/**
* @test
*/
public function it_removes_cookies()
{
$response = new FigCookieTestingResponse();
$response = $response->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('theme', 'light'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('sessionToken', 'ENCRYPTED'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('hello', 'world'));
$response = FigResponseCookies::remove($response, 'sessionToken');
$this->assertEquals('theme=light,hello=world', $response->getHeaderLine('Set-Cookie'));
}
/**
* @test
*/
public function it_encrypts_and_decrypts_cookies()
{
// Simulate a request coming in with several cookies.
$request = (new FigCookieTestingRequest())->withHeader(Cookies::COOKIE_HEADER, 'theme=light; sessionToken=RAPELCGRQ; hello=world');
// "Before" Middleware Example
//
// Get our token from an encrypted cookie value, "decrypt" it, and replace the cookie on the request.
// From here on out, any part of the system that gets our token will be able to see the contents
// in plaintext.
$request = FigRequestCookies::modify($request, 'sessionToken', function (Cookie $cookie) {
return $cookie->withValue(str_rot13($cookie->getValue()));
});
// Even though the sessionToken initially comes in "encrypted", at this point (and any point in
// the future) the sessionToken cookie will be available in plaintext.
$this->assertEquals('theme=light; sessionToken=ENCRYPTED; hello=world', $request->getHeaderLine(Cookies::COOKIE_HEADER));
// Simulate a response going out.
$response = new FigCookieTestingResponse();
// Various parts of the system will add set cookies to the response. In this case, we are
// going to show that the rest of the system interacts with the session token using
// plaintext.
$response = $response->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('theme', 'light'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('sessionToken', 'ENCRYPTED'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('hello', 'world'));
// "After" Middleware Example
//
// Get our token from an unencrypted set cookie value, "encrypt" it, and replace the cook on the response.
// From here on out, any part of the system that gets our token will only be able to see the encrypted
// value.
$response = FigResponseCookies::modify($response, 'sessionToken', function (SetCookie $setCookie) {
return $setCookie->withValue(str_rot13($setCookie->getValue()));
});
// Even though the sessionToken intiially went out "decrypted", at this point (and at any point
// in the future) the sessionToken cookie will remain "encrypted."
$this->assertEquals(['theme=light', 'sessionToken=RAPELCGRQ', 'hello=world'], $response->getHeader(SetCookies::SET_COOKIE_HEADER));
}
public function provideParsesFromSetCookieStringData()
{
return [['someCookie=', SetCookie::create('someCookie')], ['someCookie=someValue', SetCookie::create('someCookie')->withValue('someValue')], ['LSID=DQAAAK%2FEaem_vYg; Path=/accounts; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly', SetCookie::create('LSID')->withValue('DQAAAK/Eaem_vYg')->withPath('/accounts')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withSecure(true)->withHttpOnly(true)], ['HSID=AYQEVn%2F.DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly', SetCookie::create('HSID')->withValue('AYQEVn/.DKrdst')->withDomain('.foo.com')->withPath('/')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withHttpOnly(true)], ['SSID=Ap4P%2F.GTEq; Domain=foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly', SetCookie::create('SSID')->withValue('Ap4P/.GTEq')->withDomain('foo.com')->withPath('/')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires('Tue, 15-Jan-2013 21:47:38 GMT')->withPath('/')->withDomain('.example.com')->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires('Tue, 15-Jan-2013 21:47:38 GMT')->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires(1358286458)->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires(new \DateTime('Tue, 15-Jan-2013 21:47:38 GMT'))->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)]];
}
public function provideGetsSetCookieByNameData()
{
return [[['a=AAA', 'b=BBB', 'c=CCC'], 'b', SetCookie::create('b', 'BBB')], [['a=AAA', 'b=BBB', 'c=CCC', 'LSID=DQAAAK%2FEaem_vYg; Path=/accounts; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly'], 'LSID', SetCookie::create('LSID')->withValue('DQAAAK/Eaem_vYg')->withPath('/accounts')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withSecure(true)->withHttpOnly(true)], [['a=AAA', 'b=BBB', 'c=CCC'], 'LSID', null]];
}
/**
* @test
*/
public function it_creates_long_living_cookies()
{
$setCookie = SetCookie::createRememberedForever('remember_forever');
$fourYearsFromNow = (new \DateTime('+4 years'))->getTimestamp();
$this->assertGreaterThan($fourYearsFromNow, $setCookie->getExpires());
}
