cleans up flash message keys.

[ljonesfl]

Note

Authentication and UX

• Authentication::attempt now accepts username or email (auto-detects email); added unit tests to cover email/username success/failure paths
• Login form label/placeholder updated to "Username or Email"

Flash messaging consistency

• Added FlashMessageType::viewKey() and updated controllers and views to pass/display flash messages using capitalized view keys (e.g., $Success, $Error)
• Touched controllers: Events, EventCategories, Media, Pages, Posts, Profile, Users, Auth/Login; updated resources/views/admin/events/index.php accordingly
• New unit tests for FlashMessageType::viewKey()

^{Written by Cursor Bugbot for commit 75710fe. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• New Features

  • Users can log in with either username or email; login field updated to "Username or Email"

• Improvements

  • Standardized flash message keys for more consistent success/error alert display across admin views

• Tests

  • Added unit tests covering authentication (email/username) and flash message key behavior

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Adds username-or-email login support and introduces a viewKey() method for FlashMessageType; controllers and views updated to use view-specific flash keys. Tests added for email-based authentication and enum behavior; login form placeholder text updated.

Changes

Cohort / File(s)	Summary
Login UI & Auth service resources/views/auth/login/login.php, src/Cms/Services/Auth/Authentication.php	Login form placeholder changed to "Username or Email". Authentication::attempt now detects email vs username and calls findByEmail or findByUsername accordingly.
FlashMessageType enum src/Cms/Enums/FlashMessageType.php	Added public method viewKey(): string returning capitalized enum value (e.g., "Success", "Error") for view variable naming.
Controllers — flash key updates src/Cms/Controllers/Admin/... src/Cms/Controllers/Admin/EventCategories.php, .../Events.php, .../Media.php, .../Pages.php, .../Posts.php, .../Profile.php, .../Users.php, src/Cms/Controllers/Auth/Login.php	Replaced flash data keys used in view arrays from FlashMessageType::X->value to FlashMessageType::X->viewKey() for SUCCESS and ERROR across multiple controllers.
Admin view flash variables resources/views/admin/events/index.php	Updated template variable names from lowercase $success/$error to capitalized $Success/$Error to match new view keys.
Tests — authentication & enum tests/Unit/Cms/Services/AuthenticationTest.php, tests/Unit/Cms/Enums/FlashMessageTypeTest.php	Added four authentication tests covering email login, username login, nonexistent email, and incorrect password with email; added tests validating viewKey() and enum values/cases.

Sequence Diagram

sequenceDiagram
    participant Client
    participant AuthService as Authentication Service
    participant DB as Database
    participant Session

    Client->>AuthService: attempt(identifier, password)
    AuthService->>AuthService: is identifier an email?
    alt Email detected
        AuthService->>DB: findByEmail(identifier)
    else Username detected
        AuthService->>DB: findByUsername(identifier)
    end
    DB-->>AuthService: returns User or null
    alt User found
        AuthService->>AuthService: verify password
        alt Password valid
            AuthService->>Session: set authenticated state
            AuthService-->>Client: success
        else Password invalid
            AuthService-->>Client: failure
        end
    else User not found
        AuthService-->>Client: failure
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 I sniffed the login, found email too,
I hopped through enums, made keys anew,
Controllers now call the view's bright name,
Tests confirm the login game,
Hooray — a carrot-coded cue! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions only flash message key cleanup, but the PR also introduces email-based authentication and updates login UI labels, making the title incomplete and partially misleading about the full scope.	Revise the title to reflect both major changes, such as 'Add email authentication and unify flash message keys' or similar to accurately represent the complete changeset.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 62791f7 and 75710fe.

📒 Files selected for processing (3)

• resources/views/admin/events/index.php
• tests/Unit/Cms/Enums/FlashMessageTypeTest.php
• tests/Unit/Cms/Services/AuthenticationTest.php

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/Unit/Cms/Services/AuthenticationTest.php

🧰 Additional context used

🧬 Code graph analysis (1)

tests/Unit/Cms/Enums/FlashMessageTypeTest.php (1)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Cursor Bugbot
• GitHub Check: build-test (mysql)
• GitHub Check: build-test (sqlite)
• GitHub Check: build-test (postgres)

🔇 Additional comments (4)

resources/views/admin/events/index.php (1)

7-19: LGTM!

The flash message variable names are correctly updated to use capitalized keys ($Success, $Error) matching the new viewKey() convention from the controllers. XSS protection via htmlspecialchars() is properly maintained.

tests/Unit/Cms/Enums/FlashMessageTypeTest.php (3)

21-27: LGTM — viewKey() capitalization is well covered.

---

35-41: LGTM — validates lowercase session keys.

---

48-57: LGTM — solid coverage for enum completeness.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 83.33333% with 4 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/Cms/Controllers/Admin/Profile.php	0.00%	2 Missing ⚠️
src/Cms/Controllers/Auth/Login.php	0.00%	2 Missing ⚠️

Flag	Coverage Δ	Complexity Δ
cms	73.80% <83.33%> (+0.01%)	2128.00 <1.00> (+2.00)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ	Complexity Δ
src/Cms/Controllers/Admin/EventCategories.php	43.24% <100.00%> (ø)	16.00 <0.00> (ø)
src/Cms/Controllers/Admin/Events.php	36.78% <100.00%> (ø)	26.00 <0.00> (ø)
src/Cms/Controllers/Admin/Media.php	96.29% <100.00%> (ø)	16.00 <0.00> (ø)
src/Cms/Controllers/Admin/Pages.php	27.27% <100.00%> (ø)	29.00 <0.00> (ø)
src/Cms/Controllers/Admin/Posts.php	43.01% <100.00%> (ø)	26.00 <0.00> (ø)
src/Cms/Controllers/Admin/Users.php	60.27% <100.00%> (ø)	14.00 <0.00> (ø)
src/Cms/Enums/FlashMessageType.php	100.00% <100.00%> (ø)	1.00 <1.00> (?)
src/Cms/Services/Auth/Authentication.php	96.62% <100.00%> (+0.06%)	40.00 <0.00> (+1.00)
src/Cms/Controllers/Admin/Profile.php	9.80% <0.00%> (ø)	12.00 <0.00> (ø)
src/Cms/Controllers/Auth/Login.php	27.65% <0.00%> (ø)	16.00 <0.00> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@src/Cms/Controllers/Admin/Events.php`:
- Around line 89-93: The controller is passing capitalized view keys via
FlashMessageType::SUCCESS->viewKey() and FlashMessageType::ERROR->viewKey(), but
the template expects lowercase $success and $error; update the Events controller
where ->with([...]) is built to use lowercase keys ('success' and 'error') and
assign the flash values from
$sessionManager->getFlash(FlashMessageType::SUCCESS->value) and
getFlash(FlashMessageType::ERROR->value) respectively (replace the current
FlashMessageType::...->viewKey() keys with 'success' and 'error') so the
template variables match.

In `@tests/Unit/Cms/Services/AuthenticationTest.php`:
- Around line 630-640: In testAttemptWithUsernameStillWorks remove the unused
local variable by calling createTestUser('usernametest', 'TestPass123') for its
side effects without assigning it to $user (or delete the $user declaration), so
the test keeps creating the user but no longer defines an unused $user variable
referenced in the test method.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7769bc5 and 62791f7.

📒 Files selected for processing (12)

• resources/views/auth/login/login.php
• src/Cms/Controllers/Admin/EventCategories.php
• src/Cms/Controllers/Admin/Events.php
• src/Cms/Controllers/Admin/Media.php
• src/Cms/Controllers/Admin/Pages.php
• src/Cms/Controllers/Admin/Posts.php
• src/Cms/Controllers/Admin/Profile.php
• src/Cms/Controllers/Admin/Users.php
• src/Cms/Controllers/Auth/Login.php
• src/Cms/Enums/FlashMessageType.php
• src/Cms/Services/Auth/Authentication.php
• tests/Unit/Cms/Services/AuthenticationTest.php

🧰 Additional context used

🧬 Code graph analysis (9)

src/Cms/Services/Auth/Authentication.php (2)

src/Cms/Repositories/DatabaseUserRepository.php (2)

• findByEmail (59-62)
• findByUsername (51-54)

src/Cms/Repositories/IUserRepository.php (2)

• findByEmail (27-27)
• findByUsername (22-22)

src/Cms/Controllers/Auth/Login.php (3)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Controllers/Content.php (1)

• getSessionManager (234-248)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/Posts.php (2)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/Profile.php (3)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Controllers/Content.php (1)

• getSessionManager (234-248)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/Users.php (2)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/Events.php (2)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/Pages.php (2)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/EventCategories.php (2)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

src/Cms/Controllers/Admin/Media.php (2)

src/Cms/Enums/FlashMessageType.php (1)

• viewKey (27-30)

src/Cms/Auth/SessionManager.php (1)

• getFlash (170-176)

🪛 PHPMD (2.15.0)

tests/Unit/Cms/Services/AuthenticationTest.php

632-632: Avoid unused local variables such as '$user'. (undefined)

(UnusedLocalVariable)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Cursor Bugbot
• GitHub Check: build-test (postgres)
• GitHub Check: build-test (mysql)

🔇 Additional comments (13)

src/Cms/Enums/FlashMessageType.php (1)

19-30: LGTM: viewKey centralizes view-key mapping.

Keeps view-specific keys derived from enum values in one place.

src/Cms/Controllers/Admin/Profile.php (1)

83-87: LGTM: consistent viewKey usage.

Matches the new enum helper and keeps session keys unchanged.

src/Cms/Controllers/Admin/Posts.php (1)

103-107: LGTM: consistent viewKey usage.

Matches the enum helper and keeps flash retrieval via lowercase keys.

src/Cms/Controllers/Admin/Pages.php (1)

89-93: LGTM: consistent viewKey usage.

Matches the enum helper and keeps flash retrieval via lowercase keys.

src/Cms/Controllers/Admin/EventCategories.php (1)

75-76: LGTM: view-keyed flash data aligns with the new enum API.

src/Cms/Controllers/Admin/Media.php (2)

117-118: LGTM: success-path flash keys now use viewKey().

---

138-139: LGTM: error-path flash keys also use viewKey(), keeping rendering consistent.

src/Cms/Controllers/Admin/Users.php (1)

82-83: LGTM: users index uses viewKey() for flash data.

resources/views/auth/login/login.php (1)

6-12: LGTM: copy now reflects username/email login.

src/Cms/Services/Auth/Authentication.php (1)

47-58: No issue here—username validation prevents email-formatted usernames.

Usernames are constrained by pattern /^[a-zA-Z0-9_-]+$/, which explicitly disallows "@" and other special characters. Email-formatted usernames are impossible per the YAML validation rules. The authentication logic correctly routes based on whether the input matches email format—if it does, search by email; otherwise, search by username. No fallback is needed because the scenario you described cannot occur.

Likely an incorrect or invalid review comment.

src/Cms/Controllers/Auth/Login.php (1)

78-79: LGTM!

The refactoring correctly separates the concerns: using viewKey() for view variable names (capitalized, e.g., 'Error') and value for session storage keys (lowercase, e.g., 'error'). This improves consistency across the codebase and centralizes the key derivation logic in the enum.

tests/Unit/Cms/Services/AuthenticationTest.php (2)

615-625: LGTM!

Good test coverage for the email-based login feature. The test properly verifies:

1. Authentication succeeds with email
2. User is marked as authenticated
3. The resolved username matches the expected value

---

645-664: LGTM!

Good edge case coverage for the email-based authentication. These tests properly verify that:

1. Nonexistent email addresses fail authentication
2. Incorrect passwords fail even when using a valid email

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[cursor]

Missing view updates break flash messages on multiple pages

High Severity

The controllers now pass flash message data using viewKey() which returns capitalized keys ('Success', 'Error'), but several view templates still expect lowercase variables ($success, $error). Only resources/views/admin/events/index.php was updated. The views for Event Categories, Media, Pages, and Profile still use lowercase variables and will silently fail to display any flash messages to users.

Additional Locations (2)

• src/Cms/Controllers/Admin/Pages.php#L90-L92
• src/Cms/Controllers/Admin/Profile.php#L84-L86