refactor(tests): Move cookie-related tests from ServerRequestAdapterTest to new CookiesPsr7Test class for better organization and clarity.

[terabytesoftw]

Q	A
Is bugfix?	✔️
New feature?	❌
Breaks BC?	❌

Summary by CodeRabbit

• Tests
  • Added new tests to verify cookie handling and validation in the PSR-7 request adapter.
  • Expanded test coverage for cookie validation scenarios in stateless applications, including handling of valid and invalid cookies.
  • Refactored test structure by moving cookie-related tests from one test class to a dedicated test class for improved organization.

[coderabbitai]

Walkthrough

This update restructures and expands test coverage for cookie handling and validation in the PSR-7 request adapter. Cookie-related tests are moved from ServerRequestAdapterTest to a new dedicated CookiesPsr7Test class, with additional scenarios added. The StatelessApplicationTest also gains new tests for cookie validation cases.

Changes

Cohort / File(s)	Change Summary
New Cookie Adapter Test Suite tests/adapter/CookiesPsr7Test.php	Introduces a new test class focused on cookie handling in the PSR-7 request adapter, covering collection resets, validation, immutability, error conditions, and correct property mapping for cookies.
Cookie Test Migration and Cleanup tests/adapter/ServerRequestAdapterTest.php	Removes all cookie-related test methods and unused imports from the existing adapter test, delegating cookie handling coverage to the new dedicated test class. Other HTTP adapter tests remain unchanged.
Stateless Application Cookie Validation Tests tests/http/StatelessApplicationTest.php	Adds four new tests for application-level cookie validation, covering scenarios with invalid, multiple, and mixed-validity cookies, and ensuring correct cookie property mapping when validation is enabled. No existing tests are altered.

Sequence Diagram(s)

sequenceDiagram
    participant Test as Test Case
    participant Adapter as PSR-7 Request Adapter
    participant App as Application

    Test->>Adapter: Create adapter with cookies (valid/invalid)
    Test->>Adapter: Call getCookies()
    Adapter-->>Test: Return CookieCollection (filtered/validated)
    Test->>Adapter: Attempt mutation (if applicable)
    Adapter-->>Test: Throw exception if immutable

    Note over Test,Adapter: For application-level tests:
    Test->>App: Simulate HTTP request with cookies
    App->>Adapter: Access cookies via request component
    Adapter-->>App: Return validated cookies
    App-->>Test: Return JSON response with cookies

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~15–20 minutes

Possibly related PRs

• test(cookies): Add test for returning multiple validated cookies when validation is enabled. #15: Adds a similar comprehensive cookie test class and methods, including multiple validated cookies scenarios, directly overlapping with this PR’s new tests.
• test(adapter): Add test for retrieving cookie with correct name property when adapter is set. #13: Introduces tests for correct cookie property mapping in the PSR-7 adapter, matching methods added in this PR.
• feat(adapter): Enhance ServerRequestAdapter class with detailed method documentation. #9: Refactors and documents cookie retrieval and validation logic in the adapter, closely related to the test coverage expanded here.

Poem

🐇
In the meadow of code, cookies abound,
With tests for each crumb that can ever be found.
Validation and names, immutability too,
Each scenario checked, as good bunnies do.
Now with adapters and apps, our coverage complete—
This hop through the code is a tasty treat!
🍪

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix_mini_68

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f7f8815 and c72ed9a.

📒 Files selected for processing (3)

• src/adapter/ServerRequestAdapter.php (2 hunks)
• tests/adapter/CookiesPsr7Test.php (1 hunks)
• tests/adapter/ServerRequestAdapterTest.php (1 hunks)

🧰 Additional context used

🧠 Learnings (12)

📓 Common learnings

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

📚 Learning: 2025-07-22T01:01:13.426Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/http/PSR7ResponseTest.php:0-0
Timestamp: 2025-07-22T01:01:13.426Z
Learning: In yii2-extensions/psr-bridge, expired cookies should not be hashed/validated because they are deletion cookies meant to remove existing cookies from the client browser. The validation logic should only apply to live cookies (expire=0 or expire >= current time) and skip validation for both the special Yii2 deletion case (expire=1) and regular expired cookies.

Applied to files:

• src/adapter/ServerRequestAdapter.php
• tests/adapter/ServerRequestAdapterTest.php
• tests/adapter/CookiesPsr7Test.php

📚 Learning: 2025-07-22T00:50:26.546Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/http/PSR7ResponseTest.php:0-0
Timestamp: 2025-07-22T00:50:26.546Z
Learning: In yii2-extensions/psr-bridge, the ResponseAdapter::formatCookieHeader() method uses `$expire !== 1` to skip validation for Yii2's special deletion cookies, but this should be extended to handle all expired cookies, not just the special case where expire=1.

Applied to files:

• src/adapter/ServerRequestAdapter.php
• tests/adapter/ServerRequestAdapterTest.php
• tests/adapter/CookiesPsr7Test.php

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Applied to files:

• src/adapter/ServerRequestAdapter.php
• tests/adapter/ServerRequestAdapterTest.php
• tests/adapter/CookiesPsr7Test.php

📚 Learning: 2025-07-21T23:28:20.089Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: src/adapter/ResponseAdapter.php:86-98
Timestamp: 2025-07-21T23:28:20.089Z
Learning: In Yii2, cookies with `expire == 1` are treated as delete cookies and cookie validation is skipped for them. The official Yii2 Response::sendCookies() method uses `if ($expire != 1 && isset($validationKey))` to determine when to apply validation hashing.

Applied to files:

• src/adapter/ServerRequestAdapter.php

📚 Learning: 2025-07-22T10:56:44.424Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/adapter/ResponseAdapterTest.php:436-450
Timestamp: 2025-07-22T10:56:44.424Z
Learning: In yii2-extensions/psr-bridge cookie validation logic, a cookie is only considered expired when expire < current time (strictly less than). When expire == current time, the cookie is still valid and validation/hashing should apply. Only cookies with expire < current time should skip validation.

Applied to files:

• src/adapter/ServerRequestAdapter.php

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php
• tests/adapter/CookiesPsr7Test.php

📚 Learning: 2025-07-20T16:35:15.341Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:35:15.341Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:33:57.495Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-08T15:24:06.045Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php
• tests/adapter/CookiesPsr7Test.php

📚 Learning: 2025-08-06T22:52:05.608Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#64
File: tests/http/StatelessApplicationTest.php:1939-1967
Timestamp: 2025-08-06T22:52:05.608Z
Learning: In yii2-extensions/psr-bridge tests, when testing specific component methods like Request::resolve(), it's necessary to call $app->handle($request) first to initialize all application components before testing the method in isolation. This ensures proper component lifecycle initialization.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

🪛 Gitleaks (8.27.2)

tests/adapter/CookiesPsr7Test.php

35-35: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

84-84: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

127-127: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

157-157: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

203-203: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

258-258: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

276-276: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

356-356: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

377-377: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

431-431: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

502-502: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: mutation / PHP 8.3-ubuntu-latest
• GitHub Check: phpunit / PHP 8.4-windows-latest
• GitHub Check: phpunit / PHP 8.2-windows-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest

🔇 Additional comments (4)

src/adapter/ServerRequestAdapter.php (2)

423-423: Good optimization: reuse the Security instance inside the loop.

Reduces repeated component retrieval and allocations during validation.

---

9-9: Import looks correct.

Bringing Security via yii\base\Security aligns with usage below.

tests/adapter/ServerRequestAdapterTest.php (1)

9-10: LGTM on import adjustments.

No issues; consistent with current usages in this file.

tests/adapter/CookiesPsr7Test.php (1)

272-291: Signing flow mirrors adapter validation logic.

Using Security::hashData(Json::encode([$name, $value]), $validationKey) matches the adapter’s validateData()->Json::decode() flow and is correct.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

tests/http/StatelessApplicationTest.php (3)

998-1029: Strengthen test with status code and content-type assertions

Add basic response metadata checks for consistency with the rest of the suite.

     $response = $app->handle(
         FactoryHelper::createRequest('GET', 'site/getcookies')
             ->withCookieParams(
                 [
                     'invalid_cookie' => 'invalid_data',
                     'empty_cookie' => '',
                 ],
             ),
     );
 
+    self::assertSame(
+        200,
+        $response->getStatusCode(),
+        "Response 'status code' should be '200' for 'site/getcookies' with validation enabled.",
+    );
+    self::assertSame(
+        'application/json; charset=UTF-8',
+        $response->getHeaders()['content-type'][0] ?? '',
+        "Response 'content-type' should be 'application/json; charset=UTF-8' for 'site/getcookies'.",
+    );
     self::assertSame(
         '[]',
         $response->getBody()->getContents(),
         'CookieCollection should be empty when validation is enabled but cookies are invalid.',
     );

Note: Good use of self::COOKIE_VALIDATION_KEY per project convention.

---

1349-1447: Improve clarity and robustness: assert metadata and rename local var

• Add status/code content-type checks.
• Rename $expectedCookies to a more accurate name.
• Assert decoded type explicitly.

     $response = $app->handle(
         FactoryHelper::createRequest('GET', 'site/getcookies')
             ->withCookieParams($signedCookies),
     );
 
-    /**
+    /**
      * @phpstan-var array<
      *   string,
      *   array{
      *     name: string,
      *     value: string,
      *     domain: string,
      *     expire: ?int,
      *     path: string,
      *     secure: bool,
      *     httpOnly: bool,
      *     sameSite: string
      *   }
      * >
      */
-    $expectedCookies = Json::decode($response->getBody()->getContents());
+    self::assertSame(
+        200,
+        $response->getStatusCode(),
+        "Response 'status code' should be '200' for 'site/getcookies' route in 'StatelessApplication'.",
+    );
+    self::assertSame(
+        'application/json; charset=UTF-8',
+        $response->getHeaders()['content-type'][0] ?? '',
+        "Response 'content-type' should be 'application/json; charset=UTF-8' for 'site/getcookies'.",
+    );
+    $cookies = Json::decode($response->getBody()->getContents());
+    self::assertIsArray($cookies);
 
     self::assertCount(
         4,
-        $expectedCookies,
+        $cookies,
         "Should return all '4' validated cookies, not just '1'.",
     );
 
     foreach ($cookies as $name => $value) {
         self::assertSame(
             $name,
-            $expectedCookies[$name]['name'] ?? null,
+            $cookies[$name]['name'] ?? null,
             "Cookie name for '{$name}' should match the original cookie name in 'StatelessApplication'.",
         );
         self::assertSame(
             $value,
-            $expectedCookies[$name]['value'],
+            $cookies[$name]['value'],
             "Cookie value for '{$name}' should match the original cookie value in 'StatelessApplication'.",
         );
         self::assertEmpty(
-            $expectedCookies[$name]['domain'],
+            $cookies[$name]['domain'],
             "Cookie 'domain' for '{$name}' should be an empty string in 'StatelessApplication'.",
         );
         self::assertNull(
-            $expectedCookies[$name]['expire'],
+            $cookies[$name]['expire'],
             "Cookie 'expire' for '{$name}' should be 'null' in 'StatelessApplication'.",
         );
         self::assertSame(
             '/',
-            $expectedCookies[$name]['path'],
+            $cookies[$name]['path'],
             "Cookie 'path' for '{$name}' should be '/' in 'StatelessApplication'.",
         );
         self::assertFalse(
-            $expectedCookies[$name]['secure'],
+            $cookies[$name]['secure'],
             "Cookie 'secure' flag for '{$name}' should be 'false' in 'StatelessApplication'.",
         );
         self::assertTrue(
-            $expectedCookies[$name]['httpOnly'],
+            $cookies[$name]['httpOnly'],
             "Cookie 'httpOnly' flag for '{$name}' should be 'true' in 'StatelessApplication'.",
         );
         self::assertSame(
             'Lax',
-            $expectedCookies[$name]['sameSite'],
+            $cookies[$name]['sameSite'],
             "Cookie 'sameSite' for '{$name}' should be 'Lax' in 'StatelessApplication'.",
         );
     }

---

1665-1711: Fix assertion message: cookie name typo

Assertion message mentions 'validated_session' but the actual cookie name is 'valid_session'.

         self::assertSame(
             <<<JSON
             {"valid_session":{"name":"valid_session","value":"abc123session","domain":"","expire":null,"path":"/","secure":false,"httpOnly":true,"sameSite":"Lax"}}
             JSON,
             $response->getBody()->getContents(),
-            "Response 'body' should match expected JSON string for cookie 'validated_session' on 'site/getcookies' " .
+            "Response 'body' should match expected JSON string for cookie 'valid_session' on 'site/getcookies' " .
             "route in 'StatelessApplication'.",
         );

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2fe607b and 10d7c05.

📒 Files selected for processing (3)

• src/adapter/ServerRequestAdapter.php (1 hunks)
• tests/adapter/CookiesPsr7Test.php (1 hunks)
• tests/http/StatelessApplicationTest.php (4 hunks)

✅ Files skipped from review due to trivial changes (1)

• src/adapter/ServerRequestAdapter.php

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/adapter/CookiesPsr7Test.php

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Applied to files:

• tests/http/StatelessApplicationTest.php

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Applied to files:

• tests/http/StatelessApplicationTest.php

📚 Learning: 2025-08-08T15:24:06.045Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Applied to files:

• tests/http/StatelessApplicationTest.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: phpunit / PHP 8.4-windows-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest

🔇 Additional comments (2)

tests/http/StatelessApplicationTest.php (2)

19-19: LGTM: Cookie import addition is fine

Import aligns with expanded cookie-related tests; no issues.

---

1713-1754: LGTM: Validated cookie preserves the correct name and attributes

Good use of self::COOKIE_VALIDATION_KEY and end-to-end verification.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

tests/adapter/ServerRequestAdapterTest.php (1)

731-777: Ensure runtime directory exists and clean up uploaded files in ServerRequestAdapterTest

To prevent leftover files in runtime from affecting other tests, update tests/adapter/ServerRequestAdapterTest.php as follows:

• Before calling saveAs(), verify (and create) the runtime directory.
• After assertFileExists(), remove the saved file.

Suggested diff:

--- a/tests/adapter/ServerRequestAdapterTest.php
+++ b/tests/adapter/ServerRequestAdapterTest.php
@@ lines 740-760
-        self::assertTrue(
+        // ensure the runtime directory exists
+        if (!is_dir($runtimePath)) {
+            self::assertTrue(
+                @mkdir($runtimePath, 0777, true),
+                "Failed to create runtime directory: {$runtimePath}"
+            );
+        }
+        self::assertTrue(
             $uploadedFile->saveAs("{$runtimePath}/{$uploadedFile->name}", false),
             "Uploaded file '{$uploadedFile->name}' should be saved to the runtime directory successfully.",
         );
         self::assertFileExists(
             "{$runtimePath}/{$uploadedFile->name}",
             "Uploaded file '{$uploadedFile->name}' should exist in the runtime directory after saving.",
         );
+        // clean up to avoid test interference
+        @unlink("{$runtimePath}/{$uploadedFile->name}");

🧹 Nitpick comments (1)

tests/adapter/ServerRequestAdapterTest.php (1)

714-729: Typo: $expectedUpdloadedFiles -> $expectedUploadedFiles

Minor naming nit; typo appears in two places and subsequent references. Consider renaming for clarity.

Also applies to: 822-837

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10d7c05 and 9940df0.

📒 Files selected for processing (2)

• tests/adapter/ServerRequestAdapterTest.php (1 hunks)
• tests/http/StatelessApplicationTest.php (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/http/StatelessApplicationTest.php

🧰 Additional context used

🧠 Learnings (10)

📓 Common learnings

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-22T00:50:26.546Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/http/PSR7ResponseTest.php:0-0
Timestamp: 2025-07-22T00:50:26.546Z
Learning: In yii2-extensions/psr-bridge, the ResponseAdapter::formatCookieHeader() method uses `$expire !== 1` to skip validation for Yii2's special deletion cookies, but this should be extended to handle all expired cookies, not just the special case where expire=1.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:35:15.341Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:35:15.341Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:33:57.495Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-08T15:24:06.045Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-06T22:52:05.608Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#64
File: tests/http/StatelessApplicationTest.php:1939-1967
Timestamp: 2025-08-06T22:52:05.608Z
Learning: In yii2-extensions/psr-bridge tests, when testing specific component methods like Request::resolve(), it's necessary to call $app->handle($request) first to initialize all application components before testing the method in isolation. This ensures proper component lifecycle initialization.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-22T01:01:13.426Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/http/PSR7ResponseTest.php:0-0
Timestamp: 2025-07-22T01:01:13.426Z
Learning: In yii2-extensions/psr-bridge, expired cookies should not be hashed/validated because they are deletion cookies meant to remove existing cookies from the client browser. The validation logic should only apply to live cookies (expire=0 or expire >= current time) and skip validation for both the special Yii2 deletion case (expire=1) and regular expired cookies.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: phpunit / PHP 8.1-windows-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest

🔇 Additional comments (2)

tests/adapter/ServerRequestAdapterTest.php (2)

270-279: No action required: createTmpFile() helper is available
Confirmed that createTmpFile() is implemented in tests/TestCase.php (line 95) and inherited by ServerRequestAdapterTest.

---

9-10: Confirmed: Cookie-related imports trimmed and new cookie tests correctly use shared key

• ServerRequestAdapterTest.php no longer contains any cookie-related imports or usages.
• tests/adapter/CookiesPsr7Test.php is present and consistently sets $request->cookieValidationKey = self::COOKIE_VALIDATION_KEY.
• All cookie scenarios in tests/http/StatelessApplicationTest.php reference self::COOKIE_VALIDATION_KEY (no hardcoded keys).

No issues found.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

tests/adapter/ServerRequestAdapterTest.php (4)

714-729: Optional: reduce duplication when building expected uploaded file metadata

The explicit expected map is correct. Since a very similar structure is rebuilt in another test below, consider a small helper for readability/DRY.

For example, add a helper method in this class (outside the shown range):

private function expectedUploadedFiles(array $entries): array
{
    // $entries: ['key' => ['name' => ..., 'type' => ..., 'tempName' => ..., 'size' => ...]]
    $out = [];
    foreach ($entries as $key => $e) {
        $out[$key] = [
            'name' => $e['name'],
            'type' => $e['type'],
            'tempName' => $e['tempName'],
            'error' => UPLOAD_ERR_OK,
            'size' => $e['size'],
        ];
    }
    return $out;
}

Then here:

-$expectedUploadedFiles = [
-    'file1' => [
-        'name' => 'test1.txt',
-        'type' => 'text/plain',
-        'tempName' => $file1,
-        'error' => UPLOAD_ERR_OK,
-        'size' => $size1,
-    ],
-    'file2' => [
-        'name' => 'test2.php',
-        'type' => 'application/x-php',
-        'tempName' => $file2,
-        'error' => UPLOAD_ERR_OK,
-        'size' => $size2,
-    ],
-];
+$expectedUploadedFiles = $this->expectedUploadedFiles([
+    'file1' => ['name' => 'test1.txt', 'type' => 'text/plain', 'tempName' => $file1, 'size' => $size1],
+    'file2' => ['name' => 'test2.php', 'type' => 'application/x-php', 'tempName' => $file2, 'size' => $size2],
+]);

---

744-744: Tighten assertions: avoid null coalescing when keys are guaranteed

The expected keys always exist. Removing “?? null” strengthens failures and avoids masking typos in expected map keys.

Apply:

-                                $expectedUploadedFiles[$name]['name'] ?? null,
+                                $expectedUploadedFiles[$name]['name'],

-                                $expectedUploadedFiles[$name]['type'] ?? null,
+                                $expectedUploadedFiles[$name]['type'],

-                                $expectedUploadedFiles[$name]['tempName'] ?? null,
+                                $expectedUploadedFiles[$name]['tempName'],

-                                $expectedUploadedFiles[$name]['error'] ?? null,
+                                $expectedUploadedFiles[$name]['error'],

-                                $expectedUploadedFiles[$name]['size'] ?? null,
+                                $expectedUploadedFiles[$name]['size'],

Also applies to: 749-749, 754-754, 759-759, 764-764

---

822-837: DRY: duplicate expectedUploadedFiles map appears twice

Same expected structure as earlier test. Consider using the same helper to keep one source of truth for names/types/temp/size.

Example:

-$expectedUploadedFiles = [
-    'file1' => [
-        'name' => 'test1.txt',
-        'type' => 'text/plain',
-        'tempName' => $file1,
-        'error' => UPLOAD_ERR_OK,
-        'size' => $size1,
-    ],
-    'file2' => [
-        'name' => 'test2.php',
-        'type' => 'application/x-php',
-        'tempName' => $file2,
-        'error' => UPLOAD_ERR_OK,
-        'size' => $size2,
-    ],
-];
+$expectedUploadedFiles = $this->expectedUploadedFiles([
+    'file1' => ['name' => 'test1.txt', 'type' => 'text/plain', 'tempName' => $file1, 'size' => $size1],
+    'file2' => ['name' => 'test2.php', 'type' => 'application/x-php', 'tempName' => $file2, 'size' => $size2],
+]);

---

853-853: Tighten assertions: remove unnecessary null coalescing

As above, the expected keys are guaranteed. Drop “?? null”.

Apply:

-                $expectedUploadedFiles[$name]['name'] ?? null,
+                $expectedUploadedFiles[$name]['name'],

-                $expectedUploadedFiles[$name]['type'] ?? null,
+                $expectedUploadedFiles[$name]['type'],

-                $expectedUploadedFiles[$name]['tempName'] ?? null,
+                $expectedUploadedFiles[$name]['tempName'],

-                $expectedUploadedFiles[$name]['error'] ?? null,
+                $expectedUploadedFiles[$name]['error'],

-                $expectedUploadedFiles[$name]['size'] ?? null,
+                $expectedUploadedFiles[$name]['size'],

Also applies to: 858-858, 863-863, 868-868, 873-873

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9940df0 and e2df6a4.

📒 Files selected for processing (2)

• tests/adapter/ServerRequestAdapterTest.php (5 hunks)
• tests/http/StatelessApplicationTest.php (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/http/StatelessApplicationTest.php

🧰 Additional context used

🧠 Learnings (10)

📓 Common learnings

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge tests, prefer using self::COOKIE_VALIDATION_KEY from tests/TestCase over hardcoded 'cookieValidationKey' strings to avoid secret scanners FP and improve maintainability.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-08T15:28:00.137Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/adapter/ServerRequestAdapterTest.php:2215-2215
Timestamp: 2025-08-08T15:28:00.137Z
Learning: In yii2-extensions/psr-bridge, tests extend tests/TestCase which defines a protected const COOKIE_VALIDATION_KEY. Test code should use self::COOKIE_VALIDATION_KEY instead of hardcoded cookieValidationKey literals.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-22T00:50:26.546Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/http/PSR7ResponseTest.php:0-0
Timestamp: 2025-07-22T00:50:26.546Z
Learning: In yii2-extensions/psr-bridge, the ResponseAdapter::formatCookieHeader() method uses `$expire !== 1` to skip validation for Yii2's special deletion cookies, but this should be extended to handle all expired cookies, not just the special case where expire=1.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:35:15.341Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods, so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:35:15.341Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1536-1552
Timestamp: 2025-07-20T16:35:15.341Z
Learning: In the yii2-extensions/psr-bridge project, the base TestCase class already handles $_SERVER cleanup in setUp() and tearDown() methods (lines 28 and 32), so individual test methods that extend TestCase don't need manual $_SERVER restoration.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-20T16:33:57.495Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#6
File: tests/http/RequestTest.php:1564-1578
Timestamp: 2025-07-20T16:33:57.495Z
Learning: The TestCase class in yii2-extensions/psr-bridge automatically handles $_SERVER superglobal cleanup by saving its original state before each test and restoring it afterward in setUp() and tearDown() methods. Manual $_SERVER cleanup in individual test methods is unnecessary when extending this TestCase.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-08T15:24:06.045Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#71
File: tests/TestCase.php:23-27
Timestamp: 2025-08-08T15:24:06.045Z
Learning: In yii2-extensions/psr-bridge (tests/TestCase.php), maintainer preference: it’s acceptable to use random-looking strings for test-only constants like COOKIE_VALIDATION_KEY; no need to replace with an obviously non-secret value unless CI/secret scanners become problematic.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-08-06T22:52:05.608Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#64
File: tests/http/StatelessApplicationTest.php:1939-1967
Timestamp: 2025-08-06T22:52:05.608Z
Learning: In yii2-extensions/psr-bridge tests, when testing specific component methods like Request::resolve(), it's necessary to call $app->handle($request) first to initialize all application components before testing the method in isolation. This ensures proper component lifecycle initialization.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

📚 Learning: 2025-07-22T01:01:13.426Z

Learnt from: terabytesoftw
PR: yii2-extensions/psr-bridge#21
File: tests/http/PSR7ResponseTest.php:0-0
Timestamp: 2025-07-22T01:01:13.426Z
Learning: In yii2-extensions/psr-bridge, expired cookies should not be hashed/validated because they are deletion cookies meant to remove existing cookies from the client browser. The validation logic should only apply to live cookies (expire=0 or expire >= current time) and skip validation for both the special Yii2 deletion case (expire=1) and regular expired cookies.

Applied to files:

• tests/adapter/ServerRequestAdapterTest.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: phpunit / PHP 8.4-windows-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest
• GitHub Check: mutation / PHP 8.3-ubuntu-latest
• GitHub Check: phpunit / PHP 8.2-windows-latest

🔇 Additional comments (1)

tests/adapter/ServerRequestAdapterTest.php (1)

9-10: Imports look correct and scoped to current usage

Using yii\base\InvalidConfigException and yii\web\UploadedFile matches actual usage in this class after cookie-test extraction.