You've already forked Php-Template
Ron Rise
7aa14c0db3
All checks were successful
🧪✨ Tests Workflow / 🛡️ 🔒 Library Audit (push) Successful in 2m32s
🧪✨ Tests Workflow / 🧪 ✨ Database Migrations (push) Successful in 2m48s
🧪✨ Tests Workflow / 🛡️ 🔒 License Check (push) Successful in 2m33s
🧪✨ Tests Workflow / 📝 ✨ Code Lint (push) Successful in 2m44s
🧪✨ Tests Workflow / 🐙 🔍 Code Sniffer (push) Successful in 2m53s
🧪✨ Tests Workflow / 🧪 ✅ Unit Tests (push) Successful in 3m5s
Reviewed-on: #19 Co-authored-by: Ron Rise <ron@siteworxpro.com> Co-committed-by: Ron Rise <ron@siteworxpro.com>
84 lines
3.2 KiB
PHP
84 lines
3.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Siteworxpro\Tests\Http\Middleware;
|
|
|
|
use Nyholm\Psr7\Response;
|
|
use Nyholm\Psr7\ServerRequest;
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
|
use Siteworxpro\App\Http\Middleware\CorsMiddleware;
|
|
use Siteworxpro\App\Services\Facades\Config;
|
|
use Siteworxpro\Tests\Unit;
|
|
|
|
class CorsMiddlewareTest extends Middleware
|
|
{
|
|
public function testAllowsConfiguredOrigin(): void
|
|
{
|
|
Config::shouldReceive('get')
|
|
->with('cors.allowed_origins')
|
|
->andReturn('https://example.com,https://another.com');
|
|
|
|
Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(false);
|
|
Config::shouldReceive('get')->with('cors.max_age')->andReturn('');
|
|
|
|
$middleware = new CorsMiddleware();
|
|
$request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://example.com');
|
|
$handler = $this->mockHandler(new Response(200));
|
|
|
|
$response = $middleware->process($request, $handler);
|
|
|
|
$this->assertEquals('https://example.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
|
}
|
|
|
|
public function testBlocksUnconfiguredOrigin(): void
|
|
{
|
|
Config::shouldReceive('get')
|
|
->with('cors.allowed_origins')
|
|
->andReturn('https://example.com,https://another.com');
|
|
|
|
$middleware = new CorsMiddleware();
|
|
$request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://unauthorized.com');
|
|
$handler = $this->mockHandler(new Response(200));
|
|
|
|
$response = $middleware->process($request, $handler);
|
|
|
|
$this->assertEmpty($response->getHeaderLine('Access-Control-Allow-Origin'));
|
|
}
|
|
|
|
public function testHandlesOptionsRequest(): void
|
|
{
|
|
Config::shouldReceive('get')->with('cors.allowed_origins')->andReturn('https://example.com');
|
|
Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(false);
|
|
Config::shouldReceive('get')->with('cors.max_age')->andReturn('86400');
|
|
|
|
$middleware = new CorsMiddleware();
|
|
$request = new ServerRequest('OPTIONS', '/')->withHeader('Origin', 'https://example.com');
|
|
$handler = $this->mockHandler(new Response(200));
|
|
|
|
$response = $middleware->process($request, $handler);
|
|
|
|
$this->assertEquals(204, $response->getStatusCode());
|
|
$this->assertEquals('86400', $response->getHeaderLine('Access-Control-Max-Age'));
|
|
}
|
|
|
|
public function testAddsAllowCredentialsHeader(): void
|
|
{
|
|
Config::shouldReceive('get')
|
|
->with('cors.allowed_origins')
|
|
->andReturn('https://example.com');
|
|
|
|
Config::shouldReceive('get')->with('cors.allowed_origins')->andReturn('https://example.com');
|
|
Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(true);
|
|
Config::shouldReceive('get')->with('cors.max_age')->andReturn('86400');
|
|
|
|
$middleware = new CorsMiddleware();
|
|
$request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://example.com');
|
|
$handler = $this->mockHandler(new Response(200));
|
|
|
|
$response = $middleware->process($request, $handler);
|
|
|
|
$this->assertEquals('true', $response->getHeaderLine('Access-Control-Allow-Credentials'));
|
|
}
|
|
}
|