Merge 1f8e1a3 into b7ea3dd

amphp · Sep 12, 2019 · 0e89997 · 0e89997
2 parents b7ea3dd + 1f8e1a3
commit 0e89997
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 19 deletions.
diff --git a/src/Cookie/CookieAttributes.php b/src/Cookie/CookieAttributes.php
@@ -9,23 +9,9 @@
  */
 final class CookieAttributes
 {
-    /** @var string */
-    private $path = '';
-
-    /** @var string */
-    private $domain = '';
-
-    /** @var int|null */
-    private $maxAge;
-
-    /** @var \DateTimeImmutable */
-    private $expiry;
-
-    /** @var bool */
-    private $secure = false;
-
-    /** @var bool */
-    private $httpOnly = true;
+    const SAMESITE_NONE = 'None';
+    const SAMESITE_LAX = 'Lax';
+    const SAMESITE_STRICT = 'Strict';
 
     /**
      * @return CookieAttributes No cookie attributes.
@@ -50,6 +36,21 @@ public static function default(): self
         return new self;
     }
 
+    /** @var string */
+    private $path = '';
+    /** @var string */
+    private $domain = '';
+    /** @var int|null */
+    private $maxAge;
+    /** @var \DateTimeImmutable */
+    private $expiry;
+    /** @var bool */
+    private $secure = false;
+    /** @var bool */
+    private $httpOnly = true;
+    /** @var string|null */
+    private $sameSite;
+
     private function __construct()
     {
         // only allow creation via named constructors
@@ -58,7 +59,8 @@ private function __construct()
     /**
      * @param string $path Cookie path.
      *
-     * @return self Cloned instance with the specified operation applied. Cloned instance with the specified operation applied.
+     * @return self Cloned instance with the specified operation applied. Cloned instance with the specified operation
+     *     applied.
      *
      * @link https://tools.ietf.org/html/rfc6265#section-5.2.4
      */
@@ -85,6 +87,39 @@ public function withDomain(string $domain): self
         return $new;
     }
 
+    /**
+     * @param string $sameSite Cookie SameSite attribute value.
+     *
+     * @return self Cloned instance with the specified operation applied.
+     *
+     * @link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-5.3.7
+     */
+    public function withSameSite(string $sameSite): self
+    {
+        $normalizedValue = \ucfirst(\strtolower($sameSite));
+        if (!\in_array($normalizedValue, [self::SAMESITE_NONE, self::SAMESITE_LAX, self::SAMESITE_STRICT], true)) {
+            throw new \Error("Invalid SameSite attribute: " . $sameSite);
+        }
+
+        $new = clone $this;
+        $new->sameSite = $normalizedValue;
+
+        return $new;
+    }
+
+    /**
+     * @return self Cloned instance with the specified operation applied.
+     *
+     * @link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-5.3.7
+     */
+    public function withoutSameSite(): self
+    {
+        $new = clone $this;
+        $new->sameSite = null;
+
+        return $new;
+    }
+
     /**
      * Applies the given maximum age to the cookie.
      *
@@ -246,6 +281,16 @@ public function getDomain(): string
         return $this->domain;
     }
 
+    /**
+     * @return string Cookie domain.
+     *
+     * @link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-5.3.7
+     */
+    public function getSameSite()
+    {
+        return $this->sameSite;
+    }
+
     /**
      * @return int|null Cookie maximum age in seconds or `null` if no value is set.
      *
@@ -317,6 +362,10 @@ public function __toString(): string
             $string .= '; HttpOnly';
         }
 
+        if ($this->sameSite !== null) {
+            $string .= '; SameSite=' . $this->sameSite;
+        }
+
         return $string;
     }
 }
diff --git a/test/Cookie/CookieAttributesTest.php b/test/Cookie/CookieAttributesTest.php
@@ -17,6 +17,22 @@ public function testMaxAge()
         $this->assertNull($attributes->getExpiry());
     }
 
+    public function testSameSite()
+    {
+        $attributes = CookieAttributes::default()->withSameSite(CookieAttributes::SAMESITE_LAX);
+        $this->assertSame('Lax', $attributes->getSameSite());
+
+        $attributes = $attributes->withoutSameSite();
+        $this->assertNull($attributes->getSameSite());
+    }
+
+    public function testSameSite_invalidValue()
+    {
+        $this->expectException(\Error::class);
+
+        CookieAttributes::default()->withSameSite('fo');
+    }
+
     public function testExpiry()
     {
         $expiry = new \DateTimeImmutable("now+10s");
@@ -58,6 +74,8 @@ public function testToString()
         $this->assertSame('; Max-Age=10; HttpOnly', (string) $attributes->withMaxAge(10));
         $this->assertSame('; Path=/; HttpOnly', (string) $attributes->withPath('/'));
         $this->assertSame('; Domain=localhost; HttpOnly', (string) $attributes->withDomain('localhost'));
-        $this->assertSame('; Expires=' . \gmdate('D, j M Y G:i:s T', $expiry->getTimestamp()) . '; HttpOnly', (string) $attributes->withExpiry($expiry));
+        $this->assertSame('; Expires=' . \gmdate('D, j M Y G:i:s T', $expiry->getTimestamp()) . '; HttpOnly',
+            (string) $attributes->withExpiry($expiry));
+        $this->assertSame('; HttpOnly; SameSite=Strict', (string) $attributes->withSameSite('strict'));
     }
 }