diff options
Diffstat (limited to 'php-src/tests/http')
-rw-r--r-- | php-src/tests/http/cookie.php | 334 |
1 files changed, 334 insertions, 0 deletions
diff --git a/php-src/tests/http/cookie.php b/php-src/tests/http/cookie.php new file mode 100644 index 00000000..196ceee2 --- /dev/null +++ b/php-src/tests/http/cookie.php @@ -0,0 +1,334 @@ +<?php + +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; + +function handleRequest(ServerRequestInterface $req, ResponseInterface $resp): ResponseInterface +{ + $resp->getBody()->write(strtoupper($req->getCookieParams()['input'])); + + return $resp->withAddedHeader( + "Set-Cookie", + (new Cookie('output', 'cookie-output'))->createHeader() + ); +} + +final class Cookie +{ + /** + * The name of the cookie. + * + * @var string + */ + private $name = ''; + /** + * The value of the cookie. This value is stored on the clients computer; do not store sensitive + * information. + * + * @var string|null + */ + private $value = null; + /** + * Cookie lifetime. This value specified in seconds and declares period of time in which cookie + * will expire relatively to current time() value. + * + * @var int|null + */ + private $lifetime = null; + /** + * The path on the server in which the cookie will be available on. + * + * If set to '/', the cookie will be available within the entire domain. If set to '/foo/', + * the cookie will only be available within the /foo/ directory and all sub-directories such as + * /foo/bar/ of domain. The default value is the current directory that the cookie is being set + * in. + * + * @var string|null + */ + private $path = null; + /** + * The domain that the cookie is available. To make the cookie available on all subdomains of + * example.com then you'd set it to '.example.com'. The . is not required but makes it + * compatible with more browsers. Setting it to www.example.com will make the cookie only + * available in the www subdomain. Refer to tail matching in the spec for details. + * + * @var string|null + */ + private $domain = null; + /** + * Indicates that the cookie should only be transmitted over a secure HTTPS connection from the + * client. When set to true, the cookie will only be set if a secure connection exists. + * On the server-side, it's on the programmer to send this kind of cookie only on secure + * connection + * (e.g. with respect to $_SERVER["HTTPS"]). + * + * @var bool|null + */ + private $secure = null; + /** + * When true the cookie will be made accessible only through the HTTP protocol. This means that + * the cookie won't be accessible by scripting languages, such as JavaScript. This setting can + * effectively help to reduce identity theft through XSS attacks (although it is not supported + * by all browsers). + * + * @var bool + */ + private $httpOnly = true; + + /** + * New Cookie instance, cookies used to schedule cookie set while dispatching Response. + * + * @link http://php.net/manual/en/function.setcookie.php + * + * @param string $name The name of the cookie. + * @param string $value The value of the cookie. This value is stored on the clients + * computer; do not store sensitive information. + * @param int $lifetime Cookie lifetime. This value specified in seconds and declares period + * of time in which cookie will expire relatively to current time() + * value. + * @param string $path The path on the server in which the cookie will be available on. + * If set to '/', the cookie will be available within the entire + * domain. + * If set to '/foo/', the cookie will only be available within the + * /foo/ + * directory and all sub-directories such as /foo/bar/ of domain. The + * default value is the current directory that the cookie is being set + * in. + * @param string $domain The domain that the cookie is available. To make the cookie + * available + * on all subdomains of example.com then you'd set it to + * '.example.com'. + * The . is not required but makes it compatible with more browsers. + * Setting it to www.example.com will make the cookie only available in + * the www subdomain. Refer to tail matching in the spec for details. + * @param bool $secure Indicates that the cookie should only be transmitted over a secure + * HTTPS connection from the client. When set to true, the cookie will + * only be set if a secure connection exists. On the server-side, it's + * on the programmer to send this kind of cookie only on secure + * connection (e.g. with respect to $_SERVER["HTTPS"]). + * @param bool $httpOnly When true the cookie will be made accessible only through the HTTP + * protocol. This means that the cookie won't be accessible by + * scripting + * languages, such as JavaScript. This setting can effectively help to + * reduce identity theft through XSS attacks (although it is not + * supported by all browsers). + */ + public function __construct( + string $name, + string $value = null, + int $lifetime = null, + string $path = null, + string $domain = null, + bool $secure = false, + bool $httpOnly = true + ) { + $this->name = $name; + $this->value = $value; + $this->lifetime = $lifetime; + $this->path = $path; + $this->domain = $domain; + $this->secure = $secure; + $this->httpOnly = $httpOnly; + } + + /** + * The name of the cookie. + * + * @return string + */ + public function getName(): string + { + return $this->name; + } + + /** + * The value of the cookie. This value is stored on the clients computer; do not store sensitive + * information. + * + * @return string|null + */ + public function getValue() + { + return $this->value; + } + + /** + * The time the cookie expires. This is a Unix timestamp so is in number of seconds since the + * epoch. In other words, you'll most likely set this with the time function plus the number of + * seconds before you want it to expire. Or you might use mktime. + * + * Will return null if lifetime is not specified. + * + * @return int|null + */ + public function getExpires() + { + if ($this->lifetime === null) { + return null; + } + + return time() + $this->lifetime; + } + + /** + * The path on the server in which the cookie will be available on. + * + * If set to '/', the cookie will be available within the entire domain. If set to '/foo/', + * the cookie will only be available within the /foo/ directory and all sub-directories such as + * /foo/bar/ of domain. The default value is the current directory that the cookie is being set + * in. + * + * @return string|null + */ + public function getPath() + { + return $this->path; + } + + /** + * The domain that the cookie is available. To make the cookie available on all subdomains of + * example.com then you'd set it to '.example.com'. The . is not required but makes it + * compatible with more browsers. Setting it to www.example.com will make the cookie only + * available in the www subdomain. Refer to tail matching in the spec for details. + * + * @return string|null + */ + public function getDomain() + { + return $this->domain; + } + + /** + * Indicates that the cookie should only be transmitted over a secure HTTPS connection from the + * client. When set to true, the cookie will only be set if a secure connection exists. + * On the server-side, it's on the programmer to send this kind of cookie only on secure + * connection + * (e.g. with respect to $_SERVER["HTTPS"]). + * + * @return bool + */ + public function isSecure(): bool + { + return $this->secure; + } + + /** + * When true the cookie will be made accessible only through the HTTP protocol. This means that + * the cookie won't be accessible by scripting languages, such as JavaScript. This setting can + * effectively help to reduce identity theft through XSS attacks (although it is not supported + * by all browsers). + * + * @return bool + */ + public function isHttpOnly(): bool + { + return $this->httpOnly; + } + + /** + * Get new cookie with altered value. Original cookie object should not be changed. + * + * @param string $value + * + * @return Cookie + */ + public function withValue(string $value): self + { + $cookie = clone $this; + $cookie->value = $value; + + return $cookie; + } + + /** + * Convert cookie instance to string. + * + * @link http://www.w3.org/Protocols/rfc2109/rfc2109 + * @return string + */ + public function createHeader(): string + { + $header = [ + rawurlencode($this->name) . '=' . rawurlencode($this->value) + ]; + if ($this->lifetime !== null) { + $header[] = 'Expires=' . gmdate(\DateTime::COOKIE, $this->getExpires()); + $header[] = 'Max-Age=' . $this->lifetime; + } + if (!empty($this->path)) { + $header[] = 'Path=' . $this->path; + } + if (!empty($this->domain)) { + $header[] = 'Domain=' . $this->domain; + } + if ($this->secure) { + $header[] = 'Secure'; + } + if ($this->httpOnly) { + $header[] = 'HttpOnly'; + } + + return join('; ', $header); + } + + /** + * New Cookie instance, cookies used to schedule cookie set while dispatching Response. + * Static constructor. + * + * @link http://php.net/manual/en/function.setcookie.php + * + * @param string $name The name of the cookie. + * @param string $value The value of the cookie. This value is stored on the clients + * computer; do not store sensitive information. + * @param int $lifetime Cookie lifetime. This value specified in seconds and declares period + * of time in which cookie will expire relatively to current time() + * value. + * @param string $path The path on the server in which the cookie will be available on. + * If set to '/', the cookie will be available within the entire + * domain. + * If set to '/foo/', the cookie will only be available within the + * /foo/ + * directory and all sub-directories such as /foo/bar/ of domain. The + * default value is the current directory that the cookie is being set + * in. + * @param string $domain The domain that the cookie is available. To make the cookie + * available + * on all subdomains of example.com then you'd set it to + * '.example.com'. + * The . is not required but makes it compatible with more browsers. + * Setting it to www.example.com will make the cookie only available in + * the www subdomain. Refer to tail matching in the spec for details. + * @param bool $secure Indicates that the cookie should only be transmitted over a secure + * HTTPS connection from the client. When set to true, the cookie will + * only be set if a secure connection exists. On the server-side, it's + * on the programmer to send this kind of cookie only on secure + * connection (e.g. with respect to $_SERVER["HTTPS"]). + * @param bool $httpOnly When true the cookie will be made accessible only through the HTTP + * protocol. This means that the cookie won't be accessible by + * scripting + * languages, such as JavaScript. This setting can effectively help to + * reduce identity theft through XSS attacks (although it is not + * supported by all browsers). + * + * @return Cookie + */ + public static function create( + string $name, + string $value = null, + int $lifetime = null, + string $path = null, + string $domain = null, + bool $secure = false, + bool $httpOnly = true + ): self { + return new self($name, $value, $lifetime, $path, $domain, $secure, $httpOnly); + } + + /** + * @return string + */ + public function __toString(): string + { + return $this->createHeader(); + } +}
\ No newline at end of file |