silverstripe /
cwp-core
@@ -10,107 +10,107 @@ |
||
| 10 | 10 | |
| 11 | 11 | class InitialisationMiddlewareTest extends FunctionalTest |
| 12 | 12 | { |
| 13 | - /** |
|
| 14 | - * @var HTTPRequest |
|
| 15 | - */ |
|
| 16 | - protected $request; |
|
| 17 | - |
|
| 18 | - /** |
|
| 19 | - * @var InitialisationMiddleware |
|
| 20 | - */ |
|
| 21 | - protected $middleware; |
|
| 22 | - |
|
| 23 | - protected $usesDatabase = true; |
|
| 24 | - |
|
| 25 | - protected function setUp() |
|
| 26 | - { |
|
| 27 | - parent::setUp(); |
|
| 28 | - |
|
| 29 | - $this->request = new HTTPRequest('GET', '/'); |
|
| 30 | - $this->middleware = new InitialisationMiddleware(); |
|
| 31 | - |
|
| 32 | - Environment::setEnv('SS_OUTBOUND_PROXY', ''); |
|
| 33 | - Environment::setEnv('SS_OUTBOUND_PROXY_PORT', ''); |
|
| 34 | - Environment::setEnv('NO_PROXY', ''); |
|
| 35 | - } |
|
| 36 | - |
|
| 37 | - public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet() |
|
| 38 | - { |
|
| 39 | - $this->runMiddleware(); |
|
| 40 | - |
|
| 41 | - $this->assertEmpty( |
|
| 42 | - Environment::getEnv('http_proxy'), |
|
| 43 | - 'Proxy information is not set if no outbound proxy is configured' |
|
| 44 | - ); |
|
| 45 | - } |
|
| 46 | - |
|
| 47 | - public function testConfigureEgressProxyWhenVarsAreSet() |
|
| 48 | - { |
|
| 49 | - Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com'); |
|
| 50 | - Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024'); |
|
| 51 | - |
|
| 52 | - $this->runMiddleware(); |
|
| 53 | - |
|
| 54 | - $this->assertEquals( |
|
| 55 | - 'http://example.com:8024', |
|
| 56 | - Environment::getEnv('http_proxy'), |
|
| 57 | - 'Proxy is configured with proxy and port' |
|
| 58 | - ); |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined() |
|
| 62 | - { |
|
| 63 | - Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains'); |
|
| 64 | - |
|
| 65 | - $this->runMiddleware(); |
|
| 66 | - |
|
| 67 | - $this->assertSame( |
|
| 68 | - '', |
|
| 69 | - Environment::getEnv('NO_PROXY'), |
|
| 70 | - 'No domain exclusions are set when none are defined' |
|
| 71 | - ); |
|
| 72 | - } |
|
| 73 | - |
|
| 74 | - public function testConfigureEgressProxyDomainExclusions() |
|
| 75 | - { |
|
| 76 | - Config::modify()->set( |
|
| 77 | - InitialisationMiddleware::class, |
|
| 78 | - 'egress_proxy_exclude_domains', |
|
| 79 | - 'example.com' |
|
| 80 | - ); |
|
| 81 | - |
|
| 82 | - Environment::setEnv('NO_PROXY', 'foo.com,bar.com'); |
|
| 83 | - |
|
| 84 | - $this->runMiddleware(); |
|
| 85 | - |
|
| 86 | - $this->assertSame( |
|
| 87 | - 'foo.com,bar.com,example.com', |
|
| 88 | - Environment::getEnv('NO_PROXY'), |
|
| 89 | - 'Domain exclusions are combined with existing values and configuration settings' |
|
| 90 | - ); |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - public function testSecurityHeadersAddedByDefault() |
|
| 94 | - { |
|
| 95 | - $response = $this->get('Security/login'); |
|
| 96 | - $this->assertArrayHasKey('x-xss-protection', $response->getHeaders()); |
|
| 97 | - $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection')); |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - public function testXSSProtectionHeaderNotAdded() |
|
| 101 | - { |
|
| 102 | - Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_enabled', false); |
|
| 103 | - $response = $this->get('Security/login'); |
|
| 104 | - $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders()); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - /** |
|
| 108 | - * Runs the middleware with a stubbed delegate |
|
| 109 | - */ |
|
| 110 | - protected function runMiddleware() |
|
| 111 | - { |
|
| 112 | - $this->middleware->process($this->request, function () { |
|
| 113 | - // no op |
|
| 114 | - }); |
|
| 115 | - } |
|
| 13 | + /** |
|
| 14 | + * @var HTTPRequest |
|
| 15 | + */ |
|
| 16 | + protected $request; |
|
| 17 | + |
|
| 18 | + /** |
|
| 19 | + * @var InitialisationMiddleware |
|
| 20 | + */ |
|
| 21 | + protected $middleware; |
|
| 22 | + |
|
| 23 | + protected $usesDatabase = true; |
|
| 24 | + |
|
| 25 | + protected function setUp() |
|
| 26 | + { |
|
| 27 | + parent::setUp(); |
|
| 28 | + |
|
| 29 | + $this->request = new HTTPRequest('GET', '/'); |
|
| 30 | + $this->middleware = new InitialisationMiddleware(); |
|
| 31 | + |
|
| 32 | + Environment::setEnv('SS_OUTBOUND_PROXY', ''); |
|
| 33 | + Environment::setEnv('SS_OUTBOUND_PROXY_PORT', ''); |
|
| 34 | + Environment::setEnv('NO_PROXY', ''); |
|
| 35 | + } |
|
| 36 | + |
|
| 37 | + public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet() |
|
| 38 | + { |
|
| 39 | + $this->runMiddleware(); |
|
| 40 | + |
|
| 41 | + $this->assertEmpty( |
|
| 42 | + Environment::getEnv('http_proxy'), |
|
| 43 | + 'Proxy information is not set if no outbound proxy is configured' |
|
| 44 | + ); |
|
| 45 | + } |
|
| 46 | + |
|
| 47 | + public function testConfigureEgressProxyWhenVarsAreSet() |
|
| 48 | + { |
|
| 49 | + Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com'); |
|
| 50 | + Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024'); |
|
| 51 | + |
|
| 52 | + $this->runMiddleware(); |
|
| 53 | + |
|
| 54 | + $this->assertEquals( |
|
| 55 | + 'http://example.com:8024', |
|
| 56 | + Environment::getEnv('http_proxy'), |
|
| 57 | + 'Proxy is configured with proxy and port' |
|
| 58 | + ); |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined() |
|
| 62 | + { |
|
| 63 | + Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains'); |
|
| 64 | + |
|
| 65 | + $this->runMiddleware(); |
|
| 66 | + |
|
| 67 | + $this->assertSame( |
|
| 68 | + '', |
|
| 69 | + Environment::getEnv('NO_PROXY'), |
|
| 70 | + 'No domain exclusions are set when none are defined' |
|
| 71 | + ); |
|
| 72 | + } |
|
| 73 | + |
|
| 74 | + public function testConfigureEgressProxyDomainExclusions() |
|
| 75 | + { |
|
| 76 | + Config::modify()->set( |
|
| 77 | + InitialisationMiddleware::class, |
|
| 78 | + 'egress_proxy_exclude_domains', |
|
| 79 | + 'example.com' |
|
| 80 | + ); |
|
| 81 | + |
|
| 82 | + Environment::setEnv('NO_PROXY', 'foo.com,bar.com'); |
|
| 83 | + |
|
| 84 | + $this->runMiddleware(); |
|
| 85 | + |
|
| 86 | + $this->assertSame( |
|
| 87 | + 'foo.com,bar.com,example.com', |
|
| 88 | + Environment::getEnv('NO_PROXY'), |
|
| 89 | + 'Domain exclusions are combined with existing values and configuration settings' |
|
| 90 | + ); |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + public function testSecurityHeadersAddedByDefault() |
|
| 94 | + { |
|
| 95 | + $response = $this->get('Security/login'); |
|
| 96 | + $this->assertArrayHasKey('x-xss-protection', $response->getHeaders()); |
|
| 97 | + $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection')); |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + public function testXSSProtectionHeaderNotAdded() |
|
| 101 | + { |
|
| 102 | + Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_enabled', false); |
|
| 103 | + $response = $this->get('Security/login'); |
|
| 104 | + $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders()); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + /** |
|
| 108 | + * Runs the middleware with a stubbed delegate |
|
| 109 | + */ |
|
| 110 | + protected function runMiddleware() |
|
| 111 | + { |
|
| 112 | + $this->middleware->process($this->request, function () { |
|
| 113 | + // no op |
|
| 114 | + }); |
|
| 115 | + } |
|
| 116 | 116 | } |
