From c3004163d5a7f60415467bce8250ea26d8759978 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Tue, 21 Apr 2015 17:25:42 +0200
Subject: [PATCH] Move SimpleSAML_Utilities:: setCookie() to
SimpleSAML\Utils\HTTP:: setCookie() and deprecate the former.
---
lib/SimpleSAML/SessionHandler.php | 2 +-
lib/SimpleSAML/Utilities.php | 56 +------------
lib/SimpleSAML/Utils/HTTP.php | 78 ++++++++++++++++++-
lib/SimpleSAML/XHTML/IdPDisco.php | 2 +-
lib/SimpleSAML/XHTML/Template.php | 2 +-
modules/cdc/lib/Server.php | 4 +-
modules/consent/lib/Consent/Store/Cookie.php | 2 +-
modules/core/www/cleardiscochoices.php | 2 +-
modules/core/www/loginuserpass.php | 2 +-
modules/core/www/loginuserpassorg.php | 2 +-
modules/discopower/lib/PowerIdPDisco.php | 2 +-
.../multiauth/lib/Auth/Source/MultiAuth.php | 2 +-
modules/negotiate/www/disable.php | 2 +-
modules/negotiate/www/enable.php | 2 +-
14 files changed, 91 insertions(+), 69 deletions(-)
diff --git a/lib/SimpleSAML/SessionHandler.php b/lib/SimpleSAML/SessionHandler.php
index 8ad3a135f..9586d56e9 100644
--- a/lib/SimpleSAML/SessionHandler.php
+++ b/lib/SimpleSAML/SessionHandler.php
@@ -155,7 +155,7 @@ abstract class SimpleSAML_SessionHandler {
$params = $this->getCookieParams();
}
- SimpleSAML_Utilities::setCookie($name, $value, $params);
+ \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params);
}
}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 410730202..b8717e82f 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1060,62 +1060,10 @@ class SimpleSAML_Utilities {
/**
- * Set a cookie.
- *
- * @param string $name The name of the session cookie.
- * @param string|NULL $value The value of the cookie. Set to NULL to delete the cookie.
- * @param array|NULL $params Cookie parameters.
- * @param bool $throw Whether to throw exception if setcookie fails.
+ * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::setCookie() instead.
*/
public static function setCookie($name, $value, array $params = NULL, $throw = TRUE) {
- assert('is_string($name)');
- assert('is_string($value) || is_null($value)');
-
- $default_params = array(
- 'lifetime' => 0,
- 'expire' => NULL,
- 'path' => '/',
- 'domain' => NULL,
- 'secure' => FALSE,
- 'httponly' => TRUE,
- 'raw' => FALSE,
- );
-
- if ($params !== NULL) {
- $params = array_merge($default_params, $params);
- } else {
- $params = $default_params;
- }
-
- // Do not set secure cookie if not on HTTPS
- if ($params['secure'] && !self::isHTTPS()) {
- SimpleSAML_Logger::warning('Setting secure cookie on http not allowed.');
- return;
- }
-
- if ($value === NULL) {
- $expire = time() - 365*24*60*60;
- } elseif (isset($params['expire'])) {
- $expire = $params['expire'];
- } elseif ($params['lifetime'] === 0) {
- $expire = 0;
- } else {
- $expire = time() + $params['lifetime'];
- }
-
- if ($params['raw']) {
- $success = setrawcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- } else {
- $success = setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- }
-
- if (!$success) {
- if ($throw) {
- throw new SimpleSAML_Error_Exception('Error setting cookie - headers already sent.');
- } else {
- SimpleSAML_Logger::warning('Error setting cookie - headers already sent.');
- }
- }
+ return \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, $throw);
}
}
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 59be93300..bffe910a0 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -194,8 +194,8 @@ class HTTP
* Save the given HTTP POST data and the destination where it should be posted to a given session.
*
* @param \SimpleSAML_Session $session The session where to temporarily store the data.
- * @param string $destination The destination URL where the form should be posted.
- * @param array $data An associative array with the data to be posted to $destination.
+ * @param string $destination The destination URL where the form should be posted.
+ * @param array $data An associative array with the data to be posted to $destination.
*
* @return string A random identifier that can be used to retrieve the data from the current session.
*
@@ -822,6 +822,80 @@ class HTTP
}
+ /**
+ * Set a cookie.
+ *
+ * @param string $name The name of the cookie.
+ * @param string|NULL $value The value of the cookie. Set to NULL to delete the cookie.
+ * @param array|NULL $params Cookie parameters.
+ * @param bool $throw Whether to throw exception if setcookie() fails.
+ *
+ * @throws \SimpleSAML_Error_Exception If any parameter has an incorrect type or the if the headers were already
+ * sent and the cookie cannot be set.
+ *
+ * @author Andjelko Horvat
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function setCookie($name, $value, $params = null, $throw = true)
+ {
+ if (!(is_string($name) && // $name must be a string
+ (is_string($value) || is_null($value)) && // $value can be a string or null
+ (is_array($params) || is_null($params)) && // $params can be an array or null
+ is_bool($throw)) // $throw must be boolean
+ ) {
+ throw new \SimpleSAML_Error_Exception('Invalid input parameters.');
+ }
+
+ $default_params = array(
+ 'lifetime' => 0,
+ 'expire' => null,
+ 'path' => '/',
+ 'domain' => null,
+ 'secure' => false,
+ 'httponly' => true,
+ 'raw' => false,
+ );
+
+ if ($params !== null) {
+ $params = array_merge($default_params, $params);
+ } else {
+ $params = $default_params;
+ }
+
+ // Do not set secure cookie if not on HTTPS
+ if ($params['secure'] && !self::isHTTPS()) {
+ \SimpleSAML_Logger::warning('Setting secure cookie on plain HTTP is not allowed.');
+ return;
+ }
+
+ if ($value === null) {
+ $expire = time() - 365 * 24 * 60 * 60;
+ } elseif (isset($params['expire'])) {
+ $expire = $params['expire'];
+ } elseif ($params['lifetime'] === 0) {
+ $expire = 0;
+ } else {
+ $expire = time() + $params['lifetime'];
+ }
+
+ if ($params['raw']) {
+ $success = setrawcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'],
+ $params['httponly']);
+ } else {
+ $success = setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'],
+ $params['httponly']);
+ }
+
+ if (!$success) {
+ if ($throw) {
+ throw new \SimpleSAML_Error_Exception('Error setting cookie: headers already sent.');
+ } else {
+ \SimpleSAML_Logger::warning('Error setting cookie: headers already sent.');
+ }
+ }
+ }
+
+
/**
* Submit a POST form to a specific destination.
*
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index f423ca710..f64dac92b 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -197,7 +197,7 @@ class SimpleSAML_XHTML_IdPDisco {
'httponly' => FALSE,
);
- SimpleSAML_Utilities::setCookie($prefixedName, $value, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($prefixedName, $value, $params, FALSE);
}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index b47cc772c..68275de8b 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -711,7 +711,7 @@ class SimpleSAML_XHTML_Template {
'httponly' => FALSE,
);
- SimpleSAML_Utilities::setCookie($name, $language, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($name, $language, $params, FALSE);
}
}
diff --git a/modules/cdc/lib/Server.php b/modules/cdc/lib/Server.php
index 41cffb927..890e4376e 100644
--- a/modules/cdc/lib/Server.php
+++ b/modules/cdc/lib/Server.php
@@ -211,7 +211,7 @@ class sspmod_cdc_Server {
'httponly' => FALSE,
);
- SimpleSAML_Utilities::setCookie('_saml_idp', NULL, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', NULL, $params, FALSE);
return 'ok';
}
@@ -407,7 +407,7 @@ class sspmod_cdc_Server {
'httponly' => FALSE,
);
- SimpleSAML_Utilities::setCookie('_saml_idp', $cookie, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $cookie, $params, FALSE);
}
}
diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index 5790fa684..7eb153e8e 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -279,7 +279,7 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store
$params['secure'] = false;
}
- SimpleSAML_Utilities::setCookie($name, $value, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, FALSE);
}
}
diff --git a/modules/core/www/cleardiscochoices.php b/modules/core/www/cleardiscochoices.php
index afd72997f..6a1b07291 100644
--- a/modules/core/www/cleardiscochoices.php
+++ b/modules/core/www/cleardiscochoices.php
@@ -20,7 +20,7 @@ foreach($_COOKIE as $cookieName => $value) {
/* Delete the cookie. We delete it once without the secure flag and once with the secure flag. This
* ensures that the cookie will be deleted in any case.
*/
- SimpleSAML_Utilities::setCookie($cookieName, NULL, array('path' => $cookiePath, 'httponly' => FALSE), FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($cookieName, NULL, array('path' => $cookiePath, 'httponly' => FALSE), FALSE);
}
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index 4ce0f93e6..f253ac532 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -53,7 +53,7 @@ if (!empty($_REQUEST['username']) || !empty($password)) {
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
- SimpleSAML_Utilities::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
}
if ($source->isRememberMeEnabled()) {
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index ad4ba44b0..441f046aa 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -57,7 +57,7 @@ if ($organizations === NULL || !empty($organization)) {
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
- SimpleSAML_Utilities::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
}
try {
diff --git a/modules/discopower/lib/PowerIdPDisco.php b/modules/discopower/lib/PowerIdPDisco.php
index aaed123b6..cf673c4c9 100644
--- a/modules/discopower/lib/PowerIdPDisco.php
+++ b/modules/discopower/lib/PowerIdPDisco.php
@@ -306,7 +306,7 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco {
'secure' => TRUE,
'httponly' => FALSE,
);
- SimpleSAML_Utilities::setCookie('_saml_idp', $newCookie, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $newCookie, $params, FALSE);
}
diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php
index de7fcd4b0..3e5b853a7 100644
--- a/modules/multiauth/lib/Auth/Source/MultiAuth.php
+++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php
@@ -208,7 +208,7 @@ class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source {
'httponly' => FALSE,
);
- SimpleSAML_Utilities::setCookie($cookieName, $source, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($cookieName, $source, $params, FALSE);
}
/**
diff --git a/modules/negotiate/www/disable.php b/modules/negotiate/www/disable.php
index 1cda47ee9..52620042d 100644
--- a/modules/negotiate/www/disable.php
+++ b/modules/negotiate/www/disable.php
@@ -13,7 +13,7 @@ $params = array(
'secure' => FALSE,
'httponly' => TRUE,
);
-SimpleSAML_Utilities::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', $params, FALSE);
+\SimpleSAML\Utils\HTTP::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', $params, FALSE);
$globalConfig = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
diff --git a/modules/negotiate/www/enable.php b/modules/negotiate/www/enable.php
index 0eda57367..56d66a865 100644
--- a/modules/negotiate/www/enable.php
+++ b/modules/negotiate/www/enable.php
@@ -12,7 +12,7 @@ $params = array(
'secure' => FALSE,
'httponly' => TRUE,
);
-SimpleSAML_Utilities::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', NULL, $params, FALSE);
+\SimpleSAML\Utils\HTTP::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', NULL, $params, FALSE);
$globalConfig = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
--
GitLab