From a4b2648a288110350c0ff8dc784626668112ab84 Mon Sep 17 00:00:00 2001 From: Zach Smith Date: Fri, 26 Jan 2018 11:43:52 -0800 Subject: Remove rejection handler, respond with default set of allowed methods and origins to all options requests in DriverRoute --- .../scala/xyz/driver/core/rest/DriverAppTest.scala | 60 +++++++++++++++++----- .../xyz/driver/core/rest/DriverRouteTest.scala | 4 +- 2 files changed, 51 insertions(+), 13 deletions(-) (limited to 'src/test/scala/xyz') diff --git a/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala b/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala index f5602be..991d7c5 100644 --- a/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala +++ b/src/test/scala/xyz/driver/core/rest/DriverAppTest.scala @@ -1,7 +1,7 @@ package xyz.driver.core.rest import akka.http.scaladsl.model.headers._ -import akka.http.scaladsl.model.{HttpMethods, StatusCodes} +import akka.http.scaladsl.model.{HttpMethod, HttpMethods, StatusCodes} import akka.http.scaladsl.server.Directives._ import akka.http.scaladsl.server.Route import akka.http.scaladsl.settings.RoutingSettings @@ -15,8 +15,9 @@ import scala.reflect.runtime.universe._ class DriverAppTest extends FlatSpec with ScalatestRouteTest with Matchers { class TestRoute extends DriverRoute { - override def log: Logger = xyz.driver.core.logging.NoLogger - override def route: Route = path("api" / "v1" / "test")(post(complete("OK"))) + override def log: Logger = xyz.driver.core.logging.NoLogger + override def config: Config = xyz.driver.core.config.loadDefaultConfig + override def route: Route = path("api" / "v1" / "test")(post(complete("OK"))) } val module: Module = new Module { @@ -30,29 +31,64 @@ class DriverAppTest extends FlatSpec with ScalatestRouteTest with Matchers { appName = "test-app", version = "0.1", gitHash = "deadb33f", - modules = Seq(module) + modules = Seq(module), + log = xyz.driver.core.logging.NoLogger ) val config: Config = xyz.driver.core.config.loadDefaultConfig val routingSettings: RoutingSettings = RoutingSettings(config) - val appRoute: Route = - Route.seal(app.appRoute)(routingSettings = routingSettings, rejectionHandler = DriverApp.rejectionHandler) + val appRoute: Route = Route.seal(app.appRoute)(routingSettings = routingSettings) + + val allowedMethods: collection.immutable.Seq[HttpMethod] = { + import scala.collection.JavaConverters._ + config + .getStringList("application.cors.allowedMethods") + .asScala + .flatMap(HttpMethods.getForKey) + .to[collection.immutable.Seq] + } + + val allowedOrigin: Origin = { + import scala.collection.JavaConverters._ + Origin( + config + .getConfigList("application.cors.allowedOrigins") + .asScala + .map { c => + HttpOrigin(c.getString("scheme"), Host(c.getString("hostSuffix"))) + }(scala.collection.breakOut): _*) + } "DriverApp" should "respond with the correct CORS headers for the swagger OPTIONS route" in { Options(s"/api-docs/swagger.json") ~> appRoute ~> check { status shouldBe StatusCodes.OK - info(response.toString()) - headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange.*)) - headers should contain(`Access-Control-Allow-Methods`(HttpMethods.GET)) + headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigin.origins: _*))) + header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods } } it should "respond with the correct CORS headers for the test route" in { Options(s"/api/v1/test") ~> appRoute ~> check { status shouldBe StatusCodes.OK - info(response.toString()) - headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange.*)) - headers should contain(`Access-Control-Allow-Methods`(HttpMethods.GET, HttpMethods.POST)) + headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigin.origins: _*))) + header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods + } + } + + it should "allow subdomains of allowed origin suffixes" in { + Options(s"/api/v1/test").withHeaders(Origin(HttpOrigin("https", Host("foo.example.com")))) ~> appRoute ~> check { + status shouldBe StatusCodes.OK + headers should contain(`Access-Control-Allow-Origin`(HttpOrigin("https", Host("foo.example.com")))) + header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods + } + } + + it should "respond with default domains for invalid origins" in { + Options(s"/api/v1/test") + .withHeaders(Origin(HttpOrigin("https", Host("invalid.foo.bar.com")))) ~> appRoute ~> check { + status shouldBe StatusCodes.OK + headers should contain(`Access-Control-Allow-Origin`(HttpOriginRange(allowedOrigin.origins: _*))) + header[`Access-Control-Allow-Methods`].get.methods should contain theSameElementsAs allowedMethods } } } diff --git a/src/test/scala/xyz/driver/core/rest/DriverRouteTest.scala b/src/test/scala/xyz/driver/core/rest/DriverRouteTest.scala index f402261..c763dda 100644 --- a/src/test/scala/xyz/driver/core/rest/DriverRouteTest.scala +++ b/src/test/scala/xyz/driver/core/rest/DriverRouteTest.scala @@ -4,6 +4,7 @@ import akka.http.scaladsl.model.StatusCodes import akka.http.scaladsl.server.Directives.{complete => akkaComplete} import akka.http.scaladsl.server.Route import akka.http.scaladsl.testkit.ScalatestRouteTest +import com.typesafe.config.Config import com.typesafe.scalalogging.Logger import org.scalatest.{AsyncFlatSpec, Matchers} import xyz.driver.core.logging.NoLogger @@ -13,7 +14,8 @@ import scala.concurrent.Future class DriverRouteTest extends AsyncFlatSpec with ScalatestRouteTest with Matchers { class TestRoute(override val route: Route) extends DriverRoute { - override def log: Logger = NoLogger + override def log: Logger = NoLogger + override def config: Config = xyz.driver.core.config.loadDefaultConfig } "DriverRoute" should "respond with 200 OK for a basic route" in { -- cgit v1.2.3