Add config keys for session base name and cookie expires

src/API/Helpers/State/SessionStateHandler.php

@@ -63,8 +63,6 @@ public function store($state)
      * @param string $state
      *
      * @return boolean
-     *
-     * @throws \Exception
      */
     public function validate($state)
     {

src/Auth0.php

@@ -272,6 +272,9 @@ public function __construct(array $config)
             $this->dontPersist('id_token');
         }
 
+        $session_base_name      = ! empty( $config['session_base_name'] ) ? $config['session_base_name'] : null;
+        $session_cookie_expires = isset( $config['session_cookie_expires'] ) ? $config['session_cookie_expires'] : null;
+
         if (isset($config['store'])) {
             if ($config['store'] === false) {
                 $emptyStore = new EmptyStore();
@@ -280,7 +283,7 @@ public function __construct(array $config)
                 $this->setStore($config['store']);
             }
         } else {
-            $sessionStore = new SessionStore();
+            $sessionStore = new SessionStore($session_base_name, $session_cookie_expires);
             $this->setStore($sessionStore);
         }
 
@@ -291,7 +294,7 @@ public function __construct(array $config)
                 $this->stateHandler = $config['state_handler'];
             }
         } else {
-            $stateStore         = new SessionStore();
+            $stateStore         = new SessionStore($session_base_name, $session_cookie_expires);
             $this->stateHandler = new SessionStateHandler($stateStore);
         }
 

src/Store/SessionStore.php

@@ -2,30 +2,45 @@
 
 namespace Auth0\SDK\Store;
 
-/*
- * This file is part of Auth0-PHP package.
- *
- * (c) Auth0
- *
- * For the full copyright and license information, please view the LICENSE file
- * that was distributed with this source code.
- */
-
 /**
  * This class provides a layer to persist user access using PHP Sessions.
  *
  * @author Auth0
  */
 class SessionStore implements StoreInterface
 {
+    /**
+     * Session base name, if not configured.
+     */
     const BASE_NAME = 'auth0_';
 
+    /**
+     * Session base name, configurable on instantiation.
+     *
+     * @var string
+     */
+    protected $session_base_name = self::BASE_NAME;
+
+    /**
+     * Session cookie expiration, configurable on instantiation.
+     *
+     * @var integer
+     */
+    protected $session_cookie_expires;
+
     /**
      * SessionStore constructor.
+     *
+     * @param string|null $base_name      Session base name.
+     * @param integer     $cookie_expires Session expiration in seconds; default is 1 week.
      */
-    public function __construct()
+    public function __construct($base_name = null, $cookie_expires = 604800)
     {
-        $this->initSession();
+        if (! empty( $base_name )) {
+            $this->session_base_name = $base_name;
+        }
+
+        $this->session_cookie_expires = (int) $cookie_expires;
     }
 
     /**
@@ -37,38 +52,41 @@ public function __construct()
     private function initSession()
     {
         if (! session_id()) {
-            session_set_cookie_params(60 * 60 * 24 * 7);
-            // seven days
+            if (! empty( $this->session_cookie_expires )) {
+                session_set_cookie_params($this->session_cookie_expires);
+            }
+
             session_start();
         }
     }
 
-
-
     /**
      * Persists $value on $_SESSION, identified by $key.
      *
-     * @param string $key
-     * @param mixed  $value
+     * @param string $key   Session key to set.
+     * @param mixed  $value Value to use.
+     *
+     * @return void
      */
     public function set($key, $value)
     {
-        $key_name = $this->getSessionKeyName($key);
-
+        $this->initSession();
+        $key_name            = $this->getSessionKeyName($key);
         $_SESSION[$key_name] = $value;
     }
 
     /**
      * Gets persisted values identified by $key.
      * If the value is not set, returns $default.
      *
-     * @param string $key
-     * @param mixed  $default
+     * @param string $key     Session key to set.
+     * @param mixed  $default Default to return if nothing was found.
      *
      * @return mixed
      */
     public function get($key, $default = null)
     {
+        $this->initSession();
         $key_name = $this->getSessionKeyName($key);
 
         if (isset($_SESSION[$key_name])) {
@@ -81,26 +99,26 @@ public function get($key, $default = null)
     /**
      * Removes a persisted value identified by $key.
      *
-     * @param string $key
+     * @param string $key Session key to delete.
+     *
+     * @return void
      */
     public function delete($key)
     {
+        $this->initSession();
         $key_name = $this->getSessionKeyName($key);
-
         unset($_SESSION[$key_name]);
     }
 
-
-
     /**
-     * Constructs a session var name.
+     * Constructs a session key name.
      *
-     * @param string $key
+     * @param string $key Session key name to prefix and return.
      *
      * @return string
      */
     public function getSessionKeyName($key)
     {
-        return self::BASE_NAME.'_'.$key;
+        return $this->session_base_name.'_'.$key;
     }
 }

tests/API/Helpers/State/SessionStateHandlerTest.php

@@ -28,28 +28,36 @@ class SessionStateHandlerTest extends \PHPUnit_Framework_TestCase
 
     /**
      * SessionStateHandlerTest constructor.
+     *
+     * @return void
      */
     public function __construct()
     {
         parent::__construct();
 
-        // Suppress header sent error
-        @$this->sessionStore = new SessionStore();
-        $this->stateHandler  = new SessionStateHandler($this->sessionStore);
+        $this->sessionStore = new SessionStore();
+        $this->stateHandler = new SessionStateHandler($this->sessionStore);
     }
 
     /**
      * Test that state is stored and retrieved properly.
+     *
+     * @return void
      */
     public function testStateStoredCorrectly()
     {
         $uniqid = uniqid();
-        $this->stateHandler->store($uniqid);
+
+        // Suppressing "headers already sent" warning related to cookies.
+        // phpcs:ignore
+        @$this->stateHandler->store($uniqid);
         $this->assertEquals($uniqid, $this->sessionStore->get(SessionStateHandler::STATE_NAME));
     }
 
     /**
      * Test that the state is being issued correctly.
+     *
+     * @return void
      */
     public function testStateIssuedCorrectly()
     {
@@ -60,7 +68,7 @@ public function testStateIssuedCorrectly()
     /**
      * Test that state validated properly.
      *
-     * @throws \Exception
+     * @return void
      */
     public function testStateValidatesCorrectly()
     {
@@ -73,7 +81,7 @@ public function testStateValidatesCorrectly()
     /**
      * Test that state validation fails with an incorrect value.
      *
-     * @throws \Exception
+     * @return void
      */
     public function testStateFailsWithIncorrectValue()
     {

tests/API/Management/AuthApiDBConnectionsTest.php

@@ -25,7 +25,7 @@ public function testSignup()
         $api = new Authentication($env['DOMAIN'], $env['APP_CLIENT_ID']);
 
         $email      = $this->email;
-        $password   = '123-xxx-23A-bar';
+        $password   = 'Bqn8LEsu68p38TmFvsWW';
         $connection = $this->connection;
 
         $response = $api->dbconnections_signup($email, $password, $connection);

tests/Store/SessionStoreTest.php

@@ -41,27 +41,36 @@ class SessionStoreTest extends PHPUnit_Framework_TestCase
     /**
      * Test fixture for class, runs once before any tests.
      *
-     * @throws \Exception
+     * @return void
      */
     public static function setUpBeforeClass()
     {
-        // Suppressing "headers already sent" warning related to cookies.
-        @self::$sessionStore = new SessionStore();
-        self::$sessionKey    = 'auth0__'.self::TEST_KEY;
+        self::$sessionStore = new SessionStore();
+        self::$sessionKey   = 'auth0__'.self::TEST_KEY;
     }
 
     /**
      * Test that SessionStore::initSession ran and cookie params are stored correctly.
+     *
+     * @return void
      */
     public function testInitSession()
     {
+        // Suppressing "headers already sent" warning related to cookies.
+        // phpcs:ignore
+        @self::$sessionStore->set(self::TEST_KEY, self::TEST_VALUE);
+
+        // Make sure we have a session to check.
         $this->assertNotEmpty(session_id());
+
         $cookieParams = session_get_cookie_params();
         $this->assertEquals(self::COOKIE_LIFETIME, $cookieParams['lifetime']);
     }
 
     /**
      * Test that SessionStore::getSessionKeyName returns the expected name.
+     *
+     * @return void
      */
     public function testGetSessionKey()
     {
@@ -71,33 +80,96 @@ public function testGetSessionKey()
 
     /**
      * Test that SessionStore::set stores the correct value.
+     *
+     * @return void
+     *
+     * @runInSeparateProcess
      */
     public function testSet()
     {
-        self::$sessionStore->set(self::TEST_KEY, self::TEST_VALUE);
-        $this->assertEquals($_SESSION[self::$sessionKey], self::TEST_VALUE);
+        // Make sure this key does not exist yet so we can test that it was set.
+        $this->assertFalse(isset($_SESSION[self::$sessionKey]));
+
+        // Suppressing "headers already sent" warning related to cookies.
+        // phpcs:ignore
+        @self::$sessionStore->set(self::TEST_KEY, self::TEST_VALUE);
+
+        $this->assertEquals(self::TEST_VALUE, $_SESSION[self::$sessionKey]);
     }
 
     /**
      * Test that SessionStore::get stores the correct value.
+     *
+     * @return void
+     *
+     * @runInSeparateProcess
      */
     public function testGet()
     {
-        $this->assertFalse(isset($_SESSION[self::$sessionKey]));
+        session_start();
         $_SESSION[self::$sessionKey] = self::TEST_VALUE;
-        $test_this_value             = self::$sessionStore->get(self::TEST_KEY);
-        $this->assertEquals(self::TEST_VALUE, $test_this_value);
+        $this->assertEquals(self::TEST_VALUE, self::$sessionStore->get(self::TEST_KEY));
     }
 
     /**
      * Test that SessionStore::delete trashes the stored value.
+     *
+     * @return void
+     *
+     * @runInSeparateProcess
      */
     public function testDelete()
     {
+        session_start();
         $_SESSION[self::$sessionKey] = self::TEST_VALUE;
         $this->assertTrue(isset($_SESSION[self::$sessionKey]));
+
         self::$sessionStore->delete(self::TEST_KEY);
         $this->assertNull(self::$sessionStore->get(self::TEST_KEY));
         $this->assertFalse(isset($_SESSION[self::$sessionKey]));
     }
+
+    /**
+     * Test that custom base names can be set and return the correct value.
+     *
+     * @return void
+     *
+     * @runInSeparateProcess
+     */
+    public function testCustomSessionBaseName()
+    {
+        $test_base_name = 'test_base_name';
+
+        self::$sessionStore = new SessionStore( $test_base_name );
+        $test_this_key_name = self::$sessionStore->getSessionKeyName(self::TEST_KEY);
+        $this->assertEquals($test_base_name.'_'.self::TEST_KEY, $test_this_key_name);
+
+        // Suppressing "headers already sent" warning related to cookies.
+        // phpcs:ignore
+        @self::$sessionStore->set(self::TEST_KEY, self::TEST_VALUE);
+        $this->assertEquals(self::TEST_VALUE, self::$sessionStore->get(self::TEST_KEY));
+    }
+
+    /**
+     * Test that custom cookie expires can be set.
+     *
+     * @return void
+     *
+     * @runInSeparateProcess
+     */
+    public function testCustomCookieExpires()
+    {
+        $custom_expires = mt_rand( 11111, 99999 );
+
+        $this->assertEmpty(session_id());
+        self::$sessionStore = new SessionStore( null, $custom_expires );
+
+        // Suppressing "headers already sent" warning related to cookies.
+        // phpcs:ignore
+        @self::$sessionStore->set(self::TEST_KEY, self::TEST_VALUE);
+
+        $this->assertNotEmpty(session_id());
+        $cookieParams = session_get_cookie_params();
+        $this->assertEquals($custom_expires, $cookieParams['lifetime']);
+    }
 }