Cleanup and comments

auth0 · Dec 2, 2019 · 0e10e61 · 0e10e61
1 parent fa57e54
commit 0e10e61
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 14 deletions.
diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist
@@ -2,10 +2,7 @@
 <ruleset name="Auth0-PHP" namespace="Auth0PHP\CS\Standard">
     <description>A custom coding standard for the Auth0 PHP SDK</description>
 
-    <file>.</file>
-
-    <exclude-pattern>/examples/*</exclude-pattern>
-    <exclude-pattern>/vendor/*</exclude-pattern>
+    <file>./src</file>
 
     <!-- Only check PHP files. -->
     <arg name="extensions" value="php"/>

diff --git a/src/Auth0.php b/src/Auth0.php
@@ -303,6 +303,7 @@ public function __construct(array $config)
         $transientStore = $config['transient_store'] ?? null;
         if (! $transientStore instanceof StoreInterface) {
             $transientStore = new CookieStore([
+                // Use configuration option or class default.
                 'legacy_samesite_none' => $config['legacy_samesite_none_cookie'] ?? null,
                 'samesite' => 'form_post' === $this->responseMode ? 'None' : 'Lax',
             ]);

diff --git a/src/Store/CookieStore.php b/src/Store/CookieStore.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace Auth0\SDK\Store;
 
@@ -93,11 +94,13 @@ public function set($key, $value)
         $_COOKIE[$key_name] = $value;
 
         if ($this->sameSite) {
+            // Core setcookie() does not handle SameSite before PHP 7.3.
             $this->setCookieHeader($key_name, $value, $this->getExpTimecode());
         } else {
             $this->setCookie($key_name, $value, $this->getExpTimecode());
         }
 
+        // If we're using SameSite=None, set a fallback cookie with no SameSite attribute.
         if ($this->legacySameSiteNone && 'None' === $this->sameSite) {
             $_COOKIE['_'.$key_name] = $value;
             $this->setCookie('_'.$key_name, $value, $this->getExpTimecode());
@@ -118,7 +121,7 @@ public function get($key, $default = null)
         $key_name = $this->getCookieName($key);
         $value    = $default;
 
-        // If we're handling legacy browsers, check for fallback value first.
+        // If handling legacy browsers, check for fallback value.
         if ($this->legacySameSiteNone) {
             $value = $_COOKIE['_'.$key_name] ?? $value;
         }
@@ -139,6 +142,7 @@ public function delete($key)
         unset($_COOKIE[$key_name]);
         $this->setCookie( $key_name, '', 0 );
 
+        // If we set a legacy fallback value, remove that as well.
         if ($this->legacySameSiteNone) {
             unset($_COOKIE['_'.$key_name]);
             $this->setCookie( '_'.$key_name, '', 0 );
@@ -147,15 +151,14 @@ public function delete($key)
 
     /**
      * Build the header to use when setting SameSite cookies.
-     * Core setcookie() function does not handle SameSite before PHP 7.3.
      *
      * @param string  $name   Cookie name.
      * @param string  $value  Cookie value.
      * @param integer $expire Cookie expiration timecode.
      *
      * @return string
      */
-    public function getSameSiteCookieHeader(string $name, string $value, int $expire) : string
+    protected function getSameSiteCookieHeader(string $name, string $value, int $expire) : string
     {
         $date = new \Datetime();
         $date->setTimestamp($expire)
@@ -176,7 +179,7 @@ public function getSameSiteCookieHeader(string $name, string $value, int $expire
      *
      * @return integer
      */
-    private function getExpTimecode() : int
+    protected function getExpTimecode() : int
     {
         return ($this->now ?? time()) + $this->expiration;
     }

diff --git a/tests/Store/CookieStoreTest.php b/tests/Store/CookieStoreTest.php
@@ -202,22 +202,26 @@ public function testDeleteNoLegacy()
 
     public function testGetSetCookieHeaderStrict()
     {
-        $store = new CookieStore(['now' => 303943620, 'expiration' => 0, 'samesite' => 'lax']);
+        $store  = new CookieStore(['now' => 303943620, 'expiration' => 0, 'samesite' => 'lax']);
+        $method = new \ReflectionMethod(CookieStore::class, 'getSameSiteCookieHeader');
+        $method->setAccessible(true);
+        $header = $method->invokeArgs($store, ['__test_name_1__', '__test_value_1__', 303943620]);
 
-        $header = $store->getSameSiteCookieHeader('__test_name_1__', '__test_value_1__', 303943620);
         $this->assertEquals(
-            'Set-Cookie: __test_name_1__=__test_value_1__; path=/; expires=Sunday, 19-Aug-1979 20:47:00 GMT; HttpOnly; SameSite=Lax',
+            'Set-Cookie: __test_name_1__=__test_value_1__; path=/; '.'expires=Sunday, 19-Aug-1979 20:47:00 GMT; HttpOnly; SameSite=Lax',
             $header
         );
     }
 
     public function testGetSetCookieHeaderNone()
     {
-        $store = new CookieStore(['now' => 303943620, 'expiration' => 0, 'samesite' => 'none']);
+        $store  = new CookieStore(['now' => 303943620, 'expiration' => 0, 'samesite' => 'none']);
+        $method = new \ReflectionMethod(CookieStore::class, 'getSameSiteCookieHeader');
+        $method->setAccessible(true);
+        $header = $method->invokeArgs($store, ['__test_name_2__', '__test_value_2__', 303943620]);
 
-        $header = $store->getSameSiteCookieHeader('__test_name_1__', '__test_value_1__', 303943620);
         $this->assertEquals(
-            'Set-Cookie: __test_name_1__=__test_value_1__; path=/; expires=Sunday, 19-Aug-1979 20:47:00 GMT; HttpOnly; SameSite=None; Secure',
+            'Set-Cookie: __test_name_2__=__test_value_2__; path=/; '.'expires=Sunday, 19-Aug-1979 20:47:00 GMT; HttpOnly; SameSite=None; Secure',
             $header
         );
     }