Merge branch 'tworzenieweb-2.x.x'

Author: samsonasik

README.md

@@ -23,6 +23,7 @@ Features
 
 - [x] Enable/disable force https.
 - [x] Force Https to All routes.
+- [x] Force Https to All routes except exclusion list.
 - [x] Force Https to specific routes only.
 - [x] Keep headers, request method, and request body.
 - [x] Enable/disable HTTP Strict Transport Security Header and set its value.
@@ -79,6 +80,11 @@ return [
             'checkout',
             'payment'
         ],
+        'exclude_specific_routes' => [
+            // a lists of specific routes to not be https
+            // only works if previous config 'force_all_routes' => true
+            'non-https-route',
+        ],
         // set HTTP Strict Transport Security Header
         'strict_transport_security' => [
             // set to false to disable it

config/force-https-module.local.php.dist

@@ -8,6 +8,10 @@ return [
             // a lists of specific routes to be https
             // only works if previous config 'force_all_routes' => false
         ],
+        'exclude_specific_routes' => [
+            // a lists of specific routes to not be https
+            // only works if previous config 'force_all_routes' => true
+        ],
         // set HTTP Strict Transport Security Header
         'strict_transport_security' => [
             'enable' => true, // set to false to disable it

config/mezzio-force-https-module.local.php.dist

@@ -10,6 +10,10 @@ return [
             // a lists of specific routes to be https
             // only works if previous config 'force_all_routes' => false
         ],
+        'exclude_specific_routes' => [
+            // a lists of specific routes to not be https
+            // only works if previous config 'force_all_routes' => true
+        ],
         // set HTTP Strict Transport Security Header
         'strict_transport_security' => [
             'enable' => true, // set to false to disable it

spec/Listener/ForceHttpsSpec.php

@@ -205,6 +205,62 @@
 
             });
 
+            it('not redirect if force_all_routes is true and route name in exclude_specific_routes config', function () {
+
+                $listener = new ForceHttps([
+                    'enable'                => true,
+                    'force_all_routes'      => true,
+                    'exclude_specific_routes' => [
+                        'checkout'
+                    ],
+                    'force_specific_routes' => [],
+                ]);
+
+                allow($this->mvcEvent)->toReceive('getRequest')->andReturn($this->request);
+                allow($this->request)->toReceive('getUri')->andReturn($this->uri);
+                allow($this->uri)->toReceive('getScheme')->andReturn('http');
+                allow($this->mvcEvent)->toReceive('getRouteMatch')->andReturn($this->routeMatch);
+                allow($this->routeMatch)->toReceive('getMatchedRouteName')->andReturn('checkout');
+                allow($this->uri)->toReceive('toString')->andReturn('http://example.com/about');
+                allow($this->mvcEvent)->toReceive('getResponse')->andReturn($this->response);
+                allow($this->response)->toReceive('send');
+
+                $listener->forceHttpsScheme($this->mvcEvent);
+                expect($this->mvcEvent)->toReceive('getResponse');
+            });
+
+
+            it('redirect if force_all_routes is true and route name not in exclude_specific_routes config', function () {
+
+                $listener = new ForceHttps([
+                    'enable'                => true,
+                    'force_all_routes'      => true,
+                    'exclude_specific_routes' => [
+                        'sale'
+                    ],
+                    'force_specific_routes' => [],
+                ]);
+
+                allow($this->mvcEvent)->toReceive('getRequest')->andReturn($this->request);
+                allow($this->request)->toReceive('getUri')->andReturn($this->uri);
+                allow($this->uri)->toReceive('getScheme')->andReturn('http');
+                allow($this->mvcEvent)->toReceive('getRouteMatch')->andReturn($this->routeMatch);
+                allow($this->routeMatch)->toReceive('getMatchedRouteName')->andReturn('checkout');
+                allow($this->uri)->toReceive('setScheme')->with('https')->andReturn($this->uri);
+                allow($this->uri)->toReceive('toString')->andReturn('https://example.com/about');
+                allow($this->mvcEvent)->toReceive('getResponse')->andReturn($this->response);
+                allow($this->response)->toReceive('setStatusCode')->with(308)->andReturn($this->response);
+                allow($this->response)->toReceive('getHeaders', 'addHeaderLine')->with('Location', 'https://example.com/about');
+                allow($this->response)->toReceive('send');
+
+                $closure = function () use ($listener) {
+                    $listener->forceHttpsScheme($this->mvcEvent);
+                };
+                expect($closure)->toThrow(new QuitException('Exit statement occurred', 0));
+
+                expect($this->mvcEvent)->toReceive('getResponse');
+            });
+
             it('redirect if force_all_routes is true', function () {
 
                 $listener = new ForceHttps([

src/HttpsTrait.php

@@ -36,12 +36,19 @@ private function isGoingToBeForcedToHttps($match = null): bool
             return $this->config['allow_404'] ?? false;
         }
 
+        Assert::notNull($match);
+        $matchedRouteName = $match->getMatchedRouteName();
+
         if ($this->config['force_all_routes']) {
+            if (! empty($this->config['exclude_specific_routes'])
+                && \in_array($matchedRouteName, $this->config['exclude_specific_routes'])) {
+                return false;
+            }
+
             return true;
         }
 
-        Assert::notNull($match);
-        if (! in_array($match->getMatchedRouteName(), $this->config['force_specific_routes'])) {
+        if (! \in_array($matchedRouteName, $this->config['force_specific_routes'])) {
             return false;
         }