summaryrefslogtreecommitdiff
path: root/php-src/tests/http
diff options
context:
space:
mode:
Diffstat (limited to 'php-src/tests/http')
-rw-r--r--php-src/tests/http/cookie.php334
1 files changed, 334 insertions, 0 deletions
diff --git a/php-src/tests/http/cookie.php b/php-src/tests/http/cookie.php
new file mode 100644
index 00000000..196ceee2
--- /dev/null
+++ b/php-src/tests/http/cookie.php
@@ -0,0 +1,334 @@
+<?php
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+function handleRequest(ServerRequestInterface $req, ResponseInterface $resp): ResponseInterface
+{
+ $resp->getBody()->write(strtoupper($req->getCookieParams()['input']));
+
+ return $resp->withAddedHeader(
+ "Set-Cookie",
+ (new Cookie('output', 'cookie-output'))->createHeader()
+ );
+}
+
+final class Cookie
+{
+ /**
+ * The name of the cookie.
+ *
+ * @var string
+ */
+ private $name = '';
+ /**
+ * The value of the cookie. This value is stored on the clients computer; do not store sensitive
+ * information.
+ *
+ * @var string|null
+ */
+ private $value = null;
+ /**
+ * Cookie lifetime. This value specified in seconds and declares period of time in which cookie
+ * will expire relatively to current time() value.
+ *
+ * @var int|null
+ */
+ private $lifetime = null;
+ /**
+ * The path on the server in which the cookie will be available on.
+ *
+ * If set to '/', the cookie will be available within the entire domain. If set to '/foo/',
+ * the cookie will only be available within the /foo/ directory and all sub-directories such as
+ * /foo/bar/ of domain. The default value is the current directory that the cookie is being set
+ * in.
+ *
+ * @var string|null
+ */
+ private $path = null;
+ /**
+ * The domain that the cookie is available. To make the cookie available on all subdomains of
+ * example.com then you'd set it to '.example.com'. The . is not required but makes it
+ * compatible with more browsers. Setting it to www.example.com will make the cookie only
+ * available in the www subdomain. Refer to tail matching in the spec for details.
+ *
+ * @var string|null
+ */
+ private $domain = null;
+ /**
+ * Indicates that the cookie should only be transmitted over a secure HTTPS connection from the
+ * client. When set to true, the cookie will only be set if a secure connection exists.
+ * On the server-side, it's on the programmer to send this kind of cookie only on secure
+ * connection
+ * (e.g. with respect to $_SERVER["HTTPS"]).
+ *
+ * @var bool|null
+ */
+ private $secure = null;
+ /**
+ * When true the cookie will be made accessible only through the HTTP protocol. This means that
+ * the cookie won't be accessible by scripting languages, such as JavaScript. This setting can
+ * effectively help to reduce identity theft through XSS attacks (although it is not supported
+ * by all browsers).
+ *
+ * @var bool
+ */
+ private $httpOnly = true;
+
+ /**
+ * New Cookie instance, cookies used to schedule cookie set while dispatching Response.
+ *
+ * @link http://php.net/manual/en/function.setcookie.php
+ *
+ * @param string $name The name of the cookie.
+ * @param string $value The value of the cookie. This value is stored on the clients
+ * computer; do not store sensitive information.
+ * @param int $lifetime Cookie lifetime. This value specified in seconds and declares period
+ * of time in which cookie will expire relatively to current time()
+ * value.
+ * @param string $path The path on the server in which the cookie will be available on.
+ * If set to '/', the cookie will be available within the entire
+ * domain.
+ * If set to '/foo/', the cookie will only be available within the
+ * /foo/
+ * directory and all sub-directories such as /foo/bar/ of domain. The
+ * default value is the current directory that the cookie is being set
+ * in.
+ * @param string $domain The domain that the cookie is available. To make the cookie
+ * available
+ * on all subdomains of example.com then you'd set it to
+ * '.example.com'.
+ * The . is not required but makes it compatible with more browsers.
+ * Setting it to www.example.com will make the cookie only available in
+ * the www subdomain. Refer to tail matching in the spec for details.
+ * @param bool $secure Indicates that the cookie should only be transmitted over a secure
+ * HTTPS connection from the client. When set to true, the cookie will
+ * only be set if a secure connection exists. On the server-side, it's
+ * on the programmer to send this kind of cookie only on secure
+ * connection (e.g. with respect to $_SERVER["HTTPS"]).
+ * @param bool $httpOnly When true the cookie will be made accessible only through the HTTP
+ * protocol. This means that the cookie won't be accessible by
+ * scripting
+ * languages, such as JavaScript. This setting can effectively help to
+ * reduce identity theft through XSS attacks (although it is not
+ * supported by all browsers).
+ */
+ public function __construct(
+ string $name,
+ string $value = null,
+ int $lifetime = null,
+ string $path = null,
+ string $domain = null,
+ bool $secure = false,
+ bool $httpOnly = true
+ ) {
+ $this->name = $name;
+ $this->value = $value;
+ $this->lifetime = $lifetime;
+ $this->path = $path;
+ $this->domain = $domain;
+ $this->secure = $secure;
+ $this->httpOnly = $httpOnly;
+ }
+
+ /**
+ * The name of the cookie.
+ *
+ * @return string
+ */
+ public function getName(): string
+ {
+ return $this->name;
+ }
+
+ /**
+ * The value of the cookie. This value is stored on the clients computer; do not store sensitive
+ * information.
+ *
+ * @return string|null
+ */
+ public function getValue()
+ {
+ return $this->value;
+ }
+
+ /**
+ * The time the cookie expires. This is a Unix timestamp so is in number of seconds since the
+ * epoch. In other words, you'll most likely set this with the time function plus the number of
+ * seconds before you want it to expire. Or you might use mktime.
+ *
+ * Will return null if lifetime is not specified.
+ *
+ * @return int|null
+ */
+ public function getExpires()
+ {
+ if ($this->lifetime === null) {
+ return null;
+ }
+
+ return time() + $this->lifetime;
+ }
+
+ /**
+ * The path on the server in which the cookie will be available on.
+ *
+ * If set to '/', the cookie will be available within the entire domain. If set to '/foo/',
+ * the cookie will only be available within the /foo/ directory and all sub-directories such as
+ * /foo/bar/ of domain. The default value is the current directory that the cookie is being set
+ * in.
+ *
+ * @return string|null
+ */
+ public function getPath()
+ {
+ return $this->path;
+ }
+
+ /**
+ * The domain that the cookie is available. To make the cookie available on all subdomains of
+ * example.com then you'd set it to '.example.com'. The . is not required but makes it
+ * compatible with more browsers. Setting it to www.example.com will make the cookie only
+ * available in the www subdomain. Refer to tail matching in the spec for details.
+ *
+ * @return string|null
+ */
+ public function getDomain()
+ {
+ return $this->domain;
+ }
+
+ /**
+ * Indicates that the cookie should only be transmitted over a secure HTTPS connection from the
+ * client. When set to true, the cookie will only be set if a secure connection exists.
+ * On the server-side, it's on the programmer to send this kind of cookie only on secure
+ * connection
+ * (e.g. with respect to $_SERVER["HTTPS"]).
+ *
+ * @return bool
+ */
+ public function isSecure(): bool
+ {
+ return $this->secure;
+ }
+
+ /**
+ * When true the cookie will be made accessible only through the HTTP protocol. This means that
+ * the cookie won't be accessible by scripting languages, such as JavaScript. This setting can
+ * effectively help to reduce identity theft through XSS attacks (although it is not supported
+ * by all browsers).
+ *
+ * @return bool
+ */
+ public function isHttpOnly(): bool
+ {
+ return $this->httpOnly;
+ }
+
+ /**
+ * Get new cookie with altered value. Original cookie object should not be changed.
+ *
+ * @param string $value
+ *
+ * @return Cookie
+ */
+ public function withValue(string $value): self
+ {
+ $cookie = clone $this;
+ $cookie->value = $value;
+
+ return $cookie;
+ }
+
+ /**
+ * Convert cookie instance to string.
+ *
+ * @link http://www.w3.org/Protocols/rfc2109/rfc2109
+ * @return string
+ */
+ public function createHeader(): string
+ {
+ $header = [
+ rawurlencode($this->name) . '=' . rawurlencode($this->value)
+ ];
+ if ($this->lifetime !== null) {
+ $header[] = 'Expires=' . gmdate(\DateTime::COOKIE, $this->getExpires());
+ $header[] = 'Max-Age=' . $this->lifetime;
+ }
+ if (!empty($this->path)) {
+ $header[] = 'Path=' . $this->path;
+ }
+ if (!empty($this->domain)) {
+ $header[] = 'Domain=' . $this->domain;
+ }
+ if ($this->secure) {
+ $header[] = 'Secure';
+ }
+ if ($this->httpOnly) {
+ $header[] = 'HttpOnly';
+ }
+
+ return join('; ', $header);
+ }
+
+ /**
+ * New Cookie instance, cookies used to schedule cookie set while dispatching Response.
+ * Static constructor.
+ *
+ * @link http://php.net/manual/en/function.setcookie.php
+ *
+ * @param string $name The name of the cookie.
+ * @param string $value The value of the cookie. This value is stored on the clients
+ * computer; do not store sensitive information.
+ * @param int $lifetime Cookie lifetime. This value specified in seconds and declares period
+ * of time in which cookie will expire relatively to current time()
+ * value.
+ * @param string $path The path on the server in which the cookie will be available on.
+ * If set to '/', the cookie will be available within the entire
+ * domain.
+ * If set to '/foo/', the cookie will only be available within the
+ * /foo/
+ * directory and all sub-directories such as /foo/bar/ of domain. The
+ * default value is the current directory that the cookie is being set
+ * in.
+ * @param string $domain The domain that the cookie is available. To make the cookie
+ * available
+ * on all subdomains of example.com then you'd set it to
+ * '.example.com'.
+ * The . is not required but makes it compatible with more browsers.
+ * Setting it to www.example.com will make the cookie only available in
+ * the www subdomain. Refer to tail matching in the spec for details.
+ * @param bool $secure Indicates that the cookie should only be transmitted over a secure
+ * HTTPS connection from the client. When set to true, the cookie will
+ * only be set if a secure connection exists. On the server-side, it's
+ * on the programmer to send this kind of cookie only on secure
+ * connection (e.g. with respect to $_SERVER["HTTPS"]).
+ * @param bool $httpOnly When true the cookie will be made accessible only through the HTTP
+ * protocol. This means that the cookie won't be accessible by
+ * scripting
+ * languages, such as JavaScript. This setting can effectively help to
+ * reduce identity theft through XSS attacks (although it is not
+ * supported by all browsers).
+ *
+ * @return Cookie
+ */
+ public static function create(
+ string $name,
+ string $value = null,
+ int $lifetime = null,
+ string $path = null,
+ string $domain = null,
+ bool $secure = false,
+ bool $httpOnly = true
+ ): self {
+ return new self($name, $value, $lifetime, $path, $domain, $secure, $httpOnly);
+ }
+
+ /**
+ * @return string
+ */
+ public function __toString(): string
+ {
+ return $this->createHeader();
+ }
+} \ No newline at end of file