Make apply authorization middleware compatible with PSR-15

Author: ilijastuden

src/Middleware/ApplyAuthenticationMiddleware.php

@@ -17,7 +17,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
-use Zend\Diactoros\ResponseFactory;
 
 class ApplyAuthenticationMiddleware implements MiddlewareInterface
 {
@@ -58,7 +57,14 @@ public function __invoke(
 
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
-        return (new ResponseFactory())->createResponse();
+        if (!$this->apply_on_exit) {
+            $request = $this->applyToRequest($request);
+        }
+
+        $response = $handler->handle($request);
+        $response = $this->applyToResponse($request, $response);
+
+        return $response;
     }
 
     private function applyToRequest(ServerRequestInterface $request): ServerRequestInterface

test/src/ApplyAuthenticationMiddlewareTest.php

@@ -124,8 +124,13 @@ public function testUserIsAuthenticated()
 
     /**
      * Test if authentication is applied based on request attribute, when middleware is called as PSR-15 middleware.
+     *
+     * @dataProvider provideDataForPsr15Test
+     * @param bool $applyOnExit
      */
-    public function testUserIsAuthenticatedPsr15()
+    public function testUserIsAuthenticatedPsr15(
+        bool $applyOnExit
+    )
     {
         $user = new AuthenticatedUser(
             1,
@@ -178,10 +183,15 @@ public function testUserIsAuthenticatedPsr15()
                 ]
             ));
 
-        $middleware = new ApplyAuthenticationMiddleware(new RequestValueContainer('test_transport'));
-        $this->assertFalse($middleware->applyOnExit());
+        $middleware = new ApplyAuthenticationMiddleware(
+            new RequestValueContainer('test_transport'),
+            $applyOnExit
+        );
+
+        $this->assertSame($applyOnExit, $middleware->applyOnExit());
 
-        $response = $middleware->process($request,
+        $response = $middleware->process(
+            $request,
             new class implements RequestHandlerInterface
             {
                 public function handle(ServerRequestInterface $request): ResponseInterface
@@ -200,6 +210,14 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         $this->assertContains('my-session-id', $setCookieHeader);
     }
 
+    public function provideDataForPsr15Test(): array
+    {
+        return [
+            [true],
+            [false],
+        ];
+    }
+
     /**
      * Test if next middleware in stack is called.
      */
@@ -232,6 +250,34 @@ function (
         $this->assertSame('Yes, found!', $response->getHeaderLine('X-Test'));
     }
 
+    public function testProcessIsCalled()
+    {
+        $middlware = new ApplyAuthenticationMiddleware(
+            new RequestValueContainer('test_transport')
+        );
+
+        $handler = new class implements RequestHandlerInterface
+        {
+            private $handleIsCalled = false;
+
+            public function handle(ServerRequestInterface $request): ResponseInterface
+            {
+                $this->handleIsCalled = true;
+                return (new ResponseFactory())->createResponse();
+            }
+
+            public function isHandleCalled(): bool
+            {
+                return $this->handleIsCalled;
+            }
+        };
+
+        $response = $middlware->process($this->request, $handler);
+        $this->assertInstanceOf(ResponseInterface::class, $response);
+
+        $this->assertTrue($handler->isHandleCalled());
+    }
+
     /**
      * Test if authentication is applied based on request attribute.
      */