Merged release/2.1.0 into master

digiaonline · Feb 27, 2017 · aff5c70 · aff5c70
2 parents 5c7ba85 + 900418c
commit aff5c70
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,12 @@ NOTE: Always keep an Unreleased version at the top of this CHANGELOG for easy up
 ### Security
 - To invite users to upgrade in case of vulnerabilities.
 
+## [2.1.0] - 2017-02-27
+### Changed
+- Do not call closure in CorsMiddleware::handle() before CORS validation in CorsService::handleRequest().
+- Update tests.
+- Update CHANGELOG.
+
 ## [2.0.1] - 2017-02-20
 ### Changed
 - Composer lock-file.
@@ -168,7 +174,9 @@ NOTE: Always keep an Unreleased version at the top of this CHANGELOG for easy up
 ### Added
 - Project files.
 
-[Unreleased]: https://github.com/nordsoftware/lumen-cors/compare/2.0.0...HEAD
+[Unreleased]: https://github.com/nordsoftware/lumen-cors/compare/2.1.0...HEAD
+[2.1.0]: https://github.com/nordsoftware/lumen-cors/compare/2.0.1...2.1.0
+[2.0.1]: https://github.com/nordsoftware/lumen-cors/compare/2.0.0...2.0.1
 [2.0.0]: https://github.com/nordsoftware/lumen-cors/compare/1.7.0...2.0.0
 [1.7.0]: https://github.com/nordsoftware/lumen-cors/compare/1.6.0...1.7.0
 [1.6.0]: https://github.com/nordsoftware/lumen-cors/compare/1.5.2...1.6.0

diff --git a/src/Contracts/CorsService.php b/src/Contracts/CorsService.php
@@ -1,5 +1,6 @@
 <?php namespace Nord\Lumen\Cors\Contracts;
 
+use Closure;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -20,11 +21,11 @@ public function handlePreflightRequest(Request $request);
      * Handles the actual request.
      *
      * @param Request  $request
-     * @param Response $response
+     * @param Closure $next
      *
      * @return Response
      */
-    public function handleRequest(Request $request, Response $response);
+    public function handleRequest(Request $request, Closure $next);
 
 
     /**

diff --git a/src/CorsMiddleware.php b/src/CorsMiddleware.php
@@ -42,6 +42,6 @@ public function handle(Request $request, Closure $next)
             return $this->service->handlePreflightRequest($request);
         }
 
-        return $this->service->handleRequest($request, $next($request));
+        return $this->service->handleRequest($request, $next);
     }
 }
diff --git a/src/CorsService.php b/src/CorsService.php
@@ -1,5 +1,6 @@
 <?php namespace Nord\Lumen\Cors;
 
+use Closure;
 use Illuminate\Http\Exceptions\HttpResponseException;
 use Nord\Lumen\Cors\Exceptions\InvalidArgument;
 use Symfony\Component\HttpFoundation\Request;
@@ -102,15 +103,15 @@ public function handlePreflightRequest(Request $request)
     /**
      * @inheritdoc
      */
-    public function handleRequest(Request $request, Response $response)
+    public function handleRequest(Request $request, Closure $next)
     {
         try {
             $this->validateRequest($request);
         } catch (HttpResponseException $e) {
             return $this->createResponse($request, $e->getResponse());
         }
 
-        return $this->createResponse($request, $response);
+        return $this->createResponse($request, $next($request));
     }
 
 

diff --git a/tests/unit/CorsMiddlewareTest.php b/tests/unit/CorsMiddlewareTest.php
@@ -55,6 +55,22 @@ public function testAssertIsCorsRequest()
             verify($res)->hasAttribute('headers');
             verify($res->headers->get('Access-Control-Allow-Origin'))->equals('http://example.com');
         });
+
+        $service = new CorsService([
+            'allow_origins' => ['http://foo.com'],
+        ]);
+        $this->middleware = new CorsMiddleware($service);
+        $this->specify('Closure not called when origin is not allowed', function () {
+            $req = new Request();
+            $req->headers->set('Origin', 'http://bar.com');
+            $res = $this->middleware->handle($req, function () {
+                $res = new JsonResponse();
+                $res->headers->set('X-Closure-Called', 1);
+                return $res;
+            });
+            verify($res)->hasAttribute('headers');
+            verify($res->headers->get('X-Closure-Called'))->equals(null);
+        });
     }
 
     /**

diff --git a/tests/unit/CorsServiceTest.php b/tests/unit/CorsServiceTest.php
@@ -2,6 +2,7 @@
 
 namespace Nord\Lumen\Cors\Tests;
 
+use Closure;
 use Nord\Lumen\Cors\CorsService;
 use Illuminate\Http\Exception\HttpResponseException;
 use Symfony\Component\HttpFoundation\Request;
@@ -31,6 +32,11 @@ class CorsServiceTest extends \Codeception\Test\Unit
      */
     protected $response;
 
+    /**
+     * @var Closure
+     */
+    protected $closure;
+
     public function testServiceConfig()
     {
         $this->specify('service config allow_credentials is not boolean', function () {
@@ -251,14 +257,18 @@ public function testHandleRequest()
 
         $this->response = new Response;
 
+        $this->closure  = function () {
+            return new Response;
+        };
+
         $this->service = new CorsService([
             'allow_origins' => ['*'],
         ]);
 
         $this->specify('response origin header is set', function () {
             $this->request->headers->set('Origin', 'http://foo.com');
 
-            $response = $this->service->handleRequest($this->request, $this->response);
+            $response = $this->service->handleRequest($this->request, $this->closure);
 
             verify($response->headers->get('Access-Control-Allow-Origin'))->equals('http://foo.com');
         });
@@ -271,7 +281,7 @@ public function testHandleRequest()
             $this->request->headers->set('Origin', 'http://foo.com');
             $this->request->headers->set('Vary', 'Accept-Encoding');
 
-            $response = $this->service->handleRequest($this->request, $this->response);
+            $response = $this->service->handleRequest($this->request, $this->closure);
 
             verify($response->headers->get('Vary'))->equals('Accept-Encoding, Origin');
         });
@@ -286,7 +296,7 @@ public function testHandleRequest()
         $this->specify('response credentials header is set', function () {
             $this->request->headers->set('Origin', 'http://foo.com');
 
-            $response = $this->service->handleRequest($this->request, $this->response);
+            $response = $this->service->handleRequest($this->request, $this->closure);
 
             verify($response->headers->get('Access-Control-Allow-Credentials'))->equals('true');
         });
@@ -301,7 +311,7 @@ public function testHandleRequest()
         $this->specify('response expose headers header is set', function () {
             $this->request->headers->set('Origin', 'http://foo.com');
 
-            $response = $this->service->handleRequest($this->request, $this->response);
+            $response = $this->service->handleRequest($this->request, $this->closure);
 
             verify($response->headers->get('Access-Control-Expose-Headers'))->equals('accept, authorization, content-type');
         });
@@ -313,7 +323,7 @@ public function testHandleRequest()
         $this->specify('403 response when origin is not allowed', function () {
             $this->request->headers->set('Origin', 'http://bar.com');
 
-            $response = $this->service->handleRequest($this->request, $this->response);
+            $response = $this->service->handleRequest($this->request, $this->closure);
 
             verify($response->getStatusCode())->equals(403);
         });