AD-231 Add samesite option feature to cookies

sifophp · May 9, 2022 · 5346814 · 5346814
1 parent bfe92a5
commit 5346814
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 12 deletions.
diff --git a/src/Sifo/Cookie.php b/src/Sifo/Cookie.php
@@ -53,15 +53,13 @@ static private function _initDomain()
 		self::$path = '/';
 	}
 
-	static public function set( $name, $value, $days = 14, $domain = false, $secure = false, $httpOnly = false )
+	static public function set( $name, $value, $days = 14, $domain = false, $secure = false, $httpOnly = false, string $samesite = null )
 	{
 		$domain ?: self::_initDomain();
 
-        $expires = 0 == $days
-            ? 0
-            : time() + ( 86400 * $days );
+        $expires = 0 == $days ? 0 : time() + ( 86400 * $days );
 
-        $result = static::setCookie( $name, $value, $expires, self::$path, self::$domain, $secure, $httpOnly );
+        $result = static::setCookie( $name, $value, $expires, self::$path, self::$domain, $secure, $httpOnly, $samesite );
 
 		if ( !$result )
 		{
@@ -138,9 +136,21 @@ static private function _sanitizeCookie( $cookie )
 		return false;
 	}
 
-    static protected function setCookie(string $name, $value = "", $expires_or_options = 0, $path = "", $domain = "", $secure = false, $httponly = false): bool
+    static protected function setCookie(string $name, $value = "", $expires_or_options = 0, $path = "", $domain = "", $secure = false, $httponly = false, string $samesite = null): bool
     {
-        return setcookie( $name, $value, $expires_or_options, $path, $domain, $secure, $httponly );
+        $options = [
+            'expires' => $expires_or_options,
+            'path' => $path,
+            'domain' => $domain,
+            'secure' => $secure,
+            'httponly' => $httponly,
+        ];
+
+        if ( $samesite !== null) {
+            $options['samesite'] = $samesite;
+        }
+
+        return setcookie( $name, $value, $options );
     }
 
     static protected function domain()

diff --git a/test/Sifo/CookieTest.php b/test/Sifo/CookieTest.php
@@ -34,6 +34,7 @@ public function testCookieIsSetWithExpectedDefaults(): void
             TestCookie::getPath($cookieName),
             "Path doesn't match with expected."
         );
+        $this->assertNull(TestCookie::getSameSite($cookieName));
         $this->assertFalse(TestCookie::isSecure($cookieName));
         $this->assertFalse(TestCookie::isHttpOnly($cookieName));
     }
@@ -53,7 +54,7 @@ public function testCookieIsSetWithCustomParameters(): void
         $expirationDays = 7;
         $defaultExpiration = time() + ( 86400 * $expirationDays );
 
-        TestCookie::set($cookieName, 'chips_ahoy', $expirationDays, false, true, true);
+        TestCookie::set($cookieName, 'chips_ahoy', $expirationDays, false, true, true, 'Lax');
 
         $this->assertEquals(
             $defaultExpiration,
@@ -70,6 +71,11 @@ public function testCookieIsSetWithCustomParameters(): void
             TestCookie::getPath($cookieName),
             "Path doesn't match with expected."
         );
+        $this->assertSame(
+            'Lax',
+            TestCookie::getSameSite($cookieName),
+            "Same site doesn't match with expected."
+        );
         $this->assertTrue(TestCookie::isSecure($cookieName));
         $this->assertTrue(TestCookie::isHttpOnly($cookieName));
     }

diff --git a/test/Sifo/TestCookie.php b/test/Sifo/TestCookie.php
@@ -15,7 +15,8 @@ protected static function setCookie(
         $path = "",
         $domain = "",
         $secure = false,
-        $httponly = false
+        $httponly = false,
+        string $samesite = null
     ): bool {
         if ($value === "") {
             unset(self::$cookies[$name]);
@@ -29,10 +30,10 @@ protected static function setCookie(
             'path' => $path,
             'domain' => $domain,
             'secure' => $secure,
-            'httponly' => $httponly
+            'httponly' => $httponly,
+            'samesite' => $samesite,
         ];
 
-
         return true;
     }
 
@@ -43,7 +44,7 @@ public static function getCookieParam(string $name, string $param)
         }
 
         if (!array_key_exists($param, self::$cookies[$name] ?? [])) {
-            throw new InvalidArgumentException("Param $param does not exist in a cookie.");
+            return null;
         }
 
         return self::$cookies[$name][$param];
@@ -79,6 +80,11 @@ public static function isHttpOnly(string $name): bool
         return (bool) self::getCookieParam($name, 'httponly');
     }
 
+    public static function getSameSite(string $name): ?string
+    {
+        return self::getCookieParam($name, 'samesite');
+    }
+
     public static function clearCookies(): void
     {
         self::$cookies = [];