silverstripe /
cwp-core
@@ -14,67 +14,67 @@ |
||
| 14 | 14 | |
| 15 | 15 | class AtomFeedTest extends SapphireTest |
| 16 | 16 | { |
| 17 | - protected static $original_host; |
|
| 17 | + protected static $original_host; |
|
| 18 | 18 | |
| 19 | - public function testAtomFeed() |
|
| 20 | - { |
|
| 21 | - $list = new ArrayList(); |
|
| 22 | - $list->push(new ItemA()); |
|
| 23 | - $list->push(new ItemB()); |
|
| 24 | - $list->push(new ItemC()); |
|
| 19 | + public function testAtomFeed() |
|
| 20 | + { |
|
| 21 | + $list = new ArrayList(); |
|
| 22 | + $list->push(new ItemA()); |
|
| 23 | + $list->push(new ItemB()); |
|
| 24 | + $list->push(new ItemC()); |
|
| 25 | 25 | |
| 26 | - $atomFeed = new CwpAtomFeed( |
|
| 27 | - $list, |
|
| 28 | - "http://www.example.com", |
|
| 29 | - "Test Atom Feed", |
|
| 30 | - "Test Atom Feed Description" |
|
| 31 | - ); |
|
| 32 | - $content = $atomFeed->outputToBrowser(); |
|
| 26 | + $atomFeed = new CwpAtomFeed( |
|
| 27 | + $list, |
|
| 28 | + "http://www.example.com", |
|
| 29 | + "Test Atom Feed", |
|
| 30 | + "Test Atom Feed Description" |
|
| 31 | + ); |
|
| 32 | + $content = $atomFeed->outputToBrowser(); |
|
| 33 | 33 | |
| 34 | - //Debug::message($content); |
|
| 35 | - $this->assertContains('<link href="http://www.example.org/item-a/" />', $content); |
|
| 36 | - $this->assertContains('<link href="http://www.example.com/item-b.html" />', $content); |
|
| 37 | - $this->assertContains('<link href="http://www.example.com/item-c.html" />', $content); |
|
| 34 | + //Debug::message($content); |
|
| 35 | + $this->assertContains('<link href="http://www.example.org/item-a/" />', $content); |
|
| 36 | + $this->assertContains('<link href="http://www.example.com/item-b.html" />', $content); |
|
| 37 | + $this->assertContains('<link href="http://www.example.com/item-c.html" />', $content); |
|
| 38 | 38 | |
| 39 | - $this->assertContains('<title type="html">ItemA</title>', $content); |
|
| 40 | - $this->assertContains('<title type="html">ItemB</title>', $content); |
|
| 41 | - $this->assertContains('<title type="html">ItemC</title>', $content); |
|
| 39 | + $this->assertContains('<title type="html">ItemA</title>', $content); |
|
| 40 | + $this->assertContains('<title type="html">ItemB</title>', $content); |
|
| 41 | + $this->assertContains('<title type="html">ItemC</title>', $content); |
|
| 42 | 42 | |
| 43 | - $this->assertContains("\tItemA Content\n", $content); |
|
| 44 | - $this->assertContains("\tItemB Content\n", $content); |
|
| 45 | - $this->assertContains("\tItemC Content\n", $content); |
|
| 46 | - } |
|
| 43 | + $this->assertContains("\tItemA Content\n", $content); |
|
| 44 | + $this->assertContains("\tItemB Content\n", $content); |
|
| 45 | + $this->assertContains("\tItemC Content\n", $content); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - public function testRenderWithTemplate() |
|
| 49 | - { |
|
| 50 | - $atomFeed = new CwpAtomFeed(new ArrayList(), "", "", ""); |
|
| 51 | - $content = $atomFeed->outputToBrowser(); |
|
| 52 | - // test we have switched from a RSS feed test template tot he AtomFeed template |
|
| 53 | - $this->assertNotContains('<title>Test Custom Template</title>', $content); |
|
| 54 | - } |
|
| 48 | + public function testRenderWithTemplate() |
|
| 49 | + { |
|
| 50 | + $atomFeed = new CwpAtomFeed(new ArrayList(), "", "", ""); |
|
| 51 | + $content = $atomFeed->outputToBrowser(); |
|
| 52 | + // test we have switched from a RSS feed test template tot he AtomFeed template |
|
| 53 | + $this->assertNotContains('<title>Test Custom Template</title>', $content); |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - public function testLinkToFeed() |
|
| 57 | - { |
|
| 58 | - $link = AtomTagsStub::linkToFeed('atomLinkUrl', 'Atom feed of this blog'); |
|
| 59 | - $this->assertContains('atomLinkUrl', $link); |
|
| 60 | - $this->assertContains('Atom feed of this blog', $link); |
|
| 61 | - $this->assertContains('application/atom+xml', $link); |
|
| 62 | - } |
|
| 56 | + public function testLinkToFeed() |
|
| 57 | + { |
|
| 58 | + $link = AtomTagsStub::linkToFeed('atomLinkUrl', 'Atom feed of this blog'); |
|
| 59 | + $this->assertContains('atomLinkUrl', $link); |
|
| 60 | + $this->assertContains('Atom feed of this blog', $link); |
|
| 61 | + $this->assertContains('application/atom+xml', $link); |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - protected function setUp() |
|
| 65 | - { |
|
| 66 | - parent::setUp(); |
|
| 67 | - Config::modify()->set(Director::class, 'alternate_base_url', '/'); |
|
| 68 | - if (!self::$original_host) { |
|
| 69 | - self::$original_host = $_SERVER['HTTP_HOST']; |
|
| 70 | - } |
|
| 71 | - $_SERVER['HTTP_HOST'] = 'www.example.org'; |
|
| 72 | - } |
|
| 64 | + protected function setUp() |
|
| 65 | + { |
|
| 66 | + parent::setUp(); |
|
| 67 | + Config::modify()->set(Director::class, 'alternate_base_url', '/'); |
|
| 68 | + if (!self::$original_host) { |
|
| 69 | + self::$original_host = $_SERVER['HTTP_HOST']; |
|
| 70 | + } |
|
| 71 | + $_SERVER['HTTP_HOST'] = 'www.example.org'; |
|
| 72 | + } |
|
| 73 | 73 | |
| 74 | - protected function tearDown() |
|
| 75 | - { |
|
| 76 | - parent::tearDown(); |
|
| 77 | - Config::modify()->set(Director::class, 'alternate_base_url', null); |
|
| 78 | - $_SERVER['HTTP_HOST'] = self::$original_host; |
|
| 79 | - } |
|
| 74 | + protected function tearDown() |
|
| 75 | + { |
|
| 76 | + parent::tearDown(); |
|
| 77 | + Config::modify()->set(Director::class, 'alternate_base_url', null); |
|
| 78 | + $_SERVER['HTTP_HOST'] = self::$original_host; |
|
| 79 | + } |
|
| 80 | 80 | } |
@@ -11,11 +11,11 @@ |
||
| 11 | 11 | */ |
| 12 | 12 | class AtomTagsStub implements TestOnly |
| 13 | 13 | { |
| 14 | - public static function linkToFeed($url, $title = null) |
|
| 15 | - { |
|
| 16 | - $link = '<link rel="alternate" type="application/atom+xml" title="' . $title . |
|
| 17 | - '" href="' . $url . '" />'; |
|
| 18 | - CwpAtomFeed::linkToFeed($url, $title); |
|
| 19 | - return $link; |
|
| 20 | - } |
|
| 14 | + public static function linkToFeed($url, $title = null) |
|
| 15 | + { |
|
| 16 | + $link = '<link rel="alternate" type="application/atom+xml" title="' . $title . |
|
| 17 | + '" href="' . $url . '" />'; |
|
| 18 | + CwpAtomFeed::linkToFeed($url, $title); |
|
| 19 | + return $link; |
|
| 20 | + } |
|
| 21 | 21 | } |
@@ -7,33 +7,33 @@ |
||
| 7 | 7 | |
| 8 | 8 | class ItemC extends ViewableData implements TestOnly |
| 9 | 9 | { |
| 10 | - // ItemC tests fields - Title has casting, Content doesn't. |
|
| 11 | - private static $casting = [ |
|
| 12 | - 'Title' => 'Varchar', |
|
| 13 | - 'AltContent' => 'Text', |
|
| 14 | - ]; |
|
| 15 | - |
|
| 16 | - public $Title = 'ItemC'; |
|
| 17 | - |
|
| 18 | - public function Title() |
|
| 19 | - { |
|
| 20 | - return "ItemC"; |
|
| 21 | - } |
|
| 22 | - |
|
| 23 | - public function Content() |
|
| 24 | - { |
|
| 25 | - return "ItemC Content"; |
|
| 26 | - } |
|
| 27 | - |
|
| 28 | - public $AltContent = "ItemC AltContent"; |
|
| 29 | - |
|
| 30 | - public function Link() |
|
| 31 | - { |
|
| 32 | - return "item-c.html"; |
|
| 33 | - } |
|
| 34 | - |
|
| 35 | - public function AbsoluteLink() |
|
| 36 | - { |
|
| 37 | - return "http://www.example.com/item-c.html"; |
|
| 38 | - } |
|
| 10 | + // ItemC tests fields - Title has casting, Content doesn't. |
|
| 11 | + private static $casting = [ |
|
| 12 | + 'Title' => 'Varchar', |
|
| 13 | + 'AltContent' => 'Text', |
|
| 14 | + ]; |
|
| 15 | + |
|
| 16 | + public $Title = 'ItemC'; |
|
| 17 | + |
|
| 18 | + public function Title() |
|
| 19 | + { |
|
| 20 | + return "ItemC"; |
|
| 21 | + } |
|
| 22 | + |
|
| 23 | + public function Content() |
|
| 24 | + { |
|
| 25 | + return "ItemC Content"; |
|
| 26 | + } |
|
| 27 | + |
|
| 28 | + public $AltContent = "ItemC AltContent"; |
|
| 29 | + |
|
| 30 | + public function Link() |
|
| 31 | + { |
|
| 32 | + return "item-c.html"; |
|
| 33 | + } |
|
| 34 | + |
|
| 35 | + public function AbsoluteLink() |
|
| 36 | + { |
|
| 37 | + return "http://www.example.com/item-c.html"; |
|
| 38 | + } |
|
| 39 | 39 | } |
@@ -7,26 +7,26 @@ |
||
| 7 | 7 | |
| 8 | 8 | class ItemB extends ViewableData implements TestOnly |
| 9 | 9 | { |
| 10 | - // ItemB tests without $casting |
|
| 11 | - public $Title = 'ItemB'; |
|
| 10 | + // ItemB tests without $casting |
|
| 11 | + public $Title = 'ItemB'; |
|
| 12 | 12 | |
| 13 | - public function Title() |
|
| 14 | - { |
|
| 15 | - return "ItemB"; |
|
| 16 | - } |
|
| 13 | + public function Title() |
|
| 14 | + { |
|
| 15 | + return "ItemB"; |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function AbsoluteLink() |
|
| 19 | - { |
|
| 20 | - return "http://www.example.com/item-b.html"; |
|
| 21 | - } |
|
| 18 | + public function AbsoluteLink() |
|
| 19 | + { |
|
| 20 | + return "http://www.example.com/item-b.html"; |
|
| 21 | + } |
|
| 22 | 22 | |
| 23 | - public function Content() |
|
| 24 | - { |
|
| 25 | - return "ItemB Content"; |
|
| 26 | - } |
|
| 23 | + public function Content() |
|
| 24 | + { |
|
| 25 | + return "ItemB Content"; |
|
| 26 | + } |
|
| 27 | 27 | |
| 28 | - public function AltContent() |
|
| 29 | - { |
|
| 30 | - return "ItemB AltContent"; |
|
| 31 | - } |
|
| 28 | + public function AltContent() |
|
| 29 | + { |
|
| 30 | + return "ItemB AltContent"; |
|
| 31 | + } |
|
| 32 | 32 | } |
@@ -8,32 +8,32 @@ |
||
| 8 | 8 | |
| 9 | 9 | class ItemA extends ViewableData implements TestOnly |
| 10 | 10 | { |
| 11 | - // Atom-feed items must have $casting/$db information. |
|
| 12 | - private static $casting = [ |
|
| 13 | - 'Title' => 'Varchar', |
|
| 14 | - 'Content' => 'Text', |
|
| 15 | - 'AltContent' => 'Text', |
|
| 16 | - ]; |
|
| 17 | - |
|
| 18 | - public $Title = 'ItemA'; |
|
| 19 | - |
|
| 20 | - public function Title() |
|
| 21 | - { |
|
| 22 | - return "ItemA"; |
|
| 23 | - } |
|
| 24 | - |
|
| 25 | - public function Content() |
|
| 26 | - { |
|
| 27 | - return "ItemA Content"; |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - public function AltContent() |
|
| 31 | - { |
|
| 32 | - return "ItemA AltContent"; |
|
| 33 | - } |
|
| 34 | - |
|
| 35 | - public function Link($action = null) |
|
| 36 | - { |
|
| 37 | - return Controller::join_links("item-a/", $action); |
|
| 38 | - } |
|
| 11 | + // Atom-feed items must have $casting/$db information. |
|
| 12 | + private static $casting = [ |
|
| 13 | + 'Title' => 'Varchar', |
|
| 14 | + 'Content' => 'Text', |
|
| 15 | + 'AltContent' => 'Text', |
|
| 16 | + ]; |
|
| 17 | + |
|
| 18 | + public $Title = 'ItemA'; |
|
| 19 | + |
|
| 20 | + public function Title() |
|
| 21 | + { |
|
| 22 | + return "ItemA"; |
|
| 23 | + } |
|
| 24 | + |
|
| 25 | + public function Content() |
|
| 26 | + { |
|
| 27 | + return "ItemA Content"; |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + public function AltContent() |
|
| 31 | + { |
|
| 32 | + return "ItemA AltContent"; |
|
| 33 | + } |
|
| 34 | + |
|
| 35 | + public function Link($action = null) |
|
| 36 | + { |
|
| 37 | + return Controller::join_links("item-a/", $action); |
|
| 38 | + } |
|
| 39 | 39 | } |
@@ -93,7 +93,7 @@ |
||
| 93 | 93 | */ |
| 94 | 94 | protected function runMiddleware() |
| 95 | 95 | { |
| 96 | - $this->middleware->process($this->request, function () { |
|
| 96 | + $this->middleware->process($this->request, function() { |
|
| 97 | 97 | // no op |
| 98 | 98 | }); |
| 99 | 99 | } |
@@ -10,120 +10,120 @@ |
||
| 10 | 10 | |
| 11 | 11 | class InitialisationMiddlewareTest extends FunctionalTest |
| 12 | 12 | { |
| 13 | - /** |
|
| 14 | - * @var HTTPRequest |
|
| 15 | - */ |
|
| 16 | - protected $request; |
|
| 17 | - |
|
| 18 | - /** |
|
| 19 | - * @var InitialisationMiddleware |
|
| 20 | - */ |
|
| 21 | - protected $middleware; |
|
| 22 | - |
|
| 23 | - protected $usesDatabase = true; |
|
| 24 | - |
|
| 25 | - protected function setUp() |
|
| 26 | - { |
|
| 27 | - parent::setUp(); |
|
| 28 | - |
|
| 29 | - $this->request = new HTTPRequest('GET', '/'); |
|
| 30 | - $this->middleware = new InitialisationMiddleware(); |
|
| 31 | - |
|
| 32 | - Environment::setEnv('SS_OUTBOUND_PROXY', ''); |
|
| 33 | - Environment::setEnv('SS_OUTBOUND_PROXY_PORT', ''); |
|
| 34 | - putenv('NO_PROXY='); |
|
| 35 | - } |
|
| 36 | - |
|
| 37 | - public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet() |
|
| 38 | - { |
|
| 39 | - $this->runMiddleware(); |
|
| 40 | - |
|
| 41 | - $this->assertEmpty( |
|
| 42 | - Environment::getEnv('http_proxy'), |
|
| 43 | - 'Proxy information is not set if no outbound proxy is configured' |
|
| 44 | - ); |
|
| 45 | - } |
|
| 46 | - |
|
| 47 | - public function testConfigureEgressProxyWhenVarsAreSet() |
|
| 48 | - { |
|
| 49 | - Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com'); |
|
| 50 | - Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024'); |
|
| 51 | - |
|
| 52 | - $this->runMiddleware(); |
|
| 53 | - |
|
| 54 | - $this->assertEquals( |
|
| 55 | - 'http://example.com:8024', |
|
| 56 | - Environment::getEnv('http_proxy'), |
|
| 57 | - 'Proxy is configured with proxy and port' |
|
| 58 | - ); |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined() |
|
| 62 | - { |
|
| 63 | - Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains'); |
|
| 64 | - |
|
| 65 | - $this->runMiddleware(); |
|
| 66 | - |
|
| 67 | - $this->assertSame( |
|
| 68 | - '', |
|
| 69 | - Environment::getEnv('NO_PROXY'), |
|
| 70 | - 'No domain exclusions are set when none are defined' |
|
| 71 | - ); |
|
| 72 | - } |
|
| 73 | - |
|
| 74 | - public function testConfigureEgressProxyDomainExclusions() |
|
| 75 | - { |
|
| 76 | - Config::modify()->set( |
|
| 77 | - InitialisationMiddleware::class, |
|
| 78 | - 'egress_proxy_exclude_domains', |
|
| 79 | - 'example.com' |
|
| 80 | - ); |
|
| 81 | - |
|
| 82 | - putenv('NO_PROXY=foo.com,bar.com'); |
|
| 83 | - $this->runMiddleware(); |
|
| 84 | - |
|
| 85 | - $this->assertSame( |
|
| 86 | - 'foo.com,bar.com,example.com', |
|
| 87 | - Environment::getEnv('NO_PROXY'), |
|
| 88 | - 'Domain exclusions are combined with existing values and configuration settings' |
|
| 89 | - ); |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - public function testSecurityHeadersAddedByDefault() |
|
| 93 | - { |
|
| 94 | - $response = $this->get('Security/login'); |
|
| 95 | - $this->assertArrayHasKey('x-xss-protection', $response->getHeaders()); |
|
| 96 | - $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection')); |
|
| 97 | - } |
|
| 98 | - |
|
| 99 | - public function testXSSProtectionHeaderNotAdded() |
|
| 100 | - { |
|
| 101 | - Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_enabled', false); |
|
| 102 | - $response = $this->get('Security/login'); |
|
| 103 | - $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders()); |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - public function testHstsNotAddedByDefault() |
|
| 107 | - { |
|
| 108 | - Config::modify()->remove(InitialisationMiddleware::class, 'strict_transport_security'); |
|
| 109 | - $response = $this->get('Security/login'); |
|
| 110 | - $this->assertArrayNotHasKey('strict-transport-security', $response->getHeaders()); |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - public function testHstsAddedWhenConfigured() |
|
| 114 | - { |
|
| 115 | - Config::modify()->update(InitialisationMiddleware::class, 'strict_transport_security', 'max-age=1'); |
|
| 116 | - $response = $this->get('Security/login'); |
|
| 117 | - $this->assertArrayHasKey('strict-transport-security', $response->getHeaders()); |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - /** |
|
| 121 | - * Runs the middleware with a stubbed delegate |
|
| 122 | - */ |
|
| 123 | - protected function runMiddleware() |
|
| 124 | - { |
|
| 125 | - $this->middleware->process($this->request, function () { |
|
| 126 | - // no op |
|
| 127 | - }); |
|
| 128 | - } |
|
| 13 | + /** |
|
| 14 | + * @var HTTPRequest |
|
| 15 | + */ |
|
| 16 | + protected $request; |
|
| 17 | + |
|
| 18 | + /** |
|
| 19 | + * @var InitialisationMiddleware |
|
| 20 | + */ |
|
| 21 | + protected $middleware; |
|
| 22 | + |
|
| 23 | + protected $usesDatabase = true; |
|
| 24 | + |
|
| 25 | + protected function setUp() |
|
| 26 | + { |
|
| 27 | + parent::setUp(); |
|
| 28 | + |
|
| 29 | + $this->request = new HTTPRequest('GET', '/'); |
|
| 30 | + $this->middleware = new InitialisationMiddleware(); |
|
| 31 | + |
|
| 32 | + Environment::setEnv('SS_OUTBOUND_PROXY', ''); |
|
| 33 | + Environment::setEnv('SS_OUTBOUND_PROXY_PORT', ''); |
|
| 34 | + putenv('NO_PROXY='); |
|
| 35 | + } |
|
| 36 | + |
|
| 37 | + public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet() |
|
| 38 | + { |
|
| 39 | + $this->runMiddleware(); |
|
| 40 | + |
|
| 41 | + $this->assertEmpty( |
|
| 42 | + Environment::getEnv('http_proxy'), |
|
| 43 | + 'Proxy information is not set if no outbound proxy is configured' |
|
| 44 | + ); |
|
| 45 | + } |
|
| 46 | + |
|
| 47 | + public function testConfigureEgressProxyWhenVarsAreSet() |
|
| 48 | + { |
|
| 49 | + Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com'); |
|
| 50 | + Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024'); |
|
| 51 | + |
|
| 52 | + $this->runMiddleware(); |
|
| 53 | + |
|
| 54 | + $this->assertEquals( |
|
| 55 | + 'http://example.com:8024', |
|
| 56 | + Environment::getEnv('http_proxy'), |
|
| 57 | + 'Proxy is configured with proxy and port' |
|
| 58 | + ); |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined() |
|
| 62 | + { |
|
| 63 | + Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains'); |
|
| 64 | + |
|
| 65 | + $this->runMiddleware(); |
|
| 66 | + |
|
| 67 | + $this->assertSame( |
|
| 68 | + '', |
|
| 69 | + Environment::getEnv('NO_PROXY'), |
|
| 70 | + 'No domain exclusions are set when none are defined' |
|
| 71 | + ); |
|
| 72 | + } |
|
| 73 | + |
|
| 74 | + public function testConfigureEgressProxyDomainExclusions() |
|
| 75 | + { |
|
| 76 | + Config::modify()->set( |
|
| 77 | + InitialisationMiddleware::class, |
|
| 78 | + 'egress_proxy_exclude_domains', |
|
| 79 | + 'example.com' |
|
| 80 | + ); |
|
| 81 | + |
|
| 82 | + putenv('NO_PROXY=foo.com,bar.com'); |
|
| 83 | + $this->runMiddleware(); |
|
| 84 | + |
|
| 85 | + $this->assertSame( |
|
| 86 | + 'foo.com,bar.com,example.com', |
|
| 87 | + Environment::getEnv('NO_PROXY'), |
|
| 88 | + 'Domain exclusions are combined with existing values and configuration settings' |
|
| 89 | + ); |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + public function testSecurityHeadersAddedByDefault() |
|
| 93 | + { |
|
| 94 | + $response = $this->get('Security/login'); |
|
| 95 | + $this->assertArrayHasKey('x-xss-protection', $response->getHeaders()); |
|
| 96 | + $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection')); |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + public function testXSSProtectionHeaderNotAdded() |
|
| 100 | + { |
|
| 101 | + Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_enabled', false); |
|
| 102 | + $response = $this->get('Security/login'); |
|
| 103 | + $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders()); |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + public function testHstsNotAddedByDefault() |
|
| 107 | + { |
|
| 108 | + Config::modify()->remove(InitialisationMiddleware::class, 'strict_transport_security'); |
|
| 109 | + $response = $this->get('Security/login'); |
|
| 110 | + $this->assertArrayNotHasKey('strict-transport-security', $response->getHeaders()); |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + public function testHstsAddedWhenConfigured() |
|
| 114 | + { |
|
| 115 | + Config::modify()->update(InitialisationMiddleware::class, 'strict_transport_security', 'max-age=1'); |
|
| 116 | + $response = $this->get('Security/login'); |
|
| 117 | + $this->assertArrayHasKey('strict-transport-security', $response->getHeaders()); |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + /** |
|
| 121 | + * Runs the middleware with a stubbed delegate |
|
| 122 | + */ |
|
| 123 | + protected function runMiddleware() |
|
| 124 | + { |
|
| 125 | + $this->middleware->process($this->request, function () { |
|
| 126 | + // no op |
|
| 127 | + }); |
|
| 128 | + } |
|
| 129 | 129 | } |
@@ -13,13 +13,13 @@ |
||
| 13 | 13 | class CustomHtmlEditorFieldToolbar extends Extension |
| 14 | 14 | { |
| 15 | 15 | |
| 16 | - /** |
|
| 17 | - * @param Form $form |
|
| 18 | - * @return void |
|
| 19 | - */ |
|
| 20 | - public function updateMediaForm(Form $form) |
|
| 21 | - { |
|
| 22 | - Requirements::add_i18n_javascript('cwp/cwp-core:javascript/lang'); |
|
| 23 | - Requirements::javascript('cwp/cwp-core:javascript/CustomHtmlEditorFieldToolbar.js'); |
|
| 24 | - } |
|
| 16 | + /** |
|
| 17 | + * @param Form $form |
|
| 18 | + * @return void |
|
| 19 | + */ |
|
| 20 | + public function updateMediaForm(Form $form) |
|
| 21 | + { |
|
| 22 | + Requirements::add_i18n_javascript('cwp/cwp-core:javascript/lang'); |
|
| 23 | + Requirements::javascript('cwp/cwp-core:javascript/CustomHtmlEditorFieldToolbar.js'); |
|
| 24 | + } |
|
| 25 | 25 | } |
@@ -7,20 +7,20 @@ |
||
| 7 | 7 | class CwpHtmlEditorConfig extends DataExtension |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - /** |
|
| 11 | - * @return string |
|
| 12 | - * |
|
| 13 | - * Override the default HtmlEditorConfig from 'cms' to 'cwp' defined in cwp-core/_config.php |
|
| 14 | - * However if the group has a custom editor configuration set, use that instead. |
|
| 15 | - */ |
|
| 16 | - public function getHtmlEditorConfig() |
|
| 17 | - { |
|
| 18 | - $originalConfig = $this->owner->getField("HtmlEditorConfig"); |
|
| 10 | + /** |
|
| 11 | + * @return string |
|
| 12 | + * |
|
| 13 | + * Override the default HtmlEditorConfig from 'cms' to 'cwp' defined in cwp-core/_config.php |
|
| 14 | + * However if the group has a custom editor configuration set, use that instead. |
|
| 15 | + */ |
|
| 16 | + public function getHtmlEditorConfig() |
|
| 17 | + { |
|
| 18 | + $originalConfig = $this->owner->getField("HtmlEditorConfig"); |
|
| 19 | 19 | |
| 20 | - if ($originalConfig) { |
|
| 21 | - return $originalConfig; |
|
| 22 | - } |
|
| 20 | + if ($originalConfig) { |
|
| 21 | + return $originalConfig; |
|
| 22 | + } |
|
| 23 | 23 | |
| 24 | - return 'cwp'; |
|
| 25 | - } |
|
| 24 | + return 'cwp'; |
|
| 25 | + } |
|
| 26 | 26 | } |
@@ -53,12 +53,12 @@ discard block |
||
| 53 | 53 | $failures = $meantimeLoginAttempts->filter(['Status' => 'Failure'])->count(); |
| 54 | 54 | $IPs = array_unique($meantimeLoginAttempts->column('IP')); |
| 55 | 55 | |
| 56 | - if ($attempts == 1) { |
|
| 56 | + if ($attempts==1) { |
|
| 57 | 57 | $statusString = $failures ? "a failed" : "a successful"; |
| 58 | 58 | $message = "In the last $elapsed $statusString login attempt to your account was " |
| 59 | 59 | . "registered. The attempt was made from ${IPs[0]}. "; |
| 60 | 60 | } else { |
| 61 | - if ($failures == $attempts) { |
|
| 61 | + if ($failures==$attempts) { |
|
| 62 | 62 | $statusString = $failures ? "failed" : "successful"; |
| 63 | 63 | $message = "In the last $elapsed $attempts $statusString login " |
| 64 | 64 | . "attempts to your account were registered. "; |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | $date = $lastLoginAttempt->Created; |
| 86 | 86 | $message = "Last login attempt to your account was on $lastLoginAttempt->Created " |
| 87 | 87 | . "from $lastLoginAttempt->IP"; |
| 88 | - $message .= $lastLoginAttempt->Status == 'Failure' ? " and was successful." : "and has failed."; |
|
| 88 | + $message .= $lastLoginAttempt->Status=='Failure' ? " and was successful." : "and has failed."; |
|
| 89 | 89 | } |
| 90 | 90 | } |
| 91 | 91 | |
@@ -19,81 +19,81 @@ |
||
| 19 | 19 | class LoginAttemptNotifications extends Extension |
| 20 | 20 | { |
| 21 | 21 | |
| 22 | - /** |
|
| 23 | - * |
|
| 24 | - * @return mixed null |
|
| 25 | - */ |
|
| 26 | - public function init() |
|
| 27 | - { |
|
| 22 | + /** |
|
| 23 | + * |
|
| 24 | + * @return mixed null |
|
| 25 | + */ |
|
| 26 | + public function init() |
|
| 27 | + { |
|
| 28 | 28 | |
| 29 | - // Exclude default admin. |
|
| 30 | - $member = Security::getCurrentUser(); |
|
| 31 | - if (!$member || !$member->ID) { |
|
| 32 | - return; |
|
| 33 | - } |
|
| 29 | + // Exclude default admin. |
|
| 30 | + $member = Security::getCurrentUser(); |
|
| 31 | + if (!$member || !$member->ID) { |
|
| 32 | + return; |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - $message = null; |
|
| 36 | - $session = $this->owner->getRequest()->getSession(); |
|
| 35 | + $message = null; |
|
| 36 | + $session = $this->owner->getRequest()->getSession(); |
|
| 37 | 37 | |
| 38 | - Requirements::javascript('cwp/cwp-core:javascript/LoginAttemptNotifications.js'); |
|
| 39 | - $sessionLastVisited = $session->get('LoginAttemptNotifications.SessionLastVisited'); |
|
| 40 | - if ($sessionLastVisited) { |
|
| 41 | - // Session already in progress. Show all attempts since the session was last visited. |
|
| 38 | + Requirements::javascript('cwp/cwp-core:javascript/LoginAttemptNotifications.js'); |
|
| 39 | + $sessionLastVisited = $session->get('LoginAttemptNotifications.SessionLastVisited'); |
|
| 40 | + if ($sessionLastVisited) { |
|
| 41 | + // Session already in progress. Show all attempts since the session was last visited. |
|
| 42 | 42 | |
| 43 | - $meantimeLoginAttempts = LoginAttempt::get()->filter([ |
|
| 44 | - 'MemberID' => $member->ID, |
|
| 45 | - 'Created:GreaterThan' => $sessionLastVisited |
|
| 46 | - ]); |
|
| 43 | + $meantimeLoginAttempts = LoginAttempt::get()->filter([ |
|
| 44 | + 'MemberID' => $member->ID, |
|
| 45 | + 'Created:GreaterThan' => $sessionLastVisited |
|
| 46 | + ]); |
|
| 47 | 47 | |
| 48 | - $attempts = $meantimeLoginAttempts->count(); |
|
| 49 | - if ($attempts) { |
|
| 50 | - $lastVisitedObj = DBDatetime::create(); |
|
| 51 | - $lastVisitedObj->setValue($sessionLastVisited); |
|
| 52 | - $elapsed = $lastVisitedObj->TimeDiff(); |
|
| 53 | - $failures = $meantimeLoginAttempts->filter(['Status' => 'Failure'])->count(); |
|
| 54 | - $IPs = array_unique($meantimeLoginAttempts->column('IP')); |
|
| 48 | + $attempts = $meantimeLoginAttempts->count(); |
|
| 49 | + if ($attempts) { |
|
| 50 | + $lastVisitedObj = DBDatetime::create(); |
|
| 51 | + $lastVisitedObj->setValue($sessionLastVisited); |
|
| 52 | + $elapsed = $lastVisitedObj->TimeDiff(); |
|
| 53 | + $failures = $meantimeLoginAttempts->filter(['Status' => 'Failure'])->count(); |
|
| 54 | + $IPs = array_unique($meantimeLoginAttempts->column('IP')); |
|
| 55 | 55 | |
| 56 | - if ($attempts == 1) { |
|
| 57 | - $statusString = $failures ? "a failed" : "a successful"; |
|
| 58 | - $message = "In the last $elapsed $statusString login attempt to your account was " |
|
| 59 | - . "registered. The attempt was made from ${IPs[0]}. "; |
|
| 60 | - } else { |
|
| 61 | - if ($failures == $attempts) { |
|
| 62 | - $statusString = $failures ? "failed" : "successful"; |
|
| 63 | - $message = "In the last $elapsed $attempts $statusString login " |
|
| 64 | - . "attempts to your account were registered. "; |
|
| 65 | - } else { |
|
| 66 | - $message = "In the last $elapsed $attempts login attempts to your " |
|
| 67 | - . "account were registered, of which $failures failed. "; |
|
| 68 | - } |
|
| 56 | + if ($attempts == 1) { |
|
| 57 | + $statusString = $failures ? "a failed" : "a successful"; |
|
| 58 | + $message = "In the last $elapsed $statusString login attempt to your account was " |
|
| 59 | + . "registered. The attempt was made from ${IPs[0]}. "; |
|
| 60 | + } else { |
|
| 61 | + if ($failures == $attempts) { |
|
| 62 | + $statusString = $failures ? "failed" : "successful"; |
|
| 63 | + $message = "In the last $elapsed $attempts $statusString login " |
|
| 64 | + . "attempts to your account were registered. "; |
|
| 65 | + } else { |
|
| 66 | + $message = "In the last $elapsed $attempts login attempts to your " |
|
| 67 | + . "account were registered, of which $failures failed. "; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - $message .= "The attempts were from " . implode(', ', $IPs) . '. '; |
|
| 70 | + $message .= "The attempts were from " . implode(', ', $IPs) . '. '; |
|
| 71 | 71 | |
| 72 | - // TODO: add this call to action in a way that doesn't break out of the availabel space. Fix CSS? |
|
| 73 | - // $message .= "If you suspect somebody else might be trying to access |
|
| 74 | - // . "your account, please contact support."; |
|
| 75 | - } |
|
| 76 | - } |
|
| 77 | - } else { |
|
| 78 | - // New session - show last login attempt. |
|
| 79 | - // TODO: this currently does NOT surface to the frontend in any way. |
|
| 80 | - $lastLoginAttempt = LoginAttempt::get()->filter([ |
|
| 81 | - 'MemberID' => $member->ID |
|
| 82 | - ])->sort('Created DESC')->First(); |
|
| 72 | + // TODO: add this call to action in a way that doesn't break out of the availabel space. Fix CSS? |
|
| 73 | + // $message .= "If you suspect somebody else might be trying to access |
|
| 74 | + // . "your account, please contact support."; |
|
| 75 | + } |
|
| 76 | + } |
|
| 77 | + } else { |
|
| 78 | + // New session - show last login attempt. |
|
| 79 | + // TODO: this currently does NOT surface to the frontend in any way. |
|
| 80 | + $lastLoginAttempt = LoginAttempt::get()->filter([ |
|
| 81 | + 'MemberID' => $member->ID |
|
| 82 | + ])->sort('Created DESC')->First(); |
|
| 83 | 83 | |
| 84 | - if ($lastLoginAttempt) { |
|
| 85 | - $date = $lastLoginAttempt->Created; |
|
| 86 | - $message = "Last login attempt to your account was on $lastLoginAttempt->Created " |
|
| 87 | - . "from $lastLoginAttempt->IP"; |
|
| 88 | - $message .= $lastLoginAttempt->Status == 'Failure' ? " and was successful." : "and has failed."; |
|
| 89 | - } |
|
| 90 | - } |
|
| 84 | + if ($lastLoginAttempt) { |
|
| 85 | + $date = $lastLoginAttempt->Created; |
|
| 86 | + $message = "Last login attempt to your account was on $lastLoginAttempt->Created " |
|
| 87 | + . "from $lastLoginAttempt->IP"; |
|
| 88 | + $message .= $lastLoginAttempt->Status == 'Failure' ? " and was successful." : "and has failed."; |
|
| 89 | + } |
|
| 90 | + } |
|
| 91 | 91 | |
| 92 | - $session->set( |
|
| 93 | - 'LoginAttemptNotifications.SessionLastVisited', |
|
| 94 | - DBDatetime::now()->Format(DBDatetime::ISO_DATETIME) |
|
| 95 | - ); |
|
| 92 | + $session->set( |
|
| 93 | + 'LoginAttemptNotifications.SessionLastVisited', |
|
| 94 | + DBDatetime::now()->Format(DBDatetime::ISO_DATETIME) |
|
| 95 | + ); |
|
| 96 | 96 | |
| 97 | - $this->owner->getResponse()->addHeader('X-LoginAttemptNotifications', $message); |
|
| 98 | - } |
|
| 97 | + $this->owner->getResponse()->addHeader('X-LoginAttemptNotifications', $message); |
|
| 98 | + } |
|
| 99 | 99 | } |
