silverstripe-environmentcheck/src/Checks/SessionCheck.php

87 lines
2.1 KiB
PHP
Raw Normal View History

2019-02-14 23:56:32 +01:00
<?php
namespace SilverStripe\EnvironmentCheck\Checks;
use SilverStripe\Control\Director;
use SilverStripe\Control\Controller;
use Psr\Http\Message\ResponseInterface;
use SilverStripe\Core\Config\Configurable;
use SilverStripe\EnvironmentCheck\Traits\Fetcher;
use SilverStripe\EnvironmentCheck\EnvironmentCheck;
/**
* Check that a given URL does not generate a session.
*
* @author Adrian Humphreys
* @package environmentcheck
*/
class SessionCheck implements EnvironmentCheck
{
use Configurable;
use Fetcher;
/**
* URL to check
*
* @var string
*/
protected $url;
/**
* Set up check with URL
*
* @param string $url The route, excluding the domain
* @inheritdoc
*/
public function __construct($url = '')
{
$this->url = $url;
$this->clientConfig = [
'base_uri' => Director::absoluteBaseURL(),
'timeout' => 10.0,
];
}
/**
* Check that the response for URL does not create a session
*
* @return array
*/
public function check(): array
{
$response = $this->fetchResponse($this->url);
$cookie = $this->getCookie($response);
$fullURL = Controller::join_links(Director::absoluteBaseURL(), $this->url);
if ($cookie) {
return [
EnvironmentCheck::ERROR,
"Sessions are being set for {$fullURL} : Set-Cookie => " . $cookie,
];
}
return [
EnvironmentCheck::OK,
"Sessions are not being created for {$fullURL} 👍",
];
}
/**
* Get PHPSESSID or SECSESSID cookie set from the response if it exists.
*
* @param ResponseInterface $response
* @return string|null Cookie contents or null if it doesn't exist
*/
public function getCookie(ResponseInterface $response): ?string
{
$result = null;
$cookies = $response->getHeader('Set-Cookie');
foreach ($cookies as $cookie) {
if (strpos($cookie, 'SESSID') !== false) {
$result = $cookie;
}
}
return $result;
}
}