Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[6.x] Add CookieValuePrefix detection for encrypted cookies in InteractsWit… #804

Merged
merged 1 commit into from
Aug 28, 2020
Merged

[6.x] Add CookieValuePrefix detection for encrypted cookies in InteractsWit… #804

merged 1 commit into from
Aug 28, 2020

Conversation

wardloockx
Copy link
Contributor

Issue: Laravel prefixes cookie values when being encrypted.

The dusk InteractsWithCookie trait does not have any of this prefix logic. Because of this $browser->cookie('cookieKey') would return the prefixed value and not the actual value.

Example:
When calling $browser->cookie('myCookieKey'); on an encrypted cookie you would get the following value (from the cookie function on the browser object):
45093d44140e0247922e316851885c13445a6fcd|MYCOOKIEVALUE
In our tests we expected this cookie value to be unprefixed.
MYCOOKIEVALUE

The prefix is set by laravel in the Encrypt function of Illuminate\Cookie\Middleware\EncryptCookies

    /**
     * Encrypt the cookies on an outgoing response.
     *
     * @param  \Symfony\Component\HttpFoundation\Response  $response
     * @return \Symfony\Component\HttpFoundation\Response
     */
    protected function encrypt(Response $response)
    {
        foreach ($response->headers->getCookies() as $cookie) {
            if ($this->isDisabled($cookie->getName())) {
                continue;
            }

            $response->headers->setCookie($this->duplicate(
                $cookie,
                $this->encrypter->encrypt(
                    CookieValuePrefix::create($cookie->getName(), $this->encrypter->getKey()).$cookie->getValue(),
                    static::serialized($cookie->getName())
                )
            ));
        }

        return $response;
    }

Fix: This fix checks if the decrypted cookie value contains a prefix. In case the value is prefixed the prefix will be removed.

@driesvints driesvints changed the title Add CookieValuePrefix detection for encrypted cookies in InteractsWit… [6.x] Add CookieValuePrefix detection for encrypted cookies in InteractsWit… Aug 27, 2020
@taylorotwell taylorotwell merged commit 95d20f0 into laravel:6.x Aug 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wardloockx @taylorotwell