silverstripe /
cwp-core
@@ -10,56 +10,56 @@ |
||
| 10 | 10 | |
| 11 | 11 | class CWPVersionExtensionTest extends SapphireTest |
| 12 | 12 | { |
| 13 | - /** |
|
| 14 | - * @var VersionProvider|PHPUnit_Framework_MockObject_MockObject |
|
| 15 | - */ |
|
| 16 | - protected $versionProvider; |
|
| 13 | + /** |
|
| 14 | + * @var VersionProvider|PHPUnit_Framework_MockObject_MockObject |
|
| 15 | + */ |
|
| 16 | + protected $versionProvider; |
|
| 17 | 17 | |
| 18 | - /** |
|
| 19 | - * @var LeftAndMain|PHPUnit_Framework_MockObject_MockObject |
|
| 20 | - */ |
|
| 21 | - protected $leftAndMain; |
|
| 18 | + /** |
|
| 19 | + * @var LeftAndMain|PHPUnit_Framework_MockObject_MockObject |
|
| 20 | + */ |
|
| 21 | + protected $leftAndMain; |
|
| 22 | 22 | |
| 23 | - protected function setUp() |
|
| 24 | - { |
|
| 25 | - parent::setUp(); |
|
| 23 | + protected function setUp() |
|
| 24 | + { |
|
| 25 | + parent::setUp(); |
|
| 26 | 26 | |
| 27 | - $this->versionProvider = $this->createMock(VersionProvider::class); |
|
| 28 | - $this->leftAndMain = $this->createMock(LeftAndMain::class); |
|
| 27 | + $this->versionProvider = $this->createMock(VersionProvider::class); |
|
| 28 | + $this->leftAndMain = $this->createMock(LeftAndMain::class); |
|
| 29 | 29 | |
| 30 | - $this->leftAndMain |
|
| 31 | - ->expects($this->atLeastOnce()) |
|
| 32 | - ->method('getVersionProvider') |
|
| 33 | - ->willReturn($this->versionProvider); |
|
| 34 | - } |
|
| 30 | + $this->leftAndMain |
|
| 31 | + ->expects($this->atLeastOnce()) |
|
| 32 | + ->method('getVersionProvider') |
|
| 33 | + ->willReturn($this->versionProvider); |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * @param array $modules |
|
| 38 | - * @param string $expected |
|
| 39 | - * @dataProvider getVersionProvider |
|
| 40 | - */ |
|
| 41 | - public function testGetVersion($modules, $expected) |
|
| 42 | - { |
|
| 43 | - $this->versionProvider->expects($this->once()) |
|
| 44 | - ->method('getModuleVersionFromComposer') |
|
| 45 | - ->willReturn($modules); |
|
| 36 | + /** |
|
| 37 | + * @param array $modules |
|
| 38 | + * @param string $expected |
|
| 39 | + * @dataProvider getVersionProvider |
|
| 40 | + */ |
|
| 41 | + public function testGetVersion($modules, $expected) |
|
| 42 | + { |
|
| 43 | + $this->versionProvider->expects($this->once()) |
|
| 44 | + ->method('getModuleVersionFromComposer') |
|
| 45 | + ->willReturn($modules); |
|
| 46 | 46 | |
| 47 | - $extension = new CWPVersionExtension(); |
|
| 48 | - $extension->setOwner($this->leftAndMain); |
|
| 47 | + $extension = new CWPVersionExtension(); |
|
| 48 | + $extension->setOwner($this->leftAndMain); |
|
| 49 | 49 | |
| 50 | - $result = $extension->getCWPVersionNumber(); |
|
| 51 | - $this->assertSame($expected, $result); |
|
| 52 | - } |
|
| 50 | + $result = $extension->getCWPVersionNumber(); |
|
| 51 | + $this->assertSame($expected, $result); |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * @return array |
|
| 56 | - */ |
|
| 57 | - public function getVersionProvider() |
|
| 58 | - { |
|
| 59 | - return [ |
|
| 60 | - 'dev version' => [['cwp/cwp-core' => '2.3.x-dev'], '2.3'], |
|
| 61 | - 'stable version' => [['cwp/cwp-core' => '2.2.0'], '2.2'], |
|
| 62 | - 'not found' => [[], ''], |
|
| 63 | - ]; |
|
| 64 | - } |
|
| 54 | + /** |
|
| 55 | + * @return array |
|
| 56 | + */ |
|
| 57 | + public function getVersionProvider() |
|
| 58 | + { |
|
| 59 | + return [ |
|
| 60 | + 'dev version' => [['cwp/cwp-core' => '2.3.x-dev'], '2.3'], |
|
| 61 | + 'stable version' => [['cwp/cwp-core' => '2.2.0'], '2.2'], |
|
| 62 | + 'not found' => [[], ''], |
|
| 63 | + ]; |
|
| 64 | + } |
|
| 65 | 65 | } |
@@ -7,23 +7,23 @@ |
||
| 7 | 7 | |
| 8 | 8 | class CWPVersionExtension extends Extension |
| 9 | 9 | { |
| 10 | - /** |
|
| 11 | - * Gets the version of cwp/cwp-core and returns the major.minor version from it |
|
| 12 | - * |
|
| 13 | - * @return string |
|
| 14 | - */ |
|
| 15 | - public function getCWPVersionNumber() |
|
| 16 | - { |
|
| 17 | - /** @var VersionProvider $versionProvider */ |
|
| 18 | - $versionProvider = $this->owner->getVersionProvider(); |
|
| 10 | + /** |
|
| 11 | + * Gets the version of cwp/cwp-core and returns the major.minor version from it |
|
| 12 | + * |
|
| 13 | + * @return string |
|
| 14 | + */ |
|
| 15 | + public function getCWPVersionNumber() |
|
| 16 | + { |
|
| 17 | + /** @var VersionProvider $versionProvider */ |
|
| 18 | + $versionProvider = $this->owner->getVersionProvider(); |
|
| 19 | 19 | |
| 20 | - $modules = $versionProvider->getModuleVersionFromComposer(['cwp/cwp-core']); |
|
| 21 | - if (empty($modules)) { |
|
| 22 | - return ''; |
|
| 23 | - } |
|
| 20 | + $modules = $versionProvider->getModuleVersionFromComposer(['cwp/cwp-core']); |
|
| 21 | + if (empty($modules)) { |
|
| 22 | + return ''; |
|
| 23 | + } |
|
| 24 | 24 | |
| 25 | - // Example: "2.2.x-dev" |
|
| 26 | - $cwpCore = $modules['cwp/cwp-core']; |
|
| 27 | - return (string) substr($cwpCore, 0, strpos($cwpCore, '.', 2)); |
|
| 28 | - } |
|
| 25 | + // Example: "2.2.x-dev" |
|
| 26 | + $cwpCore = $modules['cwp/cwp-core']; |
|
| 27 | + return (string) substr($cwpCore, 0, strpos($cwpCore, '.', 2)); |
|
| 28 | + } |
|
| 29 | 29 | } |
@@ -24,6 +24,6 @@ |
||
| 24 | 24 | |
| 25 | 25 | // Example: "2.2.x-dev" |
| 26 | 26 | $cwpCore = $modules['cwp/cwp-core']; |
| 27 | - return (string) substr($cwpCore, 0, strpos($cwpCore, '.', 2)); |
|
| 27 | + return (string)substr($cwpCore, 0, strpos($cwpCore, '.', 2)); |
|
| 28 | 28 | } |
| 29 | 29 | } |
@@ -12,108 +12,108 @@ |
||
| 12 | 12 | */ |
| 13 | 13 | class InitialisationMiddleware implements HTTPMiddleware |
| 14 | 14 | { |
| 15 | - use Configurable; |
|
| 16 | - |
|
| 17 | - /** |
|
| 18 | - * Disable the automatically added 'X-XSS-Protection' header that is added to all responses. This should be left |
|
| 19 | - * alone in most circumstances to include the header. Refer to Mozilla Developer Network for more information: |
|
| 20 | - * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection |
|
| 21 | - * |
|
| 22 | - * @config |
|
| 23 | - * @var bool |
|
| 24 | - */ |
|
| 25 | - private static $xss_protection_enabled = true; |
|
| 26 | - |
|
| 27 | - /** |
|
| 28 | - * Enable egress proxy. This works on the principle of setting http(s)_proxy environment variables, |
|
| 29 | - * which will be automatically picked up by curl. This means RestfulService and raw curl |
|
| 30 | - * requests should work out of the box. Stream-based requests need extra manual configuration. |
|
| 31 | - * Refer to https://www.cwp.govt.nz/guides/core-technical-documentation/common-web-platform-core/en/how-tos/external_http_requests_with_proxy |
|
| 32 | - * |
|
| 33 | - * @config |
|
| 34 | - * @var bool |
|
| 35 | - */ |
|
| 36 | - private static $egress_proxy_default_enabled = true; |
|
| 37 | - |
|
| 38 | - /** |
|
| 39 | - * Configure the list of domains to bypass proxy by setting the NO_PROXY environment variable. |
|
| 40 | - * 'services.cwp.govt.nz' needs to be present for Solr and Docvert internal CWP integration. |
|
| 41 | - * 'localhost' is necessary for accessing services on the same instance such as tika-server for text extraction. |
|
| 42 | - * |
|
| 43 | - * @config |
|
| 44 | - * @var string[] |
|
| 45 | - */ |
|
| 46 | - private static $egress_proxy_exclude_domains = [ |
|
| 47 | - 'services.cwp.govt.nz', |
|
| 48 | - 'localhost', |
|
| 49 | - ]; |
|
| 50 | - |
|
| 51 | - public function process(HTTPRequest $request, callable $delegate) |
|
| 52 | - { |
|
| 53 | - if ($this->config()->get('egress_proxy_default_enabled')) { |
|
| 54 | - $this->configureEgressProxy(); |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - $this->configureProxyDomainExclusions(); |
|
| 58 | - |
|
| 59 | - $response = $delegate($request); |
|
| 60 | - |
|
| 61 | - if ($this->config()->get('xss_protection_enabled') && $response) { |
|
| 62 | - $response->addHeader('X-XSS-Protection', '1; mode=block'); |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - return $response; |
|
| 66 | - } |
|
| 67 | - |
|
| 68 | - /** |
|
| 69 | - * If the outbound egress proxy details have been defined in environment variables, configure the proxy |
|
| 70 | - * variables that are used to configure it. |
|
| 71 | - */ |
|
| 72 | - protected function configureEgressProxy() |
|
| 73 | - { |
|
| 74 | - if (!Environment::getEnv('SS_OUTBOUND_PROXY') |
|
| 75 | - || !Environment::getEnv('SS_OUTBOUND_PROXY_PORT') |
|
| 76 | - ) { |
|
| 77 | - return; |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - $proxy = Environment::getEnv('SS_OUTBOUND_PROXY'); |
|
| 81 | - $proxyPort = Environment::getEnv('SS_OUTBOUND_PROXY_PORT'); |
|
| 82 | - |
|
| 83 | - /* |
|
| 15 | + use Configurable; |
|
| 16 | + |
|
| 17 | + /** |
|
| 18 | + * Disable the automatically added 'X-XSS-Protection' header that is added to all responses. This should be left |
|
| 19 | + * alone in most circumstances to include the header. Refer to Mozilla Developer Network for more information: |
|
| 20 | + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection |
|
| 21 | + * |
|
| 22 | + * @config |
|
| 23 | + * @var bool |
|
| 24 | + */ |
|
| 25 | + private static $xss_protection_enabled = true; |
|
| 26 | + |
|
| 27 | + /** |
|
| 28 | + * Enable egress proxy. This works on the principle of setting http(s)_proxy environment variables, |
|
| 29 | + * which will be automatically picked up by curl. This means RestfulService and raw curl |
|
| 30 | + * requests should work out of the box. Stream-based requests need extra manual configuration. |
|
| 31 | + * Refer to https://www.cwp.govt.nz/guides/core-technical-documentation/common-web-platform-core/en/how-tos/external_http_requests_with_proxy |
|
| 32 | + * |
|
| 33 | + * @config |
|
| 34 | + * @var bool |
|
| 35 | + */ |
|
| 36 | + private static $egress_proxy_default_enabled = true; |
|
| 37 | + |
|
| 38 | + /** |
|
| 39 | + * Configure the list of domains to bypass proxy by setting the NO_PROXY environment variable. |
|
| 40 | + * 'services.cwp.govt.nz' needs to be present for Solr and Docvert internal CWP integration. |
|
| 41 | + * 'localhost' is necessary for accessing services on the same instance such as tika-server for text extraction. |
|
| 42 | + * |
|
| 43 | + * @config |
|
| 44 | + * @var string[] |
|
| 45 | + */ |
|
| 46 | + private static $egress_proxy_exclude_domains = [ |
|
| 47 | + 'services.cwp.govt.nz', |
|
| 48 | + 'localhost', |
|
| 49 | + ]; |
|
| 50 | + |
|
| 51 | + public function process(HTTPRequest $request, callable $delegate) |
|
| 52 | + { |
|
| 53 | + if ($this->config()->get('egress_proxy_default_enabled')) { |
|
| 54 | + $this->configureEgressProxy(); |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + $this->configureProxyDomainExclusions(); |
|
| 58 | + |
|
| 59 | + $response = $delegate($request); |
|
| 60 | + |
|
| 61 | + if ($this->config()->get('xss_protection_enabled') && $response) { |
|
| 62 | + $response->addHeader('X-XSS-Protection', '1; mode=block'); |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + return $response; |
|
| 66 | + } |
|
| 67 | + |
|
| 68 | + /** |
|
| 69 | + * If the outbound egress proxy details have been defined in environment variables, configure the proxy |
|
| 70 | + * variables that are used to configure it. |
|
| 71 | + */ |
|
| 72 | + protected function configureEgressProxy() |
|
| 73 | + { |
|
| 74 | + if (!Environment::getEnv('SS_OUTBOUND_PROXY') |
|
| 75 | + || !Environment::getEnv('SS_OUTBOUND_PROXY_PORT') |
|
| 76 | + ) { |
|
| 77 | + return; |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + $proxy = Environment::getEnv('SS_OUTBOUND_PROXY'); |
|
| 81 | + $proxyPort = Environment::getEnv('SS_OUTBOUND_PROXY_PORT'); |
|
| 82 | + |
|
| 83 | + /* |
|
| 84 | 84 | * This sets the environment variables so they are available in |
| 85 | 85 | * external calls executed by exec() such as curl. |
| 86 | 86 | * Environment::setEnv() would only availabe in context of SilverStripe. |
| 87 | 87 | * Environment::getEnv() will fallback to getenv() and will therefore |
| 88 | 88 | * fetch the variables |
| 89 | 89 | */ |
| 90 | - putenv('http_proxy=' . $proxy . ':' . $proxyPort); |
|
| 91 | - putenv('https_proxy=' . $proxy . ':' . $proxyPort); |
|
| 92 | - } |
|
| 93 | - |
|
| 94 | - /** |
|
| 95 | - * Configure any domains that should be excluded from egress proxy rules and provide them to the environment |
|
| 96 | - */ |
|
| 97 | - protected function configureProxyDomainExclusions() |
|
| 98 | - { |
|
| 99 | - $noProxy = $this->config()->get('egress_proxy_exclude_domains'); |
|
| 100 | - if (empty($noProxy)) { |
|
| 101 | - return; |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - if (!is_array($noProxy)) { |
|
| 105 | - $noProxy = [$noProxy]; |
|
| 106 | - } |
|
| 107 | - |
|
| 108 | - // Merge with exsiting if needed. |
|
| 109 | - if (Environment::getEnv('NO_PROXY')) { |
|
| 110 | - $noProxy = array_merge(explode(',', Environment::getEnv('NO_PROXY')), $noProxy); |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - /* |
|
| 90 | + putenv('http_proxy=' . $proxy . ':' . $proxyPort); |
|
| 91 | + putenv('https_proxy=' . $proxy . ':' . $proxyPort); |
|
| 92 | + } |
|
| 93 | + |
|
| 94 | + /** |
|
| 95 | + * Configure any domains that should be excluded from egress proxy rules and provide them to the environment |
|
| 96 | + */ |
|
| 97 | + protected function configureProxyDomainExclusions() |
|
| 98 | + { |
|
| 99 | + $noProxy = $this->config()->get('egress_proxy_exclude_domains'); |
|
| 100 | + if (empty($noProxy)) { |
|
| 101 | + return; |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + if (!is_array($noProxy)) { |
|
| 105 | + $noProxy = [$noProxy]; |
|
| 106 | + } |
|
| 107 | + |
|
| 108 | + // Merge with exsiting if needed. |
|
| 109 | + if (Environment::getEnv('NO_PROXY')) { |
|
| 110 | + $noProxy = array_merge(explode(',', Environment::getEnv('NO_PROXY')), $noProxy); |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + /* |
|
| 114 | 114 | * Set the environment varial for NO_PROXY the same way the |
| 115 | 115 | * proxy variables are set above |
| 116 | 116 | */ |
| 117 | - putenv('NO_PROXY=' . implode(',', array_unique($noProxy))); |
|
| 118 | - } |
|
| 117 | + putenv('NO_PROXY=' . implode(',', array_unique($noProxy))); |
|
| 118 | + } |
|
| 119 | 119 | } |
@@ -87,7 +87,7 @@ |
||
| 87 | 87 | * Environment::getEnv() will fallback to getenv() and will therefore |
| 88 | 88 | * fetch the variables |
| 89 | 89 | */ |
| 90 | - putenv('http_proxy=' . $proxy . ':' . $proxyPort); |
|
| 90 | + putenv('http_proxy=' . $proxy . ':' . $proxyPort); |
|
| 91 | 91 | putenv('https_proxy=' . $proxy . ':' . $proxyPort); |
| 92 | 92 | } |
| 93 | 93 | |
@@ -14,106 +14,106 @@ |
||
| 14 | 14 | |
| 15 | 15 | class InitialisationMiddlewareTest extends FunctionalTest |
| 16 | 16 | { |
| 17 | - /** |
|
| 18 | - * @var HTTPRequest |
|
| 19 | - */ |
|
| 20 | - protected $request; |
|
| 21 | - |
|
| 22 | - /** |
|
| 23 | - * @var InitialisationMiddleware |
|
| 24 | - */ |
|
| 25 | - protected $middleware; |
|
| 26 | - |
|
| 27 | - protected $usesDatabase = true; |
|
| 28 | - |
|
| 29 | - protected function setUp() |
|
| 30 | - { |
|
| 31 | - parent::setUp(); |
|
| 32 | - |
|
| 33 | - $this->request = new HTTPRequest('GET', '/'); |
|
| 34 | - $this->middleware = new InitialisationMiddleware(); |
|
| 35 | - |
|
| 36 | - Environment::setEnv('SS_OUTBOUND_PROXY', ''); |
|
| 37 | - Environment::setEnv('SS_OUTBOUND_PROXY_PORT', ''); |
|
| 38 | - putenv('NO_PROXY='); |
|
| 39 | - } |
|
| 40 | - |
|
| 41 | - public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet() |
|
| 42 | - { |
|
| 43 | - $this->runMiddleware(); |
|
| 44 | - |
|
| 45 | - $this->assertEmpty( |
|
| 46 | - Environment::getEnv('http_proxy'), |
|
| 47 | - 'Proxy information is not set if no outbound proxy is configured' |
|
| 48 | - ); |
|
| 49 | - } |
|
| 50 | - |
|
| 51 | - public function testConfigureEgressProxyWhenVarsAreSet() |
|
| 52 | - { |
|
| 53 | - Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com'); |
|
| 54 | - Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024'); |
|
| 55 | - |
|
| 56 | - $this->runMiddleware(); |
|
| 57 | - |
|
| 58 | - $this->assertEquals( |
|
| 59 | - 'http://example.com:8024', |
|
| 60 | - Environment::getEnv('http_proxy'), |
|
| 61 | - 'Proxy is configured with proxy and port' |
|
| 62 | - ); |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined() |
|
| 66 | - { |
|
| 67 | - Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains'); |
|
| 68 | - |
|
| 69 | - $this->runMiddleware(); |
|
| 70 | - |
|
| 71 | - $this->assertSame( |
|
| 72 | - '', |
|
| 73 | - Environment::getEnv('NO_PROXY'), |
|
| 74 | - 'No domain exclusions are set when none are defined' |
|
| 75 | - ); |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - public function testConfigureEgressProxyDomainExclusions() |
|
| 79 | - { |
|
| 80 | - Config::modify()->set( |
|
| 81 | - InitialisationMiddleware::class, |
|
| 82 | - 'egress_proxy_exclude_domains', |
|
| 83 | - 'example.com' |
|
| 84 | - ); |
|
| 85 | - |
|
| 86 | - putenv('NO_PROXY=foo.com,bar.com'); |
|
| 87 | - $this->runMiddleware(); |
|
| 88 | - |
|
| 89 | - $this->assertSame( |
|
| 90 | - 'foo.com,bar.com,example.com', |
|
| 91 | - Environment::getEnv('NO_PROXY'), |
|
| 92 | - 'Domain exclusions are combined with existing values and configuration settings' |
|
| 93 | - ); |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - public function testSecurityHeadersAddedByDefault() |
|
| 97 | - { |
|
| 98 | - $response = $this->get('Security/login'); |
|
| 99 | - $this->assertArrayHasKey('x-xss-protection', $response->getHeaders()); |
|
| 100 | - $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection')); |
|
| 101 | - } |
|
| 102 | - |
|
| 103 | - public function testXSSProtectionHeaderNotAdded() |
|
| 104 | - { |
|
| 105 | - Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_enabled', false); |
|
| 106 | - $response = $this->get('Security/login'); |
|
| 107 | - $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders()); |
|
| 108 | - } |
|
| 109 | - |
|
| 110 | - /** |
|
| 111 | - * Runs the middleware with a stubbed delegate |
|
| 112 | - */ |
|
| 113 | - protected function runMiddleware() |
|
| 114 | - { |
|
| 115 | - $this->middleware->process($this->request, function () { |
|
| 116 | - // no op |
|
| 117 | - }); |
|
| 118 | - } |
|
| 17 | + /** |
|
| 18 | + * @var HTTPRequest |
|
| 19 | + */ |
|
| 20 | + protected $request; |
|
| 21 | + |
|
| 22 | + /** |
|
| 23 | + * @var InitialisationMiddleware |
|
| 24 | + */ |
|
| 25 | + protected $middleware; |
|
| 26 | + |
|
| 27 | + protected $usesDatabase = true; |
|
| 28 | + |
|
| 29 | + protected function setUp() |
|
| 30 | + { |
|
| 31 | + parent::setUp(); |
|
| 32 | + |
|
| 33 | + $this->request = new HTTPRequest('GET', '/'); |
|
| 34 | + $this->middleware = new InitialisationMiddleware(); |
|
| 35 | + |
|
| 36 | + Environment::setEnv('SS_OUTBOUND_PROXY', ''); |
|
| 37 | + Environment::setEnv('SS_OUTBOUND_PROXY_PORT', ''); |
|
| 38 | + putenv('NO_PROXY='); |
|
| 39 | + } |
|
| 40 | + |
|
| 41 | + public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet() |
|
| 42 | + { |
|
| 43 | + $this->runMiddleware(); |
|
| 44 | + |
|
| 45 | + $this->assertEmpty( |
|
| 46 | + Environment::getEnv('http_proxy'), |
|
| 47 | + 'Proxy information is not set if no outbound proxy is configured' |
|
| 48 | + ); |
|
| 49 | + } |
|
| 50 | + |
|
| 51 | + public function testConfigureEgressProxyWhenVarsAreSet() |
|
| 52 | + { |
|
| 53 | + Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com'); |
|
| 54 | + Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024'); |
|
| 55 | + |
|
| 56 | + $this->runMiddleware(); |
|
| 57 | + |
|
| 58 | + $this->assertEquals( |
|
| 59 | + 'http://example.com:8024', |
|
| 60 | + Environment::getEnv('http_proxy'), |
|
| 61 | + 'Proxy is configured with proxy and port' |
|
| 62 | + ); |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined() |
|
| 66 | + { |
|
| 67 | + Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains'); |
|
| 68 | + |
|
| 69 | + $this->runMiddleware(); |
|
| 70 | + |
|
| 71 | + $this->assertSame( |
|
| 72 | + '', |
|
| 73 | + Environment::getEnv('NO_PROXY'), |
|
| 74 | + 'No domain exclusions are set when none are defined' |
|
| 75 | + ); |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + public function testConfigureEgressProxyDomainExclusions() |
|
| 79 | + { |
|
| 80 | + Config::modify()->set( |
|
| 81 | + InitialisationMiddleware::class, |
|
| 82 | + 'egress_proxy_exclude_domains', |
|
| 83 | + 'example.com' |
|
| 84 | + ); |
|
| 85 | + |
|
| 86 | + putenv('NO_PROXY=foo.com,bar.com'); |
|
| 87 | + $this->runMiddleware(); |
|
| 88 | + |
|
| 89 | + $this->assertSame( |
|
| 90 | + 'foo.com,bar.com,example.com', |
|
| 91 | + Environment::getEnv('NO_PROXY'), |
|
| 92 | + 'Domain exclusions are combined with existing values and configuration settings' |
|
| 93 | + ); |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + public function testSecurityHeadersAddedByDefault() |
|
| 97 | + { |
|
| 98 | + $response = $this->get('Security/login'); |
|
| 99 | + $this->assertArrayHasKey('x-xss-protection', $response->getHeaders()); |
|
| 100 | + $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection')); |
|
| 101 | + } |
|
| 102 | + |
|
| 103 | + public function testXSSProtectionHeaderNotAdded() |
|
| 104 | + { |
|
| 105 | + Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_enabled', false); |
|
| 106 | + $response = $this->get('Security/login'); |
|
| 107 | + $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders()); |
|
| 108 | + } |
|
| 109 | + |
|
| 110 | + /** |
|
| 111 | + * Runs the middleware with a stubbed delegate |
|
| 112 | + */ |
|
| 113 | + protected function runMiddleware() |
|
| 114 | + { |
|
| 115 | + $this->middleware->process($this->request, function () { |
|
| 116 | + // no op |
|
| 117 | + }); |
|
| 118 | + } |
|
| 119 | 119 | } |
