2016-07-19 19:19:05 +03:00
|
|
|
<?php
|
2019-10-05 18:26:10 +03:00
|
|
|
|
2017-10-12 11:13:20 +03:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
2016-07-19 19:19:05 +03:00
|
|
|
namespace ShlinkioTest\Shlink\Rest\Middleware;
|
|
|
|
|
|
2020-01-01 23:11:53 +03:00
|
|
|
use Laminas\Diactoros\Response;
|
|
|
|
|
use Laminas\Diactoros\ServerRequest;
|
|
|
|
|
use Mezzio\Router\Route;
|
|
|
|
|
use Mezzio\Router\RouteResult;
|
2017-03-24 22:34:18 +03:00
|
|
|
use PHPUnit\Framework\TestCase;
|
2017-03-25 11:44:34 +03:00
|
|
|
use Prophecy\Argument;
|
|
|
|
|
use Prophecy\Prophecy\ObjectProphecy;
|
2018-03-26 20:02:41 +03:00
|
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
2019-12-01 12:47:56 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Authentication;
|
2016-07-19 19:19:05 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Middleware\CrossDomainMiddleware;
|
2019-05-05 10:45:35 +03:00
|
|
|
|
2020-01-01 23:11:53 +03:00
|
|
|
use function Laminas\Stratigility\middleware;
|
2016-07-19 19:19:05 +03:00
|
|
|
|
|
|
|
|
class CrossDomainMiddlewareTest extends TestCase
|
|
|
|
|
{
|
2019-12-30 00:48:40 +03:00
|
|
|
private CrossDomainMiddleware $middleware;
|
|
|
|
|
private ObjectProphecy $handler;
|
2016-07-19 19:19:05 +03:00
|
|
|
|
2019-02-16 12:53:45 +03:00
|
|
|
public function setUp(): void
|
2016-07-19 19:19:05 +03:00
|
|
|
{
|
|
|
|
|
$this->middleware = new CrossDomainMiddleware();
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->handler = $this->prophesize(RequestHandlerInterface::class);
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|
|
|
|
|
|
2019-02-17 22:28:34 +03:00
|
|
|
/** @test */
|
2019-05-05 10:45:35 +03:00
|
|
|
public function nonCrossDomainRequestsAreNotAffected(): void
|
2016-07-19 19:19:05 +03:00
|
|
|
{
|
2016-07-19 21:20:18 +03:00
|
|
|
$originalResponse = new Response();
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
|
2017-03-25 11:44:34 +03:00
|
|
|
|
2019-05-05 10:45:35 +03:00
|
|
|
$response = $this->middleware->process(new ServerRequest(), $this->handler->reveal());
|
2016-07-19 21:20:18 +03:00
|
|
|
$this->assertSame($originalResponse, $response);
|
|
|
|
|
|
|
|
|
|
$headers = $response->getHeaders();
|
2019-12-01 12:47:56 +03:00
|
|
|
|
2016-07-19 21:20:18 +03:00
|
|
|
$this->assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->assertArrayNotHasKey('Access-Control-Expose-Headers', $headers);
|
|
|
|
|
$this->assertArrayNotHasKey('Access-Control-Allow-Methods', $headers);
|
|
|
|
|
$this->assertArrayNotHasKey('Access-Control-Max-Age', $headers);
|
2016-07-19 21:20:18 +03:00
|
|
|
$this->assertArrayNotHasKey('Access-Control-Allow-Headers', $headers);
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-17 22:28:34 +03:00
|
|
|
/** @test */
|
2019-05-05 10:45:35 +03:00
|
|
|
public function anyRequestIncludesTheAllowAccessHeader(): void
|
2016-07-19 21:20:18 +03:00
|
|
|
{
|
|
|
|
|
$originalResponse = new Response();
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
|
2017-03-25 11:44:34 +03:00
|
|
|
|
|
|
|
|
$response = $this->middleware->process(
|
2018-12-26 01:01:30 +03:00
|
|
|
(new ServerRequest())->withHeader('Origin', 'local'),
|
2020-01-01 22:48:31 +03:00
|
|
|
$this->handler->reveal(),
|
2016-07-19 19:19:05 +03:00
|
|
|
);
|
2016-07-19 21:20:18 +03:00
|
|
|
$this->assertNotSame($originalResponse, $response);
|
2016-07-19 19:19:05 +03:00
|
|
|
|
|
|
|
|
$headers = $response->getHeaders();
|
2019-12-01 12:47:56 +03:00
|
|
|
|
|
|
|
|
$this->assertEquals('local', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
2019-12-31 18:05:02 +03:00
|
|
|
$this->assertEquals(
|
2019-12-01 12:47:56 +03:00
|
|
|
Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME,
|
2020-01-01 22:48:31 +03:00
|
|
|
$response->getHeaderLine('Access-Control-Expose-Headers'),
|
2019-12-31 18:05:02 +03:00
|
|
|
);
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->assertArrayNotHasKey('Access-Control-Allow-Methods', $headers);
|
|
|
|
|
$this->assertArrayNotHasKey('Access-Control-Max-Age', $headers);
|
2016-07-19 19:19:05 +03:00
|
|
|
$this->assertArrayNotHasKey('Access-Control-Allow-Headers', $headers);
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-17 22:28:34 +03:00
|
|
|
/** @test */
|
2019-05-05 10:45:35 +03:00
|
|
|
public function optionsRequestIncludesMoreHeaders(): void
|
2016-07-19 19:19:05 +03:00
|
|
|
{
|
2016-07-19 21:20:18 +03:00
|
|
|
$originalResponse = new Response();
|
2019-12-01 12:47:56 +03:00
|
|
|
$request = (new ServerRequest())
|
|
|
|
|
->withMethod('OPTIONS')
|
|
|
|
|
->withHeader('Origin', 'local')
|
|
|
|
|
->withHeader('Access-Control-Request-Headers', 'foo, bar, baz');
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
|
2016-07-19 19:19:05 +03:00
|
|
|
|
2019-05-05 10:45:35 +03:00
|
|
|
$response = $this->middleware->process($request, $this->handler->reveal());
|
2016-07-19 21:20:18 +03:00
|
|
|
$this->assertNotSame($originalResponse, $response);
|
2016-07-19 19:19:05 +03:00
|
|
|
|
|
|
|
|
$headers = $response->getHeaders();
|
2019-12-01 12:47:56 +03:00
|
|
|
|
|
|
|
|
$this->assertEquals('local', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
2019-12-31 18:05:02 +03:00
|
|
|
$this->assertEquals(
|
2019-12-01 12:47:56 +03:00
|
|
|
Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME,
|
2020-01-01 22:48:31 +03:00
|
|
|
$response->getHeaderLine('Access-Control-Expose-Headers'),
|
2019-12-31 18:05:02 +03:00
|
|
|
);
|
2019-05-05 10:45:35 +03:00
|
|
|
$this->assertArrayHasKey('Access-Control-Allow-Methods', $headers);
|
2019-12-01 12:47:56 +03:00
|
|
|
$this->assertEquals('1000', $response->getHeaderLine('Access-Control-Max-Age'));
|
|
|
|
|
$this->assertEquals('foo, bar, baz', $response->getHeaderLine('Access-Control-Allow-Headers'));
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|
2019-05-05 10:45:35 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @test
|
|
|
|
|
* @dataProvider provideRouteResults
|
|
|
|
|
*/
|
|
|
|
|
public function optionsRequestParsesRouteMatchToDetermineAllowedMethods(
|
|
|
|
|
?RouteResult $result,
|
|
|
|
|
string $expectedAllowedMethods
|
|
|
|
|
): void {
|
|
|
|
|
$originalResponse = new Response();
|
|
|
|
|
$request = (new ServerRequest())->withAttribute(RouteResult::class, $result)
|
|
|
|
|
->withMethod('OPTIONS')
|
|
|
|
|
->withHeader('Origin', 'local');
|
|
|
|
|
$this->handler->handle(Argument::any())->willReturn($originalResponse)->shouldBeCalledOnce();
|
|
|
|
|
|
|
|
|
|
$response = $this->middleware->process($request, $this->handler->reveal());
|
|
|
|
|
|
|
|
|
|
$this->assertEquals($response->getHeaderLine('Access-Control-Allow-Methods'), $expectedAllowedMethods);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideRouteResults(): iterable
|
|
|
|
|
{
|
|
|
|
|
yield 'with no route result' => [null, 'GET,POST,PUT,PATCH,DELETE,OPTIONS'];
|
|
|
|
|
yield 'with failed route result' => [RouteResult::fromRouteFailure(['POST', 'GET']), 'POST,GET'];
|
|
|
|
|
yield 'with success route result' => [
|
|
|
|
|
RouteResult::fromRoute(
|
2020-01-01 22:48:31 +03:00
|
|
|
new Route('/', middleware(function (): void {
|
|
|
|
|
}), ['DELETE', 'PATCH', 'PUT']),
|
2019-05-05 10:45:35 +03:00
|
|
|
),
|
|
|
|
|
'DELETE,PATCH,PUT',
|
|
|
|
|
];
|
|
|
|
|
}
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|
