allow to activate/deactivate https middleware #73

oscarotero · Mar 22, 2017 · 2048101 · 2048101
1 parent b4da580
commit 2048101
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 15 deletions.
diff --git a/src/Middleware/Https.php b/src/Middleware/Https.php
@@ -15,6 +15,11 @@ class Https
 
     const HEADER = 'Strict-Transport-Security';
 
+    /**
+     * @var bool Add or remove https
+     */
+    private $addHttps;
+
     /**
      * @param int One year by default
      */
@@ -32,9 +37,12 @@ class Https
 
     /**
      * Set basic config.
+     *
+     * @param bool $addHttps
      */
-    public function __construct()
+    public function __construct($addHttps = true)
     {
+        $this->addHttps = (bool) $addHttps;
         $this->redirect(301);
     }
 
@@ -95,24 +103,40 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
     {
         $uri = $request->getUri();
 
-        if (strtolower($uri->getScheme()) !== 'https') {
-            $uri = $uri->withScheme('https')->withPort(443);
+        if ($this->addHttps) {
+            if (strtolower($uri->getScheme()) !== 'https') {
+                $uri = $uri->withScheme('https')->withPort(443);
+
+                if ($this->redirectStatus !== false && (!$this->checkHttpsForward || ($request->getHeaderLine('X-Forwarded-Proto') !== 'https' && $request->getHeaderLine('X-Forwarded-Port') !== '443'))) {
+                    return $this->getRedirectResponse($request, $uri, $response);
+                }
 
-            if ($this->redirectStatus !== false && (!$this->checkHttpsForward || ($request->getHeaderLine('X-Forwarded-Proto') !== 'https' && $request->getHeaderLine('X-Forwarded-Port') !== '443'))) {
-                return $this->getRedirectResponse($request, $uri, $response);
+                $request = $request->withUri($uri);
             }
 
-            $request = $request->withUri($uri);
-        }
+            if (!empty($this->maxAge)) {
+                $response = $response->withHeader(self::HEADER, sprintf('max-age=%d%s', $this->maxAge, $this->includeSubdomains ? ';includeSubDomains' : ''));
+            }
+        } else {
+            if (strtolower($uri->getScheme()) !== 'http') {
+                $uri = $uri->withScheme('http')->withPort(80);
+
+                if ($this->redirectStatus !== false && (!$this->checkHttpsForward || ($request->getHeaderLine('X-Forwarded-Proto') !== 'http' && $request->getHeaderLine('X-Forwarded-Port') !== '80'))) {
+                    return $this->getRedirectResponse($request, $uri, $response);
+                }
 
-        if (!empty($this->maxAge)) {
-            $response = $response->withHeader(self::HEADER, sprintf('max-age=%d%s', $this->maxAge, $this->includeSubdomains ? ';includeSubDomains' : ''));
+                $request = $request->withUri($uri);
+            }
         }
 
         $response = $next($request, $response);
 
         if (Utils\Helpers::isRedirect($response)) {
-            return $response->withHeader('Location', str_replace('http://', 'https://', $response->getHeaderLine('Location')));
+            if ($this->addHttps) {
+                return $response->withHeader('Location', str_replace('http://', 'https://', $response->getHeaderLine('Location')));
+            }
+
+            return $response->withHeader('Location', str_replace('https://', 'http://', $response->getHeaderLine('Location')));
         }
 
         return $response;

diff --git a/tests/HttpsTest.php b/tests/HttpsTest.php
@@ -7,20 +7,22 @@ class HttpsTest extends Base
     public function HttpsProvider()
     {
         return [
-            ['http://localhost', true, 301, 'https://localhost', ''],
-            ['https://localhost', false, 200, '', 'max-age=31536000'],
-            ['https://localhost', true, 200, '', 'max-age=31536000;includeSubDomains'],
+            [true, 'http://localhost', true, 301, 'https://localhost', ''],
+            [true, 'https://localhost', false, 200, '', 'max-age=31536000'],
+            [true, 'https://localhost', true, 200, '', 'max-age=31536000;includeSubDomains'],
+            [false, 'http://localhost', true, 200, '', ''],
+            [false, 'https://localhost', true, 301, 'http://localhost', ''],
         ];
     }
 
     /**
      * @dataProvider HttpsProvider
      */
-    public function testHttps($url, $includeSubdomains, $status, $location, $hsts)
+    public function testHttps($add, $url, $includeSubdomains, $status, $location, $hsts)
     {
         $response = $this->execute(
             [
-                Middleware::Https()->includeSubdomains($includeSubdomains),
+                Middleware::Https($add)->includeSubdomains($includeSubdomains),
             ],
             $url
         );