[ADVAPP-320]: Presentation of forms and portals is failing in prod.

.dockerignore

@@ -5,4 +5,5 @@
 #bin
 docs
 .env
-.env.example
+.env.example
+rr

.gitignore

@@ -38,3 +38,4 @@ public/api-docs/*
 /caddy
 frankenphp
 frankenphp-worker.php
+/rr

app-modules/application/routes/api.php

@@ -50,16 +50,16 @@
             ->name('applications.')
             ->group(function () {
                 Route::get('/{application}', [ApplicationWidgetController::class, 'view'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('define');
                 Route::post('/{application}/authenticate/request', [ApplicationWidgetController::class, 'requestAuthentication'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('request-authentication');
                 Route::post('/{application}/authenticate/{authentication}', [ApplicationWidgetController::class, 'authenticate'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('authenticate');
                 Route::post('/{application}/submit', [ApplicationWidgetController::class, 'store'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('submit');
             });
     });

app-modules/application/src/Http/Controllers/ApplicationWidgetController.php

@@ -65,7 +65,11 @@ public function view(GenerateFormKitSchema $generateSchema, Application $applica
             [
                 'name' => $application->name,
                 'description' => $application->description,
-                'authentication_url' => URL::signedRoute('applications.request-authentication', ['application' => $application]),
+                'authentication_url' => URL::signedRoute(
+                    name: 'applications.request-authentication',
+                    parameters: ['application' => $application],
+                    absolute: false,
+                ),
                 'schema' => $generateSchema($application),
                 'primary_color' => Color::all()[$application->primary_color ?? 'blue'],
                 'rounding' => $application->rounding,
@@ -101,10 +105,14 @@ public function requestAuthentication(Request $request, ResolveSubmissionAuthorF
 
         return response()->json([
             'message' => "We've sent an authentication code to {$data['email']}.",
-            'authentication_url' => URL::signedRoute('applications.authenticate', [
-                'application' => $application,
-                'authentication' => $authentication,
-            ]),
+            'authentication_url' => URL::signedRoute(
+                name: 'applications.authenticate',
+                parameters: [
+                    'application' => $application,
+                    'authentication' => $authentication,
+                ],
+                absolute: false,
+            ),
         ]);
     }
 
@@ -127,10 +135,14 @@ public function authenticate(Request $request, Application $application, Applica
         ]);
 
         return response()->json([
-            'submission_url' => URL::signedRoute('applications.submit', [
-                'authentication' => $authentication,
-                'application' => $authentication->submissible,
-            ]),
+            'submission_url' => URL::signedRoute(
+                name: 'applications.submit',
+                parameters: [
+                    'authentication' => $authentication,
+                    'application' => $authentication->submissible,
+                ],
+                absolute: false,
+            ),
         ]);
     }
 

app-modules/application/tests/ApplicationWidgetApiTest.php

@@ -62,7 +62,11 @@
 
     $application = Application::factory()->create();
 
-    get(URL::signedRoute('applications.define', ['application' => $application]))
+    get(URL::signedRoute(
+        name: 'applications.define',
+        parameters: ['application' => $application],
+        absolute: false,
+    ))
         ->assertForbidden()
         ->assertJson([
             'error' => 'Online Admissions is not enabled.',
@@ -72,7 +76,11 @@
 
     $settings->save();
 
-    get(URL::signedRoute('applications.define', ['application' => $application]))
+    get(URL::signedRoute(
+        name: 'applications.define',
+        parameters: ['application' => $application],
+        absolute: false,
+    ))
         ->assertSuccessful();
 });
 
@@ -91,7 +99,11 @@
 
     $prospect = Prospect::factory()->create();
 
-    post(URL::signedRoute('applications.request-authentication', ['application' => $application, 'email' => $prospect->email]))
+    post(URL::signedRoute(
+        name: 'applications.request-authentication',
+        parameters: ['application' => $application, 'email' => $prospect->email],
+        absolute: false,
+    ))
         ->assertForbidden()
         ->assertJson([
             'error' => 'Online Admissions is not enabled.',
@@ -101,7 +113,11 @@
 
     $settings->save();
 
-    post(URL::signedRoute('applications.request-authentication', ['application' => $application, 'email' => $prospect->email]))
+    post(URL::signedRoute(
+        name: 'applications.request-authentication',
+        parameters: ['application' => $application, 'email' => $prospect->email],
+        absolute: false,
+    ))
         ->assertSuccessful();
 });
 
@@ -125,7 +141,11 @@
         'code' => Hash::make($code),
     ]);
 
-    post(URL::signedRoute('applications.authenticate', ['application' => $application, 'authentication' => $authorization,  'code' => $code]))
+    post(URL::signedRoute(
+        name: 'applications.authenticate',
+        parameters: ['application' => $application, 'authentication' => $authorization,  'code' => $code],
+        absolute: false,
+    ))
         ->assertForbidden()
         ->assertJson([
             'error' => 'Online Admissions is not enabled.',
@@ -135,7 +155,11 @@
 
     $settings->save();
 
-    post(URL::signedRoute('applications.authenticate', ['application' => $application, 'authentication' => $authorization, 'code' => $code]))
+    post(URL::signedRoute(
+        name: 'applications.authenticate',
+        parameters: ['application' => $application, 'authentication' => $authorization, 'code' => $code],
+        absolute: false,
+    ))
         ->assertSuccessful();
 });
 
@@ -162,7 +186,11 @@
         'application_id' => $application->id,
     ]);
 
-    post(URL::signedRoute('applications.submit', ['application' => $application, 'authentication' => $authorization]))
+    post(URL::signedRoute(
+        name: 'applications.submit',
+        parameters: ['application' => $application, 'authentication' => $authorization],
+        absolute: false,
+    ))
         ->assertForbidden()
         ->assertJson([
             'error' => 'Online Admissions is not enabled.',
@@ -172,6 +200,10 @@
 
     $settings->save();
 
-    post(URL::signedRoute('applications.submit', ['application' => $application, 'authentication' => $authorization]))
+    post(URL::signedRoute(
+        name: 'applications.submit',
+        parameters: ['application' => $application, 'authentication' => $authorization],
+        absolute: false,
+    ))
         ->assertSuccessful();
 });

app-modules/authorization/routes/web.php

@@ -48,5 +48,5 @@
 
     Route::get('/auth/login/{user}', OneTimeLoginController::class)
         ->name('login.one-time')
-        ->middleware('signed');
+        ->middleware('signed:relative');
 });

app-modules/authorization/tests/Feature/Http/Controllers/Auth/OneTimeLoginControllerTest.php

@@ -50,7 +50,11 @@
 
     assertGuest();
 
-    get(URL::signedRoute('login.one-time', ['user' => $user]))
+    get(URL::signedRoute(
+        name: 'login.one-time',
+        parameters: ['user' => $user],
+        absolute: false,
+    ))
         ->assertRedirect();
 
     assertAuthenticatedAs($user);

app-modules/form/routes/api.php

@@ -49,16 +49,16 @@
             ->name('forms.')
             ->group(function () {
                 Route::get('/{form}', [FormWidgetController::class, 'view'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('define');
                 Route::post('/{form}/authenticate/request', [FormWidgetController::class, 'requestAuthentication'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('request-authentication');
                 Route::post('/{form}/authenticate/{authentication}', [FormWidgetController::class, 'authenticate'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('authenticate');
                 Route::post('/{form}/submit', [FormWidgetController::class, 'store'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('submit');
             });
     });

app-modules/form/src/Actions/GenerateSubmissibleEmbedCode.php

@@ -53,7 +53,11 @@ public function handle(Submissible $submissible): string
         return match ($submissible::class) {
             Form::class => (function () use ($submissible) {
                 $scriptUrl = url('js/widgets/form/advising-app-form-widget.js?');
-                $formDefinitionUrl = URL::signedRoute('forms.define', ['form' => $submissible]);
+                $formDefinitionUrl = URL::signedRoute(
+                    name: 'forms.define',
+                    parameters: ['form' => $submissible],
+                    absolute: false,
+                );
 
                 return <<<EOD
                 <form-embed url="{$formDefinitionUrl}"></form-embed>
@@ -62,7 +66,11 @@ public function handle(Submissible $submissible): string
             })(),
             Application::class => (function () use ($submissible) {
                 $scriptUrl = url('js/widgets/application/advising-app-application-widget.js?');
-                $applicationDefinitionUrl = URL::signedRoute('applications.define', ['application' => $submissible]);
+                $applicationDefinitionUrl = URL::signedRoute(
+                    name: 'applications.define',
+                    parameters: ['application' => $submissible],
+                    absolute: false,
+                );
 
                 return <<<EOD
                 <application-embed url="{$applicationDefinitionUrl}"></application-embed>
@@ -71,7 +79,11 @@ public function handle(Submissible $submissible): string
             })(),
             Survey::class => (function () use ($submissible) {
                 $scriptUrl = url('js/widgets/survey/advising-app-survey-widget.js?');
-                $surveyDefinitionUrl = URL::signedRoute('surveys.define', ['survey' => $submissible]);
+                $surveyDefinitionUrl = URL::signedRoute(
+                    name: 'surveys.define',
+                    parameters: ['survey' => $submissible],
+                    absolute: false,
+                );
 
                 return <<<EOD
                 <survey-embed url="{$surveyDefinitionUrl}"></survey-embed>
@@ -81,7 +93,11 @@ public function handle(Submissible $submissible): string
             EventRegistrationForm::class => (function () use ($submissible) {
                 /** @var EventRegistrationForm $submissible */
                 $scriptUrl = url('js/widgets/events/advising-app-event-registration-form-widget.js?');
-                $formDefinitionUrl = URL::signedRoute('event-registration.define', ['event' => $submissible->event]);
+                $formDefinitionUrl = URL::signedRoute(
+                    name: 'event-registration.define',
+                    parameters: ['event' => $submissible->event],
+                    absolute: false,
+                );
 
                 return <<<EOD
                 <event-registration-embed url="{$formDefinitionUrl}"></event-registration-embed>
@@ -91,7 +107,11 @@ public function handle(Submissible $submissible): string
             ServiceRequestForm::class => (function () use ($submissible) {
                 /** @var ServiceRequestForm $submissible */
                 $scriptUrl = url('js/widgets/service-request-form/advising-app-service-request-form-widget.js?');
-                $formDefinitionUrl = URL::signedRoute('service-request-forms.define', ['serviceRequestForm' => $submissible]);
+                $formDefinitionUrl = URL::signedRoute(
+                    name: 'service-request-forms.define',
+                    parameters: ['serviceRequestForm' => $submissible],
+                    absolute: false,
+                );
 
                 return <<<EOD
                 <service-request-form-embed url="{$formDefinitionUrl}"></service-request-form-embed>

app-modules/form/src/Http/Controllers/FormWidgetController.php

@@ -68,9 +68,17 @@ public function view(GenerateFormKitSchema $generateSchema, Form $form): JsonRes
                 'description' => $form->description,
                 'is_authenticated' => $form->is_authenticated,
                 ...($form->is_authenticated ? [
-                    'authentication_url' => URL::signedRoute('forms.request-authentication', ['form' => $form]),
+                    'authentication_url' => URL::signedRoute(
+                        name: 'forms.request-authentication',
+                        parameters: ['form' => $form],
+                        absolute: false,
+                    ),
                 ] : [
-                    'submission_url' => URL::signedRoute('forms.submit', ['form' => $form]),
+                    'submission_url' => URL::signedRoute(
+                        name: 'forms.submit',
+                        parameters: ['form' => $form],
+                        absolute: false,
+                    ),
                 ]),
                 'recaptcha_enabled' => $form->recaptcha_enabled,
                 ...($form->recaptcha_enabled ? [
@@ -112,10 +120,14 @@ public function requestAuthentication(Request $request, ResolveSubmissionAuthorF
 
         return response()->json([
             'message' => "We've sent an authentication code to {$data['email']}.",
-            'authentication_url' => URL::signedRoute('forms.authenticate', [
-                'form' => $form,
-                'authentication' => $authentication,
-            ]),
+            'authentication_url' => URL::signedRoute(
+                name: 'forms.authenticate',
+                parameters: [
+                    'form' => $form,
+                    'authentication' => $authentication,
+                ],
+                absolute: false,
+            ),
         ]);
     }
 
@@ -138,10 +150,14 @@ public function authenticate(Request $request, Form $form, FormAuthentication $a
         ]);
 
         return response()->json([
-            'submission_url' => URL::signedRoute('forms.submit', [
-                'authentication' => $authentication,
-                'form' => $authentication->submissible,
-            ]),
+            'submission_url' => URL::signedRoute(
+                name: 'forms.submit',
+                parameters: [
+                    'authentication' => $authentication,
+                    'form' => $authentication->submissible,
+                ],
+                absolute: false,
+            ),
         ]);
     }
 

app-modules/meeting-center/routes/api.php

@@ -47,16 +47,16 @@
             ->name('event-registration.')
             ->group(function () {
                 Route::get('/{event}', [EventRegistrationWidgetController::class, 'view'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('define');
                 Route::post('/{event}/authenticate/request', [EventRegistrationWidgetController::class, 'requestAuthentication'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('request-authentication');
                 Route::post('/{event}/authenticate/{authentication}', [EventRegistrationWidgetController::class, 'authenticate'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('authenticate');
                 Route::post('/{event}/submit', [EventRegistrationWidgetController::class, 'store'])
-                    ->middleware(['signed'])
+                    ->middleware(['signed:relative'])
                     ->name('submit');
             });
     });