1+ <?php
2+
3+ namespace Kevinrob \GuzzleCache \Tests ;
4+
5+ use GuzzleHttp \Psr7 \Request ;
6+ use GuzzleHttp \Psr7 \Response ;
7+ use Kevinrob \GuzzleCache \Storage \VolatileRuntimeStorage ;
8+ use Kevinrob \GuzzleCache \Strategy \PrivateCacheStrategy ;
9+ use Kevinrob \GuzzleCache \Strategy \PublicCacheStrategy ;
10+ use PHPUnit \Framework \TestCase ;
11+
12+ class AuthorizationCacheTest extends TestCase
13+ {
14+ /**
15+ * Test that requests with Authorization header are NOT cached when response only has max-age
16+ */
17+ public function testAuthorizationHeaderNotCachedWithMaxAge ()
18+ {
19+ $ storagenew VolatileRuntimeStorage ();
20+ $ strategynew PublicCacheStrategy ($ storage
21+
22+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
23+ 'Authorization ' => 'Bearer secret-token '
24+ ]);
25+
26+ $ responsenew Response (200 , [
27+ 'Cache-Control ' => 'max-age=3600 '
28+ ], 'Private data ' );
29+
30+ $ result$ strategycache ($ request$ response
31+ $ this assertFalse ($ result'Request with Authorization header should not be cached with only max-age ' );
32+
33+ $ cached$ strategyfetch ($ request
34+ $ this assertNull ($ cached'No cache entry should exist for authorized request with only max-age ' );
35+ }
36+
37+ /**
38+ * Test that requests with Authorization header ARE cached when response has Cache-Control: public
39+ */
40+ public function testAuthorizationHeaderCachedWithPublic ()
41+ {
42+ $ storagenew VolatileRuntimeStorage ();
43+ $ strategynew PublicCacheStrategy ($ storage
44+
45+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
46+ 'Authorization ' => 'Bearer secret-token '
47+ ]);
48+
49+ $ responsenew Response (200 , [
50+ 'Cache-Control ' => 'public, max-age=3600 '
51+ ], 'Public data ' );
52+
53+ $ result$ strategycache ($ request$ response
54+ $ this assertTrue ($ result'Request with Authorization header should be cached with public directive ' );
55+
56+ $ cached$ strategyfetch ($ request
57+ $ this assertNotNull ($ cached'Cache entry should exist for authorized request with public directive ' );
58+ $ this assertEquals ('Public data ' , (string ) $ cachedgetResponse ()->getBody ());
59+ }
60+
61+ /**
62+ * Test that requests with Authorization header ARE cached when response has Cache-Control: must-revalidate
63+ */
64+ public function testAuthorizationHeaderCachedWithMustRevalidate ()
65+ {
66+ $ storagenew VolatileRuntimeStorage ();
67+ $ strategynew PublicCacheStrategy ($ storage
68+
69+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
70+ 'Authorization ' => 'Bearer secret-token '
71+ ]);
72+
73+ $ responsenew Response (200 , [
74+ 'Cache-Control ' => 'must-revalidate, max-age=3600 '
75+ ], 'Revalidate data ' );
76+
77+ $ result$ strategycache ($ request$ response
78+ $ this assertTrue ($ result'Request with Authorization header should be cached with must-revalidate directive ' );
79+
80+ $ cached$ strategyfetch ($ request
81+ $ this assertNotNull ($ cached'Cache entry should exist for authorized request with must-revalidate directive ' );
82+ $ this assertEquals ('Revalidate data ' , (string ) $ cachedgetResponse ()->getBody ());
83+ }
84+
85+ /**
86+ * Test that requests with Authorization header ARE cached when response has Cache-Control: s-maxage
87+ */
88+ public function testAuthorizationHeaderCachedWithSMaxage ()
89+ {
90+ $ storagenew VolatileRuntimeStorage ();
91+ $ strategynew PublicCacheStrategy ($ storage
92+
93+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
94+ 'Authorization ' => 'Bearer secret-token '
95+ ]);
96+
97+ $ responsenew Response (200 , [
98+ 'Cache-Control ' => 's-maxage=1800, max-age=3600 '
99+ ], 'Shared cache data ' );
100+
101+ $ result$ strategycache ($ request$ response
102+ $ this assertTrue ($ result'Request with Authorization header should be cached with s-maxage directive ' );
103+
104+ $ cached$ strategyfetch ($ request
105+ $ this assertNotNull ($ cached'Cache entry should exist for authorized request with s-maxage directive ' );
106+ $ this assertEquals ('Shared cache data ' , (string ) $ cachedgetResponse ()->getBody ());
107+ }
108+
109+ /**
110+ * Test that requests WITHOUT Authorization header are cached normally with max-age
111+ */
112+ public function testNoAuthorizationHeaderCachedWithMaxAge ()
113+ {
114+ $ storagenew VolatileRuntimeStorage ();
115+ $ strategynew PrivateCacheStrategy ($ storage
116+
117+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' );
118+
119+ $ responsenew Response (200 , [
120+ 'Cache-Control ' => 'max-age=3600 '
121+ ], 'Public data ' );
122+
123+ $ result$ strategycache ($ request$ response
124+ $ this assertTrue ($ result'Request without Authorization header should be cached normally ' );
125+
126+ $ cached$ strategyfetch ($ request
127+ $ this assertNotNull ($ cached'Cache entry should exist for non-authorized request ' );
128+ $ this assertEquals ('Public data ' , (string ) $ cachedgetResponse ()->getBody ());
129+ }
130+
131+ /**
132+ * Test PublicCacheStrategy behavior with Authorization headers
133+ */
134+ public function testPublicCacheStrategyWithAuthorization ()
135+ {
136+ $ storagenew VolatileRuntimeStorage ();
137+ $ strategynew PublicCacheStrategy ($ storage
138+
139+ // Test that private cache with authorization is not cached in public strategy
140+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
141+ 'Authorization ' => 'Bearer secret-token '
142+ ]);
143+
144+ $ responsenew Response (200 , [
145+ 'Cache-Control ' => 'private, max-age=3600 '
146+ ], 'Private data ' );
147+
148+ $ result$ strategycache ($ request$ response
149+ $ this assertFalse ($ result'Private response should not be cached in public strategy ' );
150+
151+ // Test that public response with authorization is cached
152+ $ response2new Response (200 , [
153+ 'Cache-Control ' => 'public, max-age=3600 '
154+ ], 'Public data ' );
155+
156+ $ result2$ strategycache ($ request$ response2
157+ $ this assertTrue ($ result2'Public response with authorization should be cached in public strategy ' );
158+
159+ $ cached$ strategyfetch ($ request
160+ $ this assertNotNull ($ cached'Cache entry should exist for public authorized request ' );
161+ $ this assertEquals ('Public data ' , (string ) $ cachedgetResponse ()->getBody ());
162+ }
163+
164+ /**
165+ * Test multiple allowed directives together
166+ */
167+ public function testMultipleAllowedDirectives ()
168+ {
169+ $ storagenew VolatileRuntimeStorage ();
170+ $ strategynew PublicCacheStrategy ($ storage
171+
172+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
173+ 'Authorization ' => 'Bearer secret-token '
174+ ]);
175+
176+ $ responsenew Response (200 , [
177+ 'Cache-Control ' => 'public, must-revalidate, s-maxage=1800, max-age=3600 '
178+ ], 'Multi directive data ' );
179+
180+ $ result$ strategycache ($ request$ response
181+ $ this assertTrue ($ result'Request with Authorization header should be cached with multiple allowed directives ' );
182+
183+ $ cached$ strategyfetch ($ request
184+ $ this assertNotNull ($ cached'Cache entry should exist for authorized request with multiple allowed directives ' );
185+ $ this assertEquals ('Multi directive data ' , (string ) $ cachedgetResponse ()->getBody ());
186+ }
187+
188+ /**
189+ * Test case sensitivity of Authorization header
190+ */
191+ public function testAuthorizationHeaderCaseSensitivity ()
192+ {
193+ $ storagenew VolatileRuntimeStorage ();
194+ $ strategynew PublicCacheStrategy ($ storage
195+
196+ $ requests
197+ new Request ('GET ' , 'https://api.example.com/data ' , ['Authorization ' => 'Bearer token ' ]),
198+ new Request ('GET ' , 'https://api.example.com/data ' , ['authorization ' => 'Bearer token ' ]),
199+ new Request ('GET ' , 'https://api.example.com/data ' , ['AUTHORIZATION ' => 'Bearer token ' ]),
200+ ];
201+
202+ $ responsenew Response (200 , [
203+ 'Cache-Control ' => 'max-age=3600 '
204+ ], 'Test data ' );
205+
206+ foreach ($ requestsas $ request
207+ $ result$ strategycache ($ request$ response
208+ $ this assertFalse ($ result'Authorization header should be detected regardless of case ' );
209+
210+ $ cached$ strategyfetch ($ request
211+ $ this assertNull ($ cached'No cache entry should exist for any case variation of Authorization header ' );
212+ }
213+ }
214+
215+ /**
216+ * Test that other cache control directives still work as expected
217+ */
218+ public function testOtherCacheControlDirectivesStillWork ()
219+ {
220+ $ storagenew VolatileRuntimeStorage ();
221+ $ strategynew PublicCacheStrategy ($ storage
222+
223+ // Test no-store still prevents caching even with authorization allowances
224+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
225+ 'Authorization ' => 'Bearer secret-token '
226+ ]);
227+
228+ $ responsenew Response (200 , [
229+ 'Cache-Control ' => 'public, no-store, max-age=3600 '
230+ ], 'No store data ' );
231+
232+ $ result$ strategycache ($ request$ response
233+ $ this assertFalse ($ result'no-store should still prevent caching even with public directive ' );
234+
235+ $ cached$ strategyfetch ($ request
236+ $ this assertNull ($ cached'No cache entry should exist when no-store is present ' );
237+ }
238+
239+ /**
240+ * Test that PrivateCacheStrategy still caches requests with Authorization header normally
241+ */
242+ public function testPrivateCacheStrategyAllowsAuthorizationCaching ()
243+ {
244+ $ storagenew VolatileRuntimeStorage ();
245+ $ strategynew PrivateCacheStrategy ($ storage
246+
247+ $ requestnew Request ('GET ' , 'https://api.example.com/data ' , [
248+ 'Authorization ' => 'Bearer secret-token '
249+ ]);
250+
251+ // Private cache should cache this even with just max-age
252+ $ responsenew Response (200 , [
253+ 'Cache-Control ' => 'max-age=3600 '
254+ ], 'Private cache data ' );
255+
256+ $ result$ strategycache ($ request$ response
257+ $ this assertTrue ($ result'Private cache should allow caching of authenticated requests ' );
258+
259+ $ cached$ strategyfetch ($ request
260+ $ this assertNotNull ($ cached'Cache entry should exist in private cache for authenticated request ' );
261+ $ this assertEquals ('Private cache data ' , (string ) $ cachedgetResponse ()->getBody ());
262+ }
263+ }
0 commit comments