Request's sanitizeInput() fails if testing an Action with a concrete Request that has URL params

[rscarrasco]

Apiato Core Version

8.x

PHP Version

8.1.x

Database Driver & Version

No response

Description

Suppose we have an action that receives it's concrete Request as parameter at it's run() method, and that it uses the Requests's sanitizeInput() on an URL parameter. In this situation, the parameter returned will be null, and not the value given to it.

Steps To Reproduce

Assume the following code:

// SomeAction.php
class SomeAction extends Action
{
    // Notice that the argument is the SomeRequest concrete class, and not the Request parent
    public function run(SomeRequest $request)
    {
        $data = $request->sanitizeInput(['some-url-param']);
        return $data['some-url-param']); // will be null during unit testing
    }
}

// SomeRequest.php
class SomeRequest extends Request {
    protected $urlParameters = ['some-url-param'];
}

// SomeActionTest.php
class SomeActionTest extends UnitTestCase
{
    public function testShouldSanitizeUrlParam()
    {
        $request = SomeRequest::injectData()->withUrlParameters(['some-url-param' => 123]);

        $result = app(SomeAction::class)->run($request);

        $this->assertEquals(123, $result); // this will fail
    }
}

@Mohammad-Alavi and I follwed the trail, and we found that

1. sanitizeInput() (Apiato\Core\Abstracts\Requests\Request) calls
2. mergeUrlParametersWithRequestData() (same file), which in turn calls
3. route() (Illuminate\Http\Request).

route() will return null whenever the Request's getRouteResolver() fail to find an route, which is the case here (SomeRequest was manually instantiated).

FakeRequest does not declare any URL parameters, and so sanitizeInput() will play along with it.