From a43b52ab7ad862810e50a051812328e4ba117da4 Mon Sep 17 00:00:00 2001 From: Brooke Bryan Date: Mon, 10 Feb 2020 18:12:03 +0000 Subject: [PATCH] Insecure Request Upgrade --- src/HealthCheckCondition.php | 5 +++ src/Routes/InsecureRequestUpgradeRoute.php | 27 +++++++++++++ tests/HealthCheckConditionTest.php | 38 +++++++++++++++++++ .../InsecureRequestUpgradeRouteTest.php | 30 +++++++++++++++ 4 files changed, 100 insertions(+) create mode 100644 src/Routes/InsecureRequestUpgradeRoute.php create mode 100644 tests/HealthCheckConditionTest.php create mode 100644 tests/Routes/InsecureRequestUpgradeRouteTest.php diff --git a/src/HealthCheckCondition.php b/src/HealthCheckCondition.php index 690161b..8e0f5ab 100644 --- a/src/HealthCheckCondition.php +++ b/src/HealthCheckCondition.php @@ -15,4 +15,9 @@ public function match(Context $context): bool $hasHeader = $hasHeader || stripos($r->userAgent(), 'elb-healthchecker') !== false; return $hasHeader || stripos($r->path(), '_ah/health') !== false; } + + public static function i() + { + return new static(); + } } diff --git a/src/Routes/InsecureRequestUpgradeRoute.php b/src/Routes/InsecureRequestUpgradeRoute.php new file mode 100644 index 0000000..fd09e87 --- /dev/null +++ b/src/Routes/InsecureRequestUpgradeRoute.php @@ -0,0 +1,27 @@ +add(FuncCondition::i(function (Context $c) { return !$c->request()->isSecure(true); })); + } + + public function getHandler() + { + return new FuncHandler( + function (Context $c) { + return RedirectResponse::create( + str_replace('http:', 'https:', $c->request()->getUri()) + ); + } + ); + } +} diff --git a/tests/HealthCheckConditionTest.php b/tests/HealthCheckConditionTest.php new file mode 100644 index 0000000..65fe1c0 --- /dev/null +++ b/tests/HealthCheckConditionTest.php @@ -0,0 +1,38 @@ +assertFalse(HealthCheckCondition::i()->match(new Context(Request::create('http://www.test.com:8080/')))); + $this->assertTrue( + HealthCheckCondition::i()->match(new Context(Request::create('http://www.test.com:8080/_ah/health'))) + ); + + $ctx = new Context(Request::create('http://www.test.com:8080/')); + $this->assertFalse(HealthCheckCondition::i()->match($ctx)); + + $ctx = new Context( + Request::create('http://www.test.com:8080/', 'GET', [], [], [], ['HTTP_USER_AGENT' => 'GoogleHC/1']) + ); + $this->assertTrue(HealthCheckCondition::i()->match($ctx)); + + $ctx = new Context( + Request::create('http://www.test.com:8080/', 'GET', [], [], [], ['HTTP_USER_AGENT' => 'kube-probe']) + ); + $this->assertTrue(HealthCheckCondition::i()->match($ctx)); + + $ctx = new Context( + Request::create('http://www.test.com:8080/', 'GET', [], [], [], ['HTTP_USER_AGENT' => 'elb-healthchecker']) + ); + $this->assertTrue(HealthCheckCondition::i()->match($ctx)); + } +} diff --git a/tests/Routes/InsecureRequestUpgradeRouteTest.php b/tests/Routes/InsecureRequestUpgradeRouteTest.php new file mode 100644 index 0000000..0f7d992 --- /dev/null +++ b/tests/Routes/InsecureRequestUpgradeRouteTest.php @@ -0,0 +1,30 @@ +assertTrue($route->match($ctx)); + /** @var RedirectResponse|null $resp */ + $resp = $route->getHandler()->handle($ctx); + $this->assertInstanceOf(RedirectResponse::class, $resp); + $this->assertEquals('https://www.google.com/a/b/c/?d=e&f=g', $resp->getTargetUrl()); + } + + public function testHttpsIgnore() + { + $ctx = new Context(Request::create('https://www.google.com/')); + $route = InsecureRequestUpgradeRoute::i(); + $this->assertFalse($route->match($ctx)); + } +}