21943052204

Committed 12 Feb 2026 10:33AM UTC coverage: 91.798% (-0.6%) from 92.348%

Build # 21943052204

Build Type

push

github

Committed by

Commit Message

User: deprecated magic properties (BC break)

Run Details

526 of 573 relevant lines covered (91.8%)

0.92 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.78

/src/Bridges/SecurityHttp/SessionStorage.php

<?php

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Nette\Bridges\SecurityHttp;

use Nette;
use Nette\Http\Session;
use Nette\Http\SessionSection;
use Nette\Security\IIdentity;
use Nette\Security\User;
use function is_bool, time;


/**
 * Session storage for Nette\Security\User object.
 */
final class SessionStorage implements Nette\Security\UserStorage
{
        private string $namespace = '';
        private ?SessionSection $sessionSection = null;
        private ?int $expireTime = null;
        private bool $expireIdentity = false;


        public function __construct(
                private readonly Session $sessionHandler,
        ) {
        }


        public function saveAuthentication(IIdentity $identity): void
        {
                $section = $this->getSessionSection();
                $section->set('authenticated', true);
                $section->set('reason', null);
                $section->set('authTime', time()); // informative value
                $section->set('identity', $identity);
                $this->setupExpiration();

                // Session Fixation defence
                $this->sessionHandler->regenerateId();
        }


        public function clearAuthentication(bool $clearIdentity): void
        {
                $section = $this->getSessionSection();
                $section->set('authenticated', false);
                $section->set('reason', User::LogoutManual);
                $section->set('authTime', null);
                if ($clearIdentity === true) {
                        $section->set('identity', null);
                }

                // Session Fixation defence
                $this->sessionHandler->regenerateId();
        }


        public function getState(): array
        {
                $section = $this->getSessionSection();
                return [(bool) $section->get('authenticated'), $section->get('identity'), $section->get('reason')];
        }


        public function setExpiration(?string $time, bool $clearIdentity = false): void
        {
                $this->expireTime = $time ? (int) Nette\Utils\DateTime::from($time)->format('U') : null;
                $this->expireIdentity = $clearIdentity;

                if ($this->sessionSection && $this->sessionSection->get('authenticated')) {
                        $this->setupExpiration();
                }
        }


        private function setupExpiration(): void
        {
                assert($this->sessionSection !== null);
                $section = $this->sessionSection;
                if ($this->expireTime) {
                        $section->set('expireTime', $this->expireTime);
                        $section->set('expireDelta', $this->expireTime - time());
                } else {
                        $section->remove(['expireTime', 'expireDelta']);
                }

                $section->set('expireIdentity', $this->expireIdentity);
                $section->setExpiration((string) $this->expireTime, 'foo'); // time check
        }


        /**
         * Changes namespace; allows more users to share a session.
         */
        public function setNamespace(string $namespace): static
        {
                if ($this->namespace !== $namespace) {
                        $this->namespace = $namespace;
                        $this->sessionSection = null;
                }

                return $this;
        }


        /**
         * Returns current namespace.
         */
        public function getNamespace(): string
        {
                return $this->namespace;
        }


        /**
         * Returns and initializes $this->sessionSection.
         */
        private function getSessionSection(): SessionSection
        {
                if ($this->sessionSection !== null) {
                        return $this->sessionSection;
                }

                $this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);

                if (!$section->get('identity') instanceof IIdentity || !is_bool($section->get('authenticated'))) {
                        $section->remove();
                }

                if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration
                        if ($section->get('expireTime') < time()) {
                                $section->set('reason', User::LogoutInactivity);
                                $section->set('authenticated', false);
                                if ($section->get('expireIdentity')) {
                                        $section->remove('identity');
                                }
                        } else {
                                $section->set('expireTime', time() + $section->get('expireDelta')); // sliding expiration
                        }
                }

                if (!$section->get('authenticated')) {
                        $section->remove(['expireTime', 'expireDelta', 'expireIdentity', 'authTime']);
                }

                return $this->sessionSection;
        }
}

1	<?php
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Nette\Bridges\SecurityHttp;
11
12	use Nette;
13	use Nette\Http\Session;
14	use Nette\Http\SessionSection;
15	use Nette\Security\IIdentity;
16	use Nette\Security\User;
17	use function is_bool, time;
18
19
20	/**
21	* Session storage for Nette\Security\User object.
22	*/
23	final class SessionStorage implements Nette\Security\UserStorage
24	{
25	private string $namespace = '';
26	private ?SessionSection $sessionSection = null;
27	private ?int $expireTime = null;
28	private bool $expireIdentity = false;
29
30
31	public function __construct(	1✔
32	private readonly Session $sessionHandler,
33	) {
34	}	1✔
35
36
37	public function saveAuthentication(IIdentity $identity): void	1✔
38	{
39	$section = $this->getSessionSection();	1✔
40	$section->set('authenticated', true);	1✔
41	$section->set('reason', null);	1✔
42	$section->set('authTime', time()); // informative value	1✔
43	$section->set('identity', $identity);	1✔
44	$this->setupExpiration();	1✔
45
46	// Session Fixation defence
47	$this->sessionHandler->regenerateId();	1✔
48	}	1✔
49
50
51	public function clearAuthentication(bool $clearIdentity): void
52	{
53	$section = $this->getSessionSection();	×
54	$section->set('authenticated', false);	×
55	$section->set('reason', User::LogoutManual);	×
56	$section->set('authTime', null);	×
57	if ($clearIdentity === true) {	×
58	$section->set('identity', null);	×
59	}
60
61	// Session Fixation defence
62	$this->sessionHandler->regenerateId();	×
63	}
64
65
66	public function getState(): array
67	{
68	$section = $this->getSessionSection();	1✔
69	return [(bool) $section->get('authenticated'), $section->get('identity'), $section->get('reason')];	1✔
70	}
71
72
73	public function setExpiration(?string $time, bool $clearIdentity = false): void	1✔
74	{
75	$this->expireTime = $time ? (int) Nette\Utils\DateTime::from($time)->format('U') : null;	1✔
76	$this->expireIdentity = $clearIdentity;	1✔
77
78	if ($this->sessionSection && $this->sessionSection->get('authenticated')) {	1✔
79	$this->setupExpiration();	1✔
80	}
81	}	1✔
82
83
84	private function setupExpiration(): void
85	{
86	assert($this->sessionSection !== null);
87	$section = $this->sessionSection;	1✔
88	if ($this->expireTime) {	1✔
89	$section->set('expireTime', $this->expireTime);	1✔
90	$section->set('expireDelta', $this->expireTime - time());	1✔
91	} else {
92	$section->remove(['expireTime', 'expireDelta']);	1✔
93	}
94
95	$section->set('expireIdentity', $this->expireIdentity);	1✔
96	$section->setExpiration((string) $this->expireTime, 'foo'); // time check	1✔
97	}	1✔
98
99
100	/**
101	* Changes namespace; allows more users to share a session.
102	*/
103	public function setNamespace(string $namespace): static
104	{
105	if ($this->namespace !== $namespace) {	×
106	$this->namespace = $namespace;	×
107	$this->sessionSection = null;	×
108	}
109
110	return $this;	×
111	}
112
113
114	/**
115	* Returns current namespace.
116	*/
117	public function getNamespace(): string
118	{
119	return $this->namespace;	×
120	}
121
122
123	/**
124	* Returns and initializes $this->sessionSection.
125	*/
126	private function getSessionSection(): SessionSection
127	{
128	if ($this->sessionSection !== null) {	1✔
129	return $this->sessionSection;	1✔
130	}
131
132	$this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);	1✔
133
134	if (!$section->get('identity') instanceof IIdentity \|\| !is_bool($section->get('authenticated'))) {	1✔
135	$section->remove();	1✔
136	}
137
138	if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration	1✔
139	if ($section->get('expireTime') < time()) {	1✔
140	$section->set('reason', User::LogoutInactivity);	1✔
141	$section->set('authenticated', false);	1✔
142	if ($section->get('expireIdentity')) {	1✔
143	$section->remove('identity');	1✔
144	}
145	} else {
146	$section->set('expireTime', time() + $section->get('expireDelta')); // sliding expiration	1✔
147	}
148	}
149
150	if (!$section->get('authenticated')) {	1✔
151	$section->remove(['expireTime', 'expireDelta', 'expireIdentity', 'authTime']);	1✔
152	}
153
154	return $this->sessionSection;	1✔
155	}
156	}

nette / security / 21943052204

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous