout the file. The selected fixers are appropriate for code quality.

rector.php (1)

19-21: Composer’s PHP constraint must be downgraded as well.

Rector is now configured for PHP 8.1, but if composer.json (or CI images) still require 8.2 the tool and the runtime will diverge. Double-check and align the required PHP version across:
• composer.json "php": "^8.1"
• CI job images
• Dockerfiles / local dev docs

.github/workflows/build.yml (1)

26-27: Verify the new coverage-file path exists during CI.

runtime/output/coverage.xml is project-relative and will be generated only if Codeception’s coverage option is enabled and the folder exists.
Please confirm that:

1. codeception.yml enables coverage generation.
2. The runtime/output directory is created before Codeception runs (e.g. via mkdir -p).
   Otherwise the workflow will silently fail to upload the report.

config/messages.php (2)

8-8: Documentation tweaks look good.
Pure comment wording changes, no functional impact.

---

36-37: LGTM
No concerns; just approving the minor wording adjustment.

src/usecase/Controller.php (1)

29-31: Style-only change – OK.

Multi-line array improves diff clarity; functionality unchanged.

src/framework/resource/layout/component/toggle_language.php (1)

8-9: Minor import split is fine.
No functional impact; consistency with project style.

tests/_bootstrap.php (1)

9-9: LGTM! Good practice to load Composer autoloader first.

Loading the Composer autoloader before the Yii framework core file ensures proper dependency resolution and follows modern PHP application bootstrap patterns.

src/usecase/site/view/about.php (2)

7-7: LGTM! Consistent with import removal.

Using the fully qualified class name in the PHPDoc annotation is appropriate when the import statement has been removed.

---

9-9: LGTM! Good addition for breadcrumb navigation.

Adding the breadcrumbs parameter enables proper breadcrumb navigation and aligns with the new breadcrumb component system being introduced.

src/framework/resource/layout/main.php (2)

6-6: LGTM! Good cleanup of unused imports.

Removing the unused bootstrap5\Breadcrumbs import improves code cleanliness and reduces unnecessary dependencies.

---

24-24: LGTM! Excellent refactoring to component-based approach.

Moving breadcrumb rendering to a dedicated component view (component/breadcrumbs) improves separation of concerns and makes the layout more modular and maintainable.

src/framework/event/ContactEventHandler.php (2)

7-10: LGTM! Improved import organization.

Using individual import lines instead of grouped imports enhances readability and makes it easier to track specific dependencies.

---

20-20: LGTM! Good use of fully qualified function calls.

Using \Yii::t() with the leading backslash is more explicit and avoids potential naming conflicts, which is a good practice in callback functions.

Also applies to: 24-24

tests/Acceptance/SiteCest.php (3)

5-5: LGTM! Consistent namespace convention.

Changing to lowercase namespace (app\tests\Acceptance) aligns with PSR-4 standards and maintains consistency across the project.

---

7-7: LGTM! Consistent import statement.

The import statement update matches the namespace standardization to lowercase, maintaining consistency throughout the test suite.

---

17-17: LGTM! Minor formatting improvement.

Adding a blank line improves code readability and provides better visual separation between test steps.

src/framework/asset/LocaleAsset.php (1)

21-22: LGTM! Property reordering improves organization.

Moving the $sourcePath property after $publishOptions maintains logical grouping and doesn't affect functionality.

tests/Acceptance/ContactCest.php (2)

17-17: LGTM! Formatting improvement.

The additional blank line improves readability by separating the test intention from the expectations.

---

5-5: Namespace Convention Consistency Verified

All test files use the lowercase app\tests\… namespace and no remaining references to App\Tests were found. No further changes required.

src/framework/resource/layout/component/footer-icons.php (2)

5-5: LGTM! Import statement simplification.

The direct import of Svg class is cleaner and more explicit than a grouped import.

---

17-20: LGTM! Variable extraction improves readability.

Extracting the file path computation into a separate variable makes the code more readable and easier to debug.

tests/Acceptance/AboutCest.php (2)

5-7: LGTM! Consistent namespace convention change.

The namespace and use statement changes are consistent with the lowercase convention applied across the test suite.

---

17-17: LGTM! Formatting improvement.

The additional blank line improves readability by separating test sections.

src/framework/resource/css/site.css (2)

49-50: LGTM! CSS filter enhances dark theme appearance.

The invert(1) hue-rotate(180deg) filter properly adjusts the verification image for dark theme visibility.

---

52-58: LGTM! Dark theme styling for login components.

The new CSS selectors properly style the login info components for dark theme with appropriate background and text colors.

config/params-console.php (1)

5-5: Verify that console application dependencies are properly migrated.

The complete removal of console parameters could be a breaking change if other parts of the codebase depend on these configurations. According to the AI summary, this is part of a refactoring to move configuration to config/console/app.php.

#!/bin/bash
# Description: Verify that console application still functions after parameter removal
# Expected: Console controllers and configuration should be defined elsewhere

# Check if console app configuration exists
rg -A 10 "console.*app.*php" --type php

# Look for console controller references
rg -A 5 "hello.*controller|serve.*controller" --type php

Likely an incorrect or invalid review comment.

src/framework/asset/AppAsset.php (1)

7-10: LGTM: Import style improved.

The change from grouped imports to individual import lines improves readability and follows PSR-12 standards.

public/index.php (1)

21-24: LGTM: Configuration loading simplified.

The direct configuration loading approach is cleaner and more explicit than the previous dynamic configuration system.

.github/workflows/static.yml (1)

26-26: LGTM: Added Codeception build hook.

The addition of the Codeception build hook is appropriate for setting up the testing environment, which aligns with the PR objective of adding unit tests.

config/params-web.php (1)

5-5: Verify that web application dependencies are properly migrated.

The complete removal of web parameters could be a breaking change. The AI summary mentions configuration was moved to explicit files like config/web/app.php, but this needs verification.

#!/bin/bash
# Description: Verify that web application still functions after parameter removal
# Expected: Web controllers, routes, and configuration should be defined elsewhere

# Check if web app configuration exists
rg -A 10 "web.*app.*php" --type php

# Look for controller mappings and routes
rg -A 5 "controller.*map|url.*rules" --type php

# Check for menu and identity configurations
rg -A 5 "menu.*config|identity.*class" --type php

Likely an incorrect or invalid review comment.

src/usecase/security/LogoutAction.php (3)

10-12: Well-structured generic type annotation.

The PHPDoc generic type annotation correctly specifies that this action is intended for use with SecurityController, which provides excellent IDE support and type safety.

---

13-13: Good use of final class modifier.

Making the class final is a security best practice that prevents unwanted inheritance and potential security vulnerabilities.

---

15-20: Standard logout implementation follows Yii2 conventions.

The logout flow is implemented correctly:

1. Calls logout() on the current user
2. Redirects to home page using goHome()

This follows Yii2 best practices and provides a clean user experience.

src/framework/asset/BootstrapIconAsset.php (1)

9-16: Clean and focused asset bundle implementation.

The asset bundle correctly:

• Uses the standard npm package path for Bootstrap Icons
• Includes only the necessary CSS file
• Follows Yii2 asset bundle conventions

This is a well-structured, minimal implementation that serves its purpose effectively.

yii (1)

14-17: Simplified bootstrap process improves maintainability.

The refactoring removes the dependency on Yiisoft Config component and directly loads the console configuration. This approach:

• Reduces complexity and dependencies
• Makes the bootstrap process more transparent
• Follows a more traditional Yii2 pattern

The direct instantiation of the Application class is correct and aligns with standard Yii2 practices.

src/usecase/contact/ContactForm.php (3)

13-16: Proper property initialization with default values.

The properties are correctly typed with string types and initialized with empty strings, which prevents potential null pointer issues and provides predictable behavior.

---

31-41: Comprehensive validation rules with proper configuration.

The validation rules are well-structured:

• Required fields are properly specified
• Email validation is correctly applied
• CAPTCHA validation is properly configured with the correct action path

This ensures data integrity and security for the contact form.

---

11-42: Excellent separation of concerns.

The refactoring that removed the email sending logic from the form model follows the single responsibility principle. The form now focuses solely on data validation and structure, while the controller handles the business logic of sending emails. This improves maintainability and testability.

src/framework/resource/layout/component/breadcrumbs.php (3)

5-8: Proper view documentation and imports.

The PHPDoc comment correctly documents the $this variable as yii\web\View, and the Bootstrap5 Breadcrumbs widget is properly imported.

---

11-26: Well-structured responsive breadcrumbs component.

The implementation demonstrates excellent practices:

• Responsive Bootstrap 5 layout with proper container structure
• Custom templates for active and inactive breadcrumb items
• Comprehensive styling with Bootstrap utility classes
• Proper fallback handling with $this->params['breadcrumbs'] ?? []

The component is well-contained and follows Bootstrap 5 design patterns effectively.

---

16-21: Excellent Bootstrap 5 styling and accessibility.

The breadcrumb styling includes:

• Semantic HTML structure with proper list items
• Bootstrap utility classes for consistent theming
• Font weight for active items to improve visual hierarchy
• Proper spacing and border styling

This provides both visual appeal and accessibility benefits.

src/framework/asset/ToggleThemeAsset.php (1)

8-9: LGTM! Clean organizational improvements.

The reordering of imports and class properties improves code organization by following a logical sequence: dependencies first, then assets, then configuration, and finally paths.

Also applies to: 13-15, 25-25

tests/Functional/ContactCest.php (2)

36-46: Method reordering looks good.

The repositioning of contactFormSubmitFormEmptyData after contactFormSubmitFormEmailWrongData doesn't affect functionality and may improve logical flow.

---

5-7: Namespace consistency verified – no changes needed

All test files use the lowercase app\tests\… namespace and your composer.json autoload and autoload-dev mappings ("app\\": "src/" and "app\\tests\\": "tests/") align correctly. No further updates are required.

src/usecase/security/SecurityController.php (3)

13-26: Well-structured action configuration.

The action configuration follows the established pattern used in other controllers like SiteController and ContactController, properly merging custom actions with parent actions.

---

36-39: Consistent view path implementation.

The getViewPath() method follows the same pattern as other controllers in the codebase, maintaining consistency.

---

28-34: Identity class and user service configuration verified

The Identity class is defined at src/usecase/security/Identity.php, and the 'user' component in config/web/components.php is configured with:

• class => User::class
• identityClass => Identity::class

Your @phpstan-return User<Identity> annotation aligns correctly with the service container setup. No further action required.

package.json (1)

4-13: Dependency updates look well-aligned with framework changes.

The new dependencies (bootstrap, bootstrap-icons, jquery, etc.) align well with the asset bundle changes mentioned in the summary and support the modernized UI components.

src/framework/resource/layout/component/alert.php (2)

5-5: Good choice to use Yii's native Alert widget.

Replacing the custom Alert component with yii\bootstrap5\Alert simplifies the code and leverages the framework's built-in functionality.

---

7-16: Comprehensive alert types mapping.

The alert types mapping covers all Bootstrap 5 alert variants and provides good flexibility for different message types.

src/usecase/site/SiteController.php (2)

8-8: Good addition of ArrayHelper import for the merge operation.

The import is correctly placed and needed for the ArrayHelper::merge() call in the actions() method.

---

13-16: LGTM: Clean and direct implementation.

The actionIndex() method is now simplified to directly render and return the view, which is cleaner than the previous approach.

phpstan.neon (1)

1-30: Excellent PHPStan configuration improvements.

The changes significantly enhance static analysis coverage:

• Bleeding edge rules for latest checks
• Maximum analysis level for strictest validation
• Expanded paths for comprehensive coverage
• Advanced checks for better code quality

These improvements will help catch more potential issues and maintain higher code standards.

codeception.yml (1)

1-26: Good configuration improvements for consistency and organization.

The changes enhance the testing setup:

• Consistent lowercase namespace (app\tests)
• Better organized paths using runtime/ directory
• Updated config file path aligning with refactoring
• Improved YAML formatting with block style

These changes improve maintainability and align with project restructuring.

config/console/app.php (2)

5-11: Good explicit imports and variable declarations.

The explicit imports and typed variable declarations improve code clarity and static analysis support.

---

13-31: Excellent refactoring to explicit static configuration.

The changes improve maintainability by:

• Using explicit static definitions instead of parameter-driven arrays
• Clear controller map with explicit class definitions
• Proper configuration structure that's easier to understand and maintain

The HelloController and ServeController mappings are well-defined and align with the broader configuration refactoring.

src/usecase/contact/ContactController.php (2)

7-11: Good imports for the new functionality.

The imports for ApplicationParameters and MailerInterface are correctly added to support the new mailer methods.

---

32-35: Good abstraction for mailer access.

The getMailer() method provides a clean abstraction for accessing the mailer component with proper type hinting.

src/usecase/security/view/login.php (5)

1-16: LGTM! Well-structured file header and imports.

The file header follows PHP best practices with proper declare directive, and imports are correctly organized. The PHPDoc variables are properly documented.

---

17-29: LGTM! Clean page header with proper internationalization.

The page title setup and header section are well-structured using Bootstrap 5 classes. Proper use of Html::encode() for XSS protection and internationalization with Yii::t().

---

30-94: LGTM! Comprehensive form implementation with proper validation.

The ActiveForm implementation is excellent with:

• Proper floating layout configuration
• Client-side validation setup with needs-validation class
• Accessibility features (autofocus, tabindex, required attributes)
• Consistent Bootstrap 5 styling
• Proper field configuration for username, password, and remember me

---

96-116: LGTM! Helpful demo credentials display with security consideration.

The demo credentials section is well-designed and user-friendly. The reference to Identity::class at line 114 provides developers with clear guidance on where to modify credentials.

---

117-122: LGTM! Proper HTML structure closure.

The closing div tags properly close the Bootstrap container and layout structure.

tests/Unit/HelloControllerTest.php (2)

5-15: LGTM! Proper namespace standardization and imports.

The namespace change to lowercase app\tests\Unit aligns with the project-wide standardization. The new exception imports (InvalidRouteException, Exception) provide better error handling for the test method.

---

16-30: LGTM! Comprehensive PHPDoc documentation.

Excellent addition of detailed class documentation that clearly explains the test purpose, coverage, and licensing information. This improves code maintainability and understanding.

src/framework/resource/layout/component/menu.php (4)

5-13: LGTM! Clean refactoring to use centralized parameters.

The imports are well-organized and the match expression provides a clean way to select menu items based on user authentication state. Using ApplicationParameters centralizes menu configuration effectively.

---

15-30: LGTM! Proper NavBar implementation with brand image.

The NavBar configuration is well-structured with:

• Proper brand image setup with accessibility attributes
• Correct Bootstrap 5 classes
• Proper use of Yii aliases for the image path

---

32-39: LGTM! Clean Nav widget implementation.

The Nav widget is properly configured with the menu items and appropriate Bootstrap classes for responsive navigation.

---

41-42: LGTM! Proper NavBar closure.

The NavBar is correctly closed.

tests/Unit/ContactControllerTest.php (3)

5-15: LGTM! Proper namespace and import updates.

The namespace change to lowercase app\tests\Unit follows the project standardization. The imports are correctly updated to reflect the new testing approach with separate controller and form classes.

---

16-18: LGTM! Correct class renaming and tester property.

The class name change from ContactFormTest to ContactControllerTest accurately reflects what is being tested. The explicit $tester property initialization is appropriate.

---

20-52: LGTM! Improved test logic with proper separation of concerns.

The test improvements are excellent:

• Proper separation of controller and form instantiation
• Tests the controller's sendEmail method instead of form's removed method
• Added proper type checking assertions for Yii2 module and MessageInterface
• Maintains all original email verification logic
• Better alignment with the refactored architecture

composer.json (4)

19-21: LGTM! Improved dependency management with stable versions.

The update to use caret (^) and pipe (|) operators for Yii2 packages provides better version flexibility while maintaining compatibility. This is a good move away from development versions.

---

38-40: LGTM! Consistent dev dependency versioning.

The dev dependencies follow the same stable versioning pattern as the main dependencies, ensuring consistency across the project.

---

52-58: LGTM! Explicit bower asset provisioning.

The new provide section clearly declares the bower assets that the project provides, which aligns with the frontend dependencies. This improves dependency resolution and avoids conflicts.

---

59-63: LGTM! Cleaned up extra section.

The removal of the commented-out config-plugin-file entry is consistent with the removal of the Yiisoft Config package and related configuration files.

src/usecase/contact/IndexAction.php (2)

19-23: Good refactoring of form validation flow.

The form validation logic is clear and well-structured. The event triggering after successful email sending is a good practice for extensibility.

---

20-20: Email sending responsibility properly moved to controller.

Moving email sending logic to the controller is a good architectural decision that separates concerns between form validation and business logic.

src/usecase/contact/view/index.php (5)

5-6: Good modernization to Bootstrap 5 components.

The update to use yii\bootstrap5\ActiveForm and yii\captcha\Captcha aligns well with modern UI practices.

---

10-11: Improved type documentation.

The updated PHPDoc comments with proper type annotations improve code documentation and IDE support.

---

43-72: Excellent accessibility improvements with field grouping.

The restructuring of name and email fields into a responsive grid layout with proper tabindex sequencing enhances both accessibility and user experience.

---

104-137: Well-structured captcha implementation.

The captcha widget is properly organized with clear visual hierarchy and accessibility features. The template structure and styling are well-implemented.

---

140-149: Improved submit button styling and accessibility.

The submit button implementation with proper Bootstrap 5 classes and tabindex is well-done.

src/usecase/security/LoginAction.php (3)

10-12: Good type annotation for controller extension.

The PHPDoc annotation properly documents the controller type, improving IDE support and static analysis.

---

15-19: Proper authentication status check with redirect.

The early return for already authenticated users with proper redirection is a good security practice.

---

21-26: Well-structured form handling flow.

The form instantiation, POST data handling, and validation flow with proper redirect logic is implemented correctly.

tests/Unit/MenuTest.php (6)

5-5: Good namespace standardization.

The change to lowercase namespace aligns with the project's naming conventions.

---

7-7: Proper import of Identity class.

The import of the Identity class from the security namespace is correct for the test functionality.

---

12-27: Excellent test documentation.

The comprehensive PHPDoc comment clearly describes the test purpose, coverage, and context. This is excellent documentation practice.

---

30-30: Improved test method naming.

The renamed method testRenderLogoutLinkWhenUserIsLoggedIn is much more descriptive and follows testing best practices.

---

35-43: Thorough identity validation assertions.

The explicit assertions for identity existence and type are excellent testing practices that provide clear failure messages.

---

47-51: Specific assertion for logout link.

The assertion checks for the exact HTML structure including the POST method attribute, which is good for ensuring proper security implementation.

src/framework/ApplicationParameters.php (2)

8-16: Excellent PHPStan type documentation.

The PHPStan type alias for MenuItem provides clear type safety and documentation for the menu structure.

---

32-67: Well-structured guest menu configuration.

The menu structure is well-organized with proper metadata including order, category, and URLs. The structure supports proper navigation hierarchy.

config/common/components.php (1)

7-30: LGTM! Clean configuration refactoring.

The changes properly simplify the configuration by:

• Correctly using YII_DEBUG constant for trace level
• Explicitly defining log levels instead of parameter-driven configuration
• Adding appropriate mailer component with file transport for development

This aligns well with the overall refactoring goal of moving from parameter-driven to explicit configuration.

config/web/app.php (1)

5-70: Excellent refactoring to explicit configuration.

The changes represent a significant improvement in configuration management:

• Clear separation of concerns with dedicated files for components, modules, and parameters
• Explicit controller mapping improves maintainability
• Proper conditional loading of development modules
• Clean bootstrap configuration including the contact event handler

This refactoring enhances code clarity and reduces configuration complexity.

config/web/components.php (2)

31-31: Security concern: CSRF protection disabled in development.

Disabling CSRF validation in development can lead to security vulnerabilities being missed during testing. Consider keeping CSRF enabled or providing a clear justification for this decision.

If CSRF must be disabled for development, ensure this is well-documented and that production environments have proper CSRF protection.

---

13-51: Good configuration structure with explicit settings.

The component configuration is well-structured with:

• Proper asset manager configuration
• Clean i18n setup
• Comprehensive URL language management
• Appropriate user component with Identity class

src/usecase/security/Identity.php (1)

45-54: Good implementation pattern for username lookup.

The findByUsername method properly handles case-insensitive comparison and returns appropriate null values.

src/usecase/security/LoginForm.php (2)

28-35: Good implementation of identity caching.

The getIdentity method properly implements lazy loading with caching to avoid repeated database/lookup calls.

---

40-50: Well-structured validation rules.

The validation rules are comprehensive and appropriate:

• Required fields properly defined
• Boolean validation for rememberMe
• Custom password validation

tests/Unit/IdentityTest.php (1)

10-29: Excellent documentation!

The comprehensive documentation clearly describes the test suite's purpose, coverage, and expectations. This makes the test intent very clear for future maintainers.

src/framework/resource/js/toggle-theme.js (1)

1-6: Well-structured theme toggling implementation.

The overall implementation provides comprehensive theme management with proper event handling, localStorage persistence, and system preference detection. The Bootstrap integration and custom toggle support make it very flexible.

Also applies to: 93-119

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (7608154) to head (7fdcec2).
Report is 8 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##                main       #92    +/-   ##
============================================
  Coverage     100.00%   100.00%            
- Complexity        21        36    +15     
============================================
  Files             19        23     +4     
  Lines            442       622   +180     
============================================
+ Hits             442       622   +180     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

package.json (1)

18-22: Add missing repository field for better metadata completeness.

You already corrected bugs/homepage. Include repository so tools like npm info and GitHub’s dependency graph resolve the source.

     "license": "BSD-3-Clause",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/yii2-extensions/app-basic.git"
+    },

Minor but improves traceability.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3c62ab9 and 267354e.

📒 Files selected for processing (5)

• .github/workflows/build.yml (1 hunks)
• package.json (1 hunks)
• public/index.php (1 hunks)
• src/framework/resource/css/site.css (1 hunks)
• tests/Unit/IdentityTest.php (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• src/framework/resource/css/site.css
• tests/Unit/IdentityTest.php
• .github/workflows/build.yml
• public/index.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: codeception / PHP 8.3-windows-latest
• GitHub Check: codeception / PHP 8.2-windows-latest