appwrite/tests/e2e/General/HTTPTest.php

<?php

namespace Tests\E2E\General;

use Tests\E2E\Client;
use Tests\E2E\Scopes\ProjectNone;
use Tests\E2E\Scopes\Scope;
use Tests\E2E\Scopes\SideNone;
use Utopia\Config\Config;

class HTTPTest extends Scope
{
    use ProjectNone;
    use SideNone;

    public function setUp(): void
    {
        parent::setUp();
        $this->client->setEndpoint('http://appwrite.test');
    }

    public function testOptions()
    {
        /**
         * Test for SUCCESS
         */
        $response = $this->client->call(Client::METHOD_OPTIONS, '/', \array_merge([
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
        ]), []);

        $corsConfig = Config::getParam('cors');
        $allowedMethods = \implode(', ', $corsConfig['allowedMethods']);
        $allowedHeaders = \implode(', ', $corsConfig['allowedHeaders']);
        $exposedHeaders = \implode(', ', $corsConfig['exposedHeaders']);

        $this->assertEquals(204, $response['headers']['status-code']);
        $this->assertEquals('Appwrite', $response['headers']['server']);
        $this->assertEquals($allowedMethods, $response['headers']['access-control-allow-methods']);
        $this->assertEquals($allowedHeaders, $response['headers']['access-control-allow-headers']);
        $this->assertEquals($exposedHeaders, $response['headers']['access-control-expose-headers']);
        $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
        $this->assertEquals('true', $response['headers']['access-control-allow-credentials']);
        $this->assertEmpty($response['body']);
    }

    public function testHumans()
    {
        /**
         * Test for SUCCESS
         */
        $response = $this->client->call(Client::METHOD_GET, '/humans.txt', \array_merge([
            'origin' => 'http://localhost',
        ]));

        $this->assertEquals(200, $response['headers']['status-code']);
        $this->assertStringContainsString('# humanstxt.org/', $response['body']);
    }

    public function testRobots()
    {
        /**
         * Test for SUCCESS
         */
        $response = $this->client->call(Client::METHOD_GET, '/robots.txt', \array_merge([
            'origin' => 'http://localhost',
        ]));

        $this->assertEquals(200, $response['headers']['status-code'], "Simple GET /robots.txt HTTP request failed: " . \json_encode($response));
        $this->assertStringContainsString('# robotstxt.org/', $response['body']);
    }

    public function testAcmeChallenge()
    {
        /**
         * Test for SUCCESS
         */
        $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIg');

        // 'Unknown path', but validation passed
        $this->assertEquals(404, $response['headers']['status-code']);

        /**
         * Test for FAILURE
         */
        $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/../../../../../../../etc/passwd');

        // 'Unknown path', but validation passed
        $this->assertEquals(404, $response['headers']['status-code']);
    }

    public function testVersions()
    {
        /**
         * Test without header
         */
        $response = $this->client->call(Client::METHOD_GET, '/versions', \array_merge([
            'content-type' => 'application/json',
        ], $this->getHeaders()));

        $body = $response['body'];
        $this->assertEquals(200, $response['headers']['status-code']);
        $this->assertIsString($body['server']);
        $this->assertIsString($body['client-web']);
        $this->assertIsString($body['client-flutter']);
        $this->assertIsString($body['console-web']);
        $this->assertIsString($body['server-nodejs']);
        $this->assertIsString($body['server-php']);
        $this->assertIsString($body['server-python']);
        $this->assertIsString($body['server-ruby']);
        $this->assertIsString($body['console-cli']);
    }

    public function testDefaultOAuth2()
    {
        $response = $this->client->call(Client::METHOD_GET, '/console/auth/oauth2/success', $this->getHeaders());

        $this->assertEquals(200, $response['headers']['status-code']);

        $response = $this->client->call(Client::METHOD_GET, '/console/auth/oauth2/failure', $this->getHeaders());

        $this->assertEquals(200, $response['headers']['status-code']);
    }

    public function testCors()
    {

        $endpoint = '/v1/projects'; // Can be any non-404 route

        /**
         * Test for SUCCESS
         */
        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
            'origin' => 'http://localhost',
        ]);
        $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);

        /**
         * Test for FAILURE
         */
        // you should not return a fallback origin for a no host
        $response = $this->client->call(Client::METHOD_GET, $endpoint);
        $this->assertNull($response['headers']['access-control-allow-origin'] ?? null);

        // you should not return a fallback origin for a no host
        $response = $this->client->call(Client::METHOD_GET, $endpoint, [
            'origin' => 'http://google.com',
        ]);
        $this->assertNull($response['headers']['access-control-allow-origin'] ?? null);
    }

    public function testPreflight()
    {

        $endpoint = '/v1/projects'; // Can be any non-404 route

        /**
         * Test for SUCCESS
         */
        $response = $this->client->call(Client::METHOD_OPTIONS, $endpoint, [
            'origin' => 'http://random.com',
            'access-control-request-headers' => 'X-Appwrite-Project',
            'access-control-request-method' => 'GET'
        ]);
        $this->assertEquals('http://random.com', $response['headers']['access-control-allow-origin']);
    }

    public function testConsoleRedirect()
    {
        /**
         * Test for SUCCESS
         */

        $endpoint = '/invite?membershipId=123&userId=asdf';

        $response = $this->client->call(Client::METHOD_GET, $endpoint);

        $this->assertEquals('/console' . $endpoint, $response['headers']['location']);
    }
}
Added new tests 2020-07-07 21:14:40 +00:00			`<?php`

Fixed wrong namespaces 2020-12-26 12:10:14 +00:00			`namespace Tests\E2E\General;`
Added new tests 2020-07-07 21:14:40 +00:00
			`use Tests\E2E\Client;`
			`use Tests\E2E\Scopes\ProjectNone;`
			`use Tests\E2E\Scopes\Scope;`
			`use Tests\E2E\Scopes\SideNone;`
Sync 1.8.x 2026-02-26 05:50:29 +00:00			`use Utopia\Config\Config;`
Added new tests 2020-07-07 21:14:40 +00:00
			`class HTTPTest extends Scope`
			`{`
			`use ProjectNone;`
			`use SideNone;`

Fix tests (cherry picked from commit 0661f1f8899d8dfed18c832d3332959b175b4f6e) 2023-05-30 06:26:17 +00:00			`public function setUp(): void`
			`{`
			`parent::setUp();`
feat: cors service 2025-12-07 20:29:45 +00:00			`$this->client->setEndpoint('http://appwrite.test');`
Fix tests (cherry picked from commit 0661f1f8899d8dfed18c832d3332959b175b4f6e) 2023-05-30 06:26:17 +00:00			`}`

Added new tests 2020-07-07 21:14:40 +00:00			`public function testOptions()`
			`{`
			`/**`
			`* Test for SUCCESS`
			`*/`
Moved test to proper space 2022-01-02 16:08:27 +00:00			`$response = $this->client->call(Client::METHOD_OPTIONS, '/', \array_merge([`
Added new tests 2020-07-07 21:14:40 +00:00			`'origin' => 'http://localhost',`
			`'content-type' => 'application/json',`
			`]), []);`

Sync 1.8.x 2026-02-26 05:50:29 +00:00			`$corsConfig = Config::getParam('cors');`
			`$allowedMethods = \implode(', ', $corsConfig['allowedMethods']);`
			`$allowedHeaders = \implode(', ', $corsConfig['allowedHeaders']);`
			`$exposedHeaders = \implode(', ', $corsConfig['exposedHeaders']);`

Updated options test 2021-02-02 11:27:12 +00:00			`$this->assertEquals(204, $response['headers']['status-code']);`
Added new tests 2020-07-07 21:14:40 +00:00			`$this->assertEquals('Appwrite', $response['headers']['server']);`
Sync 1.8.x 2026-02-26 05:50:29 +00:00			`$this->assertEquals($allowedMethods, $response['headers']['access-control-allow-methods']);`
			`$this->assertEquals($allowedHeaders, $response['headers']['access-control-allow-headers']);`
			`$this->assertEquals($exposedHeaders, $response['headers']['access-control-expose-headers']);`
Added new tests 2020-07-07 21:14:40 +00:00			`$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);`
			`$this->assertEquals('true', $response['headers']['access-control-allow-credentials']);`
			`$this->assertEmpty($response['body']);`
			`}`

Added missing tests 2020-10-29 21:15:45 +00:00			`public function testHumans()`
			`{`
			`/**`
			`* Test for SUCCESS`
			`*/`
Moved test to proper space 2022-01-02 16:08:27 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/humans.txt', \array_merge([`
Added missing tests 2020-10-29 21:15:45 +00:00			`'origin' => 'http://localhost',`
Fix tests (cherry picked from commit 0661f1f8899d8dfed18c832d3332959b175b4f6e) 2023-05-30 06:26:17 +00:00			`]));`
Added missing tests 2020-10-29 21:15:45 +00:00
			`$this->assertEquals(200, $response['headers']['status-code']);`
			`$this->assertStringContainsString('# humanstxt.org/', $response['body']);`
			`}`

			`public function testRobots()`
			`{`
			`/**`
			`* Test for SUCCESS`
			`*/`
Moved test to proper space 2022-01-02 16:08:27 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/robots.txt', \array_merge([`
Added missing tests 2020-10-29 21:15:45 +00:00			`'origin' => 'http://localhost',`
Fix tests (cherry picked from commit 0661f1f8899d8dfed18c832d3332959b175b4f6e) 2023-05-30 06:26:17 +00:00			`]));`
Added missing tests 2020-10-29 21:15:45 +00:00
Improve General tests logging 2025-06-26 16:09:07 +00:00			`$this->assertEquals(200, $response['headers']['status-code'], "Simple GET /robots.txt HTTP request failed: " . \json_encode($response));`
Added missing tests 2020-10-29 21:15:45 +00:00			`$this->assertStringContainsString('# robotstxt.org/', $response['body']);`
			`}`
Added spec test 2020-11-11 22:03:27 +00:00
Path validator + tests 2022-01-31 15:04:30 +00:00			`public function testAcmeChallenge()`
			`{`
Update to new utopia framework validators 2022-02-11 08:44:04 +00:00			`/**`
			`* Test for SUCCESS`
			`*/`
feat: cors service 2025-12-07 20:29:45 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIg');`
Update to new utopia framework validators 2022-02-11 08:44:04 +00:00
			`// 'Unknown path', but validation passed`
fix: trailing wildcards 2023-06-02 10:58:31 +00:00			`$this->assertEquals(404, $response['headers']['status-code']);`
Update to new utopia framework validators 2022-02-11 08:44:04 +00:00
Path validator + tests 2022-01-31 15:04:30 +00:00			`/**`
			`* Test for FAILURE`
			`*/`
feat: cors service 2025-12-07 20:29:45 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/../../../../../../../etc/passwd');`
Path validator + tests 2022-01-31 15:04:30 +00:00
feat: cors service 2025-12-07 20:29:45 +00:00			`// 'Unknown path', but validation passed`
			`$this->assertEquals(404, $response['headers']['status-code']);`
Path validator + tests 2022-01-31 15:04:30 +00:00			`}`

format files in app, src, tests 2022-05-23 14:54:50 +00:00			`public function testVersions()`
			`{`
Added latest versions endpoint 2021-02-24 18:31:43 +00:00			`/**`
			`* Test without header`
			`*/`
Moved test to proper space 2022-01-02 16:08:27 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/versions', \array_merge([`
Added latest versions endpoint 2021-02-24 18:31:43 +00:00			`'content-type' => 'application/json',`
			`], $this->getHeaders()));`

			`$body = $response['body'];`
			`$this->assertEquals(200, $response['headers']['status-code']);`
			`$this->assertIsString($body['server']);`
			`$this->assertIsString($body['client-web']);`
			`$this->assertIsString($body['client-flutter']);`
			`$this->assertIsString($body['console-web']);`
			`$this->assertIsString($body['server-nodejs']);`
			`$this->assertIsString($body['server-php']);`
			`$this->assertIsString($body['server-python']);`
			`$this->assertIsString($body['server-ruby']);`
feat: fix failing test 2022-02-26 02:01:02 +00:00			`$this->assertIsString($body['console-cli']);`
Added latest versions endpoint 2021-02-24 18:31:43 +00:00			`}`
Fix the routing for the default OAuth2 pages 2023-06-02 21:22:28 +00:00
			`public function testDefaultOAuth2()`
			`{`
tests: fix endpoint to use traefik 2024-07-17 20:47:33 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/console/auth/oauth2/success', $this->getHeaders());`
Fix the routing for the default OAuth2 pages 2023-06-02 21:22:28 +00:00
			`$this->assertEquals(200, $response['headers']['status-code']);`

tests: fix endpoint to use traefik 2024-07-17 20:47:33 +00:00			`$response = $this->client->call(Client::METHOD_GET, '/console/auth/oauth2/failure', $this->getHeaders());`
Fix the routing for the default OAuth2 pages 2023-06-02 21:22:28 +00:00
			`$this->assertEquals(200, $response['headers']['status-code']);`
			`}`
Add changes from previous console platforms variable PR See https://github.com/appwrite/appwrite/pull/4581 2024-01-03 19:12:21 +00:00
			`public function testCors()`
			`{`

			`$endpoint = '/v1/projects'; // Can be any non-404 route`

feat: cors service 2025-12-07 20:29:45 +00:00			`/**`
			`* Test for SUCCESS`
			`*/`
Add changes from previous console platforms variable PR See https://github.com/appwrite/appwrite/pull/4581 2024-01-03 19:12:21 +00:00			`$response = $this->client->call(Client::METHOD_GET, $endpoint, [`
			`'origin' => 'http://localhost',`
			`]);`
			`$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);`

			`/**`
			`* Test for FAILURE`
			`*/`
feat: cors service 2025-12-07 20:29:45 +00:00			`// you should not return a fallback origin for a no host`
			`$response = $this->client->call(Client::METHOD_GET, $endpoint);`
			`$this->assertNull($response['headers']['access-control-allow-origin'] ?? null);`

			`// you should not return a fallback origin for a no host`
Add changes from previous console platforms variable PR See https://github.com/appwrite/appwrite/pull/4581 2024-01-03 19:12:21 +00:00			`$response = $this->client->call(Client::METHOD_GET, $endpoint, [`
			`'origin' => 'http://google.com',`
			`]);`
feat: cors service 2025-12-07 20:29:45 +00:00			`$this->assertNull($response['headers']['access-control-allow-origin'] ?? null);`
fix: preflight requests 2025-12-12 09:21:57 +00:00			`}`

			`public function testPreflight()`
			`{`

			`$endpoint = '/v1/projects'; // Can be any non-404 route`
Add changes from previous console platforms variable PR See https://github.com/appwrite/appwrite/pull/4581 2024-01-03 19:12:21 +00:00
fix: preflight requests 2025-12-12 09:21:57 +00:00			`/**`
			`* Test for SUCCESS`
			`*/`
			`$response = $this->client->call(Client::METHOD_OPTIONS, $endpoint, [`
			`'origin' => 'http://random.com',`
			`'access-control-request-headers' => 'X-Appwrite-Project',`
			`'access-control-request-method' => 'GET'`
			`]);`
			`$this->assertEquals('http://random.com', $response['headers']['access-control-allow-origin']);`
Add changes from previous console platforms variable PR See https://github.com/appwrite/appwrite/pull/4581 2024-01-03 19:12:21 +00:00			`}`
fix: update console redirect to include query params Use `$request->getParams()` because `$request->getURI()` does not include the query string. 2024-09-04 00:18:59 +00:00
			`public function testConsoleRedirect()`
			`{`
			`/**`
			`* Test for SUCCESS`
			`*/`

			`$endpoint = '/invite?membershipId=123&userId=asdf';`

			`$response = $this->client->call(Client::METHOD_GET, $endpoint);`

			`$this->assertEquals('/console' . $endpoint, $response['headers']['location']);`
			`}`
fix(tests): skip swagger spec validation 2021-06-14 08:38:26 +00:00			`}`