public function testSetCookieCanAppendOtherHeadersInWhenCreatingString()
{
$setCookieHeader = new SetCookie();
$setCookieHeader->setName('myname');
$setCookieHeader->setValue('myvalue');
$setCookieHeader->setExpires('Wed, 13-Jan-2021 22:23:01 GMT');
$setCookieHeader->setDomain('docs.foo.com');
$setCookieHeader->setPath('/accounts');
$setCookieHeader->setSecure(true);
$setCookieHeader->setHttponly(true);
$appendCookie = new SetCookie('othername', 'othervalue');
$headerLine = $setCookieHeader->toStringMultipleHeaders(array($appendCookie));
$target = 'Set-Cookie: myname=myvalue; Expires=Wed, 13-Jan-2021 22:23:01 GMT;' . ' Domain=docs.foo.com; Path=/accounts;' . ' Secure; HttpOnly, othername=othervalue';
$this->assertEquals($target, $headerLine);
}
public function destroy($sessionId)
{
$header = new HeaderSetCookie();
$header->setName(ini_get('session.name') . '_' . $sessionId);
$header->setValue('');
$header->setExpires(time() - 1000000);
$header->setPath('/');
$header->setHttponly(true);
$this->getResponse()->getHeaders()->addHeader($header);
return true;
}
public function testSessionTheftWithRememberMe()
{
$authenticationService = $this->getApplicationServiceLocator()->get('Zend\\Authentication\\AuthenticationService');
//do inital login
$authenticationService->login('toby', 'password1', true);
//get the remember me object
$rememberMeObject = $this->documentManager->getRepository('Zoop\\GatewayModule\\DataModel\\RememberMe')->findOneBy(['username' => 'toby']);
//clear the authentication storage
$authenticationService->getOptions()->getPerSessionStorage()->clear();
//create the remember me request cookie
$series = $rememberMeObject->getSeries();
$token = 'wrong token';
$requestCookie = new SetCookie();
$requestCookie->setName('rememberMe');
$requestCookie->setValue("{$series}\n{$token}\ntoby");
$requestCookie->setExpires(time() + 3600);
$accept = new Accept();
$accept->addMediaType('application/json');
$this->getRequest()->setMethod(Request::METHOD_GET)->getHeaders()->addHeaders([$accept, $requestCookie]);
$this->dispatch('/rest/authenticatedUser');
$response = $this->getResponse();
$result = json_decode($response->getContent(), true);
$this->assertResponseStatusCode(204);
$this->assertFalse(isset($result));
$responseCookie = $response->getHeaders()->get('SetCookie')[0];
$this->assertEquals('rememberMe', $responseCookie->getName());
$this->assertEquals('', $responseCookie->getValue());
}
public function setCookie($key = "", $value = "", $time = 86400)
{
$header = new \Zend\Http\Header\SetCookie();
$header->setName($key);
$header->setValue($value);
$header->setDomain($_SERVER['HTTP_HOST']);
$header->setPath('/');
$header->setExpires(time() + $time);
$this->getResponse()->getHeaders()->addHeader($header);
}
public function testSetCookieSetExpiresWithUnixEpochString()
{
$setCookieHeader = new SetCookie('myname', 'myvalue', 'Thu, 01-Jan-1970 00:00:00 GMT');
$this->assertSame('Thu, 01-Jan-1970 00:00:00 GMT', $setCookieHeader->getExpires());
$this->assertSame(0, $setCookieHeader->getExpires(true));
$setCookieHeader = new SetCookie('myname', 'myvalue', 1);
$this->assertSame('Thu, 01-Jan-1970 00:00:01 GMT', $setCookieHeader->getExpires());
$setCookieHeader->setExpires('Thu, 01-Jan-1970 00:00:00 GMT');
$this->assertSame('Thu, 01-Jan-1970 00:00:00 GMT', $setCookieHeader->getExpires());
$this->assertSame(0, $setCookieHeader->getExpires(true));
$target = 'myname=myvalue; Expires=Thu, 01-Jan-1970 00:00:00 GMT';
$this->assertSame($target, $setCookieHeader->getFieldValue());
}
