CookieDomainCheckAbstract::checkSettings()   B
last analyzed

Complexity

Conditions 3
Paths 3

Size

Total Lines 27
Code Lines 17

Duplication

Lines 6
Ratio 22.22 %

Importance

Changes 2
Bugs 1 Features 0
Metric Value
c 2
b 1
f 0
dl 6
loc 27
rs 8.8571
cc 3
eloc 17
nc 3
nop 4
1
<?php
2
/*
3
 * @author Tom Klingenberg <[email protected]>
4
 */
5
6
namespace N98\Magento\Command\System\Check\Settings;
7
8
use Magento\Store\Api\Data\StoreInterface;
9
use N98\Magento\Command\System\Check\Result;
10
11
/**
12
 * Class CookieDomainCheckAbstract
13
 *
14
 * @package N98\Magento\Command\System\Check\Settings
15
 */
16
abstract class CookieDomainCheckAbstract extends CheckAbstract
17
{
18
    protected $class = 'abstract';
19
20
    public function initConfigPaths()
21
    {
22
        $this->registerStoreConfigPath('baseUrl', 'web/' . $this->class . '/base_url');
23
        $this->registerStoreConfigPath('cookieDomain', 'web/cookie/cookie_domain');
24
    }
25
26
    /**
27
     * @param Result $result
28
     * @param StoreInterface $store
29
     * @param string $baseUrl setting
30
     * @param string $cookieDomain setting
31
     */
32
    protected function checkSettings(Result $result, StoreInterface $store, $baseUrl, $cookieDomain)
33
    {
34
        $errorMessage = 'cookie-domain and ' . $this->class . ' base-URL do not match';
35
36
        if (strlen($cookieDomain)) {
37
            $isValid = $this->validateCookieDomainAgainstUrl($cookieDomain, $baseUrl);
38
39
            $result->setStatus($isValid);
40
41
            if ($isValid) {
42
                $result->setMessage(
43
                    '<info>Cookie Domain (' . $this->class . '): <comment>' . $cookieDomain . '</comment>' .
44
                    ' of Store: <comment>' . $store->getCode() . '</comment> - OK</info>'
45
                );
46 View Code Duplication
            } else {
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
47
                $result->setMessage(
48
                    '<error>Cookie Domain (' . $this->class . '): <comment>' . $cookieDomain . '</comment>' .
49
                    ' of Store: <comment>' . $store->getCode() . '</comment> - ERROR: ' . $errorMessage . '</error>'
50
                );
51
            }
52
        } else {
53
            $result->setMessage(
54
                '<info>Empty cookie Domain (' . $this->class . ') of Store: <comment>' . $store->getCode() .
55
                '</comment> - OK</info>'
56
            );
57
        }
58
    }
59
60
    /**
61
     * simplified cookie domain against base-URL validation
62
     *
63
     * it follows the following (incomplete) verification:
64
     *
65
     * - the site-domain is extracted from the base-url
66
     * - site-domain and cookie-domain are normalized by making them lowercase
67
     * - if the site-domain is empty, the check returns false because it's moot
68
     * - if the cookie-domain is smaller than three, the check returns false because it's moot
69
     * - if the cookie-domain does not start with a dot ("."), and the whole matches site-domain return true.
70
     * - otherwise the dot is removed and the cookie-domain is now with removed starting dot.
71
     * - the cookie domain must be the suffix of the site-domain and the remaining prefix of site-domain must end with
72
     *   a dot. returns true/false
73
     *
74
     * @param string $cookieDomain
75
     * @param string $siteUrl
76
     *
77
     * @return bool
78
     */
79
    public function validateCookieDomainAgainstUrl($cookieDomain, $siteUrl)
80
    {
81
        $siteDomain = strtolower(parse_url($siteUrl, PHP_URL_HOST));
82
        $siteLen = strlen($siteDomain);
83
84
        if (0 === $siteLen) {
85
            return false;
86
        }
87
88
        $cookieDomain = strtolower($cookieDomain);
89
        $cookieLen = strlen($cookieDomain);
90
91
        if (3 > $cookieLen) {
92
            return false;
93
        }
94
95
        $hasLeadingDot = $cookieDomain[0] === '.';
96
        if ($hasLeadingDot) {
97
            $cookieDomain = substr($cookieDomain, 1);
98
            $cookieLen = strlen($cookieDomain);
99
        } elseif ($siteDomain === $cookieDomain) {
100
            return true;
101
        }
102
103
        // cookie domain must at least contain a SLD.TLD, no match or match at offset 0 for '.' invalidates
104
        if (!strpos($cookieDomain, '.')) {
105
            return false;
106
        }
107
108
        $suffix = substr($siteDomain, -$cookieLen);
109
110
        if ($suffix !== $cookieDomain) {
111
            return false;
112
        }
113
114
        $prefix = substr($siteDomain, 0, -$cookieLen);
115
        if (0 === strlen($prefix)) {
116
            return false;
117
        }
118
119
        if (substr($prefix, -1) !== '.') {
120
            return false;
121
        }
122
123
        return true;
124
    }
125
}
126