silverstripe / silverstripe-hybridsessions

tests/CookieStoreTest.php

Indentation +55 added lines, -55 removed lines

@@ -10,69 +10,69 @@
 
 class CookieStoreTest extends AbstractTest
 {
-    protected function getStore()
-    {
-        $store = Injector::inst()->get(CookieStore::class);
-        $store->setKey(uniqid());
-        $store->open(TempFolder::getTempFolder(BASE_PATH).'/'.__CLASS__, 'SESSIONCOOKIE');
+	protected function getStore()
+	{
+		$store = Injector::inst()->get(CookieStore::class);
+		$store->setKey(uniqid());
+		$store->open(TempFolder::getTempFolder(BASE_PATH).'/'.__CLASS__, 'SESSIONCOOKIE');
 
-        return $store;
-    }
+		return $store;
+	}
 
-    public function testStoreLargeData()
-    {
-        $session = uniqid();
-        $store = $this->getStore();
+	public function testStoreLargeData()
+	{
+		$session = uniqid();
+		$store = $this->getStore();
 
-        // Test new session is blank
-        $result = $store->read($session);
-        $this->assertEmpty($result);
+		// Test new session is blank
+		$result = $store->read($session);
+		$this->assertEmpty($result);
 
-        // Save data against session
-        $data1 = array(
-            'Large' => str_repeat('A', 600),
-            'Content' => str_repeat('B', 600)
-        );
-        $store->write($session, serialize($data1));
-        $result = $store->read($session);
+		// Save data against session
+		$data1 = array(
+			'Large' => str_repeat('A', 600),
+			'Content' => str_repeat('B', 600)
+		);
+		$store->write($session, serialize($data1));
+		$result = $store->read($session);
 
-        // Cookies should not try to store data that large
-        $this->assertEmpty($result);
-    }
+		// Cookies should not try to store data that large
+		$this->assertEmpty($result);
+	}
 
-    /**
-     * Ensure that subsequent reads without the necessary write do not report data
-     */
-    public function testReadInvalidatesData()
-    {
-        $session = uniqid();
-        $store = $this->getStore();
+	/**
+	 * Ensure that subsequent reads without the necessary write do not report data
+	 */
+	public function testReadInvalidatesData()
+	{
+		$session = uniqid();
+		$store = $this->getStore();
 
-        // Test new session is blank
-        $result = $store->read($session);
-        $this->assertEmpty($result);
+		// Test new session is blank
+		$result = $store->read($session);
+		$this->assertEmpty($result);
 
-        // Save data against session
-        $data1 = array(
-            'Color' => 'red',
-            'Animal' => 'elephant'
-        );
-        $store->write($session, serialize($data1));
-        $result = $store->read($session);
-        $this->assertEquals($data1, unserialize($result));
+		// Save data against session
+		$data1 = array(
+			'Color' => 'red',
+			'Animal' => 'elephant'
+		);
+		$store->write($session, serialize($data1));
+		$result = $store->read($session);
+		$this->assertEquals($data1, unserialize($result));
 
-        // Since we have read the data into the result, the application could modify this content
-        // and be unable to write it back due to headers being sent. We should thus assume
-        // that subsequent reads without a successful write do not purport to have valid data
-        $data1['Color'] = 'blue';
-        $result = $store->read($session);
-        $this->assertEmpty($result);
+		// Since we have read the data into the result, the application could modify this content
+		// and be unable to write it back due to headers being sent. We should thus assume
+		// that subsequent reads without a successful write do not purport to have valid data
+		$data1['Color'] = 'blue';
+		$result = $store->read($session);
+		$this->assertEmpty($result);
 
-        // Check that writing to cookie fails after headers are sent and these results remain
-        // invalidated
-        TestCookieStore::$override_headers_sent = true;
-        $store->write($session, serialize($data1));
-        $result = $store->read($session);
-        $this->assertEmpty($result);
-    }
+		// Check that writing to cookie fails after headers are sent and these results remain
+		// invalidated
+		TestCookieStore::$override_headers_sent = true;
+		$store->write($session, serialize($data1));
+		$result = $store->read($session);
+		$this->assertEmpty($result);
+	}
 }

tests/DatabaseStoreTest.php

Indentation +6 added lines, -6 removed lines

@@ -7,11 +7,11 @@
 
 class DatabaseStoreTest extends AbstractTest
 {
-    protected function getStore()
-    {
-        $store = Injector::inst()->get(DatabaseStore::class);
-        $store->setKey(uniqid());
+	protected function getStore()
+	{
+		$store = Injector::inst()->get(DatabaseStore::class);
+		$store->setKey(uniqid());
 
-        return $store;
-    }
+		return $store;
+	}
 }

tests/Store/TestCookieStore.php

Indentation +15 added lines, -15 removed lines

@@ -9,21 +9,21 @@
 {
 
 
-    /**
-     * Override value of 'headers_sent' but only if running tests.
-     *
-     * Set to true or false, or null to not override
-     *
-     * @var string
-     */
-    public static $override_headers_sent = null;
+	/**
+	 * Override value of 'headers_sent' but only if running tests.
+	 *
+	 * Set to true or false, or null to not override
+	 *
+	 * @var string
+	 */
+	public static $override_headers_sent = null;
 
-    protected function canWrite()
-    {
-        if (self::$override_headers_sent !== null) {
-            return !self::$override_headers_sent;
-        }
+	protected function canWrite()
+	{
+		if (self::$override_headers_sent !== null) {
+			return !self::$override_headers_sent;
+		}
 
-        parent::canWrite();
-    }
+		parent::canWrite();
+	}
 }

tests/HybridSessionTest.php

Indentation +10 added lines, -10 removed lines

@@ -10,15 +10,15 @@
 class HybridSessionTest extends AbstractTest
 {
 
-    /**
-     * @return HybridSessionStore_Cookie
-     */
-    protected function getStore()
-    {
-        $store = Injector::inst()->create(HybridSession::class);
-        $store->setKey(uniqid());
-        $store->open(TempFolder::getTempFolder(BASE_PATH).'/'.__CLASS__, 'SESSIONCOOKIE');
+	/**
+	 * @return HybridSessionStore_Cookie
+	 */
+	protected function getStore()
+	{
+		$store = Injector::inst()->create(HybridSession::class);
+		$store->setKey(uniqid());
+		$store->open(TempFolder::getTempFolder(BASE_PATH).'/'.__CLASS__, 'SESSIONCOOKIE');
 
-        return $store;
-    }
+		return $store;
+	}
 }

src/Crypto/McryptCrypto.php

Doc Comments +1 added lines, -1 removed lines

@@ -87,7 +87,7 @@
      *
      * @param $data - The encrypted-and-signed message as base64 ASCII
      *
-     * @return bool|string - The decrypted cleartext or false if signature failed
+     * @return string|false - The decrypted cleartext or false if signature failed
      */
     public function decrypt($data)
     {

Indentation +105 added lines, -105 removed lines

@@ -8,109 +8,109 @@
  */
 class McryptCrypto implements CryptoHandler
 {
-    protected $key;
-
-    protected $ivSize;
-
-    protected $keySize;
-
-    protected $salt;
-
-    protected $saltedKey;
-
-    /**
-     * @return string
-     */
-    public function getKey()
-    {
-        return $this->key;
-    }
-
-    /**
-     * @return string
-     */
-    public function getSalt()
-    {
-        return $this->salt;
-    }
-
-    /**
-     * @param $key a per-site secret string which is used as the base encryption key.
-     * @param $salt a per-session random string which is used as a salt to generate a per-session key
-     *
-     * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session,
-     * and even modify & re-sign it.
-     *
-     * The salt is a random per-session string that is used with the base encryption key to create a per-session key.
-     * This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.
-     *
-     * Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't
-     * need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes
-     * a great salt, so no need to generate & handle another one.
-     */
-    public function __construct($key, $salt)
-    {
-        $this->ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
-        $this->keySize = mcrypt_get_key_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
-
-        $this->key = $key;
-        $this->salt = $salt;
-        $this->saltedKey = hash_pbkdf2('sha256', $this->key, $this->salt, 1000, $this->keySize, true);
-    }
-
-    /**
-     * Encrypt and then sign some cleartext
-     *
-     * @param $cleartext - The cleartext to encrypt and sign
-     * @return string - The encrypted-and-signed message as base64 ASCII.
-     */
-    public function encrypt($cleartext)
-    {
-        $iv = mcrypt_create_iv($this->ivSize, MCRYPT_DEV_URANDOM);
-
-        $enc = mcrypt_encrypt(
-            MCRYPT_RIJNDAEL_256,
-            $this->saltedKey,
-            $cleartext,
-            MCRYPT_MODE_CBC,
-            $iv
-        );
-
-        $hash = hash_hmac('sha256', $enc, $this->saltedKey);
-
-        return base64_encode($iv.$hash.$enc);
-    }
-
-    /**
-     * Check the signature on an encrypted-and-signed message, and if valid
-     * decrypt the content
-     *
-     * @param $data - The encrypted-and-signed message as base64 ASCII
-     *
-     * @return bool|string - The decrypted cleartext or false if signature failed
-     */
-    public function decrypt($data)
-    {
-        $data = base64_decode($data);
-
-        $iv   = substr($data, 0, $this->ivSize);
-        $hash = substr($data, $this->ivSize, 64);
-        $enc  = substr($data, $this->ivSize + 64);
-
-        $cleartext = rtrim(mcrypt_decrypt(
-            MCRYPT_RIJNDAEL_256,
-            $this->saltedKey,
-            $enc,
-            MCRYPT_MODE_CBC,
-            $iv
-        ), "\x00");
-
-        // Needs to be after decrypt so it always runs, to avoid timing attack
-        $gen_hash = hash_hmac('sha256', $enc, $this->saltedKey);
-
-        if ($gen_hash == $hash) {
-            return $cleartext;
-        }
-        return false;
-    }
+	protected $key;
+
+	protected $ivSize;
+
+	protected $keySize;
+
+	protected $salt;
+
+	protected $saltedKey;
+
+	/**
+	 * @return string
+	 */
+	public function getKey()
+	{
+		return $this->key;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getSalt()
+	{
+		return $this->salt;
+	}
+
+	/**
+	 * @param $key a per-site secret string which is used as the base encryption key.
+	 * @param $salt a per-session random string which is used as a salt to generate a per-session key
+	 *
+	 * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session,
+	 * and even modify & re-sign it.
+	 *
+	 * The salt is a random per-session string that is used with the base encryption key to create a per-session key.
+	 * This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.
+	 *
+	 * Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't
+	 * need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes
+	 * a great salt, so no need to generate & handle another one.
+	 */
+	public function __construct($key, $salt)
+	{
+		$this->ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
+		$this->keySize = mcrypt_get_key_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
+
+		$this->key = $key;
+		$this->salt = $salt;
+		$this->saltedKey = hash_pbkdf2('sha256', $this->key, $this->salt, 1000, $this->keySize, true);
+	}
+
+	/**
+	 * Encrypt and then sign some cleartext
+	 *
+	 * @param $cleartext - The cleartext to encrypt and sign
+	 * @return string - The encrypted-and-signed message as base64 ASCII.
+	 */
+	public function encrypt($cleartext)
+	{
+		$iv = mcrypt_create_iv($this->ivSize, MCRYPT_DEV_URANDOM);
+
+		$enc = mcrypt_encrypt(
+			MCRYPT_RIJNDAEL_256,
+			$this->saltedKey,
+			$cleartext,
+			MCRYPT_MODE_CBC,
+			$iv
+		);
+
+		$hash = hash_hmac('sha256', $enc, $this->saltedKey);
+
+		return base64_encode($iv.$hash.$enc);
+	}
+
+	/**
+	 * Check the signature on an encrypted-and-signed message, and if valid
+	 * decrypt the content
+	 *
+	 * @param $data - The encrypted-and-signed message as base64 ASCII
+	 *
+	 * @return bool|string - The decrypted cleartext or false if signature failed
+	 */
+	public function decrypt($data)
+	{
+		$data = base64_decode($data);
+
+		$iv   = substr($data, 0, $this->ivSize);
+		$hash = substr($data, $this->ivSize, 64);
+		$enc  = substr($data, $this->ivSize + 64);
+
+		$cleartext = rtrim(mcrypt_decrypt(
+			MCRYPT_RIJNDAEL_256,
+			$this->saltedKey,
+			$enc,
+			MCRYPT_MODE_CBC,
+			$iv
+		), "\x00");
+
+		// Needs to be after decrypt so it always runs, to avoid timing attack
+		$gen_hash = hash_hmac('sha256', $enc, $this->saltedKey);
+
+		if ($gen_hash == $hash) {
+			return $cleartext;
+		}
+		return false;
+	}
 }

src/Crypto/OpenSSLCrypto.php

Doc Comments +1 added lines, -1 removed lines

@@ -75,7 +75,7 @@
      *
      * @param string $data - The encrypted-and-signed message as base64 ASCII
      *
-     * @return bool|string - The decrypted cleartext or false if signature failed
+     * @return string|false - The decrypted cleartext or false if signature failed
      */
     public function decrypt($data)
     {

Indentation +76 added lines, -76 removed lines

@@ -8,90 +8,90 @@
  */
 class OpenSSLCrypto implements CryptoHandler
 {
-    protected $key;
+	protected $key;
 
-    protected $salt;
+	protected $salt;
 
-    protected $saltedKey;
+	protected $saltedKey;
 
-    /**
-     * @return string
-     */
-    public function getKey()
-    {
-        return $this->key;
-    }
+	/**
+	 * @return string
+	 */
+	public function getKey()
+	{
+		return $this->key;
+	}
 
-    /**
-     * @return string
-     */
-    public function getSalt()
-    {
-        return $this->salt;
-    }
+	/**
+	 * @return string
+	 */
+	public function getSalt()
+	{
+		return $this->salt;
+	}
 
-    /**
-     * @param string $key a per-site secret string which is used as the base encryption key.
-     * @param string $salt a per-session random string which is used as a salt to generate a per-session key
-     *
-     * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session,
-     * and even modify & re-sign it.
-     *
-     * The salt is a random per-session string that is used with the base encryption key to create a per-session key.
-     * This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.
-     *
-     * Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't
-     * need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes
-     * a great salt, so no need to generate & handle another one.
-     */
-    public function __construct($key, $salt)
-    {
-        $this->key = $key;
-        $this->salt = $salt;
-        $this->saltedKey = hash_pbkdf2('sha256', $this->key, $this->salt, 1000, 0, true);
-    }
+	/**
+	 * @param string $key a per-site secret string which is used as the base encryption key.
+	 * @param string $salt a per-session random string which is used as a salt to generate a per-session key
+	 *
+	 * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session,
+	 * and even modify & re-sign it.
+	 *
+	 * The salt is a random per-session string that is used with the base encryption key to create a per-session key.
+	 * This (amongst other things) makes sure an attacker can't use a known-plaintext attack to guess the key.
+	 *
+	 * Normally we could create a salt on encryption, send it to the client as part of the session (it doesn't
+	 * need to remain secret), then use the returned salt to decrypt. But we already have the Session ID which makes
+	 * a great salt, so no need to generate & handle another one.
+	 */
+	public function __construct($key, $salt)
+	{
+		$this->key = $key;
+		$this->salt = $salt;
+		$this->saltedKey = hash_pbkdf2('sha256', $this->key, $this->salt, 1000, 0, true);
+	}
 
-    /**
-     * Encrypt and then sign some cleartext
-     *
-     * @param string $cleartext - The cleartext to encrypt and sign
-     * @return string - The encrypted-and-signed message as base64 ASCII.
-     */
-    public function encrypt($cleartext)
-    {
-        $cipher = "AES-256-CBC";
-        $ivlen = openssl_cipher_iv_length($cipher);
-        $iv = openssl_random_pseudo_bytes($ivlen);
-        $ciphertext_raw = openssl_encrypt($cleartext, $cipher, $this->saltedKey, $options = OPENSSL_RAW_DATA, $iv);
-        $hmac = hash_hmac('sha256', $ciphertext_raw, $this->saltedKey, $as_binary = true);
-        $ciphertext = base64_encode($iv.$hmac.$ciphertext_raw);
+	/**
+	 * Encrypt and then sign some cleartext
+	 *
+	 * @param string $cleartext - The cleartext to encrypt and sign
+	 * @return string - The encrypted-and-signed message as base64 ASCII.
+	 */
+	public function encrypt($cleartext)
+	{
+		$cipher = "AES-256-CBC";
+		$ivlen = openssl_cipher_iv_length($cipher);
+		$iv = openssl_random_pseudo_bytes($ivlen);
+		$ciphertext_raw = openssl_encrypt($cleartext, $cipher, $this->saltedKey, $options = OPENSSL_RAW_DATA, $iv);
+		$hmac = hash_hmac('sha256', $ciphertext_raw, $this->saltedKey, $as_binary = true);
+		$ciphertext = base64_encode($iv.$hmac.$ciphertext_raw);
 
-        return base64_encode($iv.$hmac.$ciphertext_raw);
-    }
+		return base64_encode($iv.$hmac.$ciphertext_raw);
+	}
 
-    /**
-     * Check the signature on an encrypted-and-signed message, and if valid
-     * decrypt the content
-     *
-     * @param string $data - The encrypted-and-signed message as base64 ASCII
-     *
-     * @return bool|string - The decrypted cleartext or false if signature failed
-     */
-    public function decrypt($data)
-    {
-        $c = base64_decode($data);
-        $cipher = "AES-256-CBC";
-        $ivlen = openssl_cipher_iv_length($cipher);
-        $iv = substr($c, 0, $ivlen);
-        $hmac = substr($c, $ivlen, $sha2len = 32);
-        $ciphertext_raw = substr($c, $ivlen+$sha2len);
-        $cleartext = openssl_decrypt($ciphertext_raw, $cipher, $this->saltedKey, $options = OPENSSL_RAW_DATA, $iv);
-        $calcmac = hash_hmac('sha256', $ciphertext_raw, $this->saltedKey, $as_binary = true);
+	/**
+	 * Check the signature on an encrypted-and-signed message, and if valid
+	 * decrypt the content
+	 *
+	 * @param string $data - The encrypted-and-signed message as base64 ASCII
+	 *
+	 * @return bool|string - The decrypted cleartext or false if signature failed
+	 */
+	public function decrypt($data)
+	{
+		$c = base64_decode($data);
+		$cipher = "AES-256-CBC";
+		$ivlen = openssl_cipher_iv_length($cipher);
+		$iv = substr($c, 0, $ivlen);
+		$hmac = substr($c, $ivlen, $sha2len = 32);
+		$ciphertext_raw = substr($c, $ivlen+$sha2len);
+		$cleartext = openssl_decrypt($ciphertext_raw, $cipher, $this->saltedKey, $options = OPENSSL_RAW_DATA, $iv);
+		$calcmac = hash_hmac('sha256', $ciphertext_raw, $this->saltedKey, $as_binary = true);
 
-        if (hash_equals($hmac, $calcmac)) {
-            return $cleartext;
-        }
+		if (hash_equals($hmac, $calcmac)) {
+			return $cleartext;
+		}
 
-        return false;
-    }
+		return false;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -84,7 +84,7 @@
         $ivlen = openssl_cipher_iv_length($cipher);
         $iv = substr($c, 0, $ivlen);
         $hmac = substr($c, $ivlen, $sha2len = 32);
-        $ciphertext_raw = substr($c, $ivlen+$sha2len);
+        $ciphertext_raw = substr($c, $ivlen + $sha2len);
         $cleartext = openssl_decrypt($ciphertext_raw, $cipher, $this->saltedKey, $options = OPENSSL_RAW_DATA, $iv);
         $calcmac = hash_hmac('sha256', $ciphertext_raw, $this->saltedKey, $as_binary = true);
 

src/HybridSession.php

Doc Comments +1 added lines

@@ -38,6 +38,7 @@
 
     /**
      * @param string
+     * @param string $key
      *
      * @return $this
      */

Indentation +157 added lines, -157 removed lines

@@ -9,161 +9,161 @@
 class HybridSession extends BaseStore
 {
 
-    /**
-     * List of session handlers
-     *
-     * @var array
-     */
-    protected $handlers = [];
-
-    /**
-     * True if this session store has been initialised
-     *
-     * @var bool
-     */
-    protected static $enabled = false;
-
-    /**
-     * @param SessionHandlerInterface[]
-     *
-     * @return $this
-     */
-    public function setHandlers($handlers)
-    {
-        $this->handlers = $handlers;
-        $this->setKey($this->getKey());
-
-        return $this;
-    }
-
-    /**
-     * @param string
-     *
-     * @return $this
-     */
-    public function setKey($key)
-    {
-        parent::setKey($key);
-
-        foreach ($this->handlers as $handler) {
-            $handler->setKey($key);
-        }
-
-        return $this;
-    }
-
-    /**
-     * @return SessionHandlerInterface[]
-     */
-    public function getHandlers()
-    {
-        return $this->handlers;
-    }
-
-    /**
-     * @param string $save_path
-     * @param string $name
-     *
-     * @return bool
-     */
-    public function open($save_path, $name)
-    {
-        if ($this->handlers) {
-            foreach ($this->handlers as $handler) {
-                $handler->open($save_path, $name);
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * @return bool
-     */
-    public function close()
-    {
-        if ($this->handlers) {
-            foreach ($this->handlers as $handler) {
-                $handler->close();
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * @param string $session_id
-     *
-     * @return string
-     */
-    public function read($session_id)
-    {
-        if ($this->handlers) {
-            foreach ($this->handlers as $handler) {
-                if ($data = $handler->read($session_id)) {
-                    return $data;
-                }
-            }
-        }
-
-        return '';
-    }
-
-
-    public function write($session_id, $session_data)
-    {
-        if ($this->handlers) {
-            foreach ($this->handlers as $handler) {
-                if ($handler->write($session_id, $session_data)) {
-                    return;
-                }
-            }
-        }
-    }
-
-    public function destroy($session_id)
-    {
-        if ($this->handlers) {
-            foreach ($this->handlers as $handler) {
-                $handler->destroy($session_id);
-            }
-        }
-    }
-
-    public function gc($maxlifetime)
-    {
-        if ($this->handlers) {
-            foreach ($this->handlers as $handler) {
-                $handler->gc($maxlifetime);
-            }
-        }
-    }
-
-    /**
-     * Register the session handler as the default
-     *
-     * @param string $key Desired session key
-     */
-    public static function init($key = null)
-    {
-        $instance = Injector::inst()->get(__CLASS__);
-
-        if (empty($key)) {
-            user_error(
-                'HybridSession::init() was not given a $key. Disabling cookie-based storage',
-                E_USER_WARNING
-            );
-        } else {
-            $instance->setKey($key);
-        }
-
-        session_set_save_handler($instance, true);
-
-        self::$enabled = true;
-    }
-
-    public static function is_enabled()
-    {
-        return self::$enabled;
-    }
+	/**
+	 * List of session handlers
+	 *
+	 * @var array
+	 */
+	protected $handlers = [];
+
+	/**
+	 * True if this session store has been initialised
+	 *
+	 * @var bool
+	 */
+	protected static $enabled = false;
+
+	/**
+	 * @param SessionHandlerInterface[]
+	 *
+	 * @return $this
+	 */
+	public function setHandlers($handlers)
+	{
+		$this->handlers = $handlers;
+		$this->setKey($this->getKey());
+
+		return $this;
+	}
+
+	/**
+	 * @param string
+	 *
+	 * @return $this
+	 */
+	public function setKey($key)
+	{
+		parent::setKey($key);
+
+		foreach ($this->handlers as $handler) {
+			$handler->setKey($key);
+		}
+
+		return $this;
+	}
+
+	/**
+	 * @return SessionHandlerInterface[]
+	 */
+	public function getHandlers()
+	{
+		return $this->handlers;
+	}
+
+	/**
+	 * @param string $save_path
+	 * @param string $name
+	 *
+	 * @return bool
+	 */
+	public function open($save_path, $name)
+	{
+		if ($this->handlers) {
+			foreach ($this->handlers as $handler) {
+				$handler->open($save_path, $name);
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function close()
+	{
+		if ($this->handlers) {
+			foreach ($this->handlers as $handler) {
+				$handler->close();
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * @param string $session_id
+	 *
+	 * @return string
+	 */
+	public function read($session_id)
+	{
+		if ($this->handlers) {
+			foreach ($this->handlers as $handler) {
+				if ($data = $handler->read($session_id)) {
+					return $data;
+				}
+			}
+		}
+
+		return '';
+	}
+
+
+	public function write($session_id, $session_data)
+	{
+		if ($this->handlers) {
+			foreach ($this->handlers as $handler) {
+				if ($handler->write($session_id, $session_data)) {
+					return;
+				}
+			}
+		}
+	}
+
+	public function destroy($session_id)
+	{
+		if ($this->handlers) {
+			foreach ($this->handlers as $handler) {
+				$handler->destroy($session_id);
+			}
+		}
+	}
+
+	public function gc($maxlifetime)
+	{
+		if ($this->handlers) {
+			foreach ($this->handlers as $handler) {
+				$handler->gc($maxlifetime);
+			}
+		}
+	}
+
+	/**
+	 * Register the session handler as the default
+	 *
+	 * @param string $key Desired session key
+	 */
+	public static function init($key = null)
+	{
+		$instance = Injector::inst()->get(__CLASS__);
+
+		if (empty($key)) {
+			user_error(
+				'HybridSession::init() was not given a $key. Disabling cookie-based storage',
+				E_USER_WARNING
+			);
+		} else {
+			$instance->setKey($key);
+		}
+
+		session_set_save_handler($instance, true);
+
+		self::$enabled = true;
+	}
+
+	public static function is_enabled()
+	{
+		return self::$enabled;
+	}
 }

src/Store/CookieStore.php

Unused Use Statements -1 removed lines

@@ -4,7 +4,6 @@
 
 use SilverStripe\Control\Cookie;
 use SilverStripe\HybridSessions\Crypto\CryptoHandler;
-use SilverStripe\Core\Config\Config;
 use SilverStripe\Core\Injector\Injector;
 
 /**

Indentation +164 added lines, -164 removed lines

@@ -22,168 +22,168 @@
 class CookieStore extends BaseStore
 {
 
-    /**
-     * Maximum length of a cookie value in characters
-     *
-     * @var int
-     * @config
-     */
-    private static $max_length = 1024;
-
-    /**
-     * Encryption service
-     *
-     * @var HybridSessionStore_Crypto
-     */
-    protected $crypto;
-
-    /**
-     * Name of cookie
-     *
-     * @var string
-     */
-    protected $cookie;
-
-    /**
-     * Known unmodified value of this cookie. If the cookie backend has been read into the application,
-     * then the backend is unable to verify the modification state of this value internally within the
-     * system, so this will be left null unless written back.
-     *
-     * If the content exceeds max_length then the backend can also not maintain this cookie, also
-     * setting this variable to null.
-     *
-     * @var string
-     */
-    protected $currentCookieData;
-
-    public function open($save_path, $name)
-    {
-        $this->cookie = $name.'_2';
-
-        // Read the incoming value, then clear the cookie - we might not be able
-        // to do so later if write() is called after headers are sent
-        // This is intended to force a failover to the database store if the
-        // modified session cannot be emitted.
-        $this->currentCookieData = Cookie::get($this->cookie);
-
-        if ($this->currentCookieData) {
-            Cookie::set($this->cookie, '');
-        }
-    }
-
-    public function close()
-    {
-    }
-
-    /**
-     * Get the cryptography store for the specified session
-     *
-     * @param string $session_id
-     * @return HybridSessionStore_Crypto
-     */
-    protected function getCrypto($session_id)
-    {
-        $key = $this->getKey();
-
-        if (!$key) {
-            return null;
-        }
-
-        if (!$this->crypto || $this->crypto->getSalt() != $session_id) {
-            $this->crypto = Injector::inst()->create(CryptoHandler::class, $key, $session_id);
-        }
-
-        return $this->crypto;
-    }
-
-    public function read($session_id)
-    {
-        // Check ability to safely decrypt content
-        if (!$this->currentCookieData
-            || !($crypto = $this->getCrypto($session_id))
-        ) {
-            return;
-        }
-
-        // Decrypt and invalidate old data
-        $cookieData = $crypto->decrypt($this->currentCookieData);
-        $this->currentCookieData = null;
-
-        // Verify expiration
-        if ($cookieData) {
-            $expiry = (int)substr($cookieData, 0, 10);
-            $data = substr($cookieData, 10);
-
-            if ($expiry > $this->getNow()) {
-                return $data;
-            }
-        }
-    }
-
-    /**
-     * Determine if the session could be verifably written to cookie storage
-     *
-     * @return bool
-     */
-    protected function canWrite()
-    {
-        return !headers_sent();
-    }
-
-    public function write($session_id, $session_data)
-    {
-        // Check ability to safely encrypt and write content
-        if (!$this->canWrite()
-            || (strlen($session_data) > static::config()->get('max_length'))
-            || !($crypto = $this->getCrypto($session_id))
-        ) {
-            return false;
-        }
-
-        // Prepare content for write
-        $params = session_get_cookie_params();
-        // Total max lifetime, stored internally
-        $lifetime = $this->getLifetime();
-        $expiry = $this->getNow() + $lifetime;
-
-        // Restore the known good cookie value
-        $this->currentCookieData = $this->crypto->encrypt(
-            sprintf('%010u', $expiry) . $session_data
-        );
-
-        // Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero)
-        $cookieLifetime = min((int)$params['lifetime'], $lifetime);
-
-        Cookie::set(
-            $this->cookie,
-            $this->currentCookieData,
-            $cookieLifetime / 86400,
-            $params['path'],
-            $params['domain'],
-            $params['secure'],
-            $params['httponly']
-        );
-
-        return true;
-    }
-
-    public function destroy($session_id)
-    {
-        $this->currentCookieData = null;
-
-        $params = session_get_cookie_params();
-
-        Cookie::force_expiry(
-            $this->cookie,
-            $params['path'],
-            $params['domain'],
-            $params['secure'],
-            $params['httponly']
-        );
-    }
-
-    public function gc($maxlifetime)
-    {
-        // NOP
-    }
+	/**
+	 * Maximum length of a cookie value in characters
+	 *
+	 * @var int
+	 * @config
+	 */
+	private static $max_length = 1024;
+
+	/**
+	 * Encryption service
+	 *
+	 * @var HybridSessionStore_Crypto
+	 */
+	protected $crypto;
+
+	/**
+	 * Name of cookie
+	 *
+	 * @var string
+	 */
+	protected $cookie;
+
+	/**
+	 * Known unmodified value of this cookie. If the cookie backend has been read into the application,
+	 * then the backend is unable to verify the modification state of this value internally within the
+	 * system, so this will be left null unless written back.
+	 *
+	 * If the content exceeds max_length then the backend can also not maintain this cookie, also
+	 * setting this variable to null.
+	 *
+	 * @var string
+	 */
+	protected $currentCookieData;
+
+	public function open($save_path, $name)
+	{
+		$this->cookie = $name.'_2';
+
+		// Read the incoming value, then clear the cookie - we might not be able
+		// to do so later if write() is called after headers are sent
+		// This is intended to force a failover to the database store if the
+		// modified session cannot be emitted.
+		$this->currentCookieData = Cookie::get($this->cookie);
+
+		if ($this->currentCookieData) {
+			Cookie::set($this->cookie, '');
+		}
+	}
+
+	public function close()
+	{
+	}
+
+	/**
+	 * Get the cryptography store for the specified session
+	 *
+	 * @param string $session_id
+	 * @return HybridSessionStore_Crypto
+	 */
+	protected function getCrypto($session_id)
+	{
+		$key = $this->getKey();
+
+		if (!$key) {
+			return null;
+		}
+
+		if (!$this->crypto || $this->crypto->getSalt() != $session_id) {
+			$this->crypto = Injector::inst()->create(CryptoHandler::class, $key, $session_id);
+		}
+
+		return $this->crypto;
+	}
+
+	public function read($session_id)
+	{
+		// Check ability to safely decrypt content
+		if (!$this->currentCookieData
+			|| !($crypto = $this->getCrypto($session_id))
+		) {
+			return;
+		}
+
+		// Decrypt and invalidate old data
+		$cookieData = $crypto->decrypt($this->currentCookieData);
+		$this->currentCookieData = null;
+
+		// Verify expiration
+		if ($cookieData) {
+			$expiry = (int)substr($cookieData, 0, 10);
+			$data = substr($cookieData, 10);
+
+			if ($expiry > $this->getNow()) {
+				return $data;
+			}
+		}
+	}
+
+	/**
+	 * Determine if the session could be verifably written to cookie storage
+	 *
+	 * @return bool
+	 */
+	protected function canWrite()
+	{
+		return !headers_sent();
+	}
+
+	public function write($session_id, $session_data)
+	{
+		// Check ability to safely encrypt and write content
+		if (!$this->canWrite()
+			|| (strlen($session_data) > static::config()->get('max_length'))
+			|| !($crypto = $this->getCrypto($session_id))
+		) {
+			return false;
+		}
+
+		// Prepare content for write
+		$params = session_get_cookie_params();
+		// Total max lifetime, stored internally
+		$lifetime = $this->getLifetime();
+		$expiry = $this->getNow() + $lifetime;
+
+		// Restore the known good cookie value
+		$this->currentCookieData = $this->crypto->encrypt(
+			sprintf('%010u', $expiry) . $session_data
+		);
+
+		// Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero)
+		$cookieLifetime = min((int)$params['lifetime'], $lifetime);
+
+		Cookie::set(
+			$this->cookie,
+			$this->currentCookieData,
+			$cookieLifetime / 86400,
+			$params['path'],
+			$params['domain'],
+			$params['secure'],
+			$params['httponly']
+		);
+
+		return true;
+	}
+
+	public function destroy($session_id)
+	{
+		$this->currentCookieData = null;
+
+		$params = session_get_cookie_params();
+
+		Cookie::force_expiry(
+			$this->cookie,
+			$params['path'],
+			$params['domain'],
+			$params['secure'],
+			$params['httponly']
+		);
+	}
+
+	public function gc($maxlifetime)
+	{
+		// NOP
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -111,7 +111,7 @@ 
 
         // Verify expiration
         if ($cookieData) {
-            $expiry = (int)substr($cookieData, 0, 10);
+            $expiry = (int) substr($cookieData, 0, 10);
             $data = substr($cookieData, 10);
 
             if ($expiry > $this->getNow()) {
@@ -148,11 +148,11 @@ 
 
         // Restore the known good cookie value
         $this->currentCookieData = $this->crypto->encrypt(
-            sprintf('%010u', $expiry) . $session_data
+            sprintf('%010u', $expiry).$session_data
         );
 
         // Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero)
-        $cookieLifetime = min((int)$params['lifetime'], $lifetime);
+        $cookieLifetime = min((int) $params['lifetime'], $lifetime);
 
         Cookie::set(
             $this->cookie,

tests/AbstractTest.php

Indentation +105 added lines, -105 removed lines

@@ -10,109 +10,109 @@
 
 abstract class AbstractTest extends SapphireTest
 {
-    protected $usesDatabase = true;
-
-    protected function setUp()
-    {
-        parent::setUp();
-
-        TestCookieStore::$override_headers_sent = false;
-
-        Injector::inst()->registerService(
-            new TestCookieStore(),
-            CookieStore::class
-        );
-
-        DBDatetime::set_mock_now('2010-03-15 12:00:00');
-
-        if (get_class() === get_class($this)) {
-            $this->markTestSkipped("Skipping abstract test");
-            $this->skipTest = true;
-        }
-    }
-
-    protected function tearDown()
-    {
-        DBDatetime::clear_mock_now();
-
-        parent::tearDown();
-    }
-
-    abstract protected function getStore();
-
-    /**
-     * Test how this store handles large volumes of data (>1000 characters)
-     */
-    public function testStoreLargeData()
-    {
-        $session = uniqid();
-        $store = $this->getStore();
-
-        // Test new session is blank
-        $result = $store->read($session);
-        $this->assertEmpty($result);
-
-        // Save data against session
-        $data1 = array(
-            'Large' => str_repeat('A', 600),
-            'Content' => str_repeat('B', 600)
-        );
-        $store->write($session, serialize($data1));
-        $result = $store->read($session);
-        $this->assertEquals($data1, unserialize($result));
-    }
-
-    /**
-     * Test storage of data
-     */
-    public function testStoreData()
-    {
-        $session = uniqid();
-        $store = $this->getStore();
-
-        // Test new session is blank
-        $result = $store->read($session);
-        $this->assertEmpty($result);
-
-        // Save data against session
-        $data1 = array(
-            'Color' => 'red',
-            'Animal' => 'elephant'
-        );
-        $store->write($session, serialize($data1));
-        $result = $store->read($session);
-        $this->assertEquals($data1, unserialize($result));
-
-        // Save larger data
-        $data2 = array(
-            'Color' => 'blue',
-            'Animal' => str_repeat('bat', 100)
-        );
-        $store->write($session, serialize($data2));
-        $result = $store->read($session);
-        $this->assertEquals($data2, unserialize($result));
-    }
-
-    /**
-     * Test expiry of data
-     */
-    public function testExpiry()
-    {
-        $session1 = uniqid();
-        $store = $this->getStore();
-
-        // Store data now
-        $data1 = array(
-            'Food' => 'Pizza'
-        );
-        $store->write($session1, serialize($data1));
-        $result1 = $store->read($session1);
-        $this->assertEquals($data1, unserialize($result1));
-
-        // Go to the future and test that the expiry is accurate
-        DBDatetime::set_mock_now('2040-03-16 12:00:00');
-        $result2 = $store->read($session1);
-
-        $this->assertEmpty($result2);
-    }
+	protected $usesDatabase = true;
+
+	protected function setUp()
+	{
+		parent::setUp();
+
+		TestCookieStore::$override_headers_sent = false;
+
+		Injector::inst()->registerService(
+			new TestCookieStore(),
+			CookieStore::class
+		);
+
+		DBDatetime::set_mock_now('2010-03-15 12:00:00');
+
+		if (get_class() === get_class($this)) {
+			$this->markTestSkipped("Skipping abstract test");
+			$this->skipTest = true;
+		}
+	}
+
+	protected function tearDown()
+	{
+		DBDatetime::clear_mock_now();
+
+		parent::tearDown();
+	}
+
+	abstract protected function getStore();
+
+	/**
+	 * Test how this store handles large volumes of data (>1000 characters)
+	 */
+	public function testStoreLargeData()
+	{
+		$session = uniqid();
+		$store = $this->getStore();
+
+		// Test new session is blank
+		$result = $store->read($session);
+		$this->assertEmpty($result);
+
+		// Save data against session
+		$data1 = array(
+			'Large' => str_repeat('A', 600),
+			'Content' => str_repeat('B', 600)
+		);
+		$store->write($session, serialize($data1));
+		$result = $store->read($session);
+		$this->assertEquals($data1, unserialize($result));
+	}
+
+	/**
+	 * Test storage of data
+	 */
+	public function testStoreData()
+	{
+		$session = uniqid();
+		$store = $this->getStore();
+
+		// Test new session is blank
+		$result = $store->read($session);
+		$this->assertEmpty($result);
+
+		// Save data against session
+		$data1 = array(
+			'Color' => 'red',
+			'Animal' => 'elephant'
+		);
+		$store->write($session, serialize($data1));
+		$result = $store->read($session);
+		$this->assertEquals($data1, unserialize($result));
+
+		// Save larger data
+		$data2 = array(
+			'Color' => 'blue',
+			'Animal' => str_repeat('bat', 100)
+		);
+		$store->write($session, serialize($data2));
+		$result = $store->read($session);
+		$this->assertEquals($data2, unserialize($result));
+	}
+
+	/**
+	 * Test expiry of data
+	 */
+	public function testExpiry()
+	{
+		$session1 = uniqid();
+		$store = $this->getStore();
+
+		// Store data now
+		$data1 = array(
+			'Food' => 'Pizza'
+		);
+		$store->write($session1, serialize($data1));
+		$result1 = $store->read($session1);
+		$this->assertEquals($data1, unserialize($result1));
+
+		// Go to the future and test that the expiry is accurate
+		DBDatetime::set_mock_now('2040-03-16 12:00:00');
+		$result2 = $store->read($session1);
+
+		$this->assertEmpty($result2);
+	}
 }