2019-02-14 23:56:32 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace SilverStripe\EnvironmentCheck\Checks;
|
|
|
|
|
|
|
|
use Psr\Http\Message\ResponseInterface;
|
|
|
|
use SilverStripe\EnvironmentCheck\Traits\Fetcher;
|
|
|
|
use SilverStripe\EnvironmentCheck\EnvironmentCheck;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check that a given URL does not generate a session.
|
|
|
|
*
|
|
|
|
* @author Adrian Humphreys
|
|
|
|
* @package environmentcheck
|
|
|
|
*/
|
|
|
|
class SessionCheck implements EnvironmentCheck
|
|
|
|
{
|
|
|
|
use Fetcher;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set up check with URL
|
|
|
|
*
|
|
|
|
* @param string $url The route, excluding the domain
|
|
|
|
* @inheritdoc
|
|
|
|
*/
|
|
|
|
public function __construct($url = '')
|
|
|
|
{
|
2019-03-19 21:38:58 +01:00
|
|
|
$this->setURL($url);
|
2019-02-14 23:56:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check that the response for URL does not create a session
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
2019-02-15 01:42:41 +01:00
|
|
|
public function check()
|
2019-02-14 23:56:32 +01:00
|
|
|
{
|
2019-03-19 21:38:58 +01:00
|
|
|
$response = $this->client->get($this->getURL());
|
2019-02-14 23:56:32 +01:00
|
|
|
$cookie = $this->getCookie($response);
|
2019-03-19 21:38:58 +01:00
|
|
|
$fullURL = $this->getURL();
|
2019-02-14 23:56:32 +01:00
|
|
|
|
|
|
|
if ($cookie) {
|
|
|
|
return [
|
|
|
|
EnvironmentCheck::ERROR,
|
|
|
|
"Sessions are being set for {$fullURL} : Set-Cookie => " . $cookie,
|
|
|
|
];
|
|
|
|
}
|
|
|
|
return [
|
|
|
|
EnvironmentCheck::OK,
|
|
|
|
"Sessions are not being created for {$fullURL} 👍",
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get PHPSESSID or SECSESSID cookie set from the response if it exists.
|
|
|
|
*
|
|
|
|
* @param ResponseInterface $response
|
|
|
|
* @return string|null Cookie contents or null if it doesn't exist
|
|
|
|
*/
|
2019-02-15 01:42:41 +01:00
|
|
|
public function getCookie(ResponseInterface $response)
|
2019-02-14 23:56:32 +01:00
|
|
|
{
|
|
|
|
$result = null;
|
|
|
|
$cookies = $response->getHeader('Set-Cookie');
|
|
|
|
|
|
|
|
foreach ($cookies as $cookie) {
|
|
|
|
if (strpos($cookie, 'SESSID') !== false) {
|
|
|
|
$result = $cookie;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
}
|