1 files changed, 48 insertions, 12 deletions

diff --git a/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala b/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala
index f5602be..991d7c5 100644
--- a/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala
+++ b/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala
@@ -1,7 +1,7 @@
 package xyz.driver.core.rest
 
 import akka.http.scaladsl.model.headers._
-import akka.http.scaladsl.model.{HttpMethods, StatusCodes}
+import akka.http.scaladsl.model.{HttpMethod, HttpMethods, StatusCodes}
 import akka.http.scaladsl.server.Directives._
 import akka.http.scaladsl.server.Route
 import akka.http.scaladsl.settings.RoutingSettings
@@ -15,8 +15,9 @@ import scala.reflect.runtime.universe._
 
 class DriverAppTest extends FlatSpec with ScalatestRouteTest with Matchers {
   class TestRoute extends DriverRoute {
-    override def log: Logger  = xyz.driver.core.logging.NoLogger
-    override def route: Route = path("api" / "v1" / "test")(post(complete("OK")))
+    override def log: Logger    = xyz.driver.core.logging.NoLogger
+    override def config: Config = xyz.driver.core.config.loadDefaultConfig
+    override def route: Route   = path("api" / "v1" / "test")(post(complete("OK")))
   }
 
   val module: Module = new Module {
@@ -30,29 +31,64 @@ class DriverAppTest extends FlatSpec with ScalatestRouteTest with Matchers {
     appName = "test-app",
     version = "0.1",
     gitHash = "deadb33f",
-    modules = Seq(module)
+    modules = Seq(module),
+    log = xyz.driver.core.logging.NoLogger
   )
 
   val config: Config                   = xyz.driver.core.config.loadDefaultConfig
   val routingSettings: RoutingSettings = RoutingSettings(config)
-  val appRoute: Route =
-    Route.seal(app.appRoute)(routingSettings = routingSettings, rejectionHandler = DriverApp.rejectionHandler)
+  val appRoute: Route                  = Route.seal(app.appRoute)(routingSettings = routingSettings)
+
+  val allowedMethods: collection.immutable.Seq[HttpMethod] = {
+    import scala.collection.JavaConverters._
+    config
+      .getStringList("application.cors.allowedMethods")
+      .asScala
+      .flatMap(HttpMethods.getForKey)
+      .to[collection.immutable.Seq]
+  }
+
+  val allowedOrigin: Origin = {
+    import scala.collection.JavaConverters._
+    Origin(
+      config
+        .getConfigList("application.cors.allowedOrigins")
+        .asScala
+        .map { c =>
+          HttpOrigin(c.getString("scheme"), Host(c.getString("hostSuffix")))
+        }(scala.collection.breakOut): _*)
+  }
 
   "DriverApp" should "respond with the correct CORS headers for the swagger OPTIONS route" in {
     Options(s"/api-docs/swagger.json") ~> appRoute ~> check {
       status shouldBe StatusCodes.OK
-      info(response.toString())
-      headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange.*))
-      headers should contain(`Access-Control-Allow-Methods`(HttpMethods.GET))
+      headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigin.origins: _*)))
+      header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
     }
   }
 
   it should "respond with the correct CORS headers for the test route" in {
     Options(s"/api/v1/test") ~> appRoute ~> check {
       status shouldBe StatusCodes.OK
-      info(response.toString())
-      headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange.*))
-      headers should contain(`Access-Control-Allow-Methods`(HttpMethods.GET, HttpMethods.POST))
+      headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigin.origins: _*)))
+      header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
+    }
+  }
+
+  it should "allow subdomains of allowed origin suffixes" in {
+    Options(s"/api/v1/test").withHeaders(Origin(HttpOrigin("https", Host("foo.example.com")))) ~> appRoute ~> check {
+      status shouldBe StatusCodes.OK
+      headers should contain(`Access-Control-Allow-Origin`(HttpOrigin("https", Host("foo.example.com"))))
+      header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
+    }
+  }
+
+  it should "respond with default domains for invalid origins" in {
+    Options(s"/api/v1/test")
+      .withHeaders(Origin(HttpOrigin("https", Host("invalid.foo.bar.com")))) ~> appRoute ~> check {
+      status shouldBe StatusCodes.OK
+      headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigin.origins: _*)))
+      header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods
     }
   }
 }