iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Set cookie secure attribute matching request

This commit is contained in:
Igor Scheller 2023-12-12 18:58:56 +01:00 committed by Michael Weimann
parent ba4ba8f2f8
commit 23de3579af
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/Http/SessionServiceProvider.php
View File

@ -18,7 +18,10 @@ class SessionServiceProvider extends ServiceProvider
{ {
public function register(): void public function register(): void
{ {
$sessionStorage = $this->getSessionStorage(); /** @var Request $request */
$request = $this->app->get('request');
$sessionStorage = $this->getSessionStorage($request);
$this->app->instance('session.storage', $sessionStorage); $this->app->instance('session.storage', $sessionStorage);
$this->app->bind(SessionStorageInterface::class, 'session.storage'); $this->app->bind(SessionStorageInterface::class, 'session.storage');
@ -31,8 +34,6 @@ class SessionServiceProvider extends ServiceProvider
$session->set('_token', Str::random(42)); $session->set('_token', Str::random(42));
} }
/** @var Request $request */
$request = $this->app->get('request');
$request->setSession($session); $request->setSession($session);
$session->start(); $session->start();
@ -41,7 +42,7 @@ class SessionServiceProvider extends ServiceProvider
/** /**
* Returns the session storage * Returns the session storage
*/ */
protected function getSessionStorage(): SessionStorageInterface protected function getSessionStorage(Request $request): SessionStorageInterface
{ {
if ($this->isCli()) { if ($this->isCli()) {
return $this->app->make(MockArraySessionStorage::class); return $this->app->make(MockArraySessionStorage::class);
@ -58,9 +59,9 @@ class SessionServiceProvider extends ServiceProvider
return $this->app->make(NativeSessionStorage::class, [ return $this->app->make(NativeSessionStorage::class, [
'options' => [ 'options' => [
'cookie_secure' => true,
'cookie_httponly' => true,
'name' => $sessionConfig['name'], 'name' => $sessionConfig['name'],
'cookie_secure' => $request->isSecure(),
'cookie_httponly' => true,
'cookie_lifetime' => (int) ($sessionConfig['lifetime'] * 24 * 60 * 60), 'cookie_lifetime' => (int) ($sessionConfig['lifetime'] * 24 * 60 * 60),
], ],
'handler' => $handler, 'handler' => $handler,

7
tests/Unit/Http/SessionServiceProviderTest.php
View File

@ -34,6 +34,7 @@ class SessionServiceProviderTest extends ServiceProviderTest
$session = $this->getSessionMock(); $session = $this->getSessionMock();
$request = $this->getRequestMock(); $request = $this->getRequestMock();
$request->server->set('HTTPS', 'on');
/** @var SessionServiceProvider|MockObject $serviceProvider */ /** @var SessionServiceProvider|MockObject $serviceProvider */
$serviceProvider = $this->getMockBuilder(SessionServiceProvider::class) $serviceProvider = $this->getMockBuilder(SessionServiceProvider::class)
@ -105,18 +106,18 @@ class SessionServiceProviderTest extends ServiceProviderTest
$app->expects($this->exactly(5)) $app->expects($this->exactly(5))
->method('get') ->method('get')
->withConsecutive( ->withConsecutive(
['request'],
['request'], ['request'],
['config'], ['config'],
['request'], ['request'],
['config'], ['config'],
['request']
) )
->willReturnOnConsecutiveCalls( ->willReturnOnConsecutiveCalls(
$request,
$request, $request,
$config, $config,
$request, $request,
$config, $config,
$request
); );
$app->expects($this->atLeastOnce()) $app->expects($this->atLeastOnce())
@ -191,7 +192,7 @@ class SessionServiceProviderTest extends ServiceProviderTest
->getMock(); ->getMock();
} }
private function getRequestMock(): MockObject private function getRequestMock(): MockObject|Request
{ {
return $this->getMockBuilder(Request::class) return $this->getMockBuilder(Request::class)
->onlyMethods(['setSession']) ->onlyMethods(['setSession'])