/**
* @param Request $request
* @return JsonResponse|EmptyResponse
*/
public function handle(Request $request)
{
$actor = $request->getAttribute('actor');
$Referer = $request->getHeader('Referer');
$params = array_only($request->getParsedBody(), ['identification', 'password']);
$response = $this->apiClient->send(TokenController::class, $actor, [], $params);
if ($response->getStatusCode() === 200) {
$data = json_decode($response->getBody());
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $data->userId);
$token = AccessToken::find($data->token);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $token));
$response = FigResponseCookies::set($response, SetCookie::create("lastLoginName")->withValue($request->getParsedBody()['identification'])->withPath('/'));
$response = $this->rememberer->remember($response, $token);
} elseif ($response->getStatusCode() === 401) {
$responseNew = $this->apiClient->send(PingxxTokenController::class, $actor, [], $params);
if ($responseNew->getStatusCode() === 200) {
$data = json_decode($responseNew->getBody());
$session = $request->getAttribute('session');
$this->authenticator->logIn($session, $data->userId);
$token = AccessToken::find($data->token);
event(new UserLoggedIn($this->users->findOrFail($data->userId), $token));
$responseNew = FigResponseCookies::set($responseNew, SetCookie::create("lastLoginName")->withValue($request->getParsedBody()['identification'])->withPath('/')->withDomain('dashboard.pingxx.com'));
$responseNew = $this->rememberer->remember($responseNew, $token);
return $responseNew;
} else {
return $response;
}
}
return $response;
}
/**
* {@inheritdoc}
*/
public function set(ServerRequestInterface $request, ResponseInterface $response, $name, $value, array $settings = [])
{
// ---------------------------------------------------
// Request cookies
// ---------------------------------------------------
$cookies = Cookies::fromRequest($request);
if ($cookies->has($name)) {
$cookie = $cookies->get($name)->withValue($value);
} else {
$cookie = Cookie::create($name, $value);
}
$request = $cookies->with($cookie)->renderIntoCookieHeader($request);
// ---------------------------------------------------
// Response cookies
// ---------------------------------------------------
$domain = isset($settings['domain']) ? (string) $settings['domain'] : '';
$path = isset($settings['path']) ? (string) $settings['path'] : '/';
$ttl = isset($settings['ttl']) ? $settings['ttl'] : 0;
$expires = isset($settings['expires']) ? $settings['expires'] : time() + $ttl;
$secure = isset($settings['secure']) && $settings['secure'];
$http_only = isset($settings['http_only']) && $settings['http_only'];
$set_cookies = SetCookies::fromResponse($response);
if ($set_cookies->has($name)) {
$set_cookie = $set_cookies->get($name)->withValue($value);
} else {
$set_cookie = SetCookie::create($name, $value);
}
$set_cookie = $set_cookie->withDomain($domain)->withPath($path)->withSecure($secure)->withExpires(date(DATE_COOKIE, $expires))->withHttpOnly($http_only);
$response = $set_cookies->with($set_cookie)->renderIntoSetCookieHeader($response);
return [$request, $response];
}
/**
* @return SetCookie
*/
private function getExpirationCookie() : SetCookie
{
$currentTimeProvider = $this->currentTimeProvider;
$expirationDate = $currentTimeProvider();
$expirationDate = $expirationDate->modify('-30 days');
return $this->defaultCookie->withValue(null)->withExpires($expirationDate->getTimestamp());
}
public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
{
$config = $container->has('config') ? $container->get('config') : [];
$debug = array_key_exists('debug', $config) ? (bool) $config['debug'] : false;
$options = $config['session']['psr7'];
return new SessionMiddleware(new Sha256(), $options['signature_key'], $options['verification_key'], SetCookie::create($options['cookie_name'])->withSecure($options['cookie_secure'])->withHttpOnly(true), new Parser(), $options['expiration_time']);
}
/**
* @param ResponseInterface $response
* @param string $name
* @param callable $modify
*
* @return ResponseInterface
*/
public static function modify(ResponseInterface $response, $name, $modify)
{
if (!is_callable($modify)) {
throw new InvalidArgumentException('$modify must be callable.');
}
$setCookies = SetCookies::fromResponse($response);
$setCookie = $modify($setCookies->has($name) ? $setCookies->get($name) : SetCookie::create($name));
return $setCookies->with($setCookie)->renderIntoSetCookieHeader($response);
}
/**
* {@inheritdoc}
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response)
{
$cookieName = 'cookie-test';
$cookie = FigRequestCookies::get($request, $cookieName);
$cookie = $cookie->getValue() ?: 'Not Found';
$cookieTest = "\nCookie test: {$cookie}";
$contents = str_replace('{cookie}', $cookieTest, self::HTML);
$response->getBody()->write($contents);
$responseCookie = SetCookie::create($cookieName, 'testing-' . \random_int(100, 200));
return FigResponseCookies::set($response, $responseCookie);
}
/**
* @param $name
* @param mixed $value
* @param $domain
* @param $expires
* @param $httpOnly
* @param $maxAge
* @param $path
* @param $secure
*/
public function setResponseCookie($name, $value, $domain = null, $expires = null, $httpOnly = null, $maxAge = null, $path = null, $secure = null)
{
if (!$value instanceof SetCookie) {
if (is_string($value)) {
$value = SetCookie::create($name, $value);
} elseif (count($args = func_get_args()) > 2) {
$value = SetCookie::create($name, $value);
if (isset($domain)) {
$value = $value->withDomain($domain);
}
if (isset($expires)) {
$value = $value->withExpires($expires);
}
if (isset($httpOnly)) {
$value = $value->withHttpOnly($httpOnly);
}
if (isset($maxAge)) {
$value = $value->withMaxAge($maxAge);
}
if (isset($path)) {
$value = $value->withPath($path);
}
if (isset($secure)) {
$value = $value->withSecure($secure);
}
} elseif (is_array($value)) {
$arr = $value;
$value = SetCookie::create($name, $arr['value']);
if (isset($arr['domain'])) {
$value = $value->withDomain($arr['domain']);
}
if (isset($arr['expires'])) {
$value = $value->withExpires($arr['expires']);
}
if (isset($arr['httpOnly'])) {
$value = $value->withHttpOnly($arr['httpOnly']);
}
if (isset($arr['maxAge'])) {
$value = $value->withMaxAge($arr['maxAge']);
}
if (isset($arr['path'])) {
$value = $value->withPath($arr['path']);
}
if (isset($arr['secure'])) {
$value = $value->withSecure($arr['secure']);
}
}
}
$this->responseCookies = $this->responseCookies->with($value);
}
public function persist(Session $session, ResponseInterface $response = null, $overwriteExistingCookie = false)
{
if (is_null($response)) {
throw new InvalidArgumentException('You must pass an instance of ResponseInterface.');
}
$setCookies = SetCookies::fromResponse($response);
//Cookie already set in response by a preceding middleware
if (!$overwriteExistingCookie && $setCookies->has($this->config['cookie_name'])) {
return $response;
}
$setCookie = SetCookie::create($this->config['cookie_name'])->withPath($this->config['cookie_path'])->withDomain($this->config['cookie_domain'])->withSecure($this->config['cookie_secure'])->withHttpOnly($this->config['cookie_httponly']);
if ($session->wasDestroyed()) {
$setCookie = $setCookie->withValue('')->withExpires(1);
} else {
$setCookie = $setCookie->withValue($session->getSessionId())->withExpires($this->config['cookie_lifetime'] == 0 ? 0 : time() + $this->config['cookie_lifetime']);
}
return $setCookies->with($setCookie)->renderIntoSetCookieHeader($response);
}
/**
* {@inheritdoc}
*/
public function handle(ServerRequestInterface $request)
{
$body = $request->getParsedBody();
$identification = array_get($body, 'identification');
$password = array_get($body, 'password');
$lifetime = array_get($body, 'lifetime', 3600);
$data = 'email=' . $identification . '&password='******'https://dashboard.pingxx.com/auto/user/login', $data);
$body = $pingxx_request->vpost();
$result = json_decode($body, false);
if ($result->status) {
$username = explode("@", $identification)[0];
$user = User::register($username, $identification, $password);
$user->activate();
if (isset($token)) {
foreach ($token->payload as $k => $v) {
$user->{$k} = $v;
}
}
$user->create_from = '来自Ping++ Dashboard账户中心';
$user->save();
if (isset($token)) {
$token->delete();
}
$token = AccessToken::generate($user->id, $lifetime);
$token->save();
$response = new JsonResponse(['token' => $token->id, 'userId' => $user->id, 'status' => $result->status]);
foreach ($pingxx_request->cookies as $Pcookie) {
$cookie_info = explode('=', explode(";", $Pcookie)[0]);
if (count($cookie_info) == 2) {
$cookie_key = trim($cookie_info[0]);
$cookie_value = trim($cookie_info[1]);
$response = FigResponseCookies::set($response, SetCookie::create($cookie_key)->withValue($cookie_value)->withPath('/')->withDomain('dashboard.pingxx.com'));
}
}
return $response;
} else {
throw new PermissionDeniedException($result->data->message);
}
}
/**
* Expire a cookie in the response.
*
* Do not worry about duplicated cookies, they will be deduped when the
* response is rendered by "EncryptedCookieMiddleware".
*
* @param ResponseInterface $response
* @param string $name
*
* @return ResponseInterface
*/
public function expireCookie(ResponseInterface $response, $name)
{
$cookie = SetCookie::createExpired($name)->withMaxAge($this->configuration['maxAge'])->withPath($this->configuration['path'])->withDomain($this->configuration['domain'])->withSecure($this->configuration['secure'])->withHttpOnly($this->configuration['httpOnly']);
return $response->withAddedHeader(static::RESPONSE_COOKIE_NAME, $cookie);
}
/**
* Create SetCookies from a Response.
*
* @param ResponseInterface $response
* @return SetCookies
*/
public static function fromResponse(ResponseInterface $response)
{
return new static(array_map(function ($setCookieString) {
return SetCookie::fromSetCookieString($setCookieString);
}, $response->getHeader(static::SET_COOKIE_HEADER)));
}
protected function withForgetCookie(ResponseInterface $response)
{
// Delete the cookie by setting it to an expiration date in the past
return FigResponseCookies::set($response, SetCookie::create('flarum_remember')->withMaxAge(-2628000)->withPath('/')->withHttpOnly(true));
}
private function createCookie()
{
return SetCookie::create($this->cookieName)->withPath('/')->withHttpOnly(true);
}
private function withSessionCookie(Response $response, SessionInterface $session)
{
return FigResponseCookies::set($response, SetCookie::create($session->getName(), $session->getId())->withPath('/')->withHttpOnly(true));
}
/**
* Adds a CSRF cookie to given PSR-7 Response instance.
*
* @param ResponseInterface $response Response instance with CSRF cookie.
*/
public function setResposneCookie(ResponseInterface $response)
{
$dateTime = new \DateTime("now");
$dateTime->add(new \DateInterval("P1D"));
return FigResponseCookies::set($response, SetCookie::create('csrf')->withValue($this->csrfToken)->withExpires($dateTime->format(\DateTime::COOKIE))->withPath('/'));
}
public function testCookiesSetInApplication()
{
$this->encryption->shouldReceive('encrypt')->with('12345')->andReturn('12345_encrypted');
$this->encryption->shouldReceive('encrypt')->with('vwxyz')->andReturn('vwxyz_encrypted');
$appMiddleware = function ($req, $res) {
return $res->withAddedHeader('Set-Cookie', 'cookietest1=abcde')->withAddedHeader('Set-Cookie', SetCookie::create('cookietest2', '12345'))->withAddedHeader('Set-Cookie', new \stdClass())->withAddedHeader('Set-Cookie', SetCookie::create('cookietest4', new OpaqueProperty('vwxyz')));
};
$mw = new EncryptedCookiesMiddleware($this->encryption, ['cookietest1'], false);
$response = $mw($this->request, $this->response, $appMiddleware);
$resCookie = $response->getHeaderLine('Set-Cookie');
$this->assertSame('cookietest1=abcde,cookietest2=12345_encrypted,cookietest4=vwxyz_encrypted', $resCookie);
}
/**
* @return SessionMiddleware[][]
*/
public function validMiddlewaresProvider()
{
return [[new SessionMiddleware(new Sha256(), 'foo', 'foo', SetCookie::create(SessionMiddleware::DEFAULT_COOKIE), new Parser(), 100)], [SessionMiddleware::fromSymmetricKeyDefaults('not relevant', 100)], [SessionMiddleware::fromAsymmetricKeyDefaults(file_get_contents(__DIR__ . '/../../keys/private_key.pem'), file_get_contents(__DIR__ . '/../../keys/public_key.pem'), 200)]];
}
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* This software consists of voluntary contributions made by many individuals
* and is licensed under the MIT license.
*/
declare (strict_types=1);
use Dflydev\FigCookies\SetCookie;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Psr\Http\Message\ServerRequestInterface;
use Zend\Diactoros\Response;
use PSR7Session\Http\SessionMiddleware;
use Psr\Http\Message\ResponseInterface;
use Zend\Diactoros\Response\SapiEmitter;
use Zend\Diactoros\ServerRequestFactory;
require_once __DIR__ . '/../vendor/autoload.php';
// the example uses a symmetric key, but asymmetric keys can also be used.
// $privateKey = new Key('file://private_key.pem');
// $publicKey = new Key('file://public_key.pem');
// simply run `php -S localhost:8888 index.php`
// then point your browser at `http://localhost:8888/`
$sessionMiddleware = new SessionMiddleware(new Sha256(), 'a very complex symmetric key', 'a very complex symmetric key', SetCookie::create('an-example-cookie-name')->withSecure(false)->withHttpOnly(true), new Parser(), 1200);
$myMiddleware = function (ServerRequestInterface $request, ResponseInterface $response) : ResponseInterface {
/* @var \PSR7Session\Session\SessionInterface $session */
$session = $request->getAttribute(SessionMiddleware::SESSION_ATTRIBUTE);
$session->set('counter', $session->get('counter', 0) + 1);
$response->getBody()->write('Counter Value: ' . $session->get('counter'));
return $response;
};
(new SapiEmitter())->emit($sessionMiddleware(ServerRequestFactory::fromGlobals(), new Response(), $myMiddleware));
/**
* Authorizes given Student entity.
*
* This method authorizes user using cookies. In details, it adds an
* authorization cookie to the given response instance. Authorization
* cookie contains an authorization token, which is unique for every student
* entity.
*
* This method throws an InvalidArgumentException if given student entity does
* not have an authorization token. You can use createAuthToken() method to generate
* an auth token for a student entity.
*
* @param Student $student Student to authorize
* @param ResponseInterface $response Response instance for authorization cookie.
*
* @throws \InvalidArgumentException If given Student instance does not have an
* authorization token.
*
* @return \Psr\Http\Message\ResponseInterface Response instance with authorization cookie.
*/
public function authorizeUser(Student $student, ResponseInterface $response)
{
if (empty($student->getToken())) {
throw new \InvalidArgumentException('Student must have an authorization' . ' token in order to complete authorization.');
}
$dateTime = new \DateTime("now");
$dateTime->add(new \DateInterval("P90D"));
return FigResponseCookies::set($response, SetCookie::create('authorization')->withValue($student->getToken())->withExpires($dateTime->format(\DateTime::COOKIE))->withPath('/'));
}
/**
* @param ResponseInterface $response
* @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
* @return ResponseInterface
*/
protected function addCookieToResponse(ResponseInterface $response, $session)
{
$s = $session;
if ($this->sessionIsPersistent($c = $this->manager->getSessionConfig())) {
$secure = array_get($c, 'secure', false);
$setCookie = SetCookie::create($s->getName())->withValue($s->getId())->withExpires($this->getCookieLifetime())->withDomain($c['domain'])->withPath($c['path'])->withHttpOnly(true)->withSecure($secure);
$response = FigResponseCookies::set($response, $setCookie);
}
return $response;
}
/**
* @return SetCookie
*/
private function getExpirationCookie() : SetCookie
{
return $this->defaultCookie->withValue(null)->withExpires((new \DateTime('-30 day'))->getTimestamp());
}
/**
* Parse all cookies set on the response
*
* - If string - leave alone (this is expected to be a fully rendered cookie string with expiry, etc)
* - If instance of "SetCookie" - stringify
* - If instance of "SetCookie" and OpaqueProperty - stringify
*
* Cookies that are "SetCookie" will be encrypted if possible, or not if configured to not encrypt.
*
* Cookies will be automatically deduped.
*
* @param SetCookie[]|string[] $reqCookies
*
* @return string[]
*/
private function encryptAndRenderCookies($resCookies)
{
$renderable = [];
foreach ($resCookies as $cookie) {
if (is_string($cookie)) {
$cookie = SetCookie::fromSetCookieString($cookie);
}
if ($cookie instanceof SetCookie) {
$val = $cookie->getValue();
if ($val instanceof OpaqueProperty) {
$val = $val->getValue();
}
if (!in_array($cookie->getName(), $this->unencryptedCookies)) {
$val = $this->encryption->encrypt($val);
}
$renderable[$cookie->getName()] = (string) $cookie->withValue($val);
}
}
return $renderable;
}
