From 1d96cc0279f9bcbe0013bff92f520da326ae9540 Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandrocelaya@gmail.com>
Date: Tue, 8 Jul 2025 13:17:46 +0200
Subject: [PATCH] Update CrossDomainMiddleware test

---
 .../Middleware/CrossDomainMiddlewareTest.php  | 39 +++++++++++++++----
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php b/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php
index 615b0132..5893ca8c 100644
--- a/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php
+++ b/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php
@@ -8,6 +8,7 @@ use Laminas\Diactoros\Response;
 use Laminas\Diactoros\ServerRequest;
 use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\Attributes\Test;
+use PHPUnit\Framework\Attributes\TestWith;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -16,12 +17,10 @@ use Shlinkio\Shlink\Rest\Middleware\CrossDomainMiddleware;
 
 class CrossDomainMiddlewareTest extends TestCase
 {
-    private CrossDomainMiddleware $middleware;
     private MockObject & RequestHandlerInterface $handler;
 
     protected function setUp(): void
     {
-        $this->middleware = new CrossDomainMiddleware(new CorsOptions(maxAge: 1000));
         $this->handler = $this->createMock(RequestHandlerInterface::class);
     }
 
@@ -31,7 +30,7 @@ class CrossDomainMiddlewareTest extends TestCase
         $originalResponse = (new Response())->withStatus(404);
         $this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
 
-        $response = $this->middleware->process(new ServerRequest(), $this->handler);
+        $response = $this->middleware()->process(new ServerRequest(), $this->handler);
         $headers = $response->getHeaders();
 
         self::assertSame($originalResponse, $response);
@@ -48,7 +47,7 @@ class CrossDomainMiddlewareTest extends TestCase
         $originalResponse = new Response();
         $this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
 
-        $response = $this->middleware->process((new ServerRequest())->withHeader('Origin', 'local'), $this->handler);
+        $response = $this->middleware()->process((new ServerRequest())->withHeader('Origin', 'local'), $this->handler);
         self::assertNotSame($originalResponse, $response);
 
         $headers = $response->getHeaders();
@@ -69,7 +68,7 @@ class CrossDomainMiddlewareTest extends TestCase
             ->withHeader('Access-Control-Request-Headers', 'foo, bar, baz');
         $this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
 
-        $response = $this->middleware->process($request, $this->handler);
+        $response = $this->middleware()->process($request, $this->handler);
         self::assertNotSame($originalResponse, $response);
 
         $headers = $response->getHeaders();
@@ -94,7 +93,7 @@ class CrossDomainMiddlewareTest extends TestCase
                                         ->withMethod('OPTIONS');
         $this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
 
-        $response = $this->middleware->process($request, $this->handler);
+        $response = $this->middleware()->process($request, $this->handler);
 
         self::assertEquals($response->getHeaderLine('Access-Control-Allow-Methods'), $expectedAllowedMethods);
         self::assertEquals(204, $response->getStatusCode());
@@ -118,7 +117,7 @@ class CrossDomainMiddlewareTest extends TestCase
                                         ->withHeader('Origin', 'local');
         $this->handler->expects($this->once())->method('handle')->willReturn($originalResponse);
 
-        $response = $this->middleware->process($request, $this->handler);
+        $response = $this->middleware()->process($request, $this->handler);
 
         self::assertEquals($expectedStatus, $response->getStatusCode());
     }
@@ -141,4 +140,30 @@ class CrossDomainMiddlewareTest extends TestCase
         yield 'OPTIONS 400' => ['OPTIONS', 400, 204];
         yield 'OPTIONS 500' => ['OPTIONS', 500, 204];
     }
+
+    #[Test]
+    #[TestWith([true])]
+    #[TestWith([false])]
+    public function credentialsAreAllowedIfConfiguredSo(bool $allowCredentials): void
+    {
+        $originalResponse = new Response();
+        $request = (new ServerRequest())
+            ->withMethod('OPTIONS')
+            ->withHeader('Origin', 'local');
+        $this->handler->method('handle')->willReturn($originalResponse);
+
+        $response = $this->middleware(allowCredentials: $allowCredentials)->process($request, $this->handler);
+        $headers = $response->getHeaders();
+
+        if ($allowCredentials) {
+            self::assertArrayHasKey('Access-Control-Allow-Credentials', $headers);
+        } else {
+            self::assertArrayNotHasKey('Access-Control-Allow-Credentials', $headers);
+        }
+    }
+
+    private function middleware(bool $allowCredentials = false): CrossDomainMiddleware
+    {
+        return new CrossDomainMiddleware(new CorsOptions(allowCredentials: $allowCredentials, maxAge: 1000));
+    }
 }