From d6395a3de8fab79fbb3854f00307a954c786713c Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Sat, 7 Nov 2020 12:53:14 +0100 Subject: [PATCH] Deleted everything related with authentication plugins, as shlink only supports API key auth since v2.0.0 --- module/Rest/config/auth.config.php | 23 +---- .../Action/ShortUrl/CreateShortUrlAction.php | 4 +- .../AuthenticationPluginManager.php | 12 --- .../AuthenticationPluginManagerFactory.php | 16 --- .../AuthenticationPluginManagerInterface.php | 11 --- .../Plugin/ApiKeyHeaderPlugin.php | 38 ------- .../Plugin/AuthenticationPluginInterface.php | 19 ---- .../RequestToHttpAuthPlugin.php | 55 ----------- .../RequestToHttpAuthPluginInterface.php | 16 --- .../Middleware/AuthenticationMiddleware.php | 32 ++++-- .../src/Middleware/CrossDomainMiddleware.php | 5 +- .../Middleware/AuthenticationTest.php | 12 +-- ...AuthenticationPluginManagerFactoryTest.php | 60 ------------ .../Plugin/ApiKeyHeaderPluginTest.php | 69 ------------- .../RequestToAuthPluginTest.php | 72 -------------- .../AuthenticationMiddlewareTest.php | 98 +++++++++++++------ .../Middleware/CrossDomainMiddlewareTest.php | 11 +-- 17 files changed, 100 insertions(+), 453 deletions(-) delete mode 100644 module/Rest/src/Authentication/AuthenticationPluginManager.php delete mode 100644 module/Rest/src/Authentication/AuthenticationPluginManagerFactory.php delete mode 100644 module/Rest/src/Authentication/AuthenticationPluginManagerInterface.php delete mode 100644 module/Rest/src/Authentication/Plugin/ApiKeyHeaderPlugin.php delete mode 100644 module/Rest/src/Authentication/Plugin/AuthenticationPluginInterface.php delete mode 100644 module/Rest/src/Authentication/RequestToHttpAuthPlugin.php delete mode 100644 module/Rest/src/Authentication/RequestToHttpAuthPluginInterface.php delete mode 100644 module/Rest/test/Authentication/AuthenticationPluginManagerFactoryTest.php delete mode 100644 module/Rest/test/Authentication/Plugin/ApiKeyHeaderPluginTest.php delete mode 100644 module/Rest/test/Authentication/RequestToAuthPluginTest.php diff --git a/module/Rest/config/auth.config.php b/module/Rest/config/auth.config.php index 99141364..0779502f 100644 --- a/module/Rest/config/auth.config.php +++ b/module/Rest/config/auth.config.php @@ -14,37 +14,16 @@ return [ Action\ShortUrl\SingleStepCreateShortUrlAction::class, ConfigProvider::UNVERSIONED_HEALTH_ENDPOINT_NAME, ], - - 'plugins' => [ - 'factories' => [ - Authentication\Plugin\ApiKeyHeaderPlugin::class => ConfigAbstractFactory::class, - ], - 'aliases' => [ - Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME => - Authentication\Plugin\ApiKeyHeaderPlugin::class, - ], - ], ], 'dependencies' => [ 'factories' => [ - Authentication\AuthenticationPluginManager::class => - Authentication\AuthenticationPluginManagerFactory::class, - Authentication\RequestToHttpAuthPlugin::class => ConfigAbstractFactory::class, - Middleware\AuthenticationMiddleware::class => ConfigAbstractFactory::class, ], ], ConfigAbstractFactory::class => [ - Authentication\Plugin\ApiKeyHeaderPlugin::class => [Service\ApiKeyService::class], - - Authentication\RequestToHttpAuthPlugin::class => [Authentication\AuthenticationPluginManager::class], - - Middleware\AuthenticationMiddleware::class => [ - Authentication\RequestToHttpAuthPlugin::class, - 'config.auth.routes_whitelist', - ], + Middleware\AuthenticationMiddleware::class => [Service\ApiKeyService::class, 'config.auth.routes_whitelist'], ], ]; diff --git a/module/Rest/src/Action/ShortUrl/CreateShortUrlAction.php b/module/Rest/src/Action/ShortUrl/CreateShortUrlAction.php index af6b3ecf..28941579 100644 --- a/module/Rest/src/Action/ShortUrl/CreateShortUrlAction.php +++ b/module/Rest/src/Action/ShortUrl/CreateShortUrlAction.php @@ -9,7 +9,7 @@ use Shlinkio\Shlink\Core\Exception\ValidationException; use Shlinkio\Shlink\Core\Model\CreateShortUrlData; use Shlinkio\Shlink\Core\Model\ShortUrlMeta; use Shlinkio\Shlink\Core\Validation\ShortUrlMetaInputFilter; -use Shlinkio\Shlink\Rest\Authentication\Plugin\ApiKeyHeaderPlugin; +use Shlinkio\Shlink\Rest\Middleware\AuthenticationMiddleware; class CreateShortUrlAction extends AbstractCreateShortUrlAction { @@ -28,7 +28,7 @@ class CreateShortUrlAction extends AbstractCreateShortUrlAction ]); } - $payload[ShortUrlMetaInputFilter::API_KEY] = $request->getHeaderLine(ApiKeyHeaderPlugin::HEADER_NAME); + $payload[ShortUrlMetaInputFilter::API_KEY] = AuthenticationMiddleware::apiKeyFromRequest($request); $meta = ShortUrlMeta::fromRawData($payload); return new CreateShortUrlData($payload['longUrl'], (array) ($payload['tags'] ?? []), $meta); diff --git a/module/Rest/src/Authentication/AuthenticationPluginManager.php b/module/Rest/src/Authentication/AuthenticationPluginManager.php deleted file mode 100644 index 9cd8894e..00000000 --- a/module/Rest/src/Authentication/AuthenticationPluginManager.php +++ /dev/null @@ -1,12 +0,0 @@ -has('config') ? $container->get('config') : []; - return new AuthenticationPluginManager($container, $config['auth']['plugins'] ?? []); - } -} diff --git a/module/Rest/src/Authentication/AuthenticationPluginManagerInterface.php b/module/Rest/src/Authentication/AuthenticationPluginManagerInterface.php deleted file mode 100644 index 838f4ae9..00000000 --- a/module/Rest/src/Authentication/AuthenticationPluginManagerInterface.php +++ /dev/null @@ -1,11 +0,0 @@ -apiKeyService = $apiKeyService; - } - - /** - * @throws VerifyAuthenticationException - */ - public function verify(ServerRequestInterface $request): void - { - $apiKey = $request->getHeaderLine(self::HEADER_NAME); - if (! $this->apiKeyService->check($apiKey)) { - throw VerifyAuthenticationException::forInvalidApiKey(); - } - } - - public function update(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface - { - return $response; - } -} diff --git a/module/Rest/src/Authentication/Plugin/AuthenticationPluginInterface.php b/module/Rest/src/Authentication/Plugin/AuthenticationPluginInterface.php deleted file mode 100644 index 9ae0949f..00000000 --- a/module/Rest/src/Authentication/Plugin/AuthenticationPluginInterface.php +++ /dev/null @@ -1,19 +0,0 @@ -authPluginManager = $authPluginManager; - } - - /** - * @throws MissingAuthenticationException - */ - public function fromRequest(ServerRequestInterface $request): Plugin\AuthenticationPluginInterface - { - if (! $this->hasAnySupportedHeader($request)) { - throw MissingAuthenticationException::fromExpectedTypes(self::SUPPORTED_AUTH_HEADERS); - } - - return $this->authPluginManager->get($this->getFirstAvailableHeader($request)); - } - - private function hasAnySupportedHeader(ServerRequestInterface $request): bool - { - return array_reduce( - self::SUPPORTED_AUTH_HEADERS, - fn (bool $carry, string $header) => $carry || $request->hasHeader($header), - false, - ); - } - - private function getFirstAvailableHeader(ServerRequestInterface $request): string - { - $foundHeaders = array_filter(self::SUPPORTED_AUTH_HEADERS, [$request, 'hasHeader']); - return array_shift($foundHeaders) ?? ''; - } -} diff --git a/module/Rest/src/Authentication/RequestToHttpAuthPluginInterface.php b/module/Rest/src/Authentication/RequestToHttpAuthPluginInterface.php deleted file mode 100644 index b8002431..00000000 --- a/module/Rest/src/Authentication/RequestToHttpAuthPluginInterface.php +++ /dev/null @@ -1,16 +0,0 @@ -apiKeyService = $apiKeyService; $this->routesWhitelist = $routesWhitelist; - $this->requestToAuthPlugin = $requestToAuthPlugin; } public function process(Request $request, RequestHandlerInterface $handler): Response @@ -39,10 +43,20 @@ class AuthenticationMiddleware implements MiddlewareInterface, StatusCodeInterfa return $handler->handle($request); } - $plugin = $this->requestToAuthPlugin->fromRequest($request); - $plugin->verify($request); - $response = $handler->handle($request); + $apiKey = self::apiKeyFromRequest($request); + if (empty($apiKey)) { + throw MissingAuthenticationException::fromExpectedTypes([self::API_KEY_HEADER]); + } - return $plugin->update($request, $response); + if (! $this->apiKeyService->check($apiKey)) { + throw VerifyAuthenticationException::forInvalidApiKey(); + } + + return $handler->handle($request); + } + + public static function apiKeyFromRequest(Request $request): string + { + return $request->getHeaderLine(self::API_KEY_HEADER); } } diff --git a/module/Rest/src/Middleware/CrossDomainMiddleware.php b/module/Rest/src/Middleware/CrossDomainMiddleware.php index f60c0ad1..171142a1 100644 --- a/module/Rest/src/Middleware/CrossDomainMiddleware.php +++ b/module/Rest/src/Middleware/CrossDomainMiddleware.php @@ -11,7 +11,6 @@ use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; -use Shlinkio\Shlink\Rest\Authentication; use function array_merge; use function implode; @@ -27,9 +26,7 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa // Add Allow-Origin header $response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin')) - ->withHeader('Access-Control-Expose-Headers', implode(', ', [ - Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME, - ])); + ->withHeader('Access-Control-Expose-Headers', AuthenticationMiddleware::API_KEY_HEADER); if ($request->getMethod() !== self::METHOD_OPTIONS) { return $response; } diff --git a/module/Rest/test-api/Middleware/AuthenticationTest.php b/module/Rest/test-api/Middleware/AuthenticationTest.php index f71ddfd1..61dbd2c5 100644 --- a/module/Rest/test-api/Middleware/AuthenticationTest.php +++ b/module/Rest/test-api/Middleware/AuthenticationTest.php @@ -4,22 +4,14 @@ declare(strict_types=1); namespace ShlinkioApiTest\Shlink\Rest\Middleware; -use Shlinkio\Shlink\Rest\Authentication\Plugin; -use Shlinkio\Shlink\Rest\Authentication\RequestToHttpAuthPlugin; use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase; -use function implode; -use function sprintf; - class AuthenticationTest extends ApiTestCase { /** @test */ public function authorizationErrorIsReturnedIfNoApiKeyIsSent(): void { - $expectedDetail = sprintf( - 'Expected one of the following authentication headers, ["%s"], but none were provided', - implode('", "', RequestToHttpAuthPlugin::SUPPORTED_AUTH_HEADERS), - ); + $expectedDetail = 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided'; $resp = $this->callApi(self::METHOD_GET, '/short-urls'); $payload = $this->getJsonResponsePayload($resp); @@ -41,7 +33,7 @@ class AuthenticationTest extends ApiTestCase $resp = $this->callApi(self::METHOD_GET, '/short-urls', [ 'headers' => [ - Plugin\ApiKeyHeaderPlugin::HEADER_NAME => $apiKey, + 'X-Api-Key' => $apiKey, ], ]); $payload = $this->getJsonResponsePayload($resp); diff --git a/module/Rest/test/Authentication/AuthenticationPluginManagerFactoryTest.php b/module/Rest/test/Authentication/AuthenticationPluginManagerFactoryTest.php deleted file mode 100644 index c3bd860a..00000000 --- a/module/Rest/test/Authentication/AuthenticationPluginManagerFactoryTest.php +++ /dev/null @@ -1,60 +0,0 @@ -factory = new AuthenticationPluginManagerFactory(); - } - - /** - * @test - * @dataProvider provideConfigs - */ - public function serviceIsProperlyCreatedWithExpectedPlugins(?array $config, array $expectedPlugins): void - { - $instance = ($this->factory)(new ServiceManager(['services' => [ - 'config' => $config, - ]])); - - self::assertEquals($expectedPlugins, $this->getPlugins($instance)); - } - - private function getPlugins(AuthenticationPluginManager $pluginManager): array - { - return (fn () => $this->services)->call($pluginManager); - } - - public function provideConfigs(): iterable - { - yield [null, []]; - yield [[], []]; - yield [['auth' => []], []]; - yield [['auth' => [ - 'plugins' => [], - ]], []]; - yield [['auth' => [ - 'plugins' => [ - 'services' => $plugins = [ - 'foo' => $this->prophesize(AuthenticationPluginInterface::class)->reveal(), - 'bar' => $this->prophesize(AuthenticationPluginInterface::class)->reveal(), - ], - ], - ]], $plugins]; - } -} diff --git a/module/Rest/test/Authentication/Plugin/ApiKeyHeaderPluginTest.php b/module/Rest/test/Authentication/Plugin/ApiKeyHeaderPluginTest.php deleted file mode 100644 index 53aca2dc..00000000 --- a/module/Rest/test/Authentication/Plugin/ApiKeyHeaderPluginTest.php +++ /dev/null @@ -1,69 +0,0 @@ -apiKeyService = $this->prophesize(ApiKeyServiceInterface::class); - $this->plugin = new ApiKeyHeaderPlugin($this->apiKeyService->reveal()); - } - - /** @test */ - public function verifyThrowsExceptionWhenApiKeyIsNotValid(): void - { - $apiKey = 'abc-ABC'; - $check = $this->apiKeyService->check($apiKey)->willReturn(false); - $check->shouldBeCalledOnce(); - - $this->expectException(VerifyAuthenticationException::class); - $this->expectExceptionMessage('Provided API key does not exist or is invalid'); - - $this->plugin->verify($this->createRequest($apiKey)); - } - - /** @test */ - public function verifyDoesNotThrowExceptionWhenApiKeyIsValid(): void - { - $apiKey = 'abc-ABC'; - $check = $this->apiKeyService->check($apiKey)->willReturn(true); - - $this->plugin->verify($this->createRequest($apiKey)); - - $check->shouldHaveBeenCalledOnce(); - } - - /** @test */ - public function updateReturnsResponseAsIs(): void - { - $apiKey = 'abc-ABC'; - $response = new Response(); - - $returnedResponse = $this->plugin->update($this->createRequest($apiKey), $response); - - self::assertSame($response, $returnedResponse); - } - - private function createRequest(string $apiKey): ServerRequestInterface - { - return (new ServerRequest())->withHeader(ApiKeyHeaderPlugin::HEADER_NAME, $apiKey); - } -} diff --git a/module/Rest/test/Authentication/RequestToAuthPluginTest.php b/module/Rest/test/Authentication/RequestToAuthPluginTest.php deleted file mode 100644 index db3dd2ce..00000000 --- a/module/Rest/test/Authentication/RequestToAuthPluginTest.php +++ /dev/null @@ -1,72 +0,0 @@ -pluginManager = $this->prophesize(AuthenticationPluginManagerInterface::class); - $this->requestToPlugin = new RequestToHttpAuthPlugin($this->pluginManager->reveal()); - } - - /** @test */ - public function exceptionIsFoundWhenNoneOfTheSupportedMethodsIsFound(): void - { - $request = new ServerRequest(); - - $this->expectException(MissingAuthenticationException::class); - $this->expectExceptionMessage(sprintf( - 'Expected one of the following authentication headers, ["%s"], but none were provided', - implode('", "', RequestToHttpAuthPlugin::SUPPORTED_AUTH_HEADERS), - )); - - $this->requestToPlugin->fromRequest($request); - } - - /** - * @test - * @dataProvider provideHeaders - */ - public function properPluginIsFetchedWhenAnyAuthTypeIsFound(array $headers, string $expectedHeader): void - { - $request = new ServerRequest(); - foreach ($headers as $header => $value) { - $request = $request->withHeader($header, $value); - } - - $plugin = $this->prophesize(AuthenticationPluginInterface::class); - $getPlugin = $this->pluginManager->get($expectedHeader)->willReturn($plugin->reveal()); - - $this->requestToPlugin->fromRequest($request); - - $getPlugin->shouldHaveBeenCalledOnce(); - } - - public function provideHeaders(): iterable - { - yield 'API key header' => [[ - ApiKeyHeaderPlugin::HEADER_NAME => 'foobar', - ], ApiKeyHeaderPlugin::HEADER_NAME]; - } -} diff --git a/module/Rest/test/Middleware/AuthenticationMiddlewareTest.php b/module/Rest/test/Middleware/AuthenticationMiddlewareTest.php index 1a95bbd4..db721780 100644 --- a/module/Rest/test/Middleware/AuthenticationMiddlewareTest.php +++ b/module/Rest/test/Middleware/AuthenticationMiddlewareTest.php @@ -7,20 +7,21 @@ namespace ShlinkioTest\Shlink\Rest\Middleware; use Fig\Http\Message\RequestMethodInterface; use Laminas\Diactoros\Response; use Laminas\Diactoros\ServerRequest; +use Laminas\Diactoros\ServerRequestFactory; use Mezzio\Router\Route; use Mezzio\Router\RouteResult; use PHPUnit\Framework\TestCase; use Prophecy\Argument; use Prophecy\PhpUnit\ProphecyTrait; use Prophecy\Prophecy\ObjectProphecy; -use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; use Shlinkio\Shlink\Rest\Action\HealthAction; -use Shlinkio\Shlink\Rest\Authentication\Plugin\AuthenticationPluginInterface; -use Shlinkio\Shlink\Rest\Authentication\RequestToHttpAuthPluginInterface; +use Shlinkio\Shlink\Rest\Exception\MissingAuthenticationException; +use Shlinkio\Shlink\Rest\Exception\VerifyAuthenticationException; use Shlinkio\Shlink\Rest\Middleware\AuthenticationMiddleware; +use Shlinkio\Shlink\Rest\Service\ApiKeyServiceInterface; use function Laminas\Stratigility\middleware; @@ -29,12 +30,14 @@ class AuthenticationMiddlewareTest extends TestCase use ProphecyTrait; private AuthenticationMiddleware $middleware; - private ObjectProphecy $requestToPlugin; + private ObjectProphecy $apiKeyService; + private ObjectProphecy $handler; public function setUp(): void { - $this->requestToPlugin = $this->prophesize(RequestToHttpAuthPluginInterface::class); - $this->middleware = new AuthenticationMiddleware($this->requestToPlugin->reveal(), [HealthAction::class]); + $this->apiKeyService = $this->prophesize(ApiKeyServiceInterface::class); + $this->middleware = new AuthenticationMiddleware($this->apiKeyService->reveal(), [HealthAction::class]); + $this->handler = $this->prophesize(RequestHandlerInterface::class); } /** @@ -43,16 +46,13 @@ class AuthenticationMiddlewareTest extends TestCase */ public function someWhiteListedSituationsFallbackToNextMiddleware(ServerRequestInterface $request): void { - $handler = $this->prophesize(RequestHandlerInterface::class); - $handle = $handler->handle($request)->willReturn(new Response()); - $fromRequest = $this->requestToPlugin->fromRequest(Argument::any())->willReturn( - $this->prophesize(AuthenticationPluginInterface::class)->reveal(), - ); + $handle = $this->handler->handle($request)->willReturn(new Response()); + $checkApiKey = $this->apiKeyService->check(Argument::any()); - $this->middleware->process($request, $handler->reveal()); + $this->middleware->process($request, $this->handler->reveal()); $handle->shouldHaveBeenCalledOnce(); - $fromRequest->shouldNotHaveBeenCalled(); + $checkApiKey->shouldNotHaveBeenCalled(); } public function provideWhitelistedRequests(): iterable @@ -76,30 +76,70 @@ class AuthenticationMiddlewareTest extends TestCase )->withMethod(RequestMethodInterface::METHOD_OPTIONS)]; } - /** @test */ - public function updatedResponseIsReturnedWhenVerificationPasses(): void + /** + * @test + * @dataProvider provideRequestsWithoutApiKey + */ + public function throwsExceptionWhenNoApiKeyIsProvided(ServerRequestInterface $request): void { - $newResponse = new Response(); - $request = (new ServerRequest())->withAttribute( + $this->apiKeyService->check(Argument::any())->shouldNotBeCalled(); + $this->handler->handle($request)->shouldNotBeCalled(); + $this->expectException(MissingAuthenticationException::class); + $this->expectExceptionMessage( + 'Expected one of the following authentication headers, ["X-Api-Key"], but none were provided', + ); + + $this->middleware->process($request, $this->handler->reveal()); + } + + public function provideRequestsWithoutApiKey(): iterable + { + $baseRequest = ServerRequestFactory::fromGlobals()->withAttribute( RouteResult::class, RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []), ); - $plugin = $this->prophesize(AuthenticationPluginInterface::class); - $verify = $plugin->verify($request)->will(function (): void { - }); - $update = $plugin->update($request, Argument::type(ResponseInterface::class))->willReturn($newResponse); - $fromRequest = $this->requestToPlugin->fromRequest(Argument::any())->willReturn($plugin->reveal()); + yield 'no api key' => [$baseRequest]; + yield 'empty api key' => [$baseRequest->withHeader('X-Api-Key', '')]; + } - $handler = $this->prophesize(RequestHandlerInterface::class); - $handle = $handler->handle($request)->willReturn(new Response()); - $response = $this->middleware->process($request, $handler->reveal()); + /** @test */ + public function throwsExceptionWhenProvidedApiKeyIsInvalid(): void + { + $apiKey = 'abc123'; + $request = ServerRequestFactory::fromGlobals() + ->withAttribute( + RouteResult::class, + RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []), + ) + ->withHeader('X-Api-Key', $apiKey); + + $this->apiKeyService->check($apiKey)->willReturn(false)->shouldBeCalledOnce(); + $this->handler->handle($request)->shouldNotBeCalled(); + $this->expectException(VerifyAuthenticationException::class); + $this->expectExceptionMessage('Provided API key does not exist or is invalid'); + + $this->middleware->process($request, $this->handler->reveal()); + } + + /** @test */ + public function validApiKeyFallsBackToNextMiddleware(): void + { + $apiKey = 'abc123'; + $request = ServerRequestFactory::fromGlobals() + ->withAttribute( + RouteResult::class, + RouteResult::fromRoute(new Route('bar', $this->getDummyMiddleware()), []), + ) + ->withHeader('X-Api-Key', $apiKey); + + $handle = $this->handler->handle($request)->willReturn(new Response()); + $checkApiKey = $this->apiKeyService->check($apiKey)->willReturn(true); + + $this->middleware->process($request, $this->handler->reveal()); - self::assertSame($response, $newResponse); - $verify->shouldHaveBeenCalledOnce(); - $update->shouldHaveBeenCalledOnce(); $handle->shouldHaveBeenCalledOnce(); - $fromRequest->shouldHaveBeenCalledOnce(); + $checkApiKey->shouldHaveBeenCalledOnce(); } private function getDummyMiddleware(): MiddlewareInterface diff --git a/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php b/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php index 446ede9d..03675fce 100644 --- a/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php +++ b/module/Rest/test/Middleware/CrossDomainMiddlewareTest.php @@ -13,7 +13,6 @@ use Prophecy\Argument; use Prophecy\PhpUnit\ProphecyTrait; use Prophecy\Prophecy\ObjectProphecy; use Psr\Http\Server\RequestHandlerInterface; -use Shlinkio\Shlink\Rest\Authentication; use Shlinkio\Shlink\Rest\Middleware\CrossDomainMiddleware; use function Laminas\Stratigility\middleware; @@ -64,10 +63,7 @@ class CrossDomainMiddlewareTest extends TestCase $headers = $response->getHeaders(); self::assertEquals('local', $response->getHeaderLine('Access-Control-Allow-Origin')); - self::assertEquals( - Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME, - $response->getHeaderLine('Access-Control-Expose-Headers'), - ); + self::assertEquals('X-Api-Key', $response->getHeaderLine('Access-Control-Expose-Headers')); self::assertArrayNotHasKey('Access-Control-Allow-Methods', $headers); self::assertArrayNotHasKey('Access-Control-Max-Age', $headers); self::assertArrayNotHasKey('Access-Control-Allow-Headers', $headers); @@ -89,10 +85,7 @@ class CrossDomainMiddlewareTest extends TestCase $headers = $response->getHeaders(); self::assertEquals('local', $response->getHeaderLine('Access-Control-Allow-Origin')); - self::assertEquals( - Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME, - $response->getHeaderLine('Access-Control-Expose-Headers'), - ); + self::assertEquals('X-Api-Key', $response->getHeaderLine('Access-Control-Expose-Headers')); self::assertArrayHasKey('Access-Control-Allow-Methods', $headers); self::assertEquals('1000', $response->getHeaderLine('Access-Control-Max-Age')); self::assertEquals('foo, bar, baz', $response->getHeaderLine('Access-Control-Allow-Headers'));