Move namespace check before plugin creation in submission flow

simonhamp · claude · simonhamp · commit 49d78552102f · 2026-03-24T20:45:20.000Z
Pre-validate composer.json and namespace availability by fetching from
GitHub before creating any plugin record. Also split repo selector into
account picker + searchable dropdown, fix dropdown click-outside behavior,
and remove Stripe Connect section from My Plugins index.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/app/Livewire/Customer/Plugins/Create.php b/app/Livewire/Customer/Plugins/Create.php
@@ -136,15 +136,38 @@ function ($attribute, $value, $fail): void {
             return;
         }
 
+        $repository = trim($this->repository, '/');
+        $repositoryUrl = 'https://github.com/'.$repository;
+        [$owner, $repo] = explode('/', $repository);
+
+        // Check composer.json and namespace availability before creating the plugin
+        $githubService = GitHubUserService::for($user);
+        $composerJson = $githubService->getComposerJson($owner, $repo);
+
+        if (! $composerJson || empty($composerJson['name'])) {
+            session()->flash('error', 'Could not find a valid composer.json in the repository. Please ensure your repository contains a composer.json with a valid package name.');
+
+            return;
+        }
+
+        $packageName = $composerJson['name'];
+        $namespace = explode('/', $packageName)[0] ?? null;
+
+        if ($namespace && ! Plugin::isNamespaceAvailableForUser($namespace, $user->id)) {
+            $errorMessage = Plugin::isReservedNamespace($namespace)
+                ? "The namespace '{$namespace}' is reserved and cannot be used for plugin submissions."
+                : "The namespace '{$namespace}' is already claimed by another user. You cannot submit plugins under this namespace.";
+
+            session()->flash('error', $errorMessage);
+
+            return;
+        }
+
         $developerAccountId = null;
         if ($this->pluginType === 'paid' && $user->developerAccount) {
             $developerAccountId = $user->developerAccount->id;
         }
 
-        $repository = trim($this->repository, '/');
-        $repositoryUrl = 'https://github.com/'.$repository;
-        [$owner, $repo] = explode('/', $repository);
-
         $plugin = $user->plugins()->create([
             'repository_url' => $repositoryUrl,
             'type' => $this->pluginType,
@@ -156,7 +179,6 @@ function ($attribute, $value, $fail): void {
 
         $webhookInstalled = false;
         if ($user->hasGitHubToken()) {
-            $githubService = GitHubUserService::for($user);
             $webhookResult = $githubService->createWebhook(
                 $owner,
                 $repo,
@@ -180,19 +202,6 @@ function ($attribute, $value, $fail): void {
             return;
         }
 
-        $namespace = $plugin->getVendorNamespace();
-        if ($namespace && ! Plugin::isNamespaceAvailableForUser($namespace, $user->id)) {
-            $plugin->delete();
-
-            $errorMessage = Plugin::isReservedNamespace($namespace)
-                ? "The namespace '{$namespace}' is reserved and cannot be used for plugin submissions."
-                : "The namespace '{$namespace}' is already claimed by another user. You cannot submit plugins under this namespace.";
-
-            session()->flash('error', $errorMessage);
-
-            return;
-        }
-
         $user->notify(new PluginSubmitted($plugin));
 
         $successMessage = 'Your plugin has been submitted for review!';
diff --git a/tests/Feature/Livewire/Customer/PluginCreateTest.php b/tests/Feature/Livewire/Customer/PluginCreateTest.php
@@ -5,8 +5,10 @@
 use App\Features\ShowAuthButtons;
 use App\Features\ShowPlugins;
 use App\Livewire\Customer\Plugins\Create;
+use App\Models\Plugin;
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Http;
 use Laravel\Pennant\Feature;
 use Livewire\Livewire;
 use Tests\TestCase;
@@ -42,6 +44,22 @@ private function sampleRepos(): array
         ];
     }
 
+    private function fakeComposerJson(string $owner, string $repo, string $packageName): void
+    {
+        $composerJson = base64_encode(json_encode(['name' => $packageName]));
+
+        Http::fake([
+            "api.github.com/repos/{$owner}/{$repo}/contents/composer.json*" => Http::response([
+                'content' => $composerJson,
+            ]),
+            'api.github.com/*' => Http::response([], 404),
+        ]);
+    }
+
+    // ========================================
+    // Owner/Repository Selection Tests
+    // ========================================
+
     public function test_owners_are_extracted_from_repositories(): void
     {
         $user = $this->createGitHubUser();
@@ -113,4 +131,90 @@ public function test_no_owner_selected_returns_empty_repositories(): void
 
         $this->assertEmpty($ownerRepos);
     }
+
+    // ========================================
+    // Namespace Validation Tests
+    // ========================================
+
+    public function test_submission_blocked_when_namespace_claimed_by_another_user(): void
+    {
+        $existingUser = User::factory()->create();
+        Plugin::factory()->for($existingUser)->create(['name' => 'acme/existing-plugin']);
+
+        $user = $this->createGitHubUser();
+
+        $this->fakeComposerJson('acme', 'new-plugin', 'acme/new-plugin');
+
+        Livewire::actingAs($user)->test(Create::class)
+            ->set('repository', 'acme/new-plugin')
+            ->set('pluginType', 'free')
+            ->call('submitPlugin')
+            ->assertNoRedirect();
+
+        $this->assertDatabaseMissing('plugins', [
+            'repository_url' => 'https://github.com/acme/new-plugin',
+        ]);
+    }
+
+    public function test_submission_blocked_for_reserved_namespace(): void
+    {
+        $user = $this->createGitHubUser();
+
+        $this->fakeComposerJson('nativephp', 'my-plugin', 'nativephp/my-plugin');
+
+        Livewire::actingAs($user)->test(Create::class)
+            ->set('repository', 'nativephp/my-plugin')
+            ->set('pluginType', 'free')
+            ->call('submitPlugin')
+            ->assertNoRedirect();
+
+        $this->assertDatabaseMissing('plugins', [
+            'repository_url' => 'https://github.com/nativephp/my-plugin',
+        ]);
+    }
+
+    public function test_submission_allowed_for_own_namespace(): void
+    {
+        $user = $this->createGitHubUser();
+        Plugin::factory()->for($user)->create(['name' => 'myvendor/first-plugin']);
+
+        $composerJson = base64_encode(json_encode(['name' => 'myvendor/second-plugin']));
+
+        Http::fake([
+            'api.github.com/repos/myvendor/second-plugin/contents/composer.json*' => Http::response([
+                'content' => $composerJson,
+            ]),
+            'api.github.com/repos/myvendor/second-plugin/hooks' => Http::response(['id' => 1]),
+            'api.github.com/*' => Http::response([], 404),
+        ]);
+
+        Livewire::actingAs($user)->test(Create::class)
+            ->set('repository', 'myvendor/second-plugin')
+            ->set('pluginType', 'free')
+            ->call('submitPlugin');
+
+        $this->assertDatabaseHas('plugins', [
+            'repository_url' => 'https://github.com/myvendor/second-plugin',
+            'user_id' => $user->id,
+        ]);
+    }
+
+    public function test_submission_blocked_when_composer_json_missing(): void
+    {
+        $user = $this->createGitHubUser();
+
+        Http::fake([
+            'api.github.com/*' => Http::response([], 404),
+        ]);
+
+        Livewire::actingAs($user)->test(Create::class)
+            ->set('repository', 'testuser/no-composer')
+            ->set('pluginType', 'free')
+            ->call('submitPlugin')
+            ->assertNoRedirect();
+
+        $this->assertDatabaseMissing('plugins', [
+            'repository_url' => 'https://github.com/testuser/no-composer',
+        ]);
+    }
 }
