20546871958

Committed 28 Dec 2025 01:17AM UTC coverage: 84.79% (-0.1%) from 84.896%

Build # 20546871958

Build Type

push

github

Committed by

Commit Message

User: deprecated magic properties (BC break)

Run Details

485 of 572 relevant lines covered (84.79%)

0.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

13.21

/src/Bridges/SecurityHttp/SessionStorage.php

<?php

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Nette\Bridges\SecurityHttp;

use Nette;
use Nette\Http\Session;
use Nette\Http\SessionSection;
use Nette\Security\IIdentity;
use Nette\Security\User;
use function is_bool, time;


/**
 * Session storage for Nette\Security\User object.
 */
final class SessionStorage implements Nette\Security\UserStorage
{
        private string $namespace = '';
        private ?SessionSection $sessionSection = null;
        private ?int $expireTime = null;
        private bool $expireIdentity = false;


        public function __construct(
                private readonly Session $sessionHandler,
        ) {
        }


        public function saveAuthentication(IIdentity $identity): void
        {
                $section = $this->getSessionSection();
                $section->set('authenticated', true);
                $section->set('reason', null);
                $section->set('authTime', time()); // informative value
                $section->set('identity', $identity);
                $this->setupExpiration();

                // Session Fixation defence
                $this->sessionHandler->regenerateId();
        }


        public function clearAuthentication(bool $clearIdentity): void
        {
                $section = $this->getSessionSection();
                $section->set('authenticated', false);
                $section->set('reason', User::LogoutManual);
                $section->set('authTime', null);
                if ($clearIdentity === true) {
                        $section->set('identity', null);
                }

                // Session Fixation defence
                $this->sessionHandler->regenerateId();
        }


        public function getState(): array
        {
                $section = $this->getSessionSection();
                return $section
                        ? [(bool) $section->get('authenticated'), $section->get('identity'), $section->get('reason')]
                        : [false, null, null];
        }


        public function setExpiration(?string $time, bool $clearIdentity = false): void
        {
                $this->expireTime = $time ? (int) Nette\Utils\DateTime::from($time)->format('U') : null;
                $this->expireIdentity = $clearIdentity;

                if ($this->sessionSection && $this->sessionSection->get('authenticated')) {
                        $this->setupExpiration();
                }
        }


        private function setupExpiration(): void
        {
                $section = $this->sessionSection;
                if ($this->expireTime) {
                        $section->set('expireTime', $this->expireTime);
                        $section->set('expireDelta', $this->expireTime - time());
                } else {
                        $section->remove(['expireTime', 'expireDelta']);
                }

                $section->set('expireIdentity', $this->expireIdentity);
                $section->setExpiration((string) $this->expireTime, 'foo'); // time check
        }


        /**
         * Changes namespace; allows more users to share a session.
         */
        public function setNamespace(string $namespace): static
        {
                if ($this->namespace !== $namespace) {
                        $this->namespace = $namespace;
                        $this->sessionSection = null;
                }

                return $this;
        }


        /**
         * Returns current namespace.
         */
        public function getNamespace(): string
        {
                return $this->namespace;
        }


        /**
         * Returns and initializes $this->sessionSection.
         */
        private function getSessionSection(): ?SessionSection
        {
                if ($this->sessionSection !== null) {
                        return $this->sessionSection;
                }

                $this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);

                if (!$section->get('identity') instanceof IIdentity || !is_bool($section->get('authenticated'))) {
                        $section->remove();
                }

                if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration
                        if ($section->get('expireTime') < time()) {
                                $section->set('reason', User::LogoutInactivity);
                                $section->set('authenticated', false);
                                if ($section->get('expireIdentity')) {
                                        $section->remove('identity');
                                }
                        }

                        $section->set('expireTime', time() + $section->get('expireDelta')); // sliding expiration
                }

                if (!$section->get('authenticated')) {
                        $section->remove(['expireTime', 'expireDelta', 'expireIdentity', 'authTime']);
                }

                return $this->sessionSection;
        }
}

1	<?php
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Nette\Bridges\SecurityHttp;
11
12	use Nette;
13	use Nette\Http\Session;
14	use Nette\Http\SessionSection;
15	use Nette\Security\IIdentity;
16	use Nette\Security\User;
17	use function is_bool, time;
18
19
20	/**
21	* Session storage for Nette\Security\User object.
22	*/
23	final class SessionStorage implements Nette\Security\UserStorage
24	{
25	private string $namespace = '';
26	private ?SessionSection $sessionSection = null;
27	private ?int $expireTime = null;
28	private bool $expireIdentity = false;
29
30
31	public function __construct(	1✔
32	private readonly Session $sessionHandler,
33	) {
34	}	1✔
35
36
37	public function saveAuthentication(IIdentity $identity): void
38	{
39	$section = $this->getSessionSection();	×
40	$section->set('authenticated', true);	×
41	$section->set('reason', null);	×
42	$section->set('authTime', time()); // informative value	×
43	$section->set('identity', $identity);	×
44	$this->setupExpiration();	×
45
46	// Session Fixation defence
47	$this->sessionHandler->regenerateId();	×
48	}
49
50
51	public function clearAuthentication(bool $clearIdentity): void
52	{
53	$section = $this->getSessionSection();	×
54	$section->set('authenticated', false);	×
55	$section->set('reason', User::LogoutManual);	×
56	$section->set('authTime', null);	×
57	if ($clearIdentity === true) {	×
58	$section->set('identity', null);	×
59	}
60
61	// Session Fixation defence
62	$this->sessionHandler->regenerateId();	×
63	}
64
65
66	public function getState(): array
67	{
68	$section = $this->getSessionSection();	×
69	return $section	×
70	? [(bool) $section->get('authenticated'), $section->get('identity'), $section->get('reason')]	×
71	: [false, null, null];	×
72	}
73
74
75	public function setExpiration(?string $time, bool $clearIdentity = false): void	1✔
76	{
77	$this->expireTime = $time ? (int) Nette\Utils\DateTime::from($time)->format('U') : null;	1✔
78	$this->expireIdentity = $clearIdentity;	1✔
79
80	if ($this->sessionSection && $this->sessionSection->get('authenticated')) {	1✔
81	$this->setupExpiration();	×
82	}
83	}	1✔
84
85
86	private function setupExpiration(): void
87	{
88	$section = $this->sessionSection;	×
89	if ($this->expireTime) {	×
90	$section->set('expireTime', $this->expireTime);	×
91	$section->set('expireDelta', $this->expireTime - time());	×
92	} else {
93	$section->remove(['expireTime', 'expireDelta']);	×
94	}
95
96	$section->set('expireIdentity', $this->expireIdentity);	×
97	$section->setExpiration((string) $this->expireTime, 'foo'); // time check	×
98	}
99
100
101	/**
102	* Changes namespace; allows more users to share a session.
103	*/
104	public function setNamespace(string $namespace): static
105	{
106	if ($this->namespace !== $namespace) {	×
107	$this->namespace = $namespace;	×
108	$this->sessionSection = null;	×
109	}
110
111	return $this;	×
112	}
113
114
115	/**
116	* Returns current namespace.
117	*/
118	public function getNamespace(): string
119	{
120	return $this->namespace;	×
121	}
122
123
124	/**
125	* Returns and initializes $this->sessionSection.
126	*/
127	private function getSessionSection(): ?SessionSection
128	{
129	if ($this->sessionSection !== null) {	×
130	return $this->sessionSection;	×
131	}
132
133	$this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);	×
134
135	if (!$section->get('identity') instanceof IIdentity \|\| !is_bool($section->get('authenticated'))) {	×
136	$section->remove();	×
137	}
138
139	if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration	×
140	if ($section->get('expireTime') < time()) {	×
141	$section->set('reason', User::LogoutInactivity);	×
142	$section->set('authenticated', false);	×
143	if ($section->get('expireIdentity')) {	×
144	$section->remove('identity');	×
145	}
146	}
147
148	$section->set('expireTime', time() + $section->get('expireDelta')); // sliding expiration	×
149	}
150
151	if (!$section->get('authenticated')) {	×
152	$section->remove(['expireTime', 'expireDelta', 'expireIdentity', 'authTime']);	×
153	}
154
155	return $this->sessionSection;	×
156	}
157	}

nette / security / 20546871958

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous