From 1f4f13f57b16e1405ce3729f98a9b9916deb05ce Mon Sep 17 00:00:00 2001
From: Daniel Opitz <d.opitz@outlook.com>
Date: Wed, 6 Jan 2021 18:13:07 +0100
Subject: [PATCH] Add session handler abstraction

---
 src/PhpSessionHandler.php         | 49 +++++++++++++++++++++++++++++++
 src/SameSiteCookieMiddleware.php  | 43 ++++++++++++---------------
 src/SameSiteSessionMiddleware.php | 29 +++++++++++-------
 src/SessionHandlerInterface.php   | 44 +++++++++++++++++++++++++++
 4 files changed, 131 insertions(+), 34 deletions(-)
 create mode 100644 src/PhpSessionHandler.php
 create mode 100644 src/SessionHandlerInterface.php

diff --git a/src/PhpSessionHandler.php b/src/PhpSessionHandler.php
new file mode 100644
index 0000000..6bf7956
--- /dev/null
+++ b/src/PhpSessionHandler.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace Selective\SameSiteCookie;
+
+/**
+ * SameSite Cookie Configuration.
+ */
+final class PhpSessionHandler implements SessionHandlerInterface
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function getId(): string
+    {
+        return (string)session_id();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function start(): void
+    {
+        session_start();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function getName(): ?string
+    {
+        return (string)session_name();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function getCookieParams(): array
+    {
+        return (array)session_get_cookie_params();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function isStarted(): bool
+    {
+        return session_status() !== PHP_SESSION_ACTIVE;
+    }
+}
diff --git a/src/SameSiteCookieMiddleware.php b/src/SameSiteCookieMiddleware.php
index 25f88ba..806598b 100644
--- a/src/SameSiteCookieMiddleware.php
+++ b/src/SameSiteCookieMiddleware.php
@@ -14,30 +14,27 @@
 final class SameSiteCookieMiddleware implements MiddlewareInterface
 {
     /**
-     * @var string
+     * @var SameSiteCookieConfiguration
      */
-    private $sameSite;
+    private $configuration;
 
     /**
-     * @var bool
+     * @var SessionHandlerInterface
      */
-    private $httpOnly;
-
-    /**
-     * @var bool
-     */
-    private $secure;
+    private $sessionHandler;
 
     /**
      * The constructor.
      *
      * @param SameSiteCookieConfiguration $configuration The configuration
+     * @param SessionHandlerInterface|null $sessionHandler The session handler
      */
-    public function __construct(SameSiteCookieConfiguration $configuration)
-    {
-        $this->sameSite = $configuration->sameSite;
-        $this->httpOnly = $configuration->httpOnly;
-        $this->secure = $configuration->secure;
+    public function __construct(
+        SameSiteCookieConfiguration $configuration,
+        SessionHandlerInterface $sessionHandler = null
+    ) {
+        $this->configuration = $configuration;
+        $this->sessionHandler = $sessionHandler ?: new PhpSessionHandler();
     }
 
     /**
@@ -54,9 +51,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
     {
         $response = $handler->handle($request);
 
-        $sessionId = $request->getAttribute('session_id');
-        $sessionName = $request->getAttribute('session_name');
-        $params = $request->getAttribute('session_cookie_params');
+        $sessionId = $this->sessionHandler->getId();
+        $sessionName = $this->sessionHandler->getName();
+        $params = $this->sessionHandler->getCookieParams();
 
         if (!$sessionId || !$sessionName || !$params) {
             throw new RuntimeException('The session must be started before samesite cookie can be generated.');
@@ -67,20 +64,18 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             sprintf('path=%s;', $params['path']),
         ];
 
-        if ($this->secure) {
+        if ($this->configuration->secure) {
             $cookieValues[] = 'Secure;';
         }
 
-        if ($this->httpOnly) {
+        if ($this->configuration->httpOnly) {
             $cookieValues[] = 'HttpOnly;';
         }
 
-        if ($this->sameSite) {
-            $cookieValues[] = sprintf('SameSite=%s;', $this->sameSite);
+        if ($this->configuration->sameSite) {
+            $cookieValues[] = sprintf('SameSite=%s;', $this->configuration->sameSite);
         }
 
-        $response = $response->withHeader('Set-Cookie', implode(' ', $cookieValues));
-
-        return $response;
+        return $response->withHeader('Set-Cookie', implode(' ', $cookieValues));
     }
 }
diff --git a/src/SameSiteSessionMiddleware.php b/src/SameSiteSessionMiddleware.php
index f6340ce..dfc0093 100644
--- a/src/SameSiteSessionMiddleware.php
+++ b/src/SameSiteSessionMiddleware.php
@@ -13,18 +13,27 @@
 final class SameSiteSessionMiddleware implements MiddlewareInterface
 {
     /**
-     * @var bool
+     * @var SameSiteCookieConfiguration
      */
-    private $startSession;
+    private $configuration;
+
+    /**
+     * @var SessionHandlerInterface
+     */
+    private $sessionHandler;
 
     /**
      * The constructor.
      *
      * @param SameSiteCookieConfiguration $configuration The configuration
+     * @param SessionHandlerInterface|null $sessionHandler The session handler
      */
-    public function __construct(SameSiteCookieConfiguration $configuration)
-    {
-        $this->startSession = $configuration->startSession;
+    public function __construct(
+        SameSiteCookieConfiguration $configuration,
+        SessionHandlerInterface $sessionHandler = null
+    ) {
+        $this->configuration = $configuration;
+        $this->sessionHandler = $sessionHandler ?: new PhpSessionHandler();
     }
 
     /**
@@ -38,14 +47,14 @@ public function __construct(SameSiteCookieConfiguration $configuration)
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
         // Start session
-        if ($this->startSession === true && session_status() !== PHP_SESSION_ACTIVE) {
-            session_start();
+        if ($this->configuration->startSession === true && !$this->sessionHandler->isStarted()) {
+            $this->sessionHandler->start();
         }
 
         $request = $request
-            ->withAttribute('session_id', session_id())
-            ->withAttribute('session_name', session_name())
-            ->withAttribute('session_cookie_params', session_get_cookie_params());
+            ->withAttribute('session_id', $this->sessionHandler->getId())
+            ->withAttribute('session_name', $this->sessionHandler->getName())
+            ->withAttribute('session_cookie_params', $this->sessionHandler->getCookieParams());
 
         return $handler->handle($request);
     }
diff --git a/src/SessionHandlerInterface.php b/src/SessionHandlerInterface.php
new file mode 100644
index 0000000..76841ae
--- /dev/null
+++ b/src/SessionHandlerInterface.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Selective\SameSiteCookie;
+
+/**
+ * The SessionHandlerInterface.
+ */
+interface SessionHandlerInterface
+{
+    /**
+     * Get session id.
+     *
+     * @return string The id
+     */
+    public function getId(): string;
+
+    /**
+     * Start session.
+     *
+     * @retrun void
+     */
+    public function start(): void;
+
+    /**
+     * Get session name.
+     *
+     * @return string|null The name
+     */
+    public function getName(): ?string;
+
+    /**
+     * Get cookie params.
+     *
+     * @return array<mixed> The params
+     */
+    public function getCookieParams(): array;
+
+    /**
+     * Is session started.
+     *
+     * @return bool The session status
+     */
+    public function isStarted(): bool;
+}