added SessionStorage & CookieStorage (replaced Nette\Http\UserStorage)

Author: dg

src/Bridges/SecurityHttp/CookieStorage.php

@@ -0,0 +1,97 @@
+<?php
+
+/**
+ * This file is part of the Nette Framework (https://nette.org)
+ * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
+ */
+
+declare(strict_types=1);
+
+namespace Nette\Bridges\SecurityHttp;
+
+use Nette;
+use Nette\Http;
+use Nette\Security\IIdentity;
+
+
+/**
+ * Cookie storage for Nette\Security\User object.
+ */
+final class CookieStorage implements Nette\Security\UserStorage
+{
+	use Nette\SmartObject;
+
+	/** @var Http\IRequest */
+	private $request;
+
+	/** @var Http\IResponse */
+	private $response;
+
+	/** @var string */
+	private $cookieName = 'userid';
+
+	/** @var ?string */
+	private $cookieDomain;
+
+	/** @var string */
+	private $cookieSameSite = 'Lax';
+
+	/** @var ?string */
+	private $cookieExpiration;
+
+
+	public function __construct(Http\IRequest $request, Http\IResponse $response)
+	{
+		$this->response = $response;
+		$this->request = $request;
+	}
+
+
+	public function saveAuthentication(IIdentity $identity): void
+	{
+		$this->response->setCookie(
+			$this->cookieName,
+			$identity->getId(),
+			$this->cookieExpiration,
+			null,
+			$this->cookieDomain
+		);
+	}
+
+
+	public function clearAuthentication(bool $clearIdentity): void
+	{
+		$this->response->deleteCookie(
+			$this->cookieName,
+			null,
+			$this->cookieDomain
+		);
+	}
+
+
+	public function getState(): array
+	{
+		$uid = $this->request->getCookie($this->cookieName);
+		$identity = is_string($uid)
+			? new Nette\Security\SimpleIdentity($uid)
+			: null;
+		return [(bool) $identity, $identity, null];
+	}
+
+
+	public function setExpiration(?string $expire, bool $clearIdentity): void
+	{
+		$this->cookieExpiration = $expire;
+	}
+
+
+	public function setCookieParameters(
+		string $name = null,
+		string $domain = null,
+		string $sameSite = null
+	) {
+		$this->cookieName = $name ?? $this->cookieName;
+		$this->cookieDomain = $domain ?? $this->cookieDomain;
+		$this->cookieSameSite = $sameSite ?? $this->cookieSameSite;
+	}
+}

src/Bridges/SecurityHttp/SessionStorage.php

@@ -0,0 +1,151 @@
+<?php
+
+/**
+ * This file is part of the Nette Framework (https://nette.org)
+ * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
+ */
+
+declare(strict_types=1);
+
+namespace Nette\Bridges\SecurityHttp;
+
+use Nette;
+use Nette\Http\Session;
+use Nette\Http\SessionSection;
+use Nette\Security\IIdentity;
+
+
+/**
+ * Session storage for Nette\Security\User object.
+ */
+final class SessionStorage implements Nette\Security\UserStorage
+{
+	use Nette\SmartObject;
+
+	/** @var string */
+	private $namespace = '';
+
+	/** @var Session */
+	private $sessionHandler;
+
+	/** @var SessionSection */
+	private $sessionSection;
+
+
+	public function __construct(Session $sessionHandler)
+	{
+		$this->sessionHandler = $sessionHandler;
+	}
+
+
+	public function saveAuthentication(IIdentity $identity): void
+	{
+		$section = $this->getSessionSection(true);
+		$section->authenticated = true;
+		$section->reason = null;
+		$section->authTime = time(); // informative value
+		$section->identity = $identity;
+
+		// Session Fixation defence
+		$this->sessionHandler->regenerateId();
+	}
+
+
+	public function clearAuthentication(bool $clearIdentity): void
+	{
+		$section = $this->getSessionSection(true);
+		$section->authenticated = false;
+		$section->reason = self::LOGOUT_MANUAL;
+		$section->authTime = null;
+
+		// Session Fixation defence
+		$this->sessionHandler->regenerateId();
+	}
+
+
+	public function getState(): array
+	{
+		$session = $this->getSessionSection(false);
+		return $session
+			? [(bool) $session->authenticated, $session->identity, $session->reason]
+			: [false, null, null];
+	}
+
+
+	public function setExpiration(?string $time, bool $clearIdentity = false): void
+	{
+		$section = $this->getSessionSection(true);
+		if ($time) {
+			$time = Nette\Utils\DateTime::from($time)->format('U');
+			$section->expireTime = $time;
+			$section->expireDelta = $time - time();
+
+		} else {
+			unset($section->expireTime, $section->expireDelta);
+		}
+
+		$section->expireIdentity = (bool) $clearIdentity;
+		$section->setExpiration($time, 'foo'); // time check
+	}
+
+
+	/**
+	 * Changes namespace; allows more users to share a session.
+	 * @return static
+	 */
+	public function setNamespace(string $namespace)
+	{
+		if ($this->namespace !== $namespace) {
+			$this->namespace = $namespace;
+			$this->sessionSection = null;
+		}
+		return $this;
+	}
+
+
+	/**
+	 * Returns current namespace.
+	 */
+	public function getNamespace(): string
+	{
+		return $this->namespace;
+	}
+
+
+	/**
+	 * Returns and initializes $this->sessionSection.
+	 */
+	protected function getSessionSection(bool $need): ?SessionSection
+	{
+		if ($this->sessionSection !== null) {
+			return $this->sessionSection;
+		}
+
+		if (!$need && !$this->sessionHandler->exists()) {
+			return null;
+		}
+
+		$this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);
+
+		if (!$section->identity instanceof IIdentity || !is_bool($section->authenticated)) {
+			$section->remove();
+		}
+
+		if ($section->authenticated && $section->expireDelta > 0) { // check time expiration
+			if ($section->expireTime < time()) {
+				$section->reason = self::LOGOUT_INACTIVITY;
+				$section->authenticated = false;
+				if ($section->expireIdentity) {
+					unset($section->identity);
+				}
+			}
+			$section->expireTime = time() + $section->expireDelta; // sliding expiration
+		}
+
+		if (!$section->authenticated) {
+			unset($section->expireTime, $section->expireDelta, $section->expireIdentity, $section->authTime);
+		}
+
+		return $this->sessionSection;
+	}
+}

tests/Security.DI/SecurityExtension.cookieStorage.phpt

@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * Test: SecurityExtension
+ */
+
+declare(strict_types=1);
+
+use Nette\Bridges\HttpDI\HttpExtension;
+use Nette\Bridges\HttpDI\SessionExtension;
+use Nette\Bridges\SecurityDI\SecurityExtension;
+use Nette\DI;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+
+$compiler = new DI\Compiler;
+$compiler->addExtension('foo', new HttpExtension);
+$compiler->addExtension('session', new SessionExtension);
+$compiler->addExtension('security', new SecurityExtension);
+
+$loader = new Nette\DI\Config\Loader;
+$config = $loader->load(Tester\FileMock::create('
+security:
+	authentication:
+		storage: cookie
+		expiration: 1 week
+		cookieName: abc
+		cookieDomain: xyz
+		cookieSamesite: Strict
+', 'neon'));
+
+eval($compiler->addConfig($config)->compile());
+$container = new Container;
+
+$storage = $container->getService('security.userStorage');
+Assert::type(Nette\Bridges\SecurityHttp\CookieStorage::class, $storage);
+
+Assert::with($storage, function () {
+	Assert::same('1 week', $this->cookieExpiration);
+});

tests/Security.DI/SecurityExtension.sessionStorage.phpt

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+use Nette\Bridges\HttpDI\HttpExtension;
+use Nette\Bridges\HttpDI\SessionExtension;
+use Nette\Bridges\SecurityDI\SecurityExtension;
+use Nette\DI;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+
+$compiler = new DI\Compiler;
+$compiler->addExtension('foo', new HttpExtension);
+$compiler->addExtension('session', new SessionExtension);
+$compiler->addExtension('security', new SecurityExtension);
+
+$loader = new Nette\DI\Config\Loader;
+$config = $loader->load(Tester\FileMock::create('
+session:
+	expiration: 1 year
+
+security:
+	authentication:
+		storage: session
+		expiration: 1 week
+', 'neon'));
+
+eval($compiler->addConfig($config)->compile());
+$container = new Container;
+
+Assert::type(Nette\Bridges\SecurityHttp\SessionStorage::class, $container->getService('security.userStorage'));