<?php

namespace PSX\Http\Tests\Filter;

use PSX\Http\Filter\CORS;
use PSX\Http\Filter\FilterChain;
use PSX\Http\Request;
use PSX\Http\Response;
use PSX\Uri\Url;

/**
 * CORSTest
 *
 * @author  Christoph Kappestein <christoph.kappestein@gmail.com>
 * @license http://www.apache.org/licenses/LICENSE-2.0
 * @link    http://phpsx.org
 */
class CORSTest extends FilterTestCase
{
    /**
     * @dataProvider corsProvider
     */
    public function testHandle(
        $allowOrigin,
        array $allowMethods,
        array $allowHeaders,
        $allowCredentials,
        $method,
        array $headers,
        array $expectHeaders,
    ) {
        $request  = new Request(new Url('http://localhost'), $method, $headers);
        $response = new Response();

        $handle = new CORS($allowOrigin, $allowMethods, $allowHeaders, $allowCredentials);
        $handle->handle($request, $response, $this->getFilterChain(true, $request, $response));

        $this->assertEquals($expectHeaders, $response->getHeaders());
    }

    public function corsProvider()
    {
        $originTrue = function($origin) {
            return true;
        };

        $originFalse = function($origin) {
            return false;
        };

        return [
            // no origin
            // no credentials
            [null, ['GET', 'POST'], ['Content-Type'], false, 'GET', [
            ], [
            ]],
            ['*', ['GET', 'POST'], ['Content-Type'], false, 'GET', [
            ], [
            ]],
            [$originTrue, ['GET', 'POST'], ['Content-Type'], false, 'GET', [
            ], [
            ]],
            [$originFalse, ['GET', 'POST'], ['Content-Type'], false, 'GET', [
            ], [
            ]],

            // with credentials
            [null, ['GET', 'POST'], ['Content-Type'], true, 'GET', [
            ], [
            ]],
            ['*', ['GET', 'POST'], ['Content-Type'], true, 'GET', [
            ], [
            ]],
            [$originTrue, ['GET', 'POST'], ['Content-Type'], true, 'GET', [
            ], [
            ]],
            [$originFalse, ['GET', 'POST'], ['Content-Type'], true, 'GET', [
            ], [
            ]],

            // simple requests
            // no credentials
            [null, ['GET', 'POST'], ['Content-Type'], false, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
            ]],
            ['*', ['GET', 'POST'], ['Content-Type'], false, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
                'access-control-allow-origin' => ['*']
            ]],
            [$originTrue, ['GET', 'POST'], ['Content-Type'], false, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
                'access-control-allow-origin' => ['http://foo.example'],
                'vary' => ['Origin']
            ]],
            [$originFalse, ['GET', 'POST'], ['Content-Type'], false, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
            ]],

            // with crendetials
            [null, ['GET', 'POST'], ['Content-Type'], true, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
            ]],
            ['*', ['GET', 'POST'], ['Content-Type'], true, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
                'access-control-allow-origin' => ['*'],
                'access-control-allow-credentials' => ['true'],
            ]],
            [$originTrue, ['GET', 'POST'], ['Content-Type'], true, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
                'access-control-allow-origin' => ['http://foo.example'],
                'access-control-allow-credentials' => ['true'],
                'vary' => ['Origin'],
            ]],
            [$originFalse, ['GET', 'POST'], ['Content-Type'], true, 'GET', [
                'Origin' => 'http://foo.example'
            ], [
            ]],

            // prefligh requests
            // no credentials
            [null, ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
            ]],
            ['*', ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
                'access-control-allow-origin' => ['*'],
                'access-control-allow-methods' => ['GET, POST'],
                'access-control-allow-headers' => ['Content-Type'],
                'access-control-expose-headers' => ['*'],
            ]],
            [$originTrue, ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
                'access-control-allow-origin' => ['http://foo.example'],
                'access-control-allow-methods' => ['GET, POST'],
                'access-control-allow-headers' => ['Content-Type'],
                'access-control-expose-headers' => ['*'],
                'vary' => ['Origin']
            ]],
            [$originFalse, ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
            ]],

            // with credentials
            [null, ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
            ]],
            ['*', ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
                'access-control-allow-origin' => ['*'],
                'access-control-allow-methods' => ['GET, POST'],
                'access-control-allow-headers' => ['Content-Type'],
                'access-control-allow-credentials' => ['true'],
                'access-control-expose-headers' => ['*'],
            ]],
            [$originTrue, ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
                'access-control-allow-origin' => ['http://foo.example'],
                'access-control-allow-methods' => ['GET, POST'],
                'access-control-allow-headers' => ['Content-Type'],
                'access-control-allow-credentials' => ['true'],
                'access-control-expose-headers' => ['*'],
                'vary' => ['Origin'],
            ]],
            [$originFalse, ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [
                'Origin' => 'http://foo.example',
                'Access-Control-Request-Method' => 'POST',
                'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type'
            ],[
            ]],
        ];
    }

    public function testAllowOrigin()
    {
        $request  = new Request(new Url('http://localhost'), 'GET', ['Origin' => 'http://foo.example']);
        $response = new Response();

        $handle = CORS::allowOrigin('*');
        $handle->handle($request, $response, $this->getFilterChain(true, $request, $response));

        $this->assertTrue($response->hasHeader('Access-Control-Allow-Origin'));
        $this->assertEquals('*', $response->getHeader('Access-Control-Allow-Origin'));
    }
}
__halt_compiler();----SIGNATURE:----PmydaDNsnx3oDIoFC8WxP8OcZDrS9zCkvb9Ju5VtZNkTbk4KK2VlSeNprBA514m8Kh1bPPCg6HU4j6Cu2rsDa05ecJx5TKRrPD36onCgG9J5e/zSOBm3uwnNwQLAbbMoJH75fodk8xc4gJLx1R3FRvlGpRh1k0IB1/7y55GIR+hZC8rEISTMOZbwsKUwFg8Rved+KMCeRToTQtompzaGZVLVPlxUSSlHDtJgwtDZ59eZz+3C2vLaPsyF57QuBp5isNAfswcCPYY28QHP3jFW6VvkbzApxaiLtkWoART1ZxiM9/0iWlwBRFOlY75JnJ+TJwDLXlbGklmAsBzf2Cl+u1oICbHB/eU53P9fGSQmOYoSEsmtZgBBaz1v+iaKGzyGNMz10xJcie4C36KglO0RJvcJr8SueHasvjSLao+ZIFSTrAJsdwE6QdBZndNrxY+u5IO8y07yzjDeJTRXJQmtVtltQ5Hbrw2iqtF/DAHdKiXtNdfvi/ErNLbDTDdxvivB3Oln75x8r3SdG24I46nVVN9eKm7bDyOMo6/ou8kuW083rklDK6wCEOIAqoofgHU0OM5vcUBtsPxORDs6Cmcy4KS3vg2sa2l212svvY/9Z8a/7I5g3y+nU+iEBKg/wQ1VN92vtfYC97wXJ+rp0UUauAtMQEvJx35pW+18NhScHb0=----ATTACHMENT:----Mzk5NjE2NjU1MjE1ODE5NyA5ODA3NTEwNzE1OTU2NzE5IDg0MjgwMTAyNjgyODQzNzc=