opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update core 8.3.0

Browse source
This commit is contained in:
Rob Davies 2017-04-13 15:53:35 +01:00
parent da7a7918f8
commit cd7a898e66
6144 changed files with 132297 additions and 87747 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/vendor/asm89/stack-cors/.gitignore vendored
View file

@ -1,4 +0,0 @@
phpunit.xml
composer.lock
composer.phar
/vendor/

13
web/vendor/asm89/stack-cors/.travis.yml vendored
View file

@ -1,13 +0,0 @@
language: php
php:
- 5.3
- 5.4
- 5.5
- 5.6
- 7.0
- hhvm
before_script: composer install --dev
script: phpunit

19
web/vendor/asm89/stack-cors/LICENSE vendored Normal file
View file

@ -0,0 +1,19 @@
Copyright (c) 2013-2017 Alexander <iam.asm89@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

47
web/vendor/asm89/stack-cors/README.md vendored
View file

@ -2,12 +2,11 @@
Library and middleware enabling cross-origin resource sharing for your
http-{foundation,kernel} using application. It attempts to implement the
[W3C Candidate Recommendation] for cross-origin resource sharing.
[W3C Recommendation] for cross-origin resource sharing.
[W3C Candidate Recommendation]: http://www.w3.org/TR/cors/
[W3C Recommendation]: http://www.w3.org/TR/cors/
Master [![Build Status](https://secure.travis-ci.org/asm89/stack-cors.png?branch=master)](http://travis-ci.org/asm89/stack-cors)
Develop [![Build Status](https://secure.travis-ci.org/asm89/stack-cors.png?branch=develop)](http://travis-ci.org/asm89/stack-cors)
## Installation
@ -15,27 +14,11 @@ Require `asm89/stack-cors` using composer.
## Usage
Stack middleware:
This package can be used as a library or as [stack middleware].
```php
<?php
[stack middleware]: http://stackphp.com/
use Asm89\Stack\Cors;
$app = new Cors($app, array(
// you can use array('*') to allow any headers
'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
// you can use array('*') to allow any methods
'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'),
// you can use array('*') to allow requests from any origin
'allowedOrigins' => array('localhost'),
'exposedHeaders' => false,
'maxAge' => false,
'supportsCredentials' => false,
));
```
Or use the library:
### Example: using the library
```php
<?php
@ -57,3 +40,23 @@ $cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);
```
## Example: using the stack middleware
```php
<?php
use Asm89\Stack\Cors;
$app = new Cors($app, array(
// you can use array('*') to allow any headers
'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
// you can use array('*') to allow any methods
'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'),
// you can use array('*') to allow requests from any origin
'allowedOrigins' => array('localhost'),
'exposedHeaders' => false,
'maxAge' => false,
'supportsCredentials' => false,
));
```

29
web/vendor/asm89/stack-cors/composer.json vendored
View file

@ -12,11 +12,32 @@
}
],
"require": {
"php": ">=5.3.2",
"symfony/http-foundation": "~2.1|~3.0",
"symfony/http-kernel": "~2.1|~3.0"
"php": ">=5.5.9",
"symfony/http-foundation": "~2.7|~3.0",
"symfony/http-kernel": "~2.7|~3.0"
},
"require-dev": {
"phpunit/phpunit": "^5.0 || ^4.8.10",
"squizlabs/php_codesniffer": "^2.3"
},
"autoload": {
"psr-0": { "Asm89\\Stack": "src/" }
"psr-4": {
"Asm89\\Stack\\": "src/Asm89/Stack/"
}
},
"autoload-dev": {
"psr-4": {
"Asm89\\Stack\\": "test/Asm89/Stack/"
}
},
"scripts": {
"test": "phpunit",
"check-style": "phpcs -p --standard=PSR2 --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 src",
"fix-style": "phpcbf -p --standard=PSR2 --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 src"
},
"extra": {
"branch-alias": {
"dev-master": "1.1-dev"
}
}
}

26
web/vendor/asm89/stack-cors/phpunit.xml.dist vendored
View file

@ -1,26 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
backupStaticAttributes="false"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
syntaxCheck="false"
bootstrap="test/bootstrap.php"
>
<testsuites>
<testsuite name="Stack Cors Test Suite">
<directory>./test/Asm89/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist>
<directory suffix=".php">./src/</directory>
</whitelist>
</filter>
</phpunit>

14
web/vendor/asm89/stack-cors/src/Asm89/Stack/Cors.php vendored Executable file → Normal file
View file

@ -1,5 +1,14 @@
<?php
/*
* This file is part of asm89/stack-cors.
*
* (c) Alexander <iam.asm89@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Asm89\Stack;
use Symfony\Component\HttpKernel\HttpKernelInterface;
@ -31,12 +40,11 @@ class Cors implements HttpKernelInterface
{
$this->app = $app;
$this->cors = new CorsService(array_merge($this->defaultOptions, $options));
}
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
{
if ( ! $this->cors->isCorsRequest($request)) {
if (!$this->cors->isCorsRequest($request)) {
return $this->app->handle($request, $type, $catch);
}
@ -44,7 +52,7 @@ class Cors implements HttpKernelInterface
return $this->cors->handlePreflightRequest($request);
}
if ( ! $this->cors->isActualRequestAllowed($request)) {
if (!$this->cors->isActualRequestAllowed($request)) {
return new Response('Not allowed.', 403);
}

48
web/vendor/asm89/stack-cors/src/Asm89/Stack/CorsService.php vendored Executable file → Normal file
View file

@ -1,5 +1,14 @@
<?php
/*
* This file is part of asm89/stack-cors.
*
* (c) Alexander <iam.asm89@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Asm89\Stack;
use Symfony\Component\HttpKernel\HttpKernelInterface;
@ -17,7 +26,6 @@ class CorsService
private function normalizeOptions(array $options = array())
{
$options += array(
'allowedOrigins' => array(),
'supportsCredentials' => false,
@ -29,18 +37,18 @@ class CorsService
// normalize array('*') to true
if (in_array('*', $options['allowedOrigins'])) {
$options['allowedOrigins'] = true;
$options['allowedOrigins'] = true;
}
if (in_array('*', $options['allowedHeaders'])) {
$options['allowedHeaders'] = true;
$options['allowedHeaders'] = true;
} else {
$options['allowedHeaders'] = array_map('strtolower', $options['allowedHeaders']);
$options['allowedHeaders'] = array_map('strtolower', $options['allowedHeaders']);
}
if (in_array('*', $options['allowedMethods'])) {
$options['allowedMethods'] = true;
$options['allowedMethods'] = true;
} else {
$options['allowedMethods'] = array_map('strtoupper', $options['allowedMethods']);
$options['allowedMethods'] = array_map('strtoupper', $options['allowedMethods']);
}
return $options;
@ -53,25 +61,25 @@ class CorsService
public function isCorsRequest(Request $request)
{
return $request->headers->has('Origin');
return $request->headers->has('Origin') && !$this->isSameHost($request);
}
public function isPreflightRequest(Request $request)
{
return $this->isCorsRequest($request)
&&$request->getMethod() === 'OPTIONS'
&& $request->getMethod() === 'OPTIONS'
&& $request->headers->has('Access-Control-Request-Method');
}
public function addActualRequestHeaders(Response $response, Request $request)
{
if ( ! $this->checkOrigin($request)) {
if (!$this->checkOrigin($request)) {
return $response;
}
$response->headers->set('Access-Control-Allow-Origin', $request->headers->get('Origin'));
if ( ! $response->headers->has('Vary')) {
if (!$response->headers->has('Vary')) {
$response->headers->set('Vary', 'Origin');
} else {
$response->headers->set('Vary', $response->headers->get('Vary') . ', Origin');
@ -126,11 +134,11 @@ class CorsService
private function checkPreflightRequestConditions(Request $request)
{
if ( ! $this->checkOrigin($request)) {
if (!$this->checkOrigin($request)) {
return $this->createBadRequestResponse(403, 'Origin not allowed');
}
if ( ! $this->checkMethod($request)) {
if (!$this->checkMethod($request)) {
return $this->createBadRequestResponse(405, 'Method not allowed');
}
@ -138,10 +146,10 @@ class CorsService
// if allowedHeaders has been set to true ('*' allow all flag) just skip this check
if ($this->options['allowedHeaders'] !== true && $request->headers->has('Access-Control-Request-Headers')) {
$headers = strtolower($request->headers->get('Access-Control-Request-Headers'));
$requestHeaders = explode(',', $headers);
$requestHeaders = array_filter(explode(',', $headers));
foreach ($requestHeaders as $header) {
if ( ! in_array(trim($header), $this->options['allowedHeaders'])) {
if (!in_array(trim($header), $this->options['allowedHeaders'])) {
return $this->createBadRequestResponse(403, 'Header not allowed');
}
}
@ -155,7 +163,13 @@ class CorsService
return new Response($reason, $code);
}
private function checkOrigin(Request $request) {
private function isSameHost(Request $request)
{
return $request->headers->get('Origin') === $request->getSchemeAndHttpHost();
}
private function checkOrigin(Request $request)
{
if ($this->options['allowedOrigins'] === true) {
// allow all '*' flag
return true;
@ -165,7 +179,8 @@ class CorsService
return in_array($origin, $this->options['allowedOrigins']);
}
private function checkMethod(Request $request) {
private function checkMethod(Request $request)
{
if ($this->options['allowedMethods'] === true) {
// allow all '*' flag
return true;
@ -174,5 +189,4 @@ class CorsService
$requestMethod = strtoupper($request->headers->get('Access-Control-Request-Method'));
return in_array($requestMethod, $this->options['allowedMethods']);
}
}

395
web/vendor/asm89/stack-cors/test/Asm89/Stack/CorsTest.php vendored
View file

@ -1,395 +0,0 @@
<?php
namespace Asm89\Stack;
use PHPUnit_Framework_TestCase;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
class CorsTest extends PHPUnit_Framework_TestCase
{
/**
* @test
*/
public function it_does_not_modify_on_a_request_without_origin()
{
$app = $this->createStackedApp();
$unmodifiedResponse = new Response();
$response = $app->handle(new Request());
$this->assertEquals($unmodifiedResponse->headers, $response->headers);
}
/**
* @test
*/
public function it_returns_403_on_valid_actual_request_with_origin_not_allowed()
{
$app = $this->createStackedApp(array('allowedOrigins' => array('notlocalhost')));
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertEquals(403, $response->getStatusCode());
}
/**
* @test
*/
public function it_returns_allow_origin_header_on_valid_actual_request()
{
$app = $this->createStackedApp();
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Origin'));
$this->assertEquals('localhost', $response->headers->get('Access-Control-Allow-Origin'));
}
/**
* @test
*/
public function it_returns_allow_origin_header_on_allow_all_origin_request()
{
$app = $this->createStackedApp(array('allowedOrigins' => array('*')));
$request = new Request();
$request->headers->set('Origin', 'http://localhost');
$response = $app->handle($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertTrue($response->headers->has('Access-Control-Allow-Origin'));
$this->assertEquals('http://localhost', $response->headers->get('Access-Control-Allow-Origin'));
}
/**
* @test
*/
public function it_returns_allow_headers_header_on_allow_all_headers_request()
{
$app = $this->createStackedApp(array('allowedHeaders' => array('*')));
$request = $this->createValidPreflightRequest();
$request->headers->set('Access-Control-Request-Headers', 'Foo, BAR');
$response = $app->handle($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('FOO, BAR', $response->headers->get('Access-Control-Allow-Headers'));
}
/**
* @test
*/
public function it_does_not_return_allow_origin_header_on_valid_actual_request_with_origin_not_allowed()
{
$app = $this->createStackedApp(array('allowedOrigins' => array('notlocalhost')));
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertFalse($response->headers->has('Access-Control-Allow-Origin'));
}
/**
* @test
*/
public function it_sets_allow_credentials_header_when_flag_is_set_on_valid_actual_request()
{
$app = $this->createStackedApp(array('supportsCredentials' => true));
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Credentials'));
$this->assertEquals('true', $response->headers->get('Access-Control-Allow-Credentials'));
}
/**
* @test
*/
public function it_does_not_set_allow_credentials_header_when_flag_is_not_set_on_valid_actual_request()
{
$app = $this->createStackedApp();
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertFalse($response->headers->has('Access-Control-Allow-Credentials'));
}
/**
* @test
*/
public function it_sets_exposed_headers_when_configured_on_actual_request()
{
$app = $this->createStackedApp(array('exposedHeaders' => array('x-exposed-header', 'x-another-exposed-header')));
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Expose-Headers'));
$this->assertEquals('x-exposed-header, x-another-exposed-header', $response->headers->get('Access-Control-Expose-Headers'));
}
/**
* @test
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
*/
public function it_adds_a_vary_header()
{
$app = $this->createStackedApp();
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Vary'));
$this->assertEquals('Origin', $response->headers->get('Vary'));
}
/**
* @test
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
*/
public function it_appends_an_existing_vary_header()
{
$app = $this->createStackedApp(array(), array('Vary' => 'Content-Type'));
$request = $this->createValidActualRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Vary'));
$this->assertEquals('Content-Type, Origin', $response->headers->get('Vary'));
}
/**
* @test
*/
public function it_returns_access_control_headers_on_cors_request()
{
$app = $this->createStackedApp();
$request = new Request();
$request->headers->set('Origin', 'localhost');
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Origin'));
$this->assertEquals('localhost', $response->headers->get('Access-Control-Allow-Origin'));
}
/**
* @test
*/
public function it_returns_access_control_headers_on_valid_preflight_request()
{
$app = $this->createStackedApp();
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Origin'));
$this->assertEquals('localhost', $response->headers->get('Access-Control-Allow-Origin'));
}
/**
* @test
*/
public function it_returns_403_on_valid_preflight_request_with_origin_not_allowed()
{
$app = $this->createStackedApp(array('allowedOrigins' => array('notlocalhost')));
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertEquals(403, $response->getStatusCode());
}
/**
* @test
*/
public function it_does_not_modify_request_with_origin_not_allowed()
{
$passedOptions = array(
'allowedOrigins' => array('notlocalhost'),
);
$service = new CorsService($passedOptions);
$request = $this->createValidActualRequest();
$response = new Response();
$service->addActualRequestHeaders($response, $request);
$this->assertEquals($response, new Response());
}
/**
* @test
*/
public function it_returns_405_on_valid_preflight_request_with_method_not_allowed()
{
$app = $this->createStackedApp(array('allowedMethods' => array('put')));
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertEquals(405, $response->getStatusCode());
}
/**
* @test
*/
public function it_allow_methods_on_valid_preflight_request()
{
$app = $this->createStackedApp(array('allowedMethods' => array('get', 'put')));
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Methods'));
// it will uppercase the methods
$this->assertEquals('GET, PUT', $response->headers->get('Access-Control-Allow-Methods'));
}
/**
* @test
*/
public function it_returns_valid_preflight_request_with_allow_methods_all()
{
$app = $this->createStackedApp(array('allowedMethods' => array('*')));
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Methods'));
// it will return the Access-Control-Request-Method pass in the request
$this->assertEquals('GET', $response->headers->get('Access-Control-Allow-Methods'));
}
/**
* @test
*/
public function it_returns_403_on_valid_preflight_request_with_one_of_the_requested_headers_not_allowed()
{
$app = $this->createStackedApp();
$request = $this->createValidPreflightRequest();
$request->headers->set('Access-Control-Request-Headers', 'x-not-allowed-header');
$response = $app->handle($request);
$this->assertEquals(403, $response->getStatusCode());
}
/**
* @test
*/
public function it_returns_ok_on_valid_preflight_request_with_requested_headers_allowed()
{
$app = $this->createStackedApp();
$requestHeaders = 'X-Allowed-Header, x-other-allowed-header';
$request = $this->createValidPreflightRequest();
$request->headers->set('Access-Control-Request-Headers', $requestHeaders);
$response = $app->handle($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertTrue($response->headers->has('Access-Control-Allow-Headers'));
// the response will have the "allowedHeaders" value passed to Cors rather than the request one
$this->assertEquals('x-allowed-header, x-other-allowed-header', $response->headers->get('Access-Control-Allow-Headers'));
}
/**
* @test
*/
public function it_sets_allow_credentials_header_when_flag_is_set_on_valid_preflight_request()
{
$app = $this->createStackedApp(array('supportsCredentials' => true));
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Allow-Credentials'));
$this->assertEquals('true', $response->headers->get('Access-Control-Allow-Credentials'));
}
/**
* @test
*/
public function it_does_not_set_allow_credentials_header_when_flag_is_not_set_on_valid_preflight_request()
{
$app = $this->createStackedApp();
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertFalse($response->headers->has('Access-Control-Allow-Credentials'));
}
/**
* @test
*/
public function it_sets_max_age_when_set()
{
$app = $this->createStackedApp(array('maxAge' => 42));
$request = $this->createValidPreflightRequest();
$response = $app->handle($request);
$this->assertTrue($response->headers->has('Access-Control-Max-Age'));
$this->assertEquals(42, $response->headers->get('Access-Control-Max-Age'));
}
private function createValidActualRequest()
{
$request = new Request();
$request->headers->set('Origin', 'localhost');
return $request;
}
private function createValidPreflightRequest()
{
$request = new Request();
$request->headers->set('Origin', 'localhost');
$request->headers->set('Access-Control-Request-Method', 'get');
$request->setMethod('OPTIONS');
return $request;
}
private function createStackedApp(array $options = array(), array $responseHeaders = array())
{
$passedOptions = array_merge(array(
'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
'allowedMethods' => array('delete', 'get', 'post', 'put'),
'allowedOrigins' => array('localhost'),
'exposedHeaders' => false,
'maxAge' => false,
'supportsCredentials' => false,
),
$options
);
return new Cors(new MockApp($responseHeaders), $passedOptions);
}
}
class MockApp implements HttpKernelInterface
{
private $responseHeaders;
public function __construct(array $responseHeaders)
{
$this->responseHeaders = $responseHeaders;
}
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
{
$response = new Response();
$response->headers->add($this->responseHeaders);
return $response;
}
}

10
web/vendor/asm89/stack-cors/test/bootstrap.php vendored
View file

@ -1,10 +0,0 @@
<?php
if (file_exists($file = __DIR__.'/../vendor/autoload.php')) {
$loader = require_once $file;
$loader->add('Asm89\Stack', __DIR__);
$loader->add('Asm89\Stack', __DIR__ . '/../src');
} else {
throw new RuntimeException('Install dependencies to run test suite.');
}