Skip to content
Permalink
Browse files

Centralized cookie handling, with new config options.

- Thanks to Ere Maijala for initial inspiration and subsequent feedback.
  • Loading branch information...
demiankatz committed Mar 6, 2015
1 parent 2f329c2 commit a4321aaa73bec36c309235aac7517936f5e685cf
@@ -89,9 +89,6 @@ showBookBag = false
bookBagMaxSize = 100
; Display bulk items (export, save, etc.) and checkboxes on search result screens?
showBulkOptions = false
; Set the domain used for cart-related cookies (sometimes useful for sharing the
; cookies across subdomains)
;bookBagCookieDomain = ".example.edu"
; Generator value to display in an HTML header <meta> tag:
generator = "VuFind 2.3.1"

@@ -113,6 +110,21 @@ lifetime = 3600 ; Session lasts for 1 hour
;memcache_port = 11211
;memcache_connection_timeout = 1

; This section controls how VuFind creates cookies (to store session IDs, bookbag
; contents, theme/language settings, etc.)
[Cookies]
; In case there are multiple VuFind instances on the same server and they should not
; share cookies/sessions, this option can be enabled to limit the session to the
; current path. Default is false, which will place cookies at the root directory.
;limit_by_path = true
; If VuFind is only accessed via HTTPS, this setting can be enabled to disallow
; the browser from ever sending cookies over an unencrypted connection (i.e.
; before being redirected to HTTPS). Default is false.
;only_secure = true
; Set the domain used for cookies (sometimes useful for sharing the cookies across
; subdomains); by default, cookies will be restricted to the current hostname.
;domain = ".example.edu"

; Please set the ILS that VuFind will interact with.
;
; Available drivers: Aleph, Amicus, ClaviusSQL, Evergreen, Horizon (basic database
@@ -66,6 +66,7 @@
'collection' => 'VuFind\Controller\Factory::getCollectionController',
'collections' => 'VuFind\Controller\Factory::getCollectionsController',
'record' => 'VuFind\Controller\Factory::getRecordController',
'upgrade' => 'VuFind\Controller\Factory::getUpgradeController',
],
'invokables' => [
'ajax' => 'VuFind\Controller\AjaxController',
@@ -99,7 +100,6 @@
'summon' => 'VuFind\Controller\SummonController',
'summonrecord' => 'VuFind\Controller\SummonrecordController',
'tag' => 'VuFind\Controller\TagController',
'upgrade' => 'VuFind\Controller\UpgradeController',
'web' => 'VuFind\Controller\WebController',
'worldcat' => 'VuFind\Controller\WorldcatController',
'worldcatrecord' => 'VuFind\Controller\WorldcatrecordController',
@@ -139,6 +139,7 @@
'VuFind\ContentCoversPluginManager' => 'VuFind\Service\Factory::getContentCoversPluginManager',
'VuFind\ContentExcerptsPluginManager' => 'VuFind\Service\Factory::getContentExcerptsPluginManager',
'VuFind\ContentReviewsPluginManager' => 'VuFind\Service\Factory::getContentReviewsPluginManager',
'VuFind\CookieManager' => 'VuFind\Service\Factory::getCookieManager',
'VuFind\DateConverter' => 'VuFind\Service\Factory::getDateConverter',
'VuFind\DbAdapter' => 'VuFind\Service\Factory::getDbAdapter',
'VuFind\DbAdapterFactory' => 'VuFind\Service\Factory::getDbAdapterFactory',
@@ -172,6 +173,7 @@
'VuFind\SearchResultsPluginManager' => 'VuFind\Service\Factory::getSearchResultsPluginManager',
'VuFind\SearchSpecsReader' => 'VuFind\Service\Factory::getSearchSpecsReader',
'VuFind\SearchStats' => 'VuFind\Service\Factory::getSearchStats',
'VuFind\SessionManager' => 'VuFind\Service\Factory::getSessionManager',
'VuFind\SessionPluginManager' => 'VuFind\Service\Factory::getSessionPluginManager',
'VuFind\SMS' => 'VuFind\SMS\Factory',
'VuFind\Solr\Writer' => 'VuFind\Service\Factory::getSolrWriter',
@@ -181,7 +183,6 @@
'VuFind\WorldCatUtils' => 'VuFind\Service\Factory::getWorldCatUtils',
],
'invokables' => [
'VuFind\SessionManager' => 'Zend\Session\SessionManager',
'VuFind\Search' => 'VuFindSearch\Service',
'VuFind\Search\Memory' => 'VuFind\Search\Memory',
'VuFind\HierarchicalFacetHelper' => 'VuFind\Search\Solr\HierarchicalFacetHelper'
@@ -108,16 +108,16 @@ public static function getManager(ServiceManager $sm)
// here may interfere with UI rendering. If we ignore it now, it will
// still get handled appropriately later in processing.
error_log($e->getMessage());
$catalog = null; // avoid unset variable notice
}
// Load remaining dependencies:
$userTable = $sm->get('VuFind\DbTablePluginManager')->get('user');
$sessionManager = $sm->get('VuFind\SessionManager');
$pm = $sm->get('VuFind\AuthPluginManager');
$cookies = $sm->get('VuFind\CookieManager');
// Build the object:
return new Manager($config, $userTable, $sessionManager, $pm, $catalog);
return new Manager($config, $userTable, $sessionManager, $pm, $cookies);
}
/**
@@ -26,7 +26,8 @@
* @link http://www.vufind.org Main Page
*/
namespace VuFind\Auth;
use VuFind\Db\Row\User as UserRow, VuFind\Db\Table\User as UserTable,
use VuFind\Cookie\CookieManager,
VuFind\Db\Row\User as UserRow, VuFind\Db\Table\User as UserTable,
VuFind\Exception\Auth as AuthException,
Zend\Config\Config, Zend\Session\SessionManager;
@@ -97,6 +98,13 @@ class Manager implements \ZfcRbac\Identity\IdentityProviderInterface
*/
protected $pluginManager;
/**
* Cookie Manager
*
* @var CookieManager
*/
protected $cookieManager;
/**
* Cache for current logged in user object
*
@@ -111,15 +119,18 @@ class Manager implements \ZfcRbac\Identity\IdentityProviderInterface
* @param UserTable $userTable User table gateway
* @param SessionManager $sessionManager Session manager
* @param PluginManager $pm Authentication plugin manager
* @param CookieManager $cookieManager Cookie manager
*/
public function __construct(Config $config, UserTable $userTable,
SessionManager $sessionManager, PluginManager $pm
SessionManager $sessionManager, PluginManager $pm,
CookieManager $cookieManager
) {
// Store dependencies:
$this->config = $config;
$this->userTable = $userTable;
$this->sessionManager = $sessionManager;
$this->pluginManager = $pm;
$this->cookieManager = $cookieManager;
// Set up session:
$this->session = new \Zend\Session\Container('Account');
@@ -348,7 +359,7 @@ public function logout($url, $destroy = true)
// Clear out the cached user object and session entry.
$this->currentUser = false;
unset($this->session->userId);
setcookie('loggedOut', 1, null, '/');
$this->cookieManager->set('loggedOut', 1);
// Destroy the session for good measure, if requested.
if ($destroy) {
@@ -370,7 +381,7 @@ public function logout($url, $destroy = true)
*/
public function userHasLoggedOut()
{
return isset($_COOKIE['loggedOut']) && $_COOKIE['loggedOut'];
return (bool)$this->cookieManager->get('loggedOut');
}
/**
@@ -426,7 +437,7 @@ public function updateSession($user)
{
$this->currentUser = $user;
$this->session->userId = $user->id;
setcookie('loggedOut', '', time() - 3600, '/'); // clear logged out cookie
$this->cookieManager->clear('loggedOut');
}
/**
@@ -308,10 +308,12 @@ protected function initLanguage()
// Setup Translator
$request = $event->getRequest();
$sm = $event->getApplication()->getServiceManager();
if (($language = $request->getPost()->get('mylang', false))
|| ($language = $request->getQuery()->get('lng', false))
) {
setcookie('language', $language, null, '/');
$cookieManager = $sm->get('VuFind\CookieManager');
$cookieManager->set('language', $language);
} elseif (!empty($request->getCookie()->language)) {
$language = $request->getCookie()->language;
} else {
@@ -324,7 +326,6 @@ protected function initLanguage()
$language = $config->Site->language;
}
$sm = $event->getApplication()->getServiceManager();
try {
$sm->get('VuFind\Translator')
->addTranslationFile('ExtendedIni', null, 'default', $language)
@@ -26,6 +26,7 @@
* @link http://vufind.org/wiki/vufind2:developer_manual Wiki
*/
namespace VuFind;
use VuFind\Cookie\CookieManager;
/**
* Cart Class
@@ -69,11 +70,11 @@ class Cart
protected $recordLoader;
/**
* Domain context for cookies (null for default)
* Cookie manager
*
* @var string
* @var CookieManager
*/
protected $cookieDomain;
protected $cookieManager;
const CART_COOKIE = 'vufind_cart';
const CART_COOKIE_SOURCES = 'vufind_cart_src';
@@ -82,24 +83,22 @@ class Cart
/**
* Constructor
*
* @param \VuFind\Record\Loader $loader Object for loading records
* @param int $maxSize Maximum size of cart contents
* @param bool $active Is cart enabled?
* @param array $cookies Current cookie values (leave null
* to use $_COOKIE superglobal)
* @param string $cookieDomain Domain context for cookies
* (optional)
* @param \VuFind\Record\Loader $loader Object for loading records
* @param CookieManager $cookieManager Cookie manager
* @param int $maxSize Maximum size of cart contents
* @param bool $active Is cart enabled?
*/
public function __construct(\VuFind\Record\Loader $loader,
$maxSize = 100, $active = true, $cookies = null, $cookieDomain = null
\VuFind\Cookie\CookieManager $cookieManager,
$maxSize = 100, $active = true
) {
$this->recordLoader = $loader;
$this->cookieManager = $cookieManager;
$this->maxSize = $maxSize;
$this->active = $active;
$this->cookieDomain = $cookieDomain;
// Initialize contents
$this->init(null === $cookies ? $_COOKIE : $cookies);
$this->init($this->cookieManager->getCookies());
}
/**
@@ -292,24 +291,9 @@ protected function save()
// Save the cookies:
$cookie = implode(self::CART_COOKIE_DELIM, $ids);
$this->setCookie(self::CART_COOKIE, $cookie, 0, '/', $this->cookieDomain);
$cookie = implode(self::CART_COOKIE_DELIM, $sources);
$this->setCookie(
self::CART_COOKIE_SOURCES, $cookie, 0, '/', $this->cookieDomain
);
}
/**
* Set a cookie (wrapper in case Zend Framework offers a better abstraction
* of cookie handling in the future).
*
* @return bool
*/
protected function setCookie()
{
// @codeCoverageIgnoreStart
return call_user_func_array('setcookie', func_get_args());
// @codeCoverageIgnoreEnd
$this->cookieManager->set(self::CART_COOKIE, $cookie, 0);
$srcCookie = implode(self::CART_COOKIE_DELIM, $sources);
$this->cookieManager->set(self::CART_COOKIE_SOURCES, $srcCookie, 0);
}
/**
@@ -319,7 +303,7 @@ protected function setCookie()
*/
public function getCookieDomain()
{
return $this->cookieDomain;
return $this->cookieManager->getDomain();
}
/**
@@ -96,4 +96,18 @@ public static function getRecordController(ServiceManager $sm)
$sm->getServiceLocator()->get('VuFind\Config')->get('config')
);
}
/**
* Construct the UpgradeController.
*
* @param ServiceManager $sm Service manager.
*
* @return UpgradeController
*/
public static function getUpgradeController(ServiceManager $sm)
{
return new UpgradeController(
$sm->getServiceLocator()->get('VuFind\CookieManager')
);
}
}
@@ -66,14 +66,16 @@ class UpgradeController extends AbstractBase
/**
* Constructor
*
* @param \VuFind\Cookie\CookieManager $cookieManager Cookie manager
*/
public function __construct()
public function __construct(\VuFind\Cookie\CookieManager $cookieManager)
{
// We want to use cookies for tracking the state of the upgrade, since the
// session is unreliable -- if the user upgrades a configuration that uses
// a different session handler than the default one, we'll lose track of our
// upgrade state in the middle of the process!
$this->cookie = new CookieContainer('vfup');
$this->cookie = new CookieContainer('vfup', $cookieManager);
// ...however, once the configuration piece of the upgrade is done, we can
// safely use the session for storing some values. We'll use this for the

0 comments on commit a4321aa

Please sign in to comment.
You can’t perform that action at this time.