silverstripe-framework/tests/php/Control/CookieJarTest.php

<?php

namespace SilverStripe\Control\Tests;

use ReflectionMethod;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Control\CookieJar;
use SilverStripe\Control\Session;
use SilverStripe\Core\Config\Config;

/**
 * Testing CookieJar
 *
 * Testing the CookieJar acts as expected and keeps track of Cookies it is loaded
 * with as well as new cookies that are set during the running of an application
 */
class CookieJarTest extends SapphireTest
{

    /**
     * Test that the construction argument is stored and returned as expected
     */
    public function testConstruct()
    {

        //some default cookies to load
        $defaultCookies = [
            'cookie1' => 1,
            'cookie2' => 'cookies',
            'cookie3' => 'test',
        ];

        $cookieJar = new CookieJar($defaultCookies);

        //make sure all the "received" cookies are as expected
        $this->assertEquals($defaultCookies, $cookieJar->getAll(false));

        //make sure there are no "phantom" cookies
        $this->assertEquals($defaultCookies, $cookieJar->getAll(true));

        //check an empty array is accepted
        $cookieJar = new CookieJar([]);
        $this->assertEmpty($cookieJar->getAll(false));


        //check no argument is accepted
        $cookieJar = new CookieJar();
        $this->assertEmpty($cookieJar->getAll(false));
    }

    /**
     * Test that we can set and get cookies
     */
    public function testSetAndGet()
    {
        $cookieJar = new CookieJar();

        $this->assertEmpty($cookieJar->get('testCookie'));

        //set a test cookie
        $cookieJar->set('testCookie', 'testVal');

        //make sure it was set
        $this->assertEquals('testVal', $cookieJar->get('testCookie'));

        //make sure we can distinguish it from ones that were "existing"
        $this->assertEmpty($cookieJar->get('testCookie', false));

        //PHP will replace an incoming COOKIE called 'var.with.dots' to 'var_with_dots'
        $cookieJar = new CookieJar(
            [
                'var_with_dots' => 'value',
            ]
        );

        $cookieJar->set('test.dots', 'dots');

        //check we can access with '.' and with '_'
        $this->assertEquals('value', $cookieJar->get('var.with.dots'));
        $this->assertEquals('value', $cookieJar->get('var_with_dots'));
        $this->assertEquals('dots', $cookieJar->get('test.dots'));
    }

    /**
     * Test that we can distinguish between vars that were loaded on instantiation
     * and those added later
     */
    public function testExistingVersusNew()
    {
        //load with a cookie
        $cookieJar = new CookieJar(
            [
                'cookieExisting' => 'i woz here',
            ]
        );

        //set a new cookie
        $cookieJar->set('cookieNew', 'i am new');

        //check we can fetch new and old cookie values
        $this->assertEquals('i woz here', $cookieJar->get('cookieExisting'));
        $this->assertEquals('i woz here', $cookieJar->get('cookieExisting', false));
        $this->assertEquals('i am new', $cookieJar->get('cookieNew'));
        //there should be no original value for the new cookie
        $this->assertEmpty($cookieJar->get('cookieNew', false));

        //change the existing cookie, can we fetch the new and old value
        $cookieJar->set('cookieExisting', 'i woz changed');

        $this->assertEquals('i woz changed', $cookieJar->get('cookieExisting'));
        $this->assertEquals('i woz here', $cookieJar->get('cookieExisting', false));

        //check we can get all cookies
        $this->assertEquals(
            [
                'cookieExisting' => 'i woz changed',
                'cookieNew' => 'i am new',
            ],
            $cookieJar->getAll()
        );

        //check we can get all original cookies
        $this->assertEquals(
            [
                'cookieExisting' => 'i woz here',
            ],
            $cookieJar->getAll(false)
        );
    }

    /**
     * Check we can remove cookies and we can access their original values
     */
    public function testForceExpiry()
    {
        //load an existing cookie
        $cookieJar = new CookieJar(
            [
                'cookieExisting' => 'i woz here',
            ]
        );

        //make sure it's available
        $this->assertEquals('i woz here', $cookieJar->get('cookieExisting'));

        //remove the cookie
        $cookieJar->forceExpiry('cookieExisting');

        //check it's gone
        $this->assertEmpty($cookieJar->get('cookieExisting'));

        //check we can get it's original value
        $this->assertEquals('i woz here', $cookieJar->get('cookieExisting', false));


        //check we can add a new cookie and remove it and it doesn't leave any phantom values
        $cookieJar->set('newCookie', 'i am new');

        //check it's set by not received
        $this->assertEquals('i am new', $cookieJar->get('newCookie'));
        $this->assertEmpty($cookieJar->get('newCookie', false));

        //remove it
        $cookieJar->forceExpiry('newCookie');

        //check it's neither set nor received
        $this->assertEmpty($cookieJar->get('newCookie'));
        $this->assertEmpty($cookieJar->get('newCookie', false));
    }

    /**
     * Check that the session cookie samesite configuration is used for session cookies.
     */
    public function testGetSameSite(): void
    {
        $cookieJar = new CookieJar();
        $methodGetSameSite = new ReflectionMethod($cookieJar, 'getSameSite');
        $methodGetSameSite->setAccessible(true);
        Config::modify()->set(Session::class, 'cookie_samesite', 'None');

        $this->assertSame('None', $methodGetSameSite->invoke($cookieJar, session_name()));
        $this->assertSame('Lax', $methodGetSameSite->invoke($cookieJar, 'some-random-cookie'));
    }

    /**
     * Check that the cookies are correctly set as secure for samesite === "None"
     * The passed in value for secure should be respected otherwise.
     */
    public function testCookieIsSecure(): void
    {
        $cookieJar = new CookieJar();
        $methodCookieIsSecure = new ReflectionMethod($cookieJar, 'cookieIsSecure');
        $methodCookieIsSecure->setAccessible(true);

        $this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'None', false));
        $this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'None', true));
        $this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'Lax', true));
        $this->assertFalse($methodCookieIsSecure->invoke($cookieJar, 'Lax', false));
        $this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'Strict', true));
        $this->assertFalse($methodCookieIsSecure->invoke($cookieJar, 'Strict', false));
    }
}
NEW Cookie_Backend for managing cookie state I've decoupled `Cookie` from the actual act of setting and getting cookies. Currently there are a few limitations to how Cookie works that this change mitigates: 0. `Cookie` currently changes the super global `$_COOKIE` when setting to make the state of an application a bit more managable, but this is bad because we shouldn't be modifying super globals 0. One can't actually change the `$cookie_class` once the `Cookie::$inst` has been instantiated 0. One can't test cookies as there is no class that holds the state of the cookies (it's just held in the super global which is reset as part of `Director::test()` 0. One can't tell the origin of a cookie (eg: did the application set it and it needs to be sent, or did we receive it from the browser?) 0. `time()` was used, so testing was made difficult 0. There was no way to get all the cookies at once (without accessing the super global) Todos are on the phpdoc and I'd like to write some tests for the backend as well as update the docs (if there are any) around cookies. DOCS Adding `Cookie` docs Explains basic usage of `Cookie` as well as how the `Cookie_Backend` controls the setting and getting of cookies and manages state of sent vs received cookies Fixing `Cookie` usage `Cookie` is being used inconsistently with the API throughout framework. Either by not using `force_expiry` to expire cookies or setting them to null and then expiring them (which is redundant). NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param 2014-05-04 15:34:58 +02:00			`<?php`

API Namespace framework tests 2016-10-14 03:30:05 +02:00			`namespace SilverStripe\Control\Tests;`

ENH Add samesite attribute to cookies. Co-authored-by: pine3ree <pine3ree@gmail.com> 2022-05-26 07:09:11 +02:00			`use ReflectionMethod;`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00			`use SilverStripe\Dev\SapphireTest;`
			`use SilverStripe\Control\CookieJar;`
ENH Add samesite attribute to cookies. Co-authored-by: pine3ree <pine3ree@gmail.com> 2022-05-26 07:09:11 +02:00			`use SilverStripe\Control\Session;`
			`use SilverStripe\Core\Config\Config;`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00
NEW Cookie_Backend for managing cookie state I've decoupled `Cookie` from the actual act of setting and getting cookies. Currently there are a few limitations to how Cookie works that this change mitigates: 0. `Cookie` currently changes the super global `$_COOKIE` when setting to make the state of an application a bit more managable, but this is bad because we shouldn't be modifying super globals 0. One can't actually change the `$cookie_class` once the `Cookie::$inst` has been instantiated 0. One can't test cookies as there is no class that holds the state of the cookies (it's just held in the super global which is reset as part of `Director::test()` 0. One can't tell the origin of a cookie (eg: did the application set it and it needs to be sent, or did we receive it from the browser?) 0. `time()` was used, so testing was made difficult 0. There was no way to get all the cookies at once (without accessing the super global) Todos are on the phpdoc and I'd like to write some tests for the backend as well as update the docs (if there are any) around cookies. DOCS Adding `Cookie` docs Explains basic usage of `Cookie` as well as how the `Cookie_Backend` controls the setting and getting of cookies and manages state of sent vs received cookies Fixing `Cookie` usage `Cookie` is being used inconsistently with the API throughout framework. Either by not using `force_expiry` to expire cookies or setting them to null and then expiring them (which is redundant). NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param 2014-05-04 15:34:58 +02:00			`/**`
			`* Testing CookieJar`
			`*`
			`* Testing the CookieJar acts as expected and keeps track of Cookies it is loaded`
			`* with as well as new cookies that are set during the running of an application`
			`*/`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`class CookieJarTest extends SapphireTest`
			`{`

			`/**`
			`* Test that the construction argument is stored and returned as expected`
			`*/`
			`public function testConstruct()`
			`{`

			`//some default cookies to load`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`$defaultCookies = [`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`'cookie1' => 1,`
			`'cookie2' => 'cookies',`
			`'cookie3' => 'test',`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`];`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00
			`$cookieJar = new CookieJar($defaultCookies);`

MNT Fix various typos with codespell (#10177) 2021-12-13 09:05:33 +01:00			`//make sure all the "received" cookies are as expected`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`$this->assertEquals($defaultCookies, $cookieJar->getAll(false));`

			`//make sure there are no "phantom" cookies`
			`$this->assertEquals($defaultCookies, $cookieJar->getAll(true));`

			`//check an empty array is accepted`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`$cookieJar = new CookieJar([]);`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`$this->assertEmpty($cookieJar->getAll(false));`


			`//check no argument is accepted`
			`$cookieJar = new CookieJar();`
			`$this->assertEmpty($cookieJar->getAll(false));`
			`}`

			`/**`
			`* Test that we can set and get cookies`
			`*/`
			`public function testSetAndGet()`
			`{`
			`$cookieJar = new CookieJar();`

			`$this->assertEmpty($cookieJar->get('testCookie'));`

			`//set a test cookie`
			`$cookieJar->set('testCookie', 'testVal');`

			`//make sure it was set`
			`$this->assertEquals('testVal', $cookieJar->get('testCookie'));`

			`//make sure we can distinguish it from ones that were "existing"`
			`$this->assertEmpty($cookieJar->get('testCookie', false));`

			`//PHP will replace an incoming COOKIE called 'var.with.dots' to 'var_with_dots'`
			`$cookieJar = new CookieJar(`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`[`
Code formatting 2018-09-26 01:43:12 +02:00			`'var_with_dots' => 'value',`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`]`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`);`

			`$cookieJar->set('test.dots', 'dots');`

			`//check we can access with '.' and with '_'`
			`$this->assertEquals('value', $cookieJar->get('var.with.dots'));`
			`$this->assertEquals('value', $cookieJar->get('var_with_dots'));`
			`$this->assertEquals('dots', $cookieJar->get('test.dots'));`
			`}`

			`/**`
			`* Test that we can distinguish between vars that were loaded on instantiation`
			`* and those added later`
			`*/`
			`public function testExistingVersusNew()`
			`{`
			`//load with a cookie`
			`$cookieJar = new CookieJar(`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`[`
Code formatting 2018-09-26 01:43:12 +02:00			`'cookieExisting' => 'i woz here',`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`]`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`);`

			`//set a new cookie`
			`$cookieJar->set('cookieNew', 'i am new');`

			`//check we can fetch new and old cookie values`
			`$this->assertEquals('i woz here', $cookieJar->get('cookieExisting'));`
			`$this->assertEquals('i woz here', $cookieJar->get('cookieExisting', false));`
			`$this->assertEquals('i am new', $cookieJar->get('cookieNew'));`
			`//there should be no original value for the new cookie`
			`$this->assertEmpty($cookieJar->get('cookieNew', false));`

			`//change the existing cookie, can we fetch the new and old value`
			`$cookieJar->set('cookieExisting', 'i woz changed');`

			`$this->assertEquals('i woz changed', $cookieJar->get('cookieExisting'));`
			`$this->assertEquals('i woz here', $cookieJar->get('cookieExisting', false));`

			`//check we can get all cookies`
			`$this->assertEquals(`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`[`
Code formatting 2018-09-26 01:43:12 +02:00			`'cookieExisting' => 'i woz changed',`
			`'cookieNew' => 'i am new',`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`],`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`$cookieJar->getAll()`
			`);`

			`//check we can get all original cookies`
			`$this->assertEquals(`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`[`
Code formatting 2018-09-26 01:43:12 +02:00			`'cookieExisting' => 'i woz here',`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`],`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`$cookieJar->getAll(false)`
			`);`
			`}`

			`/**`
			`* Check we can remove cookies and we can access their original values`
			`*/`
			`public function testForceExpiry()`
			`{`
			`//load an existing cookie`
			`$cookieJar = new CookieJar(`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`[`
Code formatting 2018-09-26 01:43:12 +02:00			`'cookieExisting' => 'i woz here',`
Convert array delcarations to short array syntax 2020-04-20 19:58:09 +02:00			`]`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`);`

			`//make sure it's available`
			`$this->assertEquals('i woz here', $cookieJar->get('cookieExisting'));`

			`//remove the cookie`
			`$cookieJar->forceExpiry('cookieExisting');`

			`//check it's gone`
			`$this->assertEmpty($cookieJar->get('cookieExisting'));`

			`//check we can get it's original value`
			`$this->assertEquals('i woz here', $cookieJar->get('cookieExisting', false));`


			`//check we can add a new cookie and remove it and it doesn't leave any phantom values`
			`$cookieJar->set('newCookie', 'i am new');`

			`//check it's set by not received`
			`$this->assertEquals('i am new', $cookieJar->get('newCookie'));`
			`$this->assertEmpty($cookieJar->get('newCookie', false));`

			`//remove it`
			`$cookieJar->forceExpiry('newCookie');`

			`//check it's neither set nor received`
			`$this->assertEmpty($cookieJar->get('newCookie'));`
			`$this->assertEmpty($cookieJar->get('newCookie', false));`
			`}`
ENH Add samesite attribute to cookies. Co-authored-by: pine3ree <pine3ree@gmail.com> 2022-05-26 07:09:11 +02:00
			`/**`
			`* Check that the session cookie samesite configuration is used for session cookies.`
			`*/`
			`public function testGetSameSite(): void`
			`{`
			`$cookieJar = new CookieJar();`
			`$methodGetSameSite = new ReflectionMethod($cookieJar, 'getSameSite');`
			`$methodGetSameSite->setAccessible(true);`
			`Config::modify()->set(Session::class, 'cookie_samesite', 'None');`

			`$this->assertSame('None', $methodGetSameSite->invoke($cookieJar, session_name()));`
			`$this->assertSame('Lax', $methodGetSameSite->invoke($cookieJar, 'some-random-cookie'));`
			`}`

			`/**`
			`* Check that the cookies are correctly set as secure for samesite === "None"`
			`* The passed in value for secure should be respected otherwise.`
			`*/`
			`public function testCookieIsSecure(): void`
			`{`
			`$cookieJar = new CookieJar();`
			`$methodCookieIsSecure = new ReflectionMethod($cookieJar, 'cookieIsSecure');`
			`$methodCookieIsSecure->setAccessible(true);`

			`$this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'None', false));`
			`$this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'None', true));`
			`$this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'Lax', true));`
			`$this->assertFalse($methodCookieIsSecure->invoke($cookieJar, 'Lax', false));`
			`$this->assertTrue($methodCookieIsSecure->invoke($cookieJar, 'Strict', true));`
			`$this->assertFalse($methodCookieIsSecure->invoke($cookieJar, 'Strict', false));`
			`}`
NEW Cookie_Backend for managing cookie state I've decoupled `Cookie` from the actual act of setting and getting cookies. Currently there are a few limitations to how Cookie works that this change mitigates: 0. `Cookie` currently changes the super global `$_COOKIE` when setting to make the state of an application a bit more managable, but this is bad because we shouldn't be modifying super globals 0. One can't actually change the `$cookie_class` once the `Cookie::$inst` has been instantiated 0. One can't test cookies as there is no class that holds the state of the cookies (it's just held in the super global which is reset as part of `Director::test()` 0. One can't tell the origin of a cookie (eg: did the application set it and it needs to be sent, or did we receive it from the browser?) 0. `time()` was used, so testing was made difficult 0. There was no way to get all the cookies at once (without accessing the super global) Todos are on the phpdoc and I'd like to write some tests for the backend as well as update the docs (if there are any) around cookies. DOCS Adding `Cookie` docs Explains basic usage of `Cookie` as well as how the `Cookie_Backend` controls the setting and getting of cookies and manages state of sent vs received cookies Fixing `Cookie` usage `Cookie` is being used inconsistently with the API throughout framework. Either by not using `force_expiry` to expire cookies or setting them to null and then expiring them (which is redundant). NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param 2014-05-04 15:34:58 +02:00			`}`