/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
if (session_status() === PHP_SESSION_DISABLED) {
throw new RuntimeException('PHP sessions are disabled');
}
if (session_status() === PHP_SESSION_ACTIVE) {
throw new RuntimeException('Failed to start the session: already started by PHP.');
}
//Session name
$name = $this->name ?: session_name();
session_name($name);
//Session id
$id = $this->id;
if (empty($id)) {
$cookie = Cookies::fromRequest($request)->get($name);
if ($cookie) {
$id = $cookie->getValue();
}
}
if (!empty($id)) {
session_id($id);
}
session_start();
$response = $next($request, $response);
if (session_status() === PHP_SESSION_ACTIVE && session_name() === $name) {
session_write_close();
}
return $response;
}
public function retrieve(RequestInterface $request = null)
{
if (is_null($request)) {
throw new InvalidArgumentException('You must pass an instance of RequestInterface.');
}
$cookies = Cookies::fromRequest($request);
$sessionId = $cookies->get($this->config['cookie_name']);
$isNew = false;
if (is_null($sessionId)) {
$sessionId = call_user_func_array($this->config['hash_callback'], [$request]);
$isNew = true;
} else {
if ($sessionId instanceof \Dflydev\FigCookies\Cookie) {
$sessionId = $sessionId->getValue();
}
}
$session = new Session($this->config['handler'], $sessionId, $this->config['expire_time'], $this->config['gc_probability'], $this->config['flashdata']);
if ($this->validateSession($session, $request, $isNew)) {
$now = time();
$meta = $session->get($this->config['metadata'], []);
if ($meta['last_regenerated_time'] + $this->config['regenerate_time'] < $now) {
$session = $session->withSessionId($this->newSessionId($request), true, true);
$meta['last_regenerated_time'] = $now;
}
} else {
//The session was tempered with or has expired, change sessionId and create anew
$session = $session->withSessionId($this->newSessionId($request), false, true);
$meta = [];
}
$session->set($this->config['metadata'], $this->getUpdatedMetadata($meta, $request));
return $session;
}
protected function getRequestWithCookie()
{
$this->id = uniqid('laasti.sessions', true);
$request = new ServerRequest();
$cookies = Cookies::fromRequest($request);
$cookies = $cookies->with(new Cookie(HttpMessageCookiePersister::DEFAULT_COOKIE_NAME, $this->id));
return $cookies->renderIntoCookieHeader($request);
}
public function testGetObscuredCookie()
{
$cookies = Cookies::fromCookieString('testcookie1=abcde;testcookie2=12345')->with(Cookie::create('testcookie3', new OpaqueProperty('vwxyz')));
$request = $this->request->withAttribute('request_cookies', $cookies);
$handler = new CookieHandler();
$cookie = $handler->getCookie($request, 'testcookie3');
$this->assertSame('vwxyz', $cookie);
}
/**
* Add cookies to the request.
*
* @param array $cookies
*/
private function setCookies(array $cookies)
{
$cookie_jar = FigCookies::fromRequest($this->request);
foreach ($cookies as $k => $v) {
$cookie_jar = $cookie_jar->with(new FigCookie($k, $v));
}
$this->request = $cookie_jar->renderIntoCookieHeader($this->request);
}
/**
* Test cookie value encryption.
*/
public function testCookieValueEncryption()
{
$cookies = (new Cookies())->encryptor(new Encryptor('770A8A65DA156D24EE2A093277530142'));
list($this->request, $this->response) = $cookies->set($this->request, $this->response, 'encrypted_var', 'value to encrypt');
$raw_value = FigCookies::fromRequest($this->request)->get('encrypted_var')->getValue();
$this->assertNotEmpty($raw_value);
$this->assertNotEquals('value to encrypt', $raw_value);
$set_cookie_header = $this->response->getHeaderLine('Set-Cookie');
$this->assertNotEmpty($set_cookie_header);
$this->assertContains('encrypted_var', $set_cookie_header);
$this->assertNotContains('value to encrypt', $set_cookie_header);
$this->assertEquals('value to encrypt', $cookies->get($this->request, 'encrypted_var'));
}
/**
* {@inheritdoc}
*/
public function remove(ServerRequestInterface $request, ResponseInterface $response, $name)
{
list($request, $response) = $this->set($request, $response, $name, '', ['ttl' => -172800]);
$request = Cookies::fromRequest($request)->without($name)->renderIntoCookieHeader($request);
return [$request, $response];
}
/**
* @param Cookies $reqCookies
*
* @return array
*/
private function decryptCookies(Cookies $reqCookies)
{
$resCookies = [];
foreach ($reqCookies->getAll() as $cookie) {
$name = $cookie->getName();
if (in_array($name, $this->unencryptedCookies)) {
continue;
}
$decrypted = $this->encryption->decrypt($cookie->getValue());
if (is_string($decrypted)) {
$reqCookies = $reqCookies->with($cookie->withValue(new OpaqueProperty($decrypted)));
} else {
$reqCookies = $reqCookies->without($name);
if ($this->deleteInvalid) {
$resCookies[] = SetCookie::createExpired($name);
}
}
}
return [$reqCookies, $resCookies];
}
/**
* @param RequestInterface $request
* @param string $name
*
* @return RequestInterface
*/
public static function remove(RequestInterface $request, $name)
{
return Cookies::fromRequest($request)->without($name)->renderIntoCookieHeader($request);
}
protected function main()
{
$this->attachToRequest();
$this->requestCookies = Cookies::fromRequest($this->request);
$this->responseCookies = new SetCookies();
$this->response = $this->next();
$cookies = SetCookies::fromResponse($this->response);
foreach ($this->responseCookies->getAll() as $setCookie) {
$cookies = $cookies->with($setCookie);
}
return $cookies->renderIntoSetCookieHeader($this->response);
}
