Proyectos de Subversion Moodle

Rev

Autoría | Ultima modificación | Ver Log | 

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

namespace core\session\utility;

/**
 * Helper class providing utils dealing with cookies, particularly 3rd party cookies.
 *
 * This class primarily provides a means to augment outbound cookie headers, in order to satisfy browser-specific
 * requirements for setting 3rd party cookies.
 *
 * @package    core
 * @copyright  2024 Jake Dallimore <jrhdallimore@gmail.com>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
final class cookie_helper {

    /**
     * Make sure the given attributes are set on the Set-Cookie response header identified by name=$cookiename.
     *
     * This function only affects Set-Cookie headers and modifies the headers directly with the required changes, if any.
     *
     * @param string $cookiename the cookie name.
     * @param array $attributes the attributes to set/ensure are set.
     * @return void
     */
    public static function add_attributes_to_cookie_response_header(string $cookiename, array $attributes): void {

        $setcookieheaders = array_filter(headers_list(), function($val) {
            return preg_match("/Set-Cookie:/i", $val);
        });
        if (empty($setcookieheaders)) {
            return;
        }

        $updatedheaders = self::cookie_response_headers_add_attributes($setcookieheaders, [$cookiename], $attributes);

        // Note: The header_remove() method is quite crude and removes all headers of that header name.
        header_remove('Set-Cookie');
        foreach ($updatedheaders as $header) {
            header($header, false);
        }
    }

    /**
     * Given a list of HTTP header strings, return a list of HTTP header strings where the matched 'Set-Cookie' headers
     * have been updated with the attributes defined in $attribute - an array of strings.
     *
     * This method does not verify whether a given attribute is valid or not. It blindly sets it and returns the header
     * strings. It's up to calling code to determine whether an attribute makes sense or not.
     *
     * @param array $headerstrings the array of header strings.
     * @param array $cookiestomatch the array of cookie names to match.
     * @param array $attributes the attributes to set on each matched 'Set-Cookie' header.
     * @param bool $casesensitive whether to match the attribute in a case-sensitive way.
     * @return array the updated array of header strings.
     */
    public static function cookie_response_headers_add_attributes(array $headerstrings, array $cookiestomatch, array $attributes,
            bool $casesensitive = false): array {

        return array_map(function($headerstring) use ($attributes, $casesensitive, $cookiestomatch) {
            if (!self::cookie_response_header_matches_names($headerstring, $cookiestomatch)) {
                return $headerstring;
            }
            foreach ($attributes as $attribute) {
                if (!self::cookie_response_header_contains_attribute($headerstring, $attribute, $casesensitive)) {
                    $headerstring = self::cookie_response_header_append_attribute($headerstring, $attribute);
                }
            }
            return $headerstring;
        }, $headerstrings);
    }

    /**
     * Forces the expiry of the MoodleSession cookie.
     *
     * This is useful to force a new Set-Cookie header on the next redirect.
     *
     * @return void
     */
    public static function expire_moodlesession(): void {
        global $CFG;

        $setcookieheader = array_filter(headers_list(), function($val) use ($CFG) {
            return self::cookie_response_header_matches_name($val, 'MoodleSession'.$CFG->sessioncookie);
        });
        if (!empty($setcookieheader)) {
            $expirestr = 'Expires='.gmdate(DATE_RFC7231, time() - 60);
            self::add_attributes_to_cookie_response_header('MoodleSession'.$CFG->sessioncookie, [$expirestr]);
        } else {
            setcookie('MoodleSession'.$CFG->sessioncookie, '', time() - 60);
        }
    }

    /**
     * Check whether the header string is a 'Set-Cookie' header for the cookie identified by $cookiename.
     *
     * @param string $headerstring the header string to check.
     * @param string $cookiename the name of the cookie to match.
     * @return bool true if the header string is a Set-Cookie header for the named cookie, false otherwise.
     */
    private static function cookie_response_header_matches_name(string $headerstring, string $cookiename): bool {
        // Generally match the format, but in a case-insensitive way so that 'set-cookie' and "SET-COOKIE" are both valid.
        return preg_match("/Set-Cookie: *$cookiename=/i", $headerstring)
            // Case-sensitive match on cookiename, which is case-sensitive.
            && preg_match("/: *$cookiename=/", $headerstring);
    }

    /**
     * Check whether the header string is a 'Set-Cookie' header for the cookies identified in the $cookienames array.
     *
     * @param string $headerstring the header string to check.
     * @param array $cookienames the array of cookie names to match.
     * @return bool true if the header string is a Set-Cookie header for one of the named cookies, false otherwise.
     */
    private static function cookie_response_header_matches_names(string $headerstring, array $cookienames): bool {
        foreach ($cookienames as $cookiename) {
            if (self::cookie_response_header_matches_name($headerstring, $cookiename)) {
                return true;
            }
        }
        return false;
    }

    /**
     * Check whether the header string contains the given attribute.
     *
     * @param string $headerstring the header string to check.
     * @param string $attribute the attribute to check for.
     * @param bool $casesensitive whether to perform a case-sensitive check.
     * @return bool true if the header contains the attribute, false otherwise.
     */
    private static function cookie_response_header_contains_attribute(string $headerstring, string $attribute,
            bool $casesensitive): bool {

        if ($casesensitive) {
            return str_contains($headerstring, $attribute);
        }
        return str_contains(strtolower($headerstring), strtolower($attribute));
    }

    /**
     * Append the given attribute to the header string.
     *
     * @param string $headerstring the header string to append to.
     * @param string $attribute the attribute to append.
     * @return string the updated header string.
     */
    private static function cookie_response_header_append_attribute(string $headerstring, string $attribute): string {
        $headerstring = rtrim($headerstring, ';'); // Sometimes included.
        return "$headerstring; $attribute;";
    }
}