functions.cookies.php ➔ wp_set_auth_cookie() - Code Metrics - Inspection of "." - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/e2e-mock-plan-data ( ba07d7...9c31e8 )

by Yaroslav

created 2020-01-22 14:47 UTC

functions.cookies.php ➔ wp_set_auth_cookie() C

↳ Parent: Project

Complexity

Conditions	8
Paths	96

Size

Total Lines

119

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	8
nc	96
nop	4
dl	0
loc	119
rs	6.7555
c	0
b	0
f	0

How to fix Long Method

<?php
/**
 * This file is meant to be the home for any function handling cookies that can
 * be accessed anywhere within Jetpack.
 *
 * This file is loaded whether or not Jetpack is connected to WP.com.
 *
 * @package Jetpack
 */

/**
 * A PHP 5.X compatible version of the array argument version of PHP 7.3's setcookie().
 *
 * Useful for setting SameSite cookies in PHP 7.2 or earlier.
 *
 * @param string $name    Name of the cookie.
 * @param string $value   Value of the cookie.
 * @param array  $options Options to include with the cookie.
 * @return bool False when error happens, other wise true.
 */
function jetpack_shim_setcookie( $name, $value, $options ) {
	$not_allowed_chars = ",; \t\r\n\013\014";

	if ( strpbrk( $name, $not_allowed_chars ) !== false ) {
		return false;
	}

	$cookie = 'Set-Cookie: ' . $name . '=' . rawurlencode( $value ) . '; ';

	if ( ! empty( $options['expires'] ) ) {
		$cookie_date = gmdate( 'D, d M Y H:i:s \G\M\T', $options['expires'] );
		$cookie     .= sprintf( 'expires=%s', $cookie_date ) . ';';
	}

	if ( ! empty( $options['secure'] ) && true === $options['secure'] ) {
		$cookie .= 'secure; ';
	}

	if ( ! empty( $options['httponly'] ) && true === $options['httponly'] ) {
		$cookie .= 'HttpOnly; ';
	}

	if ( ! empty( $options['domain'] ) && is_string( $options['domain'] ) ) {
		if ( strpbrk( $options['domain'], false !== $not_allowed_chars ) ) {
			return false;
		}
		$cookie .= sprintf( 'domain=%s', $options['domain'] . '; ' );
	}

	if ( ! empty( $options['path'] ) && is_string( $options['path'] ) ) {
		if ( strpbrk( $options['path'], false !== $not_allowed_chars ) ) {
			return false;
		}
		$cookie .= sprintf( 'path=%s', $options['path'] . '; ' );
	}

	if ( ! empty( $options['samesite'] ) && is_string( $options['samesite'] ) ) {
		$cookie .= sprintf( 'SameSite=%s', $options['samesite'] . '; ' );
	}

	$cookie = trim( $cookie );
	$cookie = trim( $cookie, ';' );
	header( $cookie, false );

	return true;
}

// Only proceed if Jetpack is connected to WordPress.com and there is no active short-circuit filter.
if (
	Jetpack::is_active() &&
	/**
	 * Allow plugins to short-circuit the `wp_set_auth_cookie` override that adds support for SameSite cookies.
	 *
	 * Note that because the `wp_set_auth_cookie` override executes on plugin load (to be able to define it before
	 * `pluggable.php`), a third party can only use the short-circuit filter in plugins loaded before Jetpack, or
	 * in an mu-plugin.
	 *
	 * @since 8.1.1
	 *
	 * @param false bool Whether the `wp_set_auth_cookie` override should be blocked. False by default.
	 */
	! apply_filters( 'jetpack_disable_auth_cookie_pluggable', false ) &&
	! function_exists( 'wp_set_auth_cookie' )
) :
	/**
	 * Sets the authentication cookies based on user ID.
	 *
	 * The $remember parameter increases the time that the cookie will be kept. The
	 * default the cookie is kept without remembering is two days. When $remember is
	 * set, the cookies will be kept for 14 days or two weeks.
	 *
	 * This overrides the `wp_set_auth_cookie` pluggable function in order to support `SameSite` cookies.
	 *
	 * @param int    $user_id  User ID.
	 * @param bool   $remember Whether to remember the user.
	 * @param mixed  $secure   Whether the admin cookies should only be sent over HTTPS.
	 *                         Default is the value of is_ssl().
	 * @param string $token    Optional. User's session token to use for this cookie.
	 *
	 * @since 8.1.1
	 */
	function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
		if ( $remember ) {
			/** This filter is documented in wp-includes/pluggable.php */
			$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );

			/*
			 * Ensure the browser will continue to send the cookie after the expiration time is reached.
			 * Needed for the login grace period in wp_validate_auth_cookie().
			 */
			$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
		} else {
			/** This filter is documented in wp-includes/pluggable.php */
			$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
			$expire     = 0;
		}

		if ( '' === $secure ) {
			$secure = is_ssl();
		}

		// Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
		$secure_logged_in_cookie = $secure && 'https' === wp_parse_url( get_option( 'home' ), PHP_URL_SCHEME );

		/** This filter is documented in wp-includes/pluggable.php */
		$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );

		/** This filter is documented in wp-includes/pluggable.php */
		$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );

		if ( $secure ) {
			$auth_cookie_name = SECURE_AUTH_COOKIE;
			$scheme           = 'secure_auth';
		} else {
			$auth_cookie_name = AUTH_COOKIE;
			$scheme           = 'auth';
		}

		if ( '' === $token ) {
			$manager = WP_Session_Tokens::get_instance( $user_id );
			$token   = $manager->create( $expiration );
		}

		$auth_cookie      = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
		$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );

		/** This filter is documented in wp-includes/pluggable.php */
		do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );

		/** This filter is documented in wp-includes/pluggable.php */
		do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );

		/** This filter is documented in wp-includes/pluggable.php */
		if ( ! apply_filters( 'send_auth_cookies', true ) ) {
			return;
		}

		/**
		 * Filters the SameSite attribute to use in auth cookies.
		 *
		 * @param string $samesite SameSite attribute to use in auth cookies.
		 *
		 * @since 8.1.1
		 */
		$samesite = apply_filters( 'jetpack_auth_cookie_samesite', 'Lax' );

		jetpack_shim_setcookie(
			$auth_cookie_name,
			$auth_cookie,
			array(
				'expires'  => $expire,
				'path'     => PLUGINS_COOKIE_PATH,
				'domain'   => COOKIE_DOMAIN,
				'secure'   => $secure,
				'httponly' => true,
				'samesite' => $samesite,
			)
		);

		jetpack_shim_setcookie(
			$auth_cookie_name,
			$auth_cookie,
			array(
				'expires'  => $expire,
				'path'     => ADMIN_COOKIE_PATH,
				'domain'   => COOKIE_DOMAIN,
				'secure'   => $secure,
				'httponly' => true,
				'samesite' => $samesite,
			)
		);

		jetpack_shim_setcookie(
			LOGGED_IN_COOKIE,
			$logged_in_cookie,
			array(
				'expires'  => $expire,
				'path'     => COOKIEPATH,
				'domain'   => COOKIE_DOMAIN,
				'secure'   => $secure_logged_in_cookie,
				'httponly' => true,
				'samesite' => $samesite,
			)
		);

		if ( COOKIEPATH !== SITECOOKIEPATH ) {
			jetpack_shim_setcookie(
				LOGGED_IN_COOKIE,
				$logged_in_cookie,
				array(
					'expires'  => $expire,
					'path'     => SITECOOKIEPATH,
					'domain'   => COOKIE_DOMAIN,
					'secure'   => $secure_logged_in_cookie,
					'httponly' => true,
					'samesite' => $samesite,
				)
			);
		}
	}
endif;


1		<?php
2		/**
3		* This file is meant to be the home for any function handling cookies that can
4		* be accessed anywhere within Jetpack.
5		*
6		* This file is loaded whether or not Jetpack is connected to WP.com.
7		*
8		* @package Jetpack
9		*/
10
11		/**
12		* A PHP 5.X compatible version of the array argument version of PHP 7.3's setcookie().
13		*
14		* Useful for setting SameSite cookies in PHP 7.2 or earlier.
15		*
16		* @param string $name Name of the cookie.
17		* @param string $value Value of the cookie.
18		* @param array $options Options to include with the cookie.
19		* @return bool False when error happens, other wise true.
20		*/
21		function jetpack_shim_setcookie( $name, $value, $options ) {
22		$not_allowed_chars = ",; \t\r\n\013\014";
23
24		if ( strpbrk( $name, $not_allowed_chars ) !== false ) {
25		return false;
26		}
27
28		$cookie = 'Set-Cookie: ' . $name . '=' . rawurlencode( $value ) . '; ';
29
30		if ( ! empty( $options['expires'] ) ) {
31		$cookie_date = gmdate( 'D, d M Y H:i:s \G\M\T', $options['expires'] );
32		$cookie .= sprintf( 'expires=%s', $cookie_date ) . ';';
33		}
34
35		if ( ! empty( $options['secure'] ) && true === $options['secure'] ) {
36		$cookie .= 'secure; ';
37		}
38
39		if ( ! empty( $options['httponly'] ) && true === $options['httponly'] ) {
40		$cookie .= 'HttpOnly; ';
41		}
42
43	View Code Duplication	if ( ! empty( $options['domain'] ) && is_string( $options['domain'] ) ) {
44		if ( strpbrk( $options['domain'], false !== $not_allowed_chars ) ) {
45		return false;
46		}
47		$cookie .= sprintf( 'domain=%s', $options['domain'] . '; ' );
48		}
49
50	View Code Duplication	if ( ! empty( $options['path'] ) && is_string( $options['path'] ) ) {
51		if ( strpbrk( $options['path'], false !== $not_allowed_chars ) ) {
52		return false;
53		}
54		$cookie .= sprintf( 'path=%s', $options['path'] . '; ' );
55		}
56
57		if ( ! empty( $options['samesite'] ) && is_string( $options['samesite'] ) ) {
58		$cookie .= sprintf( 'SameSite=%s', $options['samesite'] . '; ' );
59		}
60
61		$cookie = trim( $cookie );
62		$cookie = trim( $cookie, ';' );
63		header( $cookie, false );
64
65		return true;
66		}
67
68		// Only proceed if Jetpack is connected to WordPress.com and there is no active short-circuit filter.
69		if (
70		Jetpack::is_active() &&
71		/**
72		* Allow plugins to short-circuit the `wp_set_auth_cookie` override that adds support for SameSite cookies.
73		*
74		* Note that because the `wp_set_auth_cookie` override executes on plugin load (to be able to define it before
75		* `pluggable.php`), a third party can only use the short-circuit filter in plugins loaded before Jetpack, or
76		* in an mu-plugin.
77		*
78		* @since 8.1.1
79		*
80		* @param false bool Whether the `wp_set_auth_cookie` override should be blocked. False by default.
81		*/
82		! apply_filters( 'jetpack_disable_auth_cookie_pluggable', false ) &&
83		! function_exists( 'wp_set_auth_cookie' )
84		) :
85		/**
86		* Sets the authentication cookies based on user ID.
87		*
88		* The $remember parameter increases the time that the cookie will be kept. The
89		* default the cookie is kept without remembering is two days. When $remember is
90		* set, the cookies will be kept for 14 days or two weeks.
91		*
92		* This overrides the `wp_set_auth_cookie` pluggable function in order to support `SameSite` cookies.
93		*
94		* @param int $user_id User ID.
95		* @param bool $remember Whether to remember the user.
96		* @param mixed $secure Whether the admin cookies should only be sent over HTTPS.
97		* Default is the value of is_ssl().
98		* @param string $token Optional. User's session token to use for this cookie.
99		*
100		* @since 8.1.1
101		*/
102		function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
103		if ( $remember ) {
104		/** This filter is documented in wp-includes/pluggable.php */
105		$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
106
107		/*
108		* Ensure the browser will continue to send the cookie after the expiration time is reached.
109		* Needed for the login grace period in wp_validate_auth_cookie().
110		*/
111		$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
112		} else {
113		/** This filter is documented in wp-includes/pluggable.php */
114		$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
115		$expire = 0;
116		}
117
118		if ( '' === $secure ) {
119		$secure = is_ssl();
120		}
121
122		// Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
123		$secure_logged_in_cookie = $secure && 'https' === wp_parse_url( get_option( 'home' ), PHP_URL_SCHEME );
124
125		/** This filter is documented in wp-includes/pluggable.php */
126		$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );
127
128		/** This filter is documented in wp-includes/pluggable.php */
129		$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
130
131		if ( $secure ) {
132		$auth_cookie_name = SECURE_AUTH_COOKIE;
133		$scheme = 'secure_auth';
134		} else {
135		$auth_cookie_name = AUTH_COOKIE;
136		$scheme = 'auth';
137		}
138
139		if ( '' === $token ) {
140		$manager = WP_Session_Tokens::get_instance( $user_id );
141		$token = $manager->create( $expiration );
142		}
143
144		$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
145		$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );
146
147		/** This filter is documented in wp-includes/pluggable.php */
148		do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );
149
150		/** This filter is documented in wp-includes/pluggable.php */
151		do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );
152
153		/** This filter is documented in wp-includes/pluggable.php */
154		if ( ! apply_filters( 'send_auth_cookies', true ) ) {
155		return;
156		}
157
158		/**
159		* Filters the SameSite attribute to use in auth cookies.
160		*
161		* @param string $samesite SameSite attribute to use in auth cookies.
162		*
163		* @since 8.1.1
164		*/
165		$samesite = apply_filters( 'jetpack_auth_cookie_samesite', 'Lax' );
166
167		jetpack_shim_setcookie(
168		$auth_cookie_name,
169		$auth_cookie,
170		array(
171		'expires' => $expire,
172		'path' => PLUGINS_COOKIE_PATH,
173		'domain' => COOKIE_DOMAIN,
174		'secure' => $secure,
175		'httponly' => true,
176		'samesite' => $samesite,
177		)
178		);
179
180		jetpack_shim_setcookie(
181		$auth_cookie_name,
182		$auth_cookie,
183		array(
184		'expires' => $expire,
185		'path' => ADMIN_COOKIE_PATH,
186		'domain' => COOKIE_DOMAIN,
187		'secure' => $secure,
188		'httponly' => true,
189		'samesite' => $samesite,
190		)
191		);
192
193		jetpack_shim_setcookie(
194		LOGGED_IN_COOKIE,
195		$logged_in_cookie,
196		array(
197		'expires' => $expire,
198		'path' => COOKIEPATH,
199		'domain' => COOKIE_DOMAIN,
200		'secure' => $secure_logged_in_cookie,
201		'httponly' => true,
202		'samesite' => $samesite,
203		)
204		);
205
206		if ( COOKIEPATH !== SITECOOKIEPATH ) {
207		jetpack_shim_setcookie(
208		LOGGED_IN_COOKIE,
209		$logged_in_cookie,
210		array(
211		'expires' => $expire,
212		'path' => SITECOOKIEPATH,
213		'domain' => COOKIE_DOMAIN,
214		'secure' => $secure_logged_in_cookie,
215		'httponly' => true,
216		'samesite' => $samesite,
217		)
218		);
219		}
220		}
221		endif;
222

Automattic / jetpack

Push — add/e2e-mock-plan-data ( ba07d7...9c31e8 )

functions.cookies.php ➔ wp_set_auth_cookie() C

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like