add cors middleware

remove methodannotationreader namespace fix namespace for server container fix tests fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request remove uneeded local in cors middleware registratio dont uppercase cors to easily use it from routes fix indention comment fixes explicitely set allow credentials header to false dont depend on better controllers PR, fix that stuff later split cors methods to be in a seperate controller for exposing apis remove protected definitions from apicontroller since controller has it
author: Bernhard Posselt <dev@bernhard-posselt.com> 2014-05-08 11:47:18 +0200
committer: Bernhard Posselt <dev@bernhard-posselt.com> 2014-05-09 23:34:41 +0200
commit: 9a4d204b55da063631f01a780d32b3fd88c729cd (patch)
tree: 63d4905af6945ef4c0a8f350a3d85ed8d9d0e391 /tests/lib
parent: af2b7634eeb8c3bd8ec5dec8b600fbaf8ae5d498 (diff)
download: nextcloud-server-9a4d204b55da063631f01a780d32b3fd88c729cd.tar.gz
nextcloud-server-9a4d204b55da063631f01a780d32b3fd88c729cd.zip
4 files changed, 135 insertions, 3 deletions
diff --git a/tests/lib/appframework/controller/ApiControllerTest.php b/tests/lib/appframework/controller/ApiControllerTest.php
new file mode 100644
index 00000000000..b772f540ce8
--- /dev/null
+++ b/tests/lib/appframework/controller/ApiControllerTest.php
@@ -0,0 +1,55 @@
+<?php
+
+/**
+ * ownCloud - App Framework
+ *
+ * @author Bernhard Posselt
+ * @copyright 2012 Bernhard Posselt nukeawhale@gmail.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCP\AppFramework;
+
+use OC\AppFramework\Http\Request;
+use OCP\AppFramework\Http\TemplateResponse;
+
+
+class ChildApiController extends ApiController {};
+
+
+class ApiControllerTest extends \PHPUnit_Framework_TestCase {
+
+
+    public function testCors() {
+        $request = new Request(
+            array('server' => array('HTTP_ORIGIN' => 'test'))
+        );
+        $this->controller = new ChildApiController('app', $request, 'verbs',
+            'headers', 100);
+
+        $response = $this->controller->preflightedCors();
+
+        $headers = $response->getHeaders();
+
+        $this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
+        $this->assertEquals('verbs', $headers['Access-Control-Allow-Methods']);
+        $this->assertEquals('headers', $headers['Access-Control-Allow-Headers']);
+        $this->assertEquals('false', $headers['Access-Control-Allow-Credentials']);
+        $this->assertEquals(100, $headers['Access-Control-Max-Age']);
+    }
+
+}
diff --git a/tests/lib/appframework/controller/ControllerTest.php b/tests/lib/appframework/controller/ControllerTest.php
index f17d5f24aa5..b6c83125da1 100644
--- a/tests/lib/appframework/controller/ControllerTest.php
+++ b/tests/lib/appframework/controller/ControllerTest.php
@@ -22,10 +22,9 @@
  */
 
 
-namespace Test\AppFramework\Controller;
+namespace OCP\AppFramework;
 
 use OC\AppFramework\Http\Request;
-use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\TemplateResponse;
 
 
@@ -129,4 +128,5 @@ class ControllerTest extends \PHPUnit_Framework_TestCase {
 		$this->assertEquals('daheim', $this->controller->env('PATH'));
 	}
 
+
 }
diff --git a/tests/lib/appframework/http/ResponseTest.php b/tests/lib/appframework/http/ResponseTest.php
index 27350725d79..4b8d3ae50ef 100644
--- a/tests/lib/appframework/http/ResponseTest.php
+++ b/tests/lib/appframework/http/ResponseTest.php
@@ -42,7 +42,7 @@ class ResponseTest extends \PHPUnit_Framework_TestCase {
 
 
 	public function testAddHeader(){
-		$this->childResponse->addHeader('hello', 'world');
+		$this->childResponse->addHeader(' hello ', 'world');
 		$headers = $this->childResponse->getHeaders();
 		$this->assertEquals('world', $headers['hello']);
 	}
diff --git a/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
new file mode 100644
index 00000000000..8224e9b4aa6
--- /dev/null
+++ b/tests/lib/appframework/middleware/security/CORSMiddlewareTest.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * ownCloud - App Framework
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Bernhard Posselt <dev@bernhard-posselt.com>
+ * @copyright Bernhard Posselt 2014
+ */
+
+
+namespace OC\AppFramework\Middleware\Security;
+
+use OC\AppFramework\Http\Request;
+use OCP\AppFramework\Http\Response;
+
+
+class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
+
+	/**
+	 * @CORS
+	 */
+	public function testSetCORSAPIHeader() {
+		$request = new Request(
+			array('server' => array('HTTP_ORIGIN' => 'test'))
+		);
+
+		$middleware = new CORSMiddleware($request);
+		$response = $middleware->afterController($this, __FUNCTION__, new Response());
+		$headers = $response->getHeaders();
+
+		$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
+	}
+
+
+	public function testNoAnnotationNoCORSHEADER() {
+		$request = new Request(
+			array('server' => array('HTTP_ORIGIN' => 'test'))
+		);
+		$middleware = new CORSMiddleware($request);
+
+		$response = $middleware->afterController($this, __FUNCTION__, new Response());
+		$headers = $response->getHeaders();
+		$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
+	}
+
+
+	/**
+	 * @CORS
+	 */
+	public function testNoOriginHeaderNoCORSHEADER() {
+		$request = new Request();
+
+		$middleware = new CORSMiddleware($request);
+		$response = $middleware->afterController($this, __FUNCTION__, new Response());
+		$headers = $response->getHeaders();
+		$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
+	}
+
+
+	/**
+	 * @CORS
+	 * @expectedException \OC\AppFramework\Middleware\Security\SecurityException
+	 */
+	public function testCorsIgnoredIfWithCredentialsHeaderPresent() {
+		$request = new Request(
+			array('server' => array('HTTP_ORIGIN' => 'test'))
+		);
+		$middleware = new CORSMiddleware($request);
+
+		$response = new Response();
+		$response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE');
+		$response = $middleware->afterController($this, __FUNCTION__, $response);
+	}
+
+}
author	Bernhard Posselt <dev@bernhard-posselt.com>	2014-05-08 11:47:18 +0200
committer	Bernhard Posselt <dev@bernhard-posselt.com>	2014-05-09 23:34:41 +0200
commit	9a4d204b55da063631f01a780d32b3fd88c729cd (patch)
tree	63d4905af6945ef4c0a8f350a3d85ed8d9d0e391 /tests/lib
parent	af2b7634eeb8c3bd8ec5dec8b600fbaf8ae5d498 (diff)
download	nextcloud-server-9a4d204b55da063631f01a780d32b3fd88c729cd.tar.gz nextcloud-server-9a4d204b55da063631f01a780d32b3fd88c729cd.zip