ConfirmableTrait is sub-standard

I found a way to do this without editing any core files. The end result is that both my custom "confirmation" and the default confirmation will be run -- but that's okay.

The basic idea is to replace the MigrationServiceProvider and the SeedServiceProvider with your own classes, which extend the original ones. Then override all the methods that register a command, and feed them your own command "wrapper" class instead (which extends the core command). Then you can add the extra check in your new "wrapper" command.

If anyone is interested, please say so, and I will write out full instructions.

Hey Mike. Thanks for sharing. The question is: what would be the best way to fix the original problem. Maybe it should be fixed upstream instead of being worked around. I.e. we could fix your problems with ConfirmableTrait (less intrusive) or actually make it a Service (more work).

Thanks @rawfan. I'll try to explain how I see the issue:

The reason I wanted to change its behaviour is that I feel it doesn't do its job well enough.

As a business owner who runs his own website, I feel very, very nervous about destructive Artisan commands in production. ConfirmableTrait is much better than nothing, but it is prone to failure.

It's all too easy to accidentally press "enter" twice and "confirm" the command. That's because "enter" is the last key you pressed. It's also easy to dismiss prompts without really reading them sometimes. Maybe you were in a rush; maybe you were expecting a different prompt and just "okayed" on through.

I wanted something safer, that would not be too much hassle either. The system I designed works like this:

In production, migrations/seeding are disabled; attempting to run them produces an error, not a prompt. You must unlock Artisan first: php artisan db:unlock. There is no way anyone would accidentally do this -- it's matching the command to the user's intent.

After Artisan is unlocked, these commands can be run. You can then re-lock Artisan using php artisan db:lock. You can also configure a cron job to run this command if Artisan has been unlocked for more than (say) 5 minutes.

I have it configured so that the default state is unlocked, and then the cron job (a Dispatcher scheduled command) is applied to whatever environments I want. This is more flexible than hard-coding the feature for production only; you might have other environments that you want protected.

However, as an alternative solution, I think ConfirmableTrait would be okay if "enter" did not confirm it.

Are you sure ENTER will confirm in production? Because that would actually be a bug. The default is set to "false" (in 4.2 and 5). See ConfirmableTrait and Command which overide Symfony ConfirmationQuestion's default of true.

Yes, I tried it. Not in a "real" production site, thankfully, but a copy. I will check again soon, just in case I made a mistake.

I actually quite like the use of a trait here; it seems elegant. The only difficulty is not being able to change it. So how about storing the class name in configuration? Then it can still be a simple trait, but it can be replaced with something else from within the App.

I can confirm that "enter" confirms the command.

If this is a bug, should I open an issue on github?

I cannot confirm this behavior. I just needed to run a migration in production and it did in fact cancel the migration on enter. I also tried a fresh install of Laravel 5, same.

➜  l5  php artisan migrate
**************************************
*     Application In Production!     *
**************************************

Do you really wish to run this command? [y/N] 
Command Cancelled!

@Mike Hopley has your Laravel been updated since this? https://github.com/laravel/framework/commit/d8bd0d52d6b3486ac986943386e2dd73f1fef795#diff-70b5baaf72d195d8a7580ccfe20d324c

Looks like the default used to be Y but Taylor changed it to N

@isimmons this appears to be it. I just tested with a fresh install of Laravel 4.2 and the default behavior was also to abort, as the sources lead me to believe in the first place.

➜  l42  php artisan migrate
**************************************
*     Application In Production!     *
**************************************

Do you really wish to run this command? 
Command Cancelled!

This is actually the commit that changed the behavior.

I'm on 4.2.1. That explains it. Thanks!

Now that the default is false, I think the ConfirmableTrait is just fine. I might even undo my customisation (I'm not sure yet).

@Mike Hopley I moved a medium-sized app to Laravel 5 in a day and I'm pretty sure more experienced people can do it in less time.. just FYI. ;-)

I might give it a day and see. But at some point you have to say, "I'm not adding more features to this project". I'm at that point.

Laravel 5 is still quite new. I'm concerned about package support, particularly the Codeception integration. It might be a lot less effort to just wait for stuff to get fixed.