Use secure session cookies (fixes #321)
This commit is contained in:
Pierre Rudloff
parent
de8c5e5dc7
commit
342b8c4a42
6 changed files with 23 additions and 8 deletions
|
|
@ -7,6 +7,7 @@
|
||||||
namespace Alltube\Factory;
|
namespace Alltube\Factory;
|
||||||
|
|
||||||
use Aura\Session\Session;
|
use Aura\Session\Session;
|
||||||
|
use Slim\Container;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Manage sessions.
|
* Manage sessions.
|
||||||
|
|
@ -17,11 +18,24 @@ class SessionFactory
|
||||||
/**
|
/**
|
||||||
* Get the current session.
|
* Get the current session.
|
||||||
*
|
*
|
||||||
|
* @param Container $container
|
||||||
* @return Session
|
* @return Session
|
||||||
*/
|
*/
|
||||||
public static function create()
|
public static function create(Container $container)
|
||||||
{
|
{
|
||||||
$session_factory = new \Aura\Session\SessionFactory();
|
$session_factory = new \Aura\Session\SessionFactory();
|
||||||
return $session_factory->newInstance($_COOKIE);
|
$session = $session_factory->newInstance($_COOKIE);
|
||||||
|
|
||||||
|
$session->setCookieParams(['httponly' => true]);
|
||||||
|
|
||||||
|
$request = $container->get('request');
|
||||||
|
if (
|
||||||
|
in_array('https', $request->getHeader('X-Forwarded-Proto'))
|
||||||
|
|| $request->getUri()->getScheme() == 'https'
|
||||||
|
) {
|
||||||
|
$session->setCookieParams(['secure' => true]);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $session;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ try {
|
||||||
$container['config'] = ConfigFactory::create($container);
|
$container['config'] = ConfigFactory::create($container);
|
||||||
|
|
||||||
// Session.
|
// Session.
|
||||||
$container['session'] = SessionFactory::create();
|
$container['session'] = SessionFactory::create($container);
|
||||||
|
|
||||||
// Locales.
|
// Locales.
|
||||||
$container['locale'] = LocaleManagerFactory::create($container);
|
$container['locale'] = LocaleManagerFactory::create($container);
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,7 @@ abstract class ControllerTest extends BaseTest
|
||||||
$this->request = Request::createFromEnvironment(Environment::mock());
|
$this->request = Request::createFromEnvironment(Environment::mock());
|
||||||
$this->response = new Response();
|
$this->response = new Response();
|
||||||
$this->container['config'] = Config::fromFile($this->getConfigFile());
|
$this->container['config'] = Config::fromFile($this->getConfigFile());
|
||||||
$this->container['session'] = SessionFactory::create();
|
$this->container['session'] = SessionFactory::create($this->container);
|
||||||
$this->container['locale'] = LocaleManagerFactory::create($this->container);
|
$this->container['locale'] = LocaleManagerFactory::create($this->container);
|
||||||
$this->container['view'] = ViewFactory::create($this->container, $this->request);
|
$this->container['view'] = ViewFactory::create($this->container, $this->request);
|
||||||
$this->container['logger'] = new NullLogger();
|
$this->container['logger'] = new NullLogger();
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ namespace Alltube\Test;
|
||||||
use Alltube\Factory\SessionFactory;
|
use Alltube\Factory\SessionFactory;
|
||||||
use Alltube\Locale;
|
use Alltube\Locale;
|
||||||
use Alltube\LocaleManager;
|
use Alltube\LocaleManager;
|
||||||
|
use Slim\Container;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unit tests for the LocaleManagerTest class.
|
* Unit tests for the LocaleManagerTest class.
|
||||||
|
|
@ -28,7 +29,7 @@ class LocaleManagerTest extends BaseTest
|
||||||
protected function setUp(): void
|
protected function setUp(): void
|
||||||
{
|
{
|
||||||
$_SESSION[LocaleManager::class]['locale'] = 'foo_BAR';
|
$_SESSION[LocaleManager::class]['locale'] = 'foo_BAR';
|
||||||
$this->localeManager = new LocaleManager(SessionFactory::create());
|
$this->localeManager = new LocaleManager(SessionFactory::create(new Container()));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@ class LocaleMiddlewareTest extends BaseTest
|
||||||
protected function setUp(): void
|
protected function setUp(): void
|
||||||
{
|
{
|
||||||
$this->container = new Container();
|
$this->container = new Container();
|
||||||
$this->container['session'] = SessionFactory::create();
|
$this->container['session'] = SessionFactory::create($this->container);
|
||||||
$this->container['locale'] = LocaleManagerFactory::create($this->container);
|
$this->container['locale'] = LocaleManagerFactory::create($this->container);
|
||||||
$this->middleware = new LocaleMiddleware($this->container);
|
$this->middleware = new LocaleMiddleware($this->container);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ class ViewFactoryTest extends BaseTest
|
||||||
public function testCreate()
|
public function testCreate()
|
||||||
{
|
{
|
||||||
$container = new Container();
|
$container = new Container();
|
||||||
$container['session'] = SessionFactory::create();
|
$container['session'] = SessionFactory::create($container);
|
||||||
$container['locale'] = LocaleManagerFactory::create($container);
|
$container['locale'] = LocaleManagerFactory::create($container);
|
||||||
$view = ViewFactory::create($container);
|
$view = ViewFactory::create($container);
|
||||||
$this->assertInstanceOf(Smarty::class, $view);
|
$this->assertInstanceOf(Smarty::class, $view);
|
||||||
|
|
@ -47,7 +47,7 @@ class ViewFactoryTest extends BaseTest
|
||||||
public function testCreateWithXForwardedProto()
|
public function testCreateWithXForwardedProto()
|
||||||
{
|
{
|
||||||
$container = new Container();
|
$container = new Container();
|
||||||
$container['session'] = SessionFactory::create();
|
$container['session'] = SessionFactory::create($container);
|
||||||
$container['locale'] = LocaleManagerFactory::create($container);
|
$container['locale'] = LocaleManagerFactory::create($container);
|
||||||
$request = Request::createFromEnvironment(Environment::mock());
|
$request = Request::createFromEnvironment(Environment::mock());
|
||||||
$view = ViewFactory::create($container, $request->withHeader('X-Forwarded-Proto', 'https'));
|
$view = ViewFactory::create($container, $request->withHeader('X-Forwarded-Proto', 'https'));
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue