siteworxpro/Php-Template
Template
1
Fork 0
Code Pull Requests Actions Releases 9 Activity
Files
d5167074a06cbcb9c4ebf635954011b5d834bf7f
Php-Template/tests/Http/Middleware/CorsMiddlewareTest.php
Ron Rise d5167074a0 tests
2025-04-25 22:27:47 -04:00

103 lines
3.7 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Siteworxpro\Tests\Http\Middleware;
use Nyholm\Psr7\Response;
use Nyholm\Psr7\ServerRequest;
use Psr\Http\Server\RequestHandlerInterface;
use Siteworxpro\App\Facades\Config;
use Siteworxpro\App\Http\Middleware\CorsMiddleware;
use Siteworxpro\Tests\Unit;
class CorsMiddlewareTest extends Unit
{
public function testAllowsConfiguredOrigin(): void
{
Config::shouldReceive('get')
->with('cors.allowed_origins')
->andReturn('https://example.com,https://another.com');
Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(false);
Config::shouldReceive('get')->with('cors.max_age')->andReturn('');
$middleware = new CorsMiddleware();
$request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://example.com');
$handler = $this->mockHandler(new Response(200));
$response = $middleware->process($request, $handler);
$this->assertEquals('https://example.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
}
public function testBlocksUnconfiguredOrigin(): void
{
Config::shouldReceive('get')
->with('cors.allowed_origins')
->andReturn('https://example.com,https://another.com');
$middleware = new CorsMiddleware();
$request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://unauthorized.com');
$handler = $this->mockHandler(new Response(200));
$response = $middleware->process($request, $handler);
$this->assertEmpty($response->getHeaderLine('Access-Control-Allow-Origin'));
}
public function testHandlesOptionsRequest(): void
{
Config::shouldReceive('get')->with('cors.allowed_origins')->andReturn('https://example.com');
Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(false);
Config::shouldReceive('get')->with('cors.max_age')->andReturn('86400');
$middleware = new CorsMiddleware();
$request = new ServerRequest('OPTIONS', '/')->withHeader('Origin', 'https://example.com');
$handler = $this->mockHandler(new Response(200));
$response = $middleware->process($request, $handler);
$this->assertEquals(204, $response->getStatusCode());
$this->assertEquals('86400', $response->getHeaderLine('Access-Control-Max-Age'));
}
public function testAddsAllowCredentialsHeader(): void
{
Config::shouldReceive('get')
->with('cors.allowed_origins')
->andReturn('https://example.com');
Config::shouldReceive('get')->with('cors.allowed_origins')->andReturn('https://example.com');
Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(true);
Config::shouldReceive('get')->with('cors.max_age')->andReturn('86400');
$middleware = new CorsMiddleware();
$request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://example.com');
$handler = $this->mockHandler(new Response(200));
$response = $middleware->process($request, $handler);
$this->assertEquals('true', $response->getHeaderLine('Access-Control-Allow-Credentials'));
}
private function mockHandler(Response $response): RequestHandlerInterface
{
return new class ($response) implements RequestHandlerInterface {
private Response $response;
public function __construct(Response $response)
{
$this->response = $response;
}
public function handle(
\Psr\Http\Message\ServerRequestInterface $request
): \Psr\Http\Message\ResponseInterface {
return $this->response;
}
};
}
}
View Git Blame Copy Permalink