SecurityHeaderSiteconfigExtensionTest::getResponse() - Code Metrics - signify-nz/silverstripe-security-headers - Measure and Improve Code Quality continuously with Scrutinizer

getResponse() A
last analyzed 2024-07-17 00:20 UTC

↳ Parent: SecurityHeaderSiteconfigExtensionTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	3
c	0
b	0
f	0
nc	1
nop	0
dl	0
loc	5
rs	10

<?php

namespace Signify\Tests;

use SilverStripe\Dev\FunctionalTest;
use SilverStripe\SiteConfig\SiteConfig;
use Signify\Extensions\SecurityHeaderSiteconfigExtension;
use Signify\Middleware\SecurityHeaderMiddleware;
use SilverStripe\Control\Director;
use SilverStripe\Versioned\Versioned;

class SecurityHeaderSiteconfigExtensionTest extends FunctionalTest
{
    protected static $fixture_file = 'fixtures.yml';

    public static function setUpBeforeClass(): void
    {
        parent::setUpBeforeClass();
        // Add extension.
        SiteConfig::add_extension(SecurityHeaderSiteconfigExtension::class);
    }

    public static function tearDownAfterClass(): void
    {
        parent::tearDownAfterClass();
        // Remove extension.
        SiteConfig::remove_extension(SecurityHeaderSiteconfigExtension::class);
    }

    public function testCSPisNotReportOnly()
    {
        $response = $this->getResponse();
        $csp = $response->getHeader('Content-Security-Policy');
        $cspReportOnly = $response->getHeader('Content-Security-Policy-Report-Only');

        $this->assertNotNull($csp, 'Test Content-Security-Policy header is present.');
        $this->assertNull($cspReportOnly, 'Test Content-Security-Policy-Report-Only header is not present.');
    }

    public function testCSPisReportOnly()
    {
        $siteConfig = SiteConfig::current_site_config();
        $siteConfig->CSPReportingOnly = true;
        $siteConfig->write();
        $originalCSP = SecurityHeaderMiddleware::config()->get('headers')['global']['Content-Security-Policy'];
        $uri = Director::absoluteURL(SecurityHeaderMiddleware::config()->get('report_uri'));
        $originalCSP .= " report-uri $uri;";

        $response = $this->getResponse();
        $csp = $response->getHeader('Content-Security-Policy');
        $cspReportOnly = $response->getHeader('Content-Security-Policy-Report-Only');

        $this->assertNull($csp, 'Test Content-Security-Policy header is not present.');
        $this->assertNotNull($cspReportOnly, 'Test Content-Security-Policy-Report-Only header is present.');
        $this->assertEquals($originalCSP, $cspReportOnly, 'Test configured CSP is returned in the response.');
    }

    protected function getResponse()
    {
        $page = $this->objFromFixture('Page', 'page');
        $page->copyVersionToStage(Versioned::DRAFT, Versioned::LIVE);
        return $this->get($page->Link());
    }
}


1			<?php
2
3			namespace Signify\Tests;
4
5			use SilverStripe\Dev\FunctionalTest;
6			use SilverStripe\SiteConfig\SiteConfig;
7			use Signify\Extensions\SecurityHeaderSiteconfigExtension;
8			use Signify\Middleware\SecurityHeaderMiddleware;
9			use SilverStripe\Control\Director;
10			use SilverStripe\Versioned\Versioned;
11
12			class SecurityHeaderSiteconfigExtensionTest extends FunctionalTest
13			{
14			protected static $fixture_file = 'fixtures.yml';
15
16			public static function setUpBeforeClass(): void
17			{
18			parent::setUpBeforeClass();
19			// Add extension.
20			SiteConfig::add_extension(SecurityHeaderSiteconfigExtension::class);
21			}
22
23			public static function tearDownAfterClass(): void
24			{
25			parent::tearDownAfterClass();
26			// Remove extension.
27			SiteConfig::remove_extension(SecurityHeaderSiteconfigExtension::class);
28			}
29
30			public function testCSPisNotReportOnly()
31			{
32			$response = $this->getResponse();
33			$csp = $response->getHeader('Content-Security-Policy');
34			$cspReportOnly = $response->getHeader('Content-Security-Policy-Report-Only');
35
36			$this->assertNotNull($csp, 'Test Content-Security-Policy header is present.');
37			$this->assertNull($cspReportOnly, 'Test Content-Security-Policy-Report-Only header is not present.');
38			}
39
40			public function testCSPisReportOnly()
41			{
42			$siteConfig = SiteConfig::current_site_config();
43			$siteConfig->CSPReportingOnly = true;
44			$siteConfig->write();
45			$originalCSP = SecurityHeaderMiddleware::config()->get('headers')['global']['Content-Security-Policy'];
46			$uri = Director::absoluteURL(SecurityHeaderMiddleware::config()->get('report_uri'));
47			$originalCSP .= " report-uri $uri;";
48
49			$response = $this->getResponse();
50			$csp = $response->getHeader('Content-Security-Policy');
51			$cspReportOnly = $response->getHeader('Content-Security-Policy-Report-Only');
52
53			$this->assertNull($csp, 'Test Content-Security-Policy header is not present.');
54			$this->assertNotNull($cspReportOnly, 'Test Content-Security-Policy-Report-Only header is present.');
55			$this->assertEquals($originalCSP, $cspReportOnly, 'Test configured CSP is returned in the response.');
56			}
57
58			protected function getResponse()
59			{
60			$page = $this->objFromFixture('Page', 'page');
61			$page->copyVersionToStage(Versioned::DRAFT, Versioned::LIVE);
62			return $this->get($page->Link());
63			}
64			}
65

signify-nz / silverstripe-security-headers

getResponse() A last analyzed 2024-07-17 00:20 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

getResponse() A
last analyzed 2024-07-17 00:20 UTC