2016-07-19 19:19:05 +03:00
|
|
|
<?php
|
2019-10-05 18:26:10 +03:00
|
|
|
|
2017-10-12 11:13:20 +03:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
2016-07-19 19:19:05 +03:00
|
|
|
namespace ShlinkioTest\Shlink\Rest\Middleware;
|
|
|
|
|
2020-01-01 23:11:53 +03:00
|
|
|
use Laminas\Diactoros\Response;
|
|
|
|
use Laminas\Diactoros\ServerRequest;
|
2023-02-09 22:42:18 +03:00
|
|
|
use PHPUnit\Framework\Attributes\DataProvider;
|
|
|
|
use PHPUnit\Framework\Attributes\Test;
|
2022-10-23 23:47:34 +03:00
|
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
2017-03-24 22:34:18 +03:00
|
|
|
use PHPUnit\Framework\TestCase;
|
2018-03-26 20:02:41 +03:00
|
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
2016-07-19 19:19:05 +03:00
|
|
|
use Shlinkio\Shlink\Rest\Middleware\CrossDomainMiddleware;
|
2019-05-05 10:45:35 +03:00
|
|
|
|
2016-07-19 19:19:05 +03:00
|
|
|
class CrossDomainMiddlewareTest extends TestCase
|
|
|
|
{
|
2019-12-30 00:48:40 +03:00
|
|
|
private CrossDomainMiddleware $middleware;
|
2022-10-24 20:53:13 +03:00
|
|
|
private MockObject & RequestHandlerInterface $handler;
|
2016-07-19 19:19:05 +03:00
|
|
|
|
2022-09-11 13:02:49 +03:00
|
|
|
protected function setUp(): void
|
2016-07-19 19:19:05 +03:00
|
|
|
{
|
2020-12-31 15:28:06 +03:00
|
|
|
$this->middleware = new CrossDomainMiddleware(['max_age' => 1000]);
|
2022-10-23 23:47:34 +03:00
|
|
|
$this->handler = $this->createMock(RequestHandlerInterface::class);
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|
|
|
|
|
2023-02-09 22:42:18 +03:00
|
|
|
#[Test]
|
2019-05-05 10:45:35 +03:00
|
|
|
public function nonCrossDomainRequestsAreNotAffected(): void
|
2016-07-19 19:19:05 +03:00
|
|
|
{
|
2020-01-11 22:36:17 +03:00
|
|
|
$originalResponse = (new Response())->withStatus(404);
|
2022-10-23 23:47:34 +03:00
|
|
|
$this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
|
2017-03-25 11:44:34 +03:00
|
|
|
|
2022-10-23 23:47:34 +03:00
|
|
|
$response = $this->middleware->process(new ServerRequest(), $this->handler);
|
2016-07-19 21:20:18 +03:00
|
|
|
$headers = $response->getHeaders();
|
2019-12-01 12:47:56 +03:00
|
|
|
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertSame($originalResponse, $response);
|
|
|
|
self::assertEquals(404, $response->getStatusCode());
|
|
|
|
self::assertArrayNotHasKey('Access-Control-Allow-Origin', $headers);
|
|
|
|
self::assertArrayNotHasKey('Access-Control-Allow-Methods', $headers);
|
|
|
|
self::assertArrayNotHasKey('Access-Control-Max-Age', $headers);
|
|
|
|
self::assertArrayNotHasKey('Access-Control-Allow-Headers', $headers);
|
2016-07-19 21:20:18 +03:00
|
|
|
}
|
|
|
|
|
2023-02-09 22:42:18 +03:00
|
|
|
#[Test]
|
2019-05-05 10:45:35 +03:00
|
|
|
public function anyRequestIncludesTheAllowAccessHeader(): void
|
2016-07-19 21:20:18 +03:00
|
|
|
{
|
|
|
|
$originalResponse = new Response();
|
2022-10-23 23:47:34 +03:00
|
|
|
$this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
|
2017-03-25 11:44:34 +03:00
|
|
|
|
2022-10-23 23:47:34 +03:00
|
|
|
$response = $this->middleware->process((new ServerRequest())->withHeader('Origin', 'local'), $this->handler);
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertNotSame($originalResponse, $response);
|
2016-07-19 19:19:05 +03:00
|
|
|
|
|
|
|
$headers = $response->getHeaders();
|
2019-12-01 12:47:56 +03:00
|
|
|
|
2021-01-24 11:22:46 +03:00
|
|
|
self::assertEquals('*', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertArrayNotHasKey('Access-Control-Allow-Methods', $headers);
|
|
|
|
self::assertArrayNotHasKey('Access-Control-Max-Age', $headers);
|
|
|
|
self::assertArrayNotHasKey('Access-Control-Allow-Headers', $headers);
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|
|
|
|
|
2023-02-09 22:42:18 +03:00
|
|
|
#[Test]
|
2019-05-05 10:45:35 +03:00
|
|
|
public function optionsRequestIncludesMoreHeaders(): void
|
2016-07-19 19:19:05 +03:00
|
|
|
{
|
2016-07-19 21:20:18 +03:00
|
|
|
$originalResponse = new Response();
|
2019-12-01 12:47:56 +03:00
|
|
|
$request = (new ServerRequest())
|
|
|
|
->withMethod('OPTIONS')
|
|
|
|
->withHeader('Origin', 'local')
|
|
|
|
->withHeader('Access-Control-Request-Headers', 'foo, bar, baz');
|
2022-10-23 23:47:34 +03:00
|
|
|
$this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
|
2016-07-19 19:19:05 +03:00
|
|
|
|
2022-10-23 23:47:34 +03:00
|
|
|
$response = $this->middleware->process($request, $this->handler);
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertNotSame($originalResponse, $response);
|
2016-07-19 19:19:05 +03:00
|
|
|
|
|
|
|
$headers = $response->getHeaders();
|
2019-12-01 12:47:56 +03:00
|
|
|
|
2021-01-24 11:22:46 +03:00
|
|
|
self::assertEquals('*', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertArrayHasKey('Access-Control-Allow-Methods', $headers);
|
|
|
|
self::assertEquals('1000', $response->getHeaderLine('Access-Control-Max-Age'));
|
|
|
|
self::assertEquals('foo, bar, baz', $response->getHeaderLine('Access-Control-Allow-Headers'));
|
|
|
|
self::assertEquals(204, $response->getStatusCode());
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|
2019-05-05 10:45:35 +03:00
|
|
|
|
2023-02-09 22:42:18 +03:00
|
|
|
#[Test, DataProvider('provideRouteResults')]
|
2019-05-05 10:45:35 +03:00
|
|
|
public function optionsRequestParsesRouteMatchToDetermineAllowedMethods(
|
2021-01-24 15:49:57 +03:00
|
|
|
?string $allowHeader,
|
2021-05-23 13:31:10 +03:00
|
|
|
string $expectedAllowedMethods,
|
2019-05-05 10:45:35 +03:00
|
|
|
): void {
|
|
|
|
$originalResponse = new Response();
|
2021-01-24 15:49:57 +03:00
|
|
|
if ($allowHeader !== null) {
|
|
|
|
$originalResponse = $originalResponse->withHeader('Allow', $allowHeader);
|
|
|
|
}
|
|
|
|
$request = (new ServerRequest())->withHeader('Origin', 'local')
|
|
|
|
->withMethod('OPTIONS');
|
2022-10-23 23:47:34 +03:00
|
|
|
$this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
|
2019-05-05 10:45:35 +03:00
|
|
|
|
2022-10-23 23:47:34 +03:00
|
|
|
$response = $this->middleware->process($request, $this->handler);
|
2019-05-05 10:45:35 +03:00
|
|
|
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertEquals($response->getHeaderLine('Access-Control-Allow-Methods'), $expectedAllowedMethods);
|
|
|
|
self::assertEquals(204, $response->getStatusCode());
|
2019-05-05 10:45:35 +03:00
|
|
|
}
|
|
|
|
|
2023-02-09 11:32:38 +03:00
|
|
|
public static function provideRouteResults(): iterable
|
2019-05-05 10:45:35 +03:00
|
|
|
{
|
2021-01-24 15:49:57 +03:00
|
|
|
yield 'no allow header in response' => [null, 'GET,POST,PUT,PATCH,DELETE'];
|
|
|
|
yield 'allow header in response' => ['POST,GET', 'POST,GET'];
|
|
|
|
yield 'also allow header in response' => ['DELETE,PATCH,PUT', 'DELETE,PATCH,PUT'];
|
2019-05-05 10:45:35 +03:00
|
|
|
}
|
2020-01-11 22:36:17 +03:00
|
|
|
|
2023-02-09 22:42:18 +03:00
|
|
|
#[Test, DataProvider('provideMethods')]
|
2020-01-11 22:36:17 +03:00
|
|
|
public function expectedStatusCodeIsReturnDependingOnRequestMethod(
|
|
|
|
string $method,
|
|
|
|
int $status,
|
2021-05-23 13:31:10 +03:00
|
|
|
int $expectedStatus,
|
2020-01-11 22:36:17 +03:00
|
|
|
): void {
|
|
|
|
$originalResponse = (new Response())->withStatus($status);
|
|
|
|
$request = (new ServerRequest())->withMethod($method)
|
|
|
|
->withHeader('Origin', 'local');
|
2022-10-23 23:47:34 +03:00
|
|
|
$this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
|
2020-01-11 22:36:17 +03:00
|
|
|
|
2022-10-23 23:47:34 +03:00
|
|
|
$response = $this->middleware->process($request, $this->handler);
|
2020-01-11 22:36:17 +03:00
|
|
|
|
2020-10-04 01:35:14 +03:00
|
|
|
self::assertEquals($expectedStatus, $response->getStatusCode());
|
2020-01-11 22:36:17 +03:00
|
|
|
}
|
|
|
|
|
2023-02-09 11:32:38 +03:00
|
|
|
public static function provideMethods(): iterable
|
2020-01-11 22:36:17 +03:00
|
|
|
{
|
|
|
|
yield 'POST 200' => ['POST', 200, 200];
|
|
|
|
yield 'POST 400' => ['POST', 400, 400];
|
|
|
|
yield 'POST 500' => ['POST', 500, 500];
|
|
|
|
yield 'GET 200' => ['GET', 200, 200];
|
|
|
|
yield 'GET 400' => ['GET', 400, 400];
|
|
|
|
yield 'GET 500' => ['GET', 500, 500];
|
|
|
|
yield 'PATCH 200' => ['PATCH', 200, 200];
|
|
|
|
yield 'PATCH 400' => ['PATCH', 400, 400];
|
|
|
|
yield 'PATCH 500' => ['PATCH', 500, 500];
|
|
|
|
yield 'DELETE 200' => ['DELETE', 200, 200];
|
|
|
|
yield 'DELETE 400' => ['DELETE', 400, 400];
|
|
|
|
yield 'DELETE 500' => ['DELETE', 500, 500];
|
|
|
|
yield 'OPTIONS 200' => ['OPTIONS', 200, 204];
|
|
|
|
yield 'OPTIONS 400' => ['OPTIONS', 400, 204];
|
|
|
|
yield 'OPTIONS 500' => ['OPTIONS', 500, 204];
|
|
|
|
}
|
2016-07-19 19:19:05 +03:00
|
|
|
}
|