server/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php

<?php
/**
 * ownCloud - App Framework
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later. See the COPYING file.
 *
 * @author Bernhard Posselt <dev@bernhard-posselt.com>
 * @copyright Bernhard Posselt 2014
 */


namespace OC\AppFramework\Middleware\Security;

use OC\AppFramework\Http\Request;
use OCP\AppFramework\Http\Response;


class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {

	/**
	 * @CORS
	 */
	public function testSetCORSAPIHeader() {
		$request = new Request(
			array('server' => array('HTTP_ORIGIN' => 'test'))
		);

		$middleware = new CORSMiddleware($request);
		$response = $middleware->afterController($this, __FUNCTION__, new Response());
		$headers = $response->getHeaders();

		$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
	}


	public function testNoAnnotationNoCORSHEADER() {
		$request = new Request(
			array('server' => array('HTTP_ORIGIN' => 'test'))
		);
		$middleware = new CORSMiddleware($request);

		$response = $middleware->afterController($this, __FUNCTION__, new Response());
		$headers = $response->getHeaders();
		$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
	}


	/**
	 * @CORS
	 */
	public function testNoOriginHeaderNoCORSHEADER() {
		$request = new Request();

		$middleware = new CORSMiddleware($request);
		$response = $middleware->afterController($this, __FUNCTION__, new Response());
		$headers = $response->getHeaders();
		$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
	}


	/**
	 * @CORS
	 * @expectedException \OC\AppFramework\Middleware\Security\SecurityException
	 */
	public function testCorsIgnoredIfWithCredentialsHeaderPresent() {
		$request = new Request(
			array('server' => array('HTTP_ORIGIN' => 'test'))
		);
		$middleware = new CORSMiddleware($request);

		$response = new Response();
		$response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE');
		$response = $middleware->afterController($this, __FUNCTION__, $response);
	}

}
add cors middleware remove methodannotationreader namespace fix namespace for server container fix tests fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request remove uneeded local in cors middleware registratio dont uppercase cors to easily use it from routes fix indention comment fixes explicitely set allow credentials header to false dont depend on better controllers PR, fix that stuff later split cors methods to be in a seperate controller for exposing apis remove protected definitions from apicontroller since controller has it 2014-05-08 09:47:18 +00:00			`<?php`
			`/**`
			`* ownCloud - App Framework`
			`*`
			`* This file is licensed under the Affero General Public License version 3 or`
			`* later. See the COPYING file.`
			`*`
			`* @author Bernhard Posselt <dev@bernhard-posselt.com>`
			`* @copyright Bernhard Posselt 2014`
			`*/`


			`namespace OC\AppFramework\Middleware\Security;`

			`use OC\AppFramework\Http\Request;`
			`use OCP\AppFramework\Http\Response;`


			`class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {`

			`/**`
			`* @CORS`
			`*/`
			`public function testSetCORSAPIHeader() {`
			`$request = new Request(`
			`array('server' => array('HTTP_ORIGIN' => 'test'))`
			`);`

			`$middleware = new CORSMiddleware($request);`
			`$response = $middleware->afterController($this, __FUNCTION__, new Response());`
			`$headers = $response->getHeaders();`

			`$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);`
			`}`


			`public function testNoAnnotationNoCORSHEADER() {`
			`$request = new Request(`
			`array('server' => array('HTTP_ORIGIN' => 'test'))`
			`);`
			`$middleware = new CORSMiddleware($request);`

			`$response = $middleware->afterController($this, __FUNCTION__, new Response());`
			`$headers = $response->getHeaders();`
			`$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));`
			`}`


			`/**`
			`* @CORS`
			`*/`
			`public function testNoOriginHeaderNoCORSHEADER() {`
			`$request = new Request();`

			`$middleware = new CORSMiddleware($request);`
			`$response = $middleware->afterController($this, __FUNCTION__, new Response());`
			`$headers = $response->getHeaders();`
			`$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));`
			`}`


			`/**`
			`* @CORS`
			`* @expectedException \OC\AppFramework\Middleware\Security\SecurityException`
			`*/`
			`public function testCorsIgnoredIfWithCredentialsHeaderPresent() {`
			`$request = new Request(`
			`array('server' => array('HTTP_ORIGIN' => 'test'))`
			`);`
			`$middleware = new CORSMiddleware($request);`

			`$response = new Response();`
			`$response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE');`
			`$response = $middleware->afterController($this, __FUNCTION__, $response);`
			`}`

			`}`