Optional cookie validation #68
Conversation
ajgarlag
force-pushed
the
create-cookies-without-validation
branch
2 times, most recently
from
e656ae8
to
d6e6ec8
Compare
|
I've implemented it with an additional __construct parameter. Maybe, we can rename What do you think? |
| @@ -73,11 +81,16 @@ public function __construct( | |||
| $path = null, | |||
| $secure = false, | |||
| $httpOnly = false, | |||
| \DateTime $expires = null | |||
| \DateTime $expires = null, | |||
| $requireValidation = true | |||
There was a problem hiding this comment.
I don't really like the idea of having optional validation. Have it or not IMO. So I would just deprecate the exception and bypass the validation manually.
| $httpOnly = false, | ||
| \DateTime $expires = null | ||
| ) { | ||
| return new self($name, $value, $maxAge, $domain, $path, $secure, $httpOnly, $expires, false); |
There was a problem hiding this comment.
I would do some hacks here: pass null or the valid empty value to bypass the validation, then set the property directly. Since we are in the same class, we can set private properties.
| */ | ||
| public function isValid() | ||
| { | ||
| if (null === $this->valid) { |
There was a problem hiding this comment.
Hm, not sure about this. This value should be cleared at least when the value or the max age is "modified", but even then I am not sure the performance gain worth risking inconsistency.
There was a problem hiding this comment.
You are right, I'll remove this.
| @@ -63,7 +63,7 @@ | |||
| * @param bool $httpOnly | |||
| * @param \DateTime|null $expires Expires attribute is HTTP 1.0 only and should be avoided. | |||
| * | |||
| * @throws \InvalidArgumentException If name, value or max age is not valid. | |||
| * @throws \InvalidArgumentException If name, value or max age is not valid. Attributes validation during instantiation is deprecated since 1.5 and will be removed in 2.0. | |||
There was a problem hiding this comment.
I think it should be "Attribute validation"
| @@ -89,6 +94,24 @@ public function __construct( | |||
| $this->httpOnly = (bool) $httpOnly; | |||
| } | |||
|
|
|||
| public static function createWithoutValidation( | |||
There was a problem hiding this comment.
Can you please add phpdoc?
There was a problem hiding this comment.
Should this be deprecated as well? That would be weird, but still...
| } | ||
|
|
||
| /** | ||
| * @dataProvider invalidCharacterExamples |
There was a problem hiding this comment.
Not sure if we want to test the fact that validation actually works correctly here. Although I can't really see any tests for that. Nevertheless I think we only need to test two cases here: validation passes/validation fails. For that I am not sure if we need data provider. In fact using data providers in specification tests is kind of abusing BDD, these kind of tests should be done in separate unit tests.
|
@php-http/owners can you add some input here? |
There was a problem hiding this comment.
I like the idea of a createWithoutValidation and isValid. I see from your issue why they are needed.
I do not think we should disable validation in the constructor though. Because normally when you are creating a Cookie you want to make sure it is a valid object. Currently dev-master makes sure you never have an invalid object with is a good thing and it should be the default behavior.
My only concern is that the current way is a little bit hacky. Also, maybe we could make this a configuration in CookieJar (whether to check cookie validation or not) |
|
Im happy with the current state of this PR. Thanks! |
Adds a named constructor to avoid cookie attributes validation during instantination, and a method to check if cookie attributes are valid.
ajgarlag
force-pushed
the
create-cookies-without-validation
branch
from
fb1ac8e
to
5eeecd1
Compare
|
Rebased. Sorry for the delay. |
|
Does this require a follow up PR in the common-client repo to solve the original issue? Any last words @php-http/owners before merging? |
|
I'll add a |
It has to be =) I do not think the CookieJar should care about if the cookies are valid or not. The Jar is just a storage, it should be pretty stupid. I agree with you that the CookiePlugin should always use 👍 for merging this PR now. |
As this the method that should be used always by CookiePlugin, I proposed:
|
|
I know. But making the constructor private would be a BC break. And we are doing it just because "one class in a other library stopped using the constructor". That is wrong. Also if we created (though unlikely) a |
|
Good to merge? |
|
Sorry for the long wait, thanks for the contribution @ajgarlag |
What's in this PR?
This PR adds optional cookie validation
Example Usage
TBD
Checklist
To Do
ReflectionClass::newInstanceWithoutConstructor