ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
Public Member Functions | Protected Member Functions | Private Attributes
CAS_CookieJar Class Reference

This class provides access to service cookies and handles parsing of response headers to pull out cookie values. More...

+ Collaboration diagram for CAS_CookieJar:

Public Member Functions

 __construct (array &$storageArray)
 Create a new cookie jar by passing it a reference to an array in which it should store cookies. More...
 
 storeCookies ($request_url, $response_headers)
 Store cookies for a web service request. More...
 
 getCookies ($request_url)
 Retrieve cookies applicable for a web service request. More...
 

Protected Member Functions

 parseCookieHeaders ($header, $defaultDomain)
 Parse Cookies without PECL From the comments in http://php.net/manual/en/function.http-parse-cookie.php. More...
 
 parseCookieHeader ($line, $defaultDomain)
 Parse a single cookie header line. More...
 
 storeCookie ($cookie)
 Add, update, or remove a cookie. More...
 
 discardCookie ($cookie)
 Discard an existing cookie. More...
 
 expireCookies ()
 Go through our stored cookies and remove any that are expired. More...
 
 cookieMatchesTarget ($cookie, $target)
 Answer true if cookie is applicable to a target. More...
 

Private Attributes

 $_cookies
 

Detailed Description

This class provides access to service cookies and handles parsing of response headers to pull out cookie values.

Definition at line 41 of file CookieJar.php.

Constructor & Destructor Documentation

◆ __construct()

CAS_CookieJar::__construct ( array &  $storageArray)

Create a new cookie jar by passing it a reference to an array in which it should store cookies.

Parameters
array&$storageArrayArray to store cookies
Returns
void

Definition at line 53 of file CookieJar.php.

54  {
55  $this->_cookies = &$storageArray;
56  }

Member Function Documentation

◆ cookieMatchesTarget()

CAS_CookieJar::cookieMatchesTarget (   $cookie,
  $target 
)
protected

Answer true if cookie is applicable to a target.

Parameters
array$cookieAn array of cookie attributes.
array$targetAn array of URL attributes as generated by parse_url().
Returns
bool

private

Definition at line 315 of file CookieJar.php.

Referenced by getCookies(), and storeCookies().

316  {
317  if (!is_array($target)) {
318  throw new CAS_InvalidArgumentException(
319  '$target must be an array of URL attributes as generated by parse_url().'
320  );
321  }
322  if (!isset($target['host'])) {
323  throw new CAS_InvalidArgumentException(
324  '$target must be an array of URL attributes as generated by parse_url().'
325  );
326  }
327 
328  // Verify that the scheme matches
329  if ($cookie['secure'] && $target['scheme'] != 'https') {
330  return false;
331  }
332 
333  // Verify that the host matches
334  // Match domain and mulit-host cookies
335  if (strpos($cookie['domain'], '.') === 0) {
336  // .host.domain.edu cookies are valid for host.domain.edu
337  if (substr($cookie['domain'], 1) == $target['host']) {
338  // continue with other checks
339  } else {
340  // non-exact host-name matches.
341  // check that the target host a.b.c.edu is within .b.c.edu
342  $pos = strripos($target['host'], $cookie['domain']);
343  if (!$pos) {
344  return false;
345  }
346  // verify that the cookie domain is the last part of the host.
347  if ($pos + strlen($cookie['domain']) != strlen($target['host'])) {
348  return false;
349  }
350  // verify that the host name does not contain interior dots as per
351  // RFC 2965 section 3.3.2 Rejecting Cookies
352  // http://www.ietf.org/rfc/rfc2965.txt
353  $hostname = substr($target['host'], 0, $pos);
354  if (strpos($hostname, '.') !== false) {
355  return false;
356  }
357  }
358  } else {
359  // If the cookie host doesn't begin with '.',
360  // the host must case-insensitive match exactly
361  if (strcasecmp($target['host'], $cookie['domain']) !== 0) {
362  return false;
363  }
364  }
365 
366  // Verify that the port matches
367  if (isset($cookie['ports'])
368  && !in_array($target['port'], $cookie['ports'])
369  ) {
370  return false;
371  }
372 
373  // Verify that the path matches
374  if (strpos($target['path'], $cookie['path']) !== 0) {
375  return false;
376  }
377 
378  return true;
379  }
CAS_InvalidArgumentException
Exception that denotes invalid arguments were passed.
Definition: InvalidArgumentException.php:40
+ Here is the caller graph for this function:

◆ discardCookie()

CAS_CookieJar::discardCookie (   $cookie)
protected

Discard an existing cookie.

Parameters
array$cookieAn cookie
Returns
void

protected

Definition at line 270 of file CookieJar.php.

Referenced by storeCookie().

271  {
272  if (!isset($cookie['domain'])
273  || !isset($cookie['path'])
274  || !isset($cookie['path'])
275  ) {
276  throw new CAS_InvalidArgumentException('Invalid Cookie array passed.');
277  }
278 
279  foreach ($this->_cookies as $key => $old_cookie) {
280  if ($cookie['domain'] == $old_cookie['domain']
281  && $cookie['path'] == $old_cookie['path']
282  && $cookie['name'] == $old_cookie['name']
283  ) {
284  unset($this->_cookies[$key]);
285  }
286  }
287  }
CAS_InvalidArgumentException
Exception that denotes invalid arguments were passed.
Definition: InvalidArgumentException.php:40
+ Here is the caller graph for this function:

◆ expireCookies()

CAS_CookieJar::expireCookies ( )
protected

Go through our stored cookies and remove any that are expired.

Returns
void

protected

Definition at line 296 of file CookieJar.php.

Referenced by getCookies().

297  {
298  foreach ($this->_cookies as $key => $cookie) {
299  if (isset($cookie['expires']) && $cookie['expires'] < time()) {
300  unset($this->_cookies[$key]);
301  }
302  }
303  }
+ Here is the caller graph for this function:

◆ getCookies()

CAS_CookieJar::getCookies (   $request_url)

Retrieve cookies applicable for a web service request.

Cookie applicability is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt

Parameters
string$request_urlThe url that the cookies will be for.
Returns
array An array containing cookies. E.g. array('name' => 'val');

private

Definition at line 101 of file CookieJar.php.

References cookieMatchesTarget(), and expireCookies().

102  {
103  if (!count($this->_cookies)) {
104  return array();
105  }
106 
107  // If our request URL can't be parsed, no cookies apply.
108  $target = parse_url($request_url);
109  if ($target === false) {
110  return array();
111  }
112 
113  $this->expireCookies();
114 
115  $matching_cookies = array();
116  foreach ($this->_cookies as $key => $cookie) {
117  if ($this->cookieMatchesTarget($cookie, $target)) {
118  $matching_cookies[$cookie['name']] = $cookie['value'];
119  }
120  }
121  return $matching_cookies;
122  }
CAS_CookieJar\cookieMatchesTarget
cookieMatchesTarget($cookie, $target)
Answer true if cookie is applicable to a target.
Definition: CookieJar.php:315
CAS_CookieJar\expireCookies
expireCookies()
Go through our stored cookies and remove any that are expired.
Definition: CookieJar.php:296
+ Here is the call graph for this function:

◆ parseCookieHeader()

CAS_CookieJar::parseCookieHeader (   $line,
  $defaultDomain 
)
protected

Parse a single cookie header line.

Based on RFC2965 http://www.ietf.org/rfc/rfc2965.txt

Parameters
string$lineThe header line.
string$defaultDomainThe domain to use if none is specified in the cookie.
Returns
array

Definition at line 160 of file CookieJar.php.

References phpCAS\trace().

Referenced by parseCookieHeaders().

161  {
162  if (!$defaultDomain) {
163  throw new CAS_InvalidArgumentException(
164  '$defaultDomain was not provided.'
165  );
166  }
167 
168  // Set our default values
169  $cookie = array(
170  'domain' => $defaultDomain,
171  'path' => '/',
172  'secure' => false,
173  );
174 
175  $line = preg_replace('/^Set-Cookie2?: /i', '', trim($line));
176 
177  // trim any trailing semicolons.
178  $line = trim($line, ';');
179 
180  phpCAS::trace("Cookie Line: $line");
181 
182  // This implementation makes the assumption that semicolons will not
183  // be present in quoted attribute values. While attribute values that
184  // contain semicolons are allowed by RFC2965, they are hopefully rare
185  // enough to ignore for our purposes. Most browsers make the same
186  // assumption.
187  $attributeStrings = explode(';', $line);
188 
189  foreach ($attributeStrings as $attributeString) {
190  // split on the first equals sign and use the rest as value
191  $attributeParts = explode('=', $attributeString, 2);
192 
193  $attributeName = trim($attributeParts[0]);
194  $attributeNameLC = strtolower($attributeName);
195 
196  if (isset($attributeParts[1])) {
197  $attributeValue = trim($attributeParts[1]);
198  // Values may be quoted strings.
199  if (strpos($attributeValue, '"') === 0) {
200  $attributeValue = trim($attributeValue, '"');
201  // unescape any escaped quotes:
202  $attributeValue = str_replace('\"', '"', $attributeValue);
203  }
204  } else {
205  $attributeValue = null;
206  }
207 
208  switch ($attributeNameLC) {
209  case 'expires':
210  $cookie['expires'] = strtotime($attributeValue);
211  break;
212  case 'max-age':
213  $cookie['max-age'] = (int) $attributeValue;
214  // Set an expiry time based on the max-age
215  if ($cookie['max-age']) {
216  $cookie['expires'] = time() + $cookie['max-age'];
217  } else {
218  // If max-age is zero, then the cookie should be removed
219  // imediately so set an expiry before now.
220  $cookie['expires'] = time() - 1;
221  }
222  break;
223  case 'secure':
224  $cookie['secure'] = true;
225  break;
226  case 'domain':
227  case 'path':
228  case 'port':
229  case 'version':
230  case 'comment':
231  case 'commenturl':
232  case 'discard':
233  case 'httponly':
234  $cookie[$attributeNameLC] = $attributeValue;
235  break;
236  default:
237  $cookie['name'] = $attributeName;
238  $cookie['value'] = $attributeValue;
239  }
240  }
241 
242  return $cookie;
243  }
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_InvalidArgumentException
Exception that denotes invalid arguments were passed.
Definition: InvalidArgumentException.php:40
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseCookieHeaders()

CAS_CookieJar::parseCookieHeaders (   $header,
  $defaultDomain 
)
protected

Parse Cookies without PECL From the comments in http://php.net/manual/en/function.http-parse-cookie.php.

Parameters
array$headerarray of header lines.
string$defaultDomainThe domain to use if none is specified in the cookie.
Returns
array of cookies

Definition at line 135 of file CookieJar.php.

References parseCookieHeader(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by storeCookies().

136  {
137  phpCAS::traceBegin();
138  $cookies = array();
139  foreach ($header as $line) {
140  if (preg_match('/^Set-Cookie2?: /i', $line)) {
141  $cookies[] = $this->parseCookieHeader($line, $defaultDomain);
142  }
143  }
144 
145  phpCAS::traceEnd($cookies);
146  return $cookies;
147  }
CAS_CookieJar\parseCookieHeader
parseCookieHeader($line, $defaultDomain)
Parse a single cookie header line.
Definition: CookieJar.php:160
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCookie()

CAS_CookieJar::storeCookie (   $cookie)
protected

Add, update, or remove a cookie.

Parameters
array$cookieA cookie array as created by parseCookieHeaders()
Returns
void

protected

Definition at line 254 of file CookieJar.php.

References discardCookie().

Referenced by storeCookies().

255  {
256  // Discard any old versions of this cookie.
257  $this->discardCookie($cookie);
258  $this->_cookies[] = $cookie;
259  }
CAS_CookieJar\discardCookie
discardCookie($cookie)
Discard an existing cookie.
Definition: CookieJar.php:270
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCookies()

CAS_CookieJar::storeCookies (   $request_url,
  $response_headers 
)

Store cookies for a web service request.

Cookie storage is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt

Parameters
string$request_urlThe URL that generated the response headers.
array$response_headersAn array of the HTTP response header strings.
Returns
void

private

Definition at line 69 of file CookieJar.php.

References cookieMatchesTarget(), parseCookieHeaders(), storeCookie(), and phpCAS\trace().

70  {
71  $urlParts = parse_url($request_url);
72  $defaultDomain = $urlParts['host'];
73 
74  $cookies = $this->parseCookieHeaders($response_headers, $defaultDomain);
75 
76  // var_dump($cookies);
77  foreach ($cookies as $cookie) {
78  // Enforce the same-origin policy by verifying that the cookie
79  // would match the url that is setting it
80  if (!$this->cookieMatchesTarget($cookie, $urlParts)) {
81  continue;
82  }
83 
84  // store the cookie
85  $this->storeCookie($cookie);
86 
87  phpCAS::trace($cookie['name'] . ' -> ' . $cookie['value']);
88  }
89  }
CAS_CookieJar\cookieMatchesTarget
cookieMatchesTarget($cookie, $target)
Answer true if cookie is applicable to a target.
Definition: CookieJar.php:315
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_CookieJar\parseCookieHeaders
parseCookieHeaders($header, $defaultDomain)
Parse Cookies without PECL From the comments in http://php.net/manual/en/function.http-parse-cookie.php.
Definition: CookieJar.php:135
CAS_CookieJar\storeCookie
storeCookie($cookie)
Add, update, or remove a cookie.
Definition: CookieJar.php:254
+ Here is the call graph for this function:

Field Documentation

◆ $_cookies

CAS_CookieJar::$_cookies
private

Definition at line 43 of file CookieJar.php.

The documentation for this class was generated from the following file: