adding files from abdoned fork

Author: rrd108

.gitignore

@@ -0,0 +1,7 @@
+/vendor/*
+composer.phar
+.vscode/launch.json
+
+.phpunit.result.cache
+
+.phpunit.cache/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Flavien Beninca
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

composer.json

@@ -0,0 +1,24 @@
+{
+  "name": "rrd108/cakephp-cors",
+  "description": "A CakePHP plugin for activate cors domain in your application",
+  "type": "cakephp-plugin",
+  "require": {
+    "cakephp/cakephp": "^5.0",
+    "psr/http-server-handler": "^1.0",
+    "psr/http-server-middleware": "^1.0"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "^10.1"
+  },
+  "autoload": {
+    "psr-4": {
+      "Cors\\": "src"
+    }
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "Cors\\Test\\": "tests",
+      "Cake\\Test\\": "./vendor/cakephp/cakephp/tests"
+    }
+  }
+}

config/bootstrap.php

@@ -0,0 +1,34 @@
+<?php
+use Cake\Event\EventManager;
+use Cake\Core\Configure;
+use Cake\Routing\Middleware\RoutingMiddleware;
+use Cors\Routing\Middleware\CorsMiddleware;
+
+/**
+ * Configuration
+ */
+Configure::load('Cors.default', 'default');
+
+$defaultConfig = (array) Configure::consume('Cors-default');
+$personnalConfig = (array) Configure::consume('Cors');
+$config = array_merge($defaultConfig, $personnalConfig);
+
+Configure::write('Cors', $config);
+
+if ($config['exceptionRenderer'] && Configure::read('Error.exceptionRenderer') != $config['exceptionRenderer']) {
+    Configure::write('Error.baseExceptionRenderer', Configure::read('Error.exceptionRenderer'));
+    Configure::write('Error.exceptionRenderer', $config['exceptionRenderer']);
+}
+
+/**
+ * Middleware
+ */
+EventManager::instance()->on('Server.buildMiddleware',
+    function ($event, $middleware) {
+        try {
+            $middleware->insertBefore(RoutingMiddleware::class, new CorsMiddleware());
+        } catch (\LogicException $exception) {
+            $middleware->add(new CorsMiddleware());
+        }
+    }
+);

config/default.php

@@ -0,0 +1,12 @@
+<?php
+return [
+    'Cors-default' => [
+        'AllowOrigin' => true,
+        'AllowCredentials' => true,
+        'AllowMethods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'],
+        'AllowHeaders' => true,
+        'ExposeHeaders' => false,
+        'MaxAge' => 86400, // 1 day
+        'exceptionRenderer' => 'Cors\Error\AppExceptionRenderer',
+    ]
+];

phpunit.xml.dist

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         colors="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         bootstrap="tests/bootstrap.php"
+         cacheDirectory=".phpunit.cache"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.1/phpunit.xsd">
+    <php>
+        <ini name="memory_limit" value="-1"/>
+        <ini name="apc.enable_cli" value="1"/>
+    </php>
+
+    <testsuites>
+        <testsuite name="tokenAuthenticator">
+            <directory>tests/TestCase/</directory>
+        </testsuite>
+    </testsuites>
+
+    <extensions>
+        <bootstrap class="Cake\TestSuite\Fixture\Extension\PHPUnitExtension"/>
+    </extensions>
+
+    <source>
+        <include>
+            <directory suffix=".php">src/</directory>
+            <directory suffix=".php">plugins/*/src/</directory>
+        </include>
+    </source>
+</phpunit>

src/Error/AppExceptionRenderer.php

@@ -0,0 +1,30 @@
+<?php
+namespace Cors\Error;
+
+use Cake\Core\Configure;
+use Cake\Controller\Controller;
+use Cors\Routing\Middleware\CorsMiddleware;
+
+function get_dynamic_parent() {
+    return Configure::read('Error.baseExceptionRenderer');// return what you need
+}
+class_alias(get_dynamic_parent(), 'Cors\Error\BaseExceptionRenderer');
+
+class AppExceptionRenderer extends BaseExceptionRenderer
+{
+    /**
+     * Returns the current controller.
+     *
+     * @return \Cake\Controller\Controller
+     */
+    protected function _getController(): Controller
+    {
+        $controller = parent::_getController();
+        $cors = new CorsMiddleware();
+        $controller->response = $cors->addHeaders(
+            $controller->getRequest(),
+            $controller->getResponse()
+        );
+        return $controller;
+    }
+}

src/Plugin.php

@@ -0,0 +1,8 @@
+<?php
+namespace Cors;
+
+use Cake\Core\BasePlugin;
+
+class Plugin extends BasePlugin
+{
+}

src/Routing/Middleware/CorsMiddleware.php

@@ -0,0 +1,143 @@
+<?php
+namespace Cors\Routing\Middleware;
+
+use Cake\Core\Configure;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Cake\Http\Response;
+
+class CorsMiddleware implements MiddlewareInterface
+{
+    /**
+     * @param ServerRequestInterface $request
+     * @param RequestHandlerInterface $handler
+     * @return ResponseInterface
+     */
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        if (strtoupper($request->getMethod()) === 'OPTIONS') {
+            if (!array_intersect($request->getHeader("Access-Control-Request-Method"), Configure::read('Cors.AllowMethods'))) {
+                $response =  new Response([
+                    'status' => 403,
+                    'body' => 'Method Forbidden'
+                ]);
+            } else {
+                $response =  new Response([
+                    'status' => 200
+                ]);
+            }
+        } else {
+            $response = $handler->handle($request);
+        }
+
+        $response = $this->addHeaders($request, $response);
+
+        return $response;
+    }
+
+    public function addHeaders(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
+    {
+        if ($request->getHeader('Origin')) {
+            $response = $response
+                ->withHeader('Access-Control-Allow-Origin', $this->_allowOrigin($request))
+                ->withHeader('Access-Control-Allow-Credentials', $this->_allowCredentials())
+                ->withHeader('Access-Control-Max-Age', $this->_maxAge());
+
+            if (strtoupper($request->getMethod()) === 'OPTIONS') {
+                $response = $response
+                    ->withHeader('Access-Control-Expose-Headers', $this->_exposeHeaders())
+                    ->withHeader('Access-Control-Allow-Headers', $this->_allowHeaders($request))
+                    ->withHeader('Access-Control-Allow-Methods', $this->_allowMethods());
+            }
+
+        }
+
+        return $response;
+    }
+
+
+    /**
+     * @param \Psr\Http\Message\ServerRequestInterface $request
+     * @return array|string
+     */
+    private function _allowOrigin(ServerRequestInterface $request)
+    {
+        $allowOrigin = Configure::read('Cors.AllowOrigin');
+        $origin = $request->getHeader('Origin');
+
+        if ($allowOrigin === true || $allowOrigin === '*') {
+            return $origin;
+        }
+
+        if (is_array($allowOrigin)) {
+            $origin = (array) $origin;
+
+            foreach ($origin as $o) {
+                if (in_array($o, $allowOrigin)) {
+                    return $origin;
+                }
+            }
+
+            return '';
+        }
+
+        return (string)$allowOrigin;
+    }
+
+    /**
+     * @return String
+     */
+    private function _allowCredentials(): String
+    {
+        return (Configure::read('Cors.AllowCredentials')) ? 'true' : 'false';
+    }
+
+    /**
+     * @return String
+     */
+    private function _allowMethods(): String
+    {
+        return implode(', ', (array) Configure::read('Cors.AllowMethods'));
+    }
+
+    /**
+     * @param \Psr\Http\Message\ServerRequestInterface $request
+     * @return String
+     */
+    private function _allowHeaders(ServerRequestInterface $request): String
+    {
+        $allowHeaders = Configure::read('Cors.AllowHeaders');
+
+        if ($allowHeaders === true) {
+            return $request->getHeaderLine('Access-Control-Request-Headers');
+        }
+
+        return implode(', ', (array) $allowHeaders);
+    }
+
+    /**
+     * @return String
+     */
+    private function _exposeHeaders(): String
+    {
+        $exposeHeaders = Configure::read('Cors.ExposeHeaders');
+
+        if (is_string($exposeHeaders) || is_array($exposeHeaders)) {
+            return implode(', ', (array) $exposeHeaders);
+        }
+
+        return '';
+    }
+
+    /**
+     * @return String
+     */
+    private function _maxAge(): String
+    {
+        $maxAge = (string) Configure::read('Cors.MaxAge');
+
+        return ($maxAge) ?: '0';
+    }
+}

tests/TestCase/Controller/ErrorControllerTest.php

@@ -0,0 +1,35 @@
+<?php
+namespace Cors\Tests\TestCase\Controller;
+
+use PHPUnit\Framework\TestCase;
+
+class ErrorControllerTest extends TestCase
+{
+    private $controller;
+
+    public function testIncomplete() {
+        $this->markTestIncomplete('Fail with travis because ErrorController extends App\Controller\ErrorController');
+    }
+
+    // public function setUp()
+    // {
+    //     parent::setUp();
+    //     $request = new Request();
+    //     $response = new Response();
+    //     $this->controller = $this->getMockBuilder('Cors\Controller\ErrorController')
+    //         ->setConstructorArgs([$request, $response])
+    //         ->setMethods(null)
+    //         ->getMock();
+    // }
+    //
+    // public function testInitializeLoadRequestHandler() {
+    //     $this->assertInstanceOf('Cake\Controller\Component\RequestHandlerComponent', $this->controller->RequestHandler);
+    // }
+    //
+    // public function testBeforeRenderAllowAllOrigin() {
+    //     $event = new Event('Controller.startup', $this->controller);
+    //     $this->controller->beforeRender($event);
+    //     $responsesHeader = $this->controller->response->header();
+    //     $this->assertEquals('*', $responsesHeader['Access-Control-Allow-Origin']);
+    // }
+}