Funky Waddle
c845868f41
- Implement full suite of 'phred' CLI generators and utility commands (M9). - Refactor scaffolding logic to use external stubs in 'src/stubs'. - Add security hardening via SecureHeaders, Csrf, and CORS middleware (M10). - Implement JWT token issuance and validation service with lcobucci/jwt. - Integrate 'getphred/flagpole' for feature flag support. - Introduce abstract 'Middleware' base class for standardized PSR-15 implementation. - Add robust driver validation to OrmServiceProvider. - Fix JwtTokenService claims access and validation constraints. - Update MILESTONES.md status.
36 lines
1.1 KiB
PHP
36 lines
1.1 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Phred\Tests\Feature;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use Phred\Http\Kernel;
|
|
use Nyholm\Psr7\ServerRequest;
|
|
|
|
class SecurityTest extends TestCase
|
|
{
|
|
public function test_secure_headers_are_present(): void
|
|
{
|
|
$kernel = new Kernel();
|
|
$request = new ServerRequest('GET', '/_phred/health');
|
|
|
|
$response = $kernel->handle($request);
|
|
|
|
$this->assertEquals('nosniff', $response->getHeaderLine('X-Content-Type-Options'));
|
|
$this->assertEquals('SAMEORIGIN', $response->getHeaderLine('X-Frame-Options'));
|
|
}
|
|
|
|
public function test_cors_headers_are_present(): void
|
|
{
|
|
$kernel = new Kernel();
|
|
// Preflight request
|
|
$request = new ServerRequest('OPTIONS', '/_phred/health');
|
|
$request = $request->withHeader('Origin', 'http://example.com')
|
|
->withHeader('Access-Control-Request-Method', 'GET');
|
|
|
|
$response = $kernel->handle($request);
|
|
|
|
$this->assertEquals('http://example.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
|
|
}
|
|
}
|