shlink/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php

166 lines
6.5 KiB
PHP
Raw Normal View History

2016-07-19 19:19:05 +03:00
<?php
2019-10-05 18:26:10 +03:00
2017-10-12 11:13:20 +03:00
declare(strict_types=1);
2016-07-19 19:19:05 +03:00
namespace ShlinkioTest\Shlink\Rest\Middleware;
2020-01-01 23:11:53 +03:00
use Laminas\Diactoros\Response;
use Laminas\Diactoros\ServerRequest;
use Mezzio\Router\Route;
use Mezzio\Router\RouteResult;
2017-03-24 22:34:18 +03:00
use PHPUnit\Framework\TestCase;
use Prophecy\Argument;
2020-11-02 13:50:19 +03:00
use Prophecy\PhpUnit\ProphecyTrait;
use Prophecy\Prophecy\ObjectProphecy;
2018-03-26 20:02:41 +03:00
use Psr\Http\Server\RequestHandlerInterface;
2016-07-19 19:19:05 +03:00
use Shlinkio\Shlink\Rest\Middleware\CrossDomainMiddleware;
2020-01-01 23:11:53 +03:00
use function Laminas\Stratigility\middleware;
2016-07-19 19:19:05 +03:00
class CrossDomainMiddlewareTest extends TestCase
{
2020-11-02 13:50:19 +03:00
use ProphecyTrait;
private CrossDomainMiddleware $middleware;
private ObjectProphecy $handler;
2016-07-19 19:19:05 +03:00
2019-02-16 12:53:45 +03:00
public function setUp(): void
2016-07-19 19:19:05 +03:00
{
2020-12-31 15:28:06 +03:00
$this->middleware = new CrossDomainMiddleware(['max_age' => 1000]);
$this->handler = $this->prophesize(RequestHandlerInterface::class);
2016-07-19 19:19:05 +03:00
}
2019-02-17 22:28:34 +03:00
/** @test */
public function nonCrossDomainRequestsAreNotAffected(): void
2016-07-19 19:19:05 +03:00
{
$originalResponse = (new Response())->withStatus(404);
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
$response = $this->middleware->process(new ServerRequest(), $this->handler->reveal());
$headers = $response->getHeaders();
2020-10-04 01:35:14 +03:00
self::assertSame($originalResponse, $response);
self::assertEquals(404, $response->getStatusCode());
self::assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);
self::assertArrayNotHasKey('Access-Control-Expose-Headers', $headers);
self::assertArrayNotHasKey('Access-Control-Allow-Methods', $headers);
self::assertArrayNotHasKey('Access-Control-Max-Age', $headers);
self::assertArrayNotHasKey('Access-Control-Allow-Headers', $headers);
}
2019-02-17 22:28:34 +03:00
/** @test */
public function anyRequestIncludesTheAllowAccessHeader(): void
{
$originalResponse = new Response();
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
$response = $this->middleware->process(
(new ServerRequest())->withHeader('Origin', 'local'),
2020-01-01 22:48:31 +03:00
$this->handler->reveal(),
2016-07-19 19:19:05 +03:00
);
2020-10-04 01:35:14 +03:00
self::assertNotSame($originalResponse, $response);
2016-07-19 19:19:05 +03:00
$headers = $response->getHeaders();
2020-10-04 01:35:14 +03:00
self::assertEquals('local', $response->getHeaderLine('Access-Control-Allow-Origin'));
self::assertEquals('X-Api-Key', $response->getHeaderLine('Access-Control-Expose-Headers'));
2020-10-04 01:35:14 +03:00
self::assertArrayNotHasKey('Access-Control-Allow-Methods', $headers);
self::assertArrayNotHasKey('Access-Control-Max-Age', $headers);
self::assertArrayNotHasKey('Access-Control-Allow-Headers', $headers);
2016-07-19 19:19:05 +03:00
}
2019-02-17 22:28:34 +03:00
/** @test */
public function optionsRequestIncludesMoreHeaders(): void
2016-07-19 19:19:05 +03:00
{
$originalResponse = new Response();
$request = (new ServerRequest())
->withMethod('OPTIONS')
->withHeader('Origin', 'local')
->withHeader('Access-Control-Request-Headers', 'foo, bar, baz');
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
2016-07-19 19:19:05 +03:00
$response = $this->middleware->process($request, $this->handler->reveal());
2020-10-04 01:35:14 +03:00
self::assertNotSame($originalResponse, $response);
2016-07-19 19:19:05 +03:00
$headers = $response->getHeaders();
2020-10-04 01:35:14 +03:00
self::assertEquals('local', $response->getHeaderLine('Access-Control-Allow-Origin'));
self::assertEquals('X-Api-Key', $response->getHeaderLine('Access-Control-Expose-Headers'));
2020-10-04 01:35:14 +03:00
self::assertArrayHasKey('Access-Control-Allow-Methods', $headers);
self::assertEquals('1000', $response->getHeaderLine('Access-Control-Max-Age'));
self::assertEquals('foo, bar, baz', $response->getHeaderLine('Access-Control-Allow-Headers'));
self::assertEquals(204, $response->getStatusCode());
2016-07-19 19:19:05 +03:00
}
/**
* @test
* @dataProvider provideRouteResults
*/
public function optionsRequestParsesRouteMatchToDetermineAllowedMethods(
?RouteResult $result,
string $expectedAllowedMethods
): void {
$originalResponse = new Response();
$request = (new ServerRequest())->withAttribute(RouteResult::class, $result)
->withMethod('OPTIONS')
->withHeader('Origin', 'local');
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
$response = $this->middleware->process($request, $this->handler->reveal());
2020-10-04 01:35:14 +03:00
self::assertEquals($response->getHeaderLine('Access-Control-Allow-Methods'), $expectedAllowedMethods);
self::assertEquals(204, $response->getStatusCode());
}
public function provideRouteResults(): iterable
{
yield 'with no route result' => [null, 'GET,POST,PUT,PATCH,DELETE,OPTIONS'];
yield 'with failed route result' => [RouteResult::fromRouteFailure(['POST', 'GET']), 'POST,GET'];
yield 'with success route result' => [
RouteResult::fromRoute(
2020-01-01 22:48:31 +03:00
new Route('/', middleware(function (): void {
}), ['DELETE', 'PATCH', 'PUT']),
),
'DELETE,PATCH,PUT',
];
}
/**
* @test
* @dataProvider provideMethods
*/
public function expectedStatusCodeIsReturnDependingOnRequestMethod(
string $method,
int $status,
int $expectedStatus
): void {
$originalResponse = (new Response())->withStatus($status);
$request = (new ServerRequest())->withMethod($method)
->withHeader('Origin', 'local');
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
$response = $this->middleware->process($request, $this->handler->reveal());
2020-10-04 01:35:14 +03:00
self::assertEquals($expectedStatus, $response->getStatusCode());
}
public function provideMethods(): iterable
{
yield 'POST 200' => ['POST', 200, 200];
yield 'POST 400' => ['POST', 400, 400];
yield 'POST 500' => ['POST', 500, 500];
yield 'GET 200' => ['GET', 200, 200];
yield 'GET 400' => ['GET', 400, 400];
yield 'GET 500' => ['GET', 500, 500];
yield 'PATCH 200' => ['PATCH', 200, 200];
yield 'PATCH 400' => ['PATCH', 400, 400];
yield 'PATCH 500' => ['PATCH', 500, 500];
yield 'DELETE 200' => ['DELETE', 200, 200];
yield 'DELETE 400' => ['DELETE', 400, 400];
yield 'DELETE 500' => ['DELETE', 500, 500];
yield 'OPTIONS 200' => ['OPTIONS', 200, 204];
yield 'OPTIONS 400' => ['OPTIONS', 400, 204];
yield 'OPTIONS 500' => ['OPTIONS', 500, 204];
}
2016-07-19 19:19:05 +03:00
}