/** * @test */ public function it_removes_cookies() { $response = new FigCookieTestingResponse(); $response = $response->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('theme', 'light'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('sessionToken', 'ENCRYPTED'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('hello', 'world')); $response = FigResponseCookies::remove($response, 'sessionToken'); $this->assertEquals('theme=light,hello=world', $response->getHeaderLine('Set-Cookie')); }
/** * @test */ public function it_encrypts_and_decrypts_cookies() { // Simulate a request coming in with several cookies. $request = (new FigCookieTestingRequest())->withHeader(Cookies::COOKIE_HEADER, 'theme=light; sessionToken=RAPELCGRQ; hello=world'); // "Before" Middleware Example // // Get our token from an encrypted cookie value, "decrypt" it, and replace the cookie on the request. // From here on out, any part of the system that gets our token will be able to see the contents // in plaintext. $request = FigRequestCookies::modify($request, 'sessionToken', function (Cookie $cookie) { return $cookie->withValue(str_rot13($cookie->getValue())); }); // Even though the sessionToken initially comes in "encrypted", at this point (and any point in // the future) the sessionToken cookie will be available in plaintext. $this->assertEquals('theme=light; sessionToken=ENCRYPTED; hello=world', $request->getHeaderLine(Cookies::COOKIE_HEADER)); // Simulate a response going out. $response = new FigCookieTestingResponse(); // Various parts of the system will add set cookies to the response. In this case, we are // going to show that the rest of the system interacts with the session token using // plaintext. $response = $response->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('theme', 'light'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('sessionToken', 'ENCRYPTED'))->withAddedHeader(SetCookies::SET_COOKIE_HEADER, SetCookie::create('hello', 'world')); // "After" Middleware Example // // Get our token from an unencrypted set cookie value, "encrypt" it, and replace the cook on the response. // From here on out, any part of the system that gets our token will only be able to see the encrypted // value. $response = FigResponseCookies::modify($response, 'sessionToken', function (SetCookie $setCookie) { return $setCookie->withValue(str_rot13($setCookie->getValue())); }); // Even though the sessionToken intiially went out "decrypted", at this point (and at any point // in the future) the sessionToken cookie will remain "encrypted." $this->assertEquals(['theme=light', 'sessionToken=RAPELCGRQ', 'hello=world'], $response->getHeader(SetCookies::SET_COOKIE_HEADER)); }
public function provideParsesFromSetCookieStringData() { return [['someCookie=', SetCookie::create('someCookie')], ['someCookie=someValue', SetCookie::create('someCookie')->withValue('someValue')], ['LSID=DQAAAK%2FEaem_vYg; Path=/accounts; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly', SetCookie::create('LSID')->withValue('DQAAAK/Eaem_vYg')->withPath('/accounts')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withSecure(true)->withHttpOnly(true)], ['HSID=AYQEVn%2F.DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly', SetCookie::create('HSID')->withValue('AYQEVn/.DKrdst')->withDomain('.foo.com')->withPath('/')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withHttpOnly(true)], ['SSID=Ap4P%2F.GTEq; Domain=foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly', SetCookie::create('SSID')->withValue('Ap4P/.GTEq')->withDomain('foo.com')->withPath('/')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires('Tue, 15-Jan-2013 21:47:38 GMT')->withPath('/')->withDomain('.example.com')->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires('Tue, 15-Jan-2013 21:47:38 GMT')->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires(1358286458)->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)], ['lu=Rg3vHJZnehYLjVg7qi3bZjzg; Domain=.example.com; Path=/; Expires=Tue, 15 Jan 2013 21:47:38 GMT; Max-Age=500; Secure; HttpOnly', SetCookie::create('lu')->withValue('Rg3vHJZnehYLjVg7qi3bZjzg')->withExpires(new \DateTime('Tue, 15-Jan-2013 21:47:38 GMT'))->withMaxAge(500)->withPath('/')->withDomain('.example.com')->withSecure(true)->withHttpOnly(true)]]; }
public function provideGetsSetCookieByNameData() { return [[['a=AAA', 'b=BBB', 'c=CCC'], 'b', SetCookie::create('b', 'BBB')], [['a=AAA', 'b=BBB', 'c=CCC', 'LSID=DQAAAK%2FEaem_vYg; Path=/accounts; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly'], 'LSID', SetCookie::create('LSID')->withValue('DQAAAK/Eaem_vYg')->withPath('/accounts')->withExpires('Wed, 13 Jan 2021 22:23:01 GMT')->withSecure(true)->withHttpOnly(true)], [['a=AAA', 'b=BBB', 'c=CCC'], 'LSID', null]]; }
/** * @test */ public function it_creates_long_living_cookies() { $setCookie = SetCookie::createRememberedForever('remember_forever'); $fourYearsFromNow = (new \DateTime('+4 years'))->getTimestamp(); $this->assertGreaterThan($fourYearsFromNow, $setCookie->getExpires()); }