Merge branch 'remove-www-prefix'

README.md

@@ -21,6 +21,7 @@ Features
 - [x] Keep headers, request method, and request body.
 - [x] Enable/disable HTTP Strict Transport Security Header and set its value.
 - [x] Allow add `www.` prefix during redirection from http or already https.
+- [x] Allow remove `www.` prefix during redirection from http or already https.
 
 Installation
 ------------
@@ -79,6 +80,9 @@ return [
         ],
         // set to true to add "www." prefix during redirection from http or already https
         'add_www_prefix'        => false,
+        // remove existing "www." prefix during redirection from http or already https
+        // only works if previous's config 'add_www_prefix' => false
+        'remove_www_prefix'     => false,
     ],
     // ...
 ];

config/expressive-force-https-module.local.php.dist

@@ -16,6 +16,7 @@ return [
             'value'  => 'max-age=31536000',
         ],
         'add_www_prefix'        => false,
+        'remove_www_prefix'     => false,
     ],
 
     'dependencies' => [

config/force-https-module.local.php.dist

@@ -14,5 +14,6 @@ return [
             'value'  => 'max-age=31536000',
         ],
         'add_www_prefix'        => false,
+        'remove_www_prefix'     => false,
     ],
 ];

spec/Listener/ForceHttpsSpec.php

@@ -242,6 +242,40 @@
 
             });
 
+            it('redirect without www prefix for already has www prefix with configurable "remove_www_prefix" on force_all_routes', function () {
+
+                $listener = new ForceHttps([
+                    'enable'                => true,
+                    'force_all_routes'      => true,
+                    'force_specific_routes' => [],
+                    'strict_transport_security' => [
+                        'enable' => true,
+                        'value' => 'max-age=31536000',
+                    ],
+                    'add_www_prefix' => false,
+                    'remove_www_prefix' => true,
+                ]);
+
+                allow($this->uri)->toReceive('toString')->andReturn('http://www.example.com/about');
+                allow($this->mvcEvent)->toReceive('getRequest')->andReturn($this->request);
+                allow($this->request)->toReceive('getUri')->andReturn($this->uri);
+                allow($this->uri)->toReceive('getScheme')->andReturn('http');
+                allow($this->mvcEvent)->toReceive('getRouteMatch', 'getMatchedRouteName')->andReturn('about');
+                allow($this->uri)->toReceive('setScheme')->with('https')->andReturn($this->uri);
+                allow($this->uri)->toReceive('toString')->andReturn('https://www.example.com/about');
+                allow($this->mvcEvent)->toReceive('getResponse')->andReturn($this->response);
+                allow($this->response)->toReceive('getHeaders', 'addHeaderLine')
+                                      ->with('Location', 'https://example.com/about')
+                                      ->andReturn($this->response);
+                allow($this->response)->toReceive('setStatusCode')->with(308)->andReturn($this->response);
+                allow($this->response)->toReceive('send');
+
+                $listener->forceHttpsScheme($this->mvcEvent);
+
+                expect($this->mvcEvent)->toReceive('getResponse');
+
+            });
+
             it('not redirect with set strict_transport_security exists and uri already has https scheme', function () {
 
                 $listener = new ForceHttps([

spec/Middleware/ForceHttpsSpec.php

@@ -248,6 +248,43 @@
 
         });
 
+        it('return Response with 308 status with remove www prefix on http and match with configurable "remove_www_prefix"', function () {
+
+            Console::overrideIsConsole(false);
+            if (method_exists(RouteResult::class, 'fromRoute')) {
+                $match = RouteResult::fromRoute(new Route('/about', 'About'));
+            } else {
+                $match = RouteResult::fromRouteMatch('about', 'about', []);
+            }
+
+            allow($this->request)->toReceive('getUri', '__toString')->andReturn('http://www.example.com/about');
+            allow($this->router)->toReceive('match')->andReturn($match);
+            allow($this->request)->toReceive('getUri', 'getScheme')->andReturn('http');
+            allow($this->request)->toReceive('getUri', 'withScheme', '__toString')->andReturn('https://www.example.com/about');
+
+            allow($this->response)->toReceive('withStatus')->andReturn($this->response);
+
+            $listener = new ForceHttps(
+                [
+                    'enable' => true,
+                    'force_all_routes' => true,
+                    'strict_transport_security' => [
+                        'enable' => true,
+                        'value'  => 'max-age=31536000',
+                    ],
+                    'add_www_prefix' => false,
+                    'remove_www_prefix' => true,
+                ],
+                $this->router
+            );
+
+            $listener->__invoke($this->request, $this->response, function () {});
+
+            expect($this->response)->toReceive('withStatus')->with(308);
+            expect($this->response)->toReceive('withHeader')->with('Location', 'https://example.com/about');
+
+        });
+
     });
 
 });

src/HttpsTrait.php

@@ -82,4 +82,24 @@ private function withWwwPrefixWhenRequired($httpsRequestUri)
 
         return \substr_replace($httpsRequestUri, 'www.', 8, 0);
     }
+
+    private function withoutWwwPrefixWhenNotRequired($httpsRequestUri)
+    {
+        if (isset($this->config['add_www_prefix']) && $this->config['add_www_prefix'] === true) {
+            return $httpsRequestUri;
+        }
+
+        if (
+            ! isset($this->config['remove_www_prefix']) ||
+            ! $this->config['remove_www_prefix'] ||
+            (
+                $this->config['remove_www_prefix'] === true &&
+                \substr($httpsRequestUri, 8, 4) !== 'www.'
+            )
+        ) {
+            return $httpsRequestUri;
+        }
+
+        return \substr_replace($httpsRequestUri, '', 8, 4);
+    }
 }

src/Listener/ForceHttps.php

@@ -94,13 +94,16 @@ public function forceHttpsScheme(MvcEvent $e)
         if ($this->isSchemeHttps($uriScheme)) {
             $uriString       = $uri->toString();
             $httpsRequestUri = $this->withWwwPrefixWhenRequired($uriString);
+            $httpsRequestUri = $this->withoutWwwPrefixWhenNotRequired($httpsRequestUri);
+
             if ($uriString === $httpsRequestUri) {
                 return;
             }
         }
 
         if (! isset($httpsRequestUri)) {
             $httpsRequestUri = $this->withWwwPrefixWhenRequired($uri->setScheme('https')->toString());
+            $httpsRequestUri = $this->withoutWwwPrefixWhenNotRequired($httpsRequestUri);
         }
 
         // 307 keeps headers, request method, and request body

src/Middleware/ForceHttps.php

@@ -69,6 +69,8 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
         if ($this->isSchemeHttps($uriScheme)) {
             $uriString = $uri->__toString();
             $httpsRequestUri = $this->withWwwPrefixWhenRequired($uriString);
+            $httpsRequestUri = $this->withoutWwwPrefixWhenNotRequired($httpsRequestUri);
+
             if ($uriString === $httpsRequestUri) {
                 return $next($request, $response);
             }
@@ -77,6 +79,7 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res
         if (! isset($httpsRequestUri)) {
             $newUri          = $uri->withScheme('https');
             $httpsRequestUri = $this->withWwwPrefixWhenRequired($newUri->__toString());
+            $httpsRequestUri = $this->withoutWwwPrefixWhenNotRequired($httpsRequestUri);
         }
 
         // 308 keeps headers, request method, and request body