Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AD-231 Add secure and http_only parameters support for cookies #139

Merged
merged 7 commits into from
May 27, 2022
Merged

AD-231 Add secure and http_only parameters support for cookies #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d999bb6
AD-231 Add secure and http_only parameters support for cookies
May 3, 2022
29c1444
AD-231 Add tests for Cookies
May 9, 2022
2574110
AD-231 Move expires to var and call setCookie once
May 9, 2022
2f82398
AD-231 Add samesite option feature to cookies
May 9, 2022
dcfdb20
AD-231 Use same options time on cookie delete
May 9, 2022
33d43f2
AD-231 Consolidate variable name to expires as it can not contain opt…
May 9, 2022
d4918ef
AD-231 Configure example instance to get a valid domain
May 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 24 additions & 12 deletions src/Sifo/Cookie.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,19 +53,14 @@ static private function _initDomain()
self::$path = '/';
}

static public function set( $name, $value, $days = 14, $domain = false )
static public function set( $name, $value, $days = 14, $domain = false, $secure = false, $httpOnly = false, string $samesite = null )
{

$domain ?: self::_initDomain();

if ( 0 == $days )
{
$result = setcookie( $name, $value, 0, self::$path, self::$domain );
}
else
{
$result = setcookie( $name, $value, time() + ( 86400 * $days ), self::$path, self::$domain );
}
$expires = 0 == $days ? 0 : time() + ( 86400 * $days );

$result = static::setCookie( $name, $value, $expires, self::$path, self::$domain, $secure, $httpOnly, $samesite );

if ( !$result )
{
trigger_error( "COOKIE WRITE FAIL: Tried to write '$name' with value '$value' but failed." );
Expand All @@ -81,7 +76,7 @@ static public function set( $name, $value, $days = 14, $domain = false )
static public function delete( $name )
{
self::_initDomain();
$result = setcookie( $name, '', time() - 3600, self::$path, self::$domain );
$result = static::setCookie( $name, '', time() - 3600, self::$path, self::$domain);
if ( !$result )
{
trigger_error( "COOKIE DELETE FAIL: Tried to delete '$name' but failed." );
Expand Down Expand Up @@ -140,4 +135,21 @@ static private function _sanitizeCookie( $cookie )

return false;
}
}

static protected function setCookie(string $name, $value = "", $expires = 0, $path = "", $domain = "", $secure = false, $httponly = false, string $samesite = null): bool
{
$options = [
'expires' => $expires,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httponly' => $httponly,
];

if ( $samesite !== null) {
$options['samesite'] = $samesite;
}

return setcookie( $name, $value, $options );
}
}
104 changes: 104 additions & 0 deletions test/Sifo/CookieTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
<?php

namespace Sifo\Test\Sifo;

use PHPUnit\Framework\TestCase;
use Sifo\FilterCookieRuntime;

class CookieTest extends TestCase
{
protected function setUp()
{
TestCookie::clearCookies();
}

public function testCookieIsSetWithExpectedDefaults(): void
{
$cookieName = 'test_cookie';
$defaultExpiration = time() + ( 86400 * 14 );

TestCookie::set($cookieName, 'oreo');

$this->assertEquals(
$defaultExpiration,
TestCookie::getExpires($cookieName),
"Expires doesn't match with expected."
);
$this->assertSame(
'sifo.local',
TestCookie::getDomain($cookieName),
"Domain doesn't match with expected."
);
$this->assertSame(
'/',
TestCookie::getPath($cookieName),
"Path doesn't match with expected."
);
$this->assertNull(TestCookie::getSameSite($cookieName));
$this->assertFalse(TestCookie::isSecure($cookieName));
$this->assertFalse(TestCookie::isHttpOnly($cookieName));
}

public function testCookieCanBeSetWithoutExpiration(): void
{
$cookieName = 'test_cookie';

TestCookie::set($cookieName, 'oreo', 0);

$this->assertSame(0, TestCookie::getExpires($cookieName));
}

public function testCookieIsSetWithCustomParameters(): void
{
$cookieName = 'test_cookie';
$expirationDays = 7;
$defaultExpiration = time() + ( 86400 * $expirationDays );

TestCookie::set($cookieName, 'chips_ahoy', $expirationDays, false, true, true, 'Lax');

$this->assertEquals(
$defaultExpiration,
TestCookie::getExpires($cookieName),
"Expires doesn't match with expected."
);
$this->assertSame(
'sifo.local',
TestCookie::getDomain($cookieName),
"Domain doesn't match with expected."
);
$this->assertSame(
'/',
TestCookie::getPath($cookieName),
"Path doesn't match with expected."
);
$this->assertSame(
'Lax',
TestCookie::getSameSite($cookieName),
"Same site doesn't match with expected."
);
$this->assertTrue(TestCookie::isSecure($cookieName));
$this->assertTrue(TestCookie::isHttpOnly($cookieName));
}

public function testCookieValueIsStoredInFilterCookie(): void
{
$cookieName = 'test_cookie';

TestCookie::set($cookieName, 'oreo');

$this->assertSame(
'oreo',
FilterCookieRuntime::getInstance()->getString('test_cookie')
);
}

public function testCookieValueIsDeletedFromFilterCookie(): void
{
$cookieName = 'test_cookie';

TestCookie::set($cookieName, 'oreo');
TestCookie::delete($cookieName);

$this->assertTrue(FilterCookieRuntime::getInstance()->isEmpty('test_cookie'));
}
}
92 changes: 92 additions & 0 deletions test/Sifo/TestCookie.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
<?php

namespace Sifo\Test\Sifo;

use InvalidArgumentException;
use Sifo\Cookie;
use Sifo\Domains;

class TestCookie extends Cookie
{
protected static function setCookie(
string $name,
$value = "",
$expires = 0,
$path = "",
$domain = "",
$secure = false,
$httponly = false,
string $samesite = null
): bool {
if ($value === "") {
unset(self::$cookies[$name]);

return true;
}

self::$cookies[$name] = [
'value' => $value,
'expires' => $expires,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httponly' => $httponly,
'samesite' => $samesite,
];

return true;
}

public static function getCookieParam(string $name, string $param)
{
if (!array_key_exists($name, self::$cookies)) {
throw new InvalidArgumentException("Cookie of name $name is not set.");
}

if (!array_key_exists($param, self::$cookies[$name] ?? [])) {
return null;
}

return self::$cookies[$name][$param];
}

public static function getValue(string $name): string
{
return (string) self::getCookieParam($name, 'value');
}

public static function getExpires(string $name)
{
return self::getCookieParam($name, 'expires');
}

public static function getPath(string $name): string
{
return (string) self::getCookieParam($name, 'path');
}

public static function getDomain(string $name): string
{
return (string) self::getCookieParam($name, 'domain');
}

public static function isSecure(string $name): bool
{
return (bool) self::getCookieParam($name, 'secure');
}

public static function isHttpOnly(string $name): bool
{
return (bool) self::getCookieParam($name, 'httponly');
}

public static function getSameSite(string $name): ?string
{
return self::getCookieParam($name, 'samesite');
}

public static function clearCookies(): void
{
self::$cookies = [];
}
}