Merge pull request #967 from cakephp/4.x

LordSimal · web-flow · commit 92cbfa9fb9ce · 2023-10-23T17:59:28.000+02:00
merge 4.x =&gt; 4.next
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,6 +7,7 @@ on:
   pull_request:
     branches:
       - '*'
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -21,6 +22,8 @@ jobs:
         db-type: [mysql, pgsql, sqlite]
         prefer-lowest: ['']
         include:
+          - php-version: '8.2'
+            db-type: 'sqlite'
           - php-version: '8.1'
             db-type: 'sqlite'
           - php-version: '7.4'
@@ -36,7 +39,7 @@ jobs:
           POSTGRES_PASSWORD: postgres
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Setup Service
       if: matrix.db-type == 'mysql'
@@ -69,8 +72,6 @@ jobs:
       run: |
         if ${{ matrix.prefer-lowest == 'prefer-lowest' }}; then
           composer update --prefer-lowest --prefer-stable
-        elif ${{ matrix.php-version == '8.1' }}; then
-          composer update --ignore-platform-reqs
         else
           composer update
         fi
@@ -86,22 +87,22 @@ jobs:
         if [[ ${{ matrix.db-type }} == 'pgsql' ]]; then
           export DB_URL='postgres://postgres:postgres@127.0.0.1/postgres'
         fi
-        if [[ ${{ matrix.php-version }} == '7.4' && ${{ matrix.db-type }} == 'mysql' ]]; then
+        if [[ ${{ matrix.php-version }} == '8.1' && ${{ matrix.db-type }} == 'mysql' ]]; then
           vendor/bin/phpunit --coverage-clover=coverage.xml
         else
           vendor/bin/phpunit
         fi
 
     - name: Code Coverage Report
-      if: success() && matrix.php-version == '7.4' && matrix.db-type == 'mysql'
+      if: success() && matrix.php-version == '8.1' && matrix.db-type == 'mysql'
       uses: codecov/codecov-action@v3
 
   cs-stan:
     name: Coding Standard & Static Analysis
     runs-on: ubuntu-22.04
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
diff --git a/.github/workflows/deploy_docs_4x.yml b/.github/workflows/deploy_docs_4x.yml
@@ -5,13 +5,14 @@ on:
   push:
     branches:
       - 4.x
+  workflow_dispatch:
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
       - name: Cloning repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
diff --git a/README.md b/README.md
@@ -38,13 +38,15 @@ $this->addPlugin('DebugKit');
 
 If you don't see a CakePHP icon on the bottom right of your page DebugKit is not be
 working correctly. Some common problems are:
- 
+
 1. Your PHP environment doesn't have SQLite installed. Check your application
    logs to confirm if this happening. You can either configure DebugKit to use
    a different database, or install the PDO SQLite 3 extension.
 2. Your hostname needs to be added to the `DebugKit.safeTld`. If your local
    domain isn't a known development environment name, DebugKit will disable
    itself to protect a potentially non-development environment.
+3. If you are using the [Authorization Plugin](https://github.com/cakephp/authorization)
+   you need to set `DebugKit.ignoreAuthorization` to `true` in your config.
 
 ## Reporting Issues
 
@@ -61,5 +63,5 @@ requests](https://help.github.com/articles/using-pull-requests) or open
 
 ## Documentation
 
-Documentation for DebugKit can be found in the 
+Documentation for DebugKit can be found in the
 [CakePHP documentation](https://book.cakephp.org/debugkit/4/en/index.html).
diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "cakephp/debug_kit",
     "description": "CakePHP Debug Kit",
     "type": "cakephp-plugin",
-    "keywords": ["cakephp", "debug", "kit"],
+    "keywords": ["cakephp", "debug", "kit", "dev"],
     "homepage": "https://github.com/cakephp/debug_kit",
     "license": "MIT",
     "authors": [
diff --git a/docs/en/index.rst b/docs/en/index.rst
@@ -50,6 +50,12 @@ Configuration
     // Before loading DebugKit
     Configure::write('DebugKit.forceEnable', true);
 
+  You can also provide a callable::
+
+    Configure::write('DebugKit.forceEnable', function() {
+        return $_SERVER['REMOTE_ADDR'] === '192.168.2.182';
+    });
+
 * ``DebugKit.ignorePathsPattern`` - Regex pattern (including delimiter) to ignore paths.
   DebugKit won't save data for request URLs that match this regex. Defaults to ``null``::
 
diff --git a/src/Panel/CachePanel.php b/src/Panel/CachePanel.php
@@ -55,9 +55,17 @@ public function initialize()
             if (isset($config['className']) && $config['className'] instanceof DebugEngine) {
                 $instance = $config['className'];
             } elseif (isset($config['className'])) {
-                Cache::drop($name);
-                $instance = new DebugEngine($config, $name, $this->logger);
+                /** @var \Cake\Cache\CacheEngine $engine */
+                $engine = Cache::pool($name);
+                // Unload from the cache registry so that subsequence calls to
+                // Cache::pool($name) use the new config with DebugEngine instance set below.
+                Cache::getRegistry()->unload($name);
+
+                $instance = new DebugEngine($engine, $name, $this->logger);
+                $instance->init();
                 $config['className'] = $instance;
+
+                Cache::drop($name);
                 Cache::setConfig($name, $config);
             }
             if (isset($instance)) {
diff --git a/src/ToolbarService.php b/src/ToolbarService.php
@@ -357,13 +357,21 @@ public function injectScripts($row, ResponseInterface $response)
         if ($pos === false) {
             return $response;
         }
+        // Use Router to get the request so that we can see the
+        // state after other middleware have been applied.
+        $request = Router::getRequest();
+        $nonce = '';
+        if ($request && $request->getAttribute('cspScriptNonce')) {
+            $nonce = sprintf(' nonce="%s"', $request->getAttribute('cspScriptNonce'));
+        }
 
         $url = Router::url('/', true);
         $script = sprintf(
-            '<script id="__debug_kit_script" data-id="%s" data-url="%s" type="module" src="%s"></script>',
+            '<script id="__debug_kit_script" data-id="%s" data-url="%s" type="module" src="%s"%s></script>',
             $row->id,
             $url,
-            Router::url($this->getToolbarUrl())
+            Router::url($this->getToolbarUrl()),
+            $nonce
         );
         $contents = substr($contents, 0, $pos) . $script . substr($contents, $pos);
         $body->rewind();
diff --git a/templates/MailPreview/index.php b/templates/MailPreview/index.php
@@ -47,12 +47,13 @@ class UserMailer extends Mailer
         {
             public function welcome($user)
             {
-                return $this // Returning the chain is a good idea :)
-                    ->to($user->email)
-                    ->subject(sprintf("Welcome %s", $user->name))
-                    ->template("welcome_mail") // By default template with same name as method name is used.
-                    ->layout("custom")
-                    ->set(["user" => $user]);
+                $mailer = $this->setTo($user->email)
+                    ->setSubject(sprintf("Welcome %s", $user->name))
+                    ->setViewVars(["user" => $user]);
+                $mailer->viewBuilder()
+                    ->setTemplate("welcome_mail") // By default template with same name as method name is used.
+                    ->setLayout("custom");
+                return $mailer;
             }
         }';
         highlight_string($code);
@@ -75,9 +76,10 @@ public function welcome()
             {
                 $this->loadModel("Users");
                 $user = $this->Users->find()->first();
+
                 return $this->getMailer("User")
                     ->welcome($user)
-                    ->set(["activationToken" => "dummy-token"]);
+                    ->setViewVars(["activationToken" => "dummy-token"]);
             }
         }';
         highlight_string($code);
diff --git a/tests/TestCase/Middleware/DebugKitMiddlewareTest.php b/tests/TestCase/Middleware/DebugKitMiddlewareTest.php
@@ -21,6 +21,7 @@
 use Cake\Http\CallbackStream;
 use Cake\Http\Response;
 use Cake\Http\ServerRequest;
+use Cake\Routing\Router;
 use Cake\TestSuite\TestCase;
 use DebugKit\Middleware\DebugKitMiddleware;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -50,7 +51,7 @@ public function setUp(): void
         parent::setUp();
 
         $connection = ConnectionManager::get('test');
-        $this->skipIf($connection->getDriver() instanceof Sqlite, 'Schema insertion/removal breaks SQLite');
+        $this->skipIf($connection->getDriver() instanceof Sqlite, 'This test fails in CI with sqlite');
         $this->oldConfig = Configure::read('DebugKit');
         $this->restore = $GLOBALS['__PHPUNIT_BOOTSTRAP'];
         unset($GLOBALS['__PHPUNIT_BOOTSTRAP']);
@@ -122,7 +123,7 @@ public function testInvokeSaveData()
         $this->assertNotNull($result->panels[11]->summary);
         $this->assertSame('Sql Log', $result->panels[11]->title);
 
-        $timeStamp = filemtime(Plugin::path('DebugKit') . 'webroot' . DS . 'js' . DS . 'main.js');
+        $timeStamp = filemtime(Plugin::path('DebugKit') . 'webroot' . DS . 'js' . DS . 'inject-iframe.js');
 
         $expected = '<html><title>test</title><body><p>some text</p>' .
             '<script id="__debug_kit_script" data-id="' . $result->id . '" ' .
@@ -132,6 +133,39 @@ public function testInvokeSaveData()
         $this->assertTextEquals($expected, $body);
     }
 
+    /**
+     * Ensure data is saved for HTML requests
+     *
+     * @return void
+     */
+    public function testInvokeInjectCspNonce()
+    {
+        $request = new ServerRequest([
+            'url' => '/articles',
+            'environment' => ['REQUEST_METHOD' => 'GET'],
+        ]);
+        $request = $request->withAttribute('cspScriptNonce', 'csp-nonce');
+        Router::setRequest($request);
+
+        $response = new Response([
+            'statusCode' => 200,
+            'type' => 'text/html',
+            'body' => '<html><title>test</title><body><p>some text</p></body>',
+        ]);
+
+        $handler = $this->handler();
+        $handler->expects($this->once())
+            ->method('handle')
+            ->willReturn($response);
+
+        $middleware = new DebugKitMiddleware();
+        $response = $middleware->process($request, $handler);
+        $this->assertInstanceOf(Response::class, $response, 'Should return the response');
+
+        $body = (string)$response->getBody();
+        $this->assertStringContainsString('nonce="csp-nonce"', $body);
+    }
+
     /**
      * Ensure that streaming results are tracked, but not modified.
      *
diff --git a/tests/TestCase/ToolbarServiceTest.php b/tests/TestCase/ToolbarServiceTest.php
@@ -22,6 +22,7 @@
 use Cake\Http\Response;
 use Cake\Http\ServerRequest as Request;
 use Cake\Log\Log;
+use Cake\Routing\Router;
 use Cake\TestSuite\TestCase;
 use DebugKit\Model\Entity\Request as RequestEntity;
 use DebugKit\ToolbarService;
@@ -294,6 +295,7 @@ public function testInjectScriptsLastBodyTag()
             'url' => '/articles',
             'environment' => ['REQUEST_METHOD' => 'GET'],
         ]);
+        Router::setRequest($request);
         $response = new Response([
             'statusCode' => 200,
             'type' => 'text/html',
@@ -305,7 +307,7 @@ public function testInjectScriptsLastBodyTag()
         $row = $bar->saveData($request, $response);
         $response = $bar->injectScripts($row, $response);
 
-        $timeStamp = filemtime(Plugin::path('DebugKit') . 'webroot' . DS . 'js' . DS . 'main.js');
+        $timeStamp = filemtime(Plugin::path('DebugKit') . 'webroot' . DS . 'js' . DS . 'inject-iframe.js');
 
         $expected = '<html><title>test</title><body><p>some text</p>' .
             '<script id="__debug_kit_script" data-id="' . $row->id . '" ' .
@@ -322,10 +324,6 @@ public function testInjectScriptsLastBodyTag()
      */
     public function testInjectScriptsFileBodies()
     {
-        $request = new Request([
-            'url' => '/articles',
-            'params' => ['plugin' => null],
-        ]);
         $response = new Response([
             'statusCode' => 200,
             'type' => 'text/html',
@@ -348,10 +346,6 @@ public function testInjectScriptsFileBodies()
      */
     public function testInjectScriptsStreamBodies()
     {
-        $request = new Request([
-            'url' => '/articles',
-            'params' => ['plugin' => null],
-        ]);
         $response = new Response([
             'statusCode' => 200,
             'type' => 'text/html',
@@ -373,8 +367,10 @@ public function testInjectScriptsStreamBodies()
      */
     public function testInjectScriptsNoModifyResponse()
     {
-        $request = new Request(['url' => '/articles']);
-
+        $request = new Request([
+            'url' => '/articles/view/123',
+            'params' => [],
+        ]);
         $response = new Response([
             'statusCode' => 200,
             'type' => 'application/json',
