22292327079

Committed 23 Feb 2026 03:53AM UTC coverage: 91.812% (-0.01%) from 91.826%

Build Type

push

github

Committed by

Commit Message

User: deprecated magic properties (BC break)

Run Details

527 of 574 relevant lines covered (91.81%)

0.92 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.78

/src/Bridges/SecurityHttp/SessionStorage.php

<?php declare(strict_types=1);

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

namespace Nette\Bridges\SecurityHttp;

use Nette;
use Nette\Http\Session;
use Nette\Http\SessionSection;
use Nette\Security\IIdentity;
use Nette\Security\User;
use function is_bool, time;


/**
 * Session storage for Nette\Security\User object.
 */
final class SessionStorage implements Nette\Security\UserStorage
{
        private string $namespace = '';
        private ?SessionSection $sessionSection = null;
        private ?int $expireTime = null;
        private bool $expireIdentity = false;


        public function __construct(
                private readonly Session $sessionHandler,
        ) {
        }


        public function saveAuthentication(IIdentity $identity): void
        {
                $section = $this->getSessionSection();
                $section->set('authenticated', true);
                $section->set('reason', null);
                $section->set('authTime', time()); // informative value
                $section->set('identity', $identity);
                $this->setupExpiration();

                // Session Fixation defence
                $this->sessionHandler->regenerateId();
        }


        public function clearAuthentication(bool $clearIdentity): void
        {
                $section = $this->getSessionSection();
                $section->set('authenticated', false);
                $section->set('reason', User::LogoutManual);
                $section->set('authTime', null);
                if ($clearIdentity === true) {
                        $section->set('identity', null);
                }

                // Session Fixation defence
                $this->sessionHandler->regenerateId();
        }


        public function getState(): array
        {
                $section = $this->getSessionSection();
                return [(bool) $section->get('authenticated'), $section->get('identity'), $section->get('reason')];
        }


        public function setExpiration(?string $time, bool $clearIdentity = false): void
        {
                $this->expireTime = $time ? (int) Nette\Utils\DateTime::from($time)->format('U') : null;
                $this->expireIdentity = $clearIdentity;

                if ($this->sessionSection && $this->sessionSection->get('authenticated')) {
                        $this->setupExpiration();
                }
        }


        private function setupExpiration(): void
        {
                assert($this->sessionSection !== null);
                $section = $this->sessionSection;
                if ($this->expireTime) {
                        $section->set('expireTime', $this->expireTime);
                        $section->set('expireDelta', $this->expireTime - time());
                } else {
                        $section->remove(['expireTime', 'expireDelta']);
                }

                $section->set('expireIdentity', $this->expireIdentity);
                $section->setExpiration((string) $this->expireTime, 'foo'); // time check
        }


        /**
         * Changes namespace; allows more users to share a session.
         */
        public function setNamespace(string $namespace): static
        {
                if ($this->namespace !== $namespace) {
                        $this->namespace = $namespace;
                        $this->sessionSection = null;
                }

                return $this;
        }


        /**
         * Returns current namespace.
         */
        public function getNamespace(): string
        {
                return $this->namespace;
        }


        /**
         * Returns and initializes $this->sessionSection.
         */
        private function getSessionSection(): SessionSection
        {
                if ($this->sessionSection !== null) {
                        return $this->sessionSection;
                }

                $this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);

                if (!$section->get('identity') instanceof IIdentity || !is_bool($section->get('authenticated'))) {
                        $section->remove();
                }

                if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration
                        if ($section->get('expireTime') < time()) {
                                $section->set('reason', User::LogoutInactivity);
                                $section->set('authenticated', false);
                                if ($section->get('expireIdentity')) {
                                        $section->remove('identity');
                                }
                        } else {
                                $section->set('expireTime', time() + $section->get('expireDelta')); // sliding expiration
                        }
                }

                if (!$section->get('authenticated')) {
                        $section->remove(['expireTime', 'expireDelta', 'expireIdentity', 'authTime']);
                }

                return $this->sessionSection;
        }
}

1	<?php declare(strict_types=1);
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	namespace Nette\Bridges\SecurityHttp;
9
10	use Nette;
11	use Nette\Http\Session;
12	use Nette\Http\SessionSection;
13	use Nette\Security\IIdentity;
14	use Nette\Security\User;
15	use function is_bool, time;
16
17
18	/**
19	* Session storage for Nette\Security\User object.
20	*/
21	final class SessionStorage implements Nette\Security\UserStorage
22	{
23	private string $namespace = '';
24	private ?SessionSection $sessionSection = null;
25	private ?int $expireTime = null;
26	private bool $expireIdentity = false;
27
28
29	public function __construct(	1✔
30	private readonly Session $sessionHandler,
31	) {
32	}	1✔
33
34
35	public function saveAuthentication(IIdentity $identity): void	1✔
36	{
37	$section = $this->getSessionSection();	1✔
38	$section->set('authenticated', true);	1✔
39	$section->set('reason', null);	1✔
40	$section->set('authTime', time()); // informative value	1✔
41	$section->set('identity', $identity);	1✔
42	$this->setupExpiration();	1✔
43
44	// Session Fixation defence
45	$this->sessionHandler->regenerateId();	1✔
46	}	1✔
47
48
49	public function clearAuthentication(bool $clearIdentity): void
50	{
51	$section = $this->getSessionSection();	×
52	$section->set('authenticated', false);	×
53	$section->set('reason', User::LogoutManual);	×
54	$section->set('authTime', null);	×
55	if ($clearIdentity === true) {	×
56	$section->set('identity', null);	×
57	}
58
59	// Session Fixation defence
60	$this->sessionHandler->regenerateId();	×
61	}
62
63
64	public function getState(): array
65	{
66	$section = $this->getSessionSection();	1✔
67	return [(bool) $section->get('authenticated'), $section->get('identity'), $section->get('reason')];	1✔
68	}
69
70
71	public function setExpiration(?string $time, bool $clearIdentity = false): void	1✔
72	{
73	$this->expireTime = $time ? (int) Nette\Utils\DateTime::from($time)->format('U') : null;	1✔
74	$this->expireIdentity = $clearIdentity;	1✔
75
76	if ($this->sessionSection && $this->sessionSection->get('authenticated')) {	1✔
77	$this->setupExpiration();	1✔
78	}
79	}	1✔
80
81
82	private function setupExpiration(): void
83	{
84	assert($this->sessionSection !== null);
85	$section = $this->sessionSection;	1✔
86	if ($this->expireTime) {	1✔
87	$section->set('expireTime', $this->expireTime);	1✔
88	$section->set('expireDelta', $this->expireTime - time());	1✔
89	} else {
90	$section->remove(['expireTime', 'expireDelta']);	1✔
91	}
92
93	$section->set('expireIdentity', $this->expireIdentity);	1✔
94	$section->setExpiration((string) $this->expireTime, 'foo'); // time check	1✔
95	}	1✔
96
97
98	/**
99	* Changes namespace; allows more users to share a session.
100	*/
101	public function setNamespace(string $namespace): static
102	{
103	if ($this->namespace !== $namespace) {	×
104	$this->namespace = $namespace;	×
105	$this->sessionSection = null;	×
106	}
107
108	return $this;	×
109	}
110
111
112	/**
113	* Returns current namespace.
114	*/
115	public function getNamespace(): string
116	{
117	return $this->namespace;	×
118	}
119
120
121	/**
122	* Returns and initializes $this->sessionSection.
123	*/
124	private function getSessionSection(): SessionSection
125	{
126	if ($this->sessionSection !== null) {	1✔
127	return $this->sessionSection;	1✔
128	}
129
130	$this->sessionSection = $section = $this->sessionHandler->getSection('Nette.Http.UserStorage/' . $this->namespace);	1✔
131
132	if (!$section->get('identity') instanceof IIdentity \|\| !is_bool($section->get('authenticated'))) {	1✔
133	$section->remove();	1✔
134	}
135
136	if ($section->get('authenticated') && $section->get('expireDelta') > 0) { // check time expiration	1✔
137	if ($section->get('expireTime') < time()) {	1✔
138	$section->set('reason', User::LogoutInactivity);	1✔
139	$section->set('authenticated', false);	1✔
140	if ($section->get('expireIdentity')) {	1✔
141	$section->remove('identity');	1✔
142	}
143	} else {
144	$section->set('expireTime', time() + $section->get('expireDelta')); // sliding expiration	1✔
145	}
146	}
147
148	if (!$section->get('authenticated')) {	1✔
149	$section->remove(['expireTime', 'expireDelta', 'expireIdentity', 'authTime']);	1✔
150	}
151
152	return $this->sessionSection;	1✔
153	}
154	}

nette / security / 22292327079

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous