From 1fd363156a3040bb6c545d6c1a7fc826662439c3 Mon Sep 17 00:00:00 2001
From: Doug Sheffer <desheffer@gmail.com>
Date: Wed, 29 Jul 2020 12:47:56 -0400
Subject: [PATCH 1/3] Add cookie_samesite

Signed-off-by: Doug Sheffer <desheffer@gmail.com>
---
 docs/book/config.md                |  1 +
 src/Config/ConfigInterface.php     |  9 ++++++++
 src/Config/StandardConfig.php      | 34 ++++++++++++++++++++++++++++++
 test/Config/SessionConfigTest.php  | 24 +++++++++++++++++++++
 test/Config/StandardConfigTest.php | 13 ++++++++++++
 5 files changed, 81 insertions(+)

diff --git a/docs/book/config.md b/docs/book/config.md
index e544578f..c32948d6 100644
--- a/docs/book/config.md
+++ b/docs/book/config.md
@@ -22,6 +22,7 @@ Option                    | Data Type | Description
 `cookie_httponly`         | `boolean` | Marks the cookie as accessible only through the HTTP protocol.
 `cookie_lifetime`         | `integer` | Specifies the lifetime of the cookie in seconds which is sent to the browser.
 `cookie_path`             | `string`  | Specifies path to set in the session cookie.
+`cookie_samesite`         | `string`  | Specifies whether cookies should be sent along with cross-site requests.
 `cookie_secure`           | `boolean` | Specifies whether cookies should only be sent over secure connections.
 `entropy_length`          | `integer` | Specifies the number of bytes which will be read from the file specified in entropy_file. Removed in PHP 7.1.0.
 `entropy_file`            | `string`  | Defines a path to an external resource (file) which will be used as an additional entropy. Removed in PHP 7.1.0.
diff --git a/src/Config/ConfigInterface.php b/src/Config/ConfigInterface.php
index c4b3c643..bab34889 100644
--- a/src/Config/ConfigInterface.php
+++ b/src/Config/ConfigInterface.php
@@ -83,6 +83,15 @@ public function setCookieDomain($cookieDomain);
     /** @return string */
     public function getCookieDomain();
 
+    /**
+     * @param bool $cookieSameSite
+     * @return void
+     */
+    public function setCookieSameSite($cookieSameSite);
+
+    /** @return bool */
+    public function getCookieSameSite();
+
     /**
      * @param bool $cookieSecure
      * @return void
diff --git a/src/Config/StandardConfig.php b/src/Config/StandardConfig.php
index 947f3c81..ef551db0 100644
--- a/src/Config/StandardConfig.php
+++ b/src/Config/StandardConfig.php
@@ -70,6 +70,13 @@ class StandardConfig implements ConfigInterface
      */
     protected $cookieDomain;
 
+    /**
+     * session.cookie_samesite
+     *
+     * @var string
+     */
+    protected $cookieSameSite;
+
     /**
      * session.cookie_secure
      *
@@ -511,6 +518,32 @@ public function getCookieDomain()
         return $this->cookieDomain;
     }
 
+    /**
+     * Set session.cookie_samesite
+     *
+     * @param  string $cookieSameSite
+     * @return StandardConfig
+     */
+    public function setCookieSameSite($cookieSameSite)
+    {
+        $this->cookieSameSite = (string) $cookieSameSite;
+        $this->setStorageOption('cookie_samesite', $this->cookieSameSite);
+        return $this;
+    }
+
+    /**
+     * Get session.cookie_samesite
+     *
+     * @return string
+     */
+    public function getCookieSameSite()
+    {
+        if (null === $this->cookieSameSite) {
+            $this->cookieSameSite = $this->getStorageOption('cookie_samesite');
+        }
+        return $this->cookieSameSite;
+    }
+
     /**
      * Set session.cookie_secure
      *
@@ -912,6 +945,7 @@ public function toArray()
             'cookie_httponly'     => $this->getCookieHttpOnly(),
             'cookie_lifetime'     => $this->getCookieLifetime(),
             'cookie_path'         => $this->getCookiePath(),
+            'cookie_samesite'     => $this->getCookieSameSite(),
             'cookie_secure'       => $this->getCookieSecure(),
             'name'                => $this->getName(),
             'remember_me_seconds' => $this->getRememberMeSeconds(),
diff --git a/test/Config/SessionConfigTest.php b/test/Config/SessionConfigTest.php
index bf1f697a..0a9d9d7e 100644
--- a/test/Config/SessionConfigTest.php
+++ b/test/Config/SessionConfigTest.php
@@ -395,6 +395,25 @@ public function testSettingInvalidCookieDomainRaisesException2(): void
         $this->config->setCookieDomain('D:\\WINDOWS\\System32\\drivers\\etc\\hosts');
     }
 
+    // session.cookie_samesite
+
+    public function testCookieSameSiteDefaultsToIniSettings()
+    {
+        $this->assertSame(ini_get('session.cookie_samesite'), $this->config->getCookieSameSite());
+    }
+
+    public function testCookieSameSiteIsMutable()
+    {
+        $this->config->setCookieSameSite('Strict');
+        $this->assertEquals('Strict', $this->config->getCookieSameSite());
+    }
+
+    public function testCookieSameSiteAltersIniSetting()
+    {
+        $this->config->setCookieSameSite('Strict');
+        $this->assertEquals('Strict', ini_get('session.cookie_samesite'));
+    }
+
     // session.cookie_secure
 
     public function testCookieSecureDefaultsToIniSettings(): void
@@ -901,6 +920,11 @@ public function optionsProvider(): array
                 'getCookieDomain',
                 'getlaminas.org',
             ],
+            [
+                'cookie_samesite',
+                'getCookieSameSite',
+                'Lax',
+            ],
             [
                 'cookie_secure',
                 'getCookieSecure',
diff --git a/test/Config/StandardConfigTest.php b/test/Config/StandardConfigTest.php
index a7ffb4cb..401e5704 100644
--- a/test/Config/StandardConfigTest.php
+++ b/test/Config/StandardConfigTest.php
@@ -225,6 +225,14 @@ public function testSettingInvalidCookieDomainRaisesException2(): void
         $this->config->setCookieDomain('D:\\WINDOWS\\System32\\drivers\\etc\\hosts');
     }
 
+    // session.cookie_samesite
+
+    public function testCookieSameSiteIsMutable()
+    {
+        $this->config->setCookieSameSite('Strict');
+        $this->assertEquals('Strict', $this->config->getCookieSameSite());
+    }
+
     // session.cookie_secure
 
     public function testCookieSecureIsMutable(): void
@@ -524,6 +532,11 @@ public function optionsProvider(): array
                 'getCookieDomain',
                 'getlaminas.org',
             ],
+            [
+                'cookie_samesite',
+                'getCookieSameSite',
+                'Lax',
+            ],
             [
                 'cookie_secure',
                 'getCookieSecure',

From fa47772416ae2e13c869572fde22de37b8dc4749 Mon Sep 17 00:00:00 2001
From: Josef Moravec <josef.moravec@gmail.com>
Date: Wed, 31 Mar 2021 08:41:40 +0200
Subject: [PATCH 2/3] Add SameSiteCookieCapableInterface

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
---
 src/Config/ConfigInterface.php                |   9 --
 src/Config/SameSiteCookieCapableInterface.php |  15 ++
 src/Config/StandardConfig.php                 |   2 +-
 src/Service/SessionConfigFactory.php          |  12 ++
 test/Service/SessionConfigFactoryTest.php     |  18 +++
 test/TestAsset/TestConfig.php                 | 134 ++++++++++++++++++
 6 files changed, 180 insertions(+), 10 deletions(-)
 create mode 100644 src/Config/SameSiteCookieCapableInterface.php
 create mode 100644 test/TestAsset/TestConfig.php

diff --git a/src/Config/ConfigInterface.php b/src/Config/ConfigInterface.php
index bab34889..c4b3c643 100644
--- a/src/Config/ConfigInterface.php
+++ b/src/Config/ConfigInterface.php
@@ -83,15 +83,6 @@ public function setCookieDomain($cookieDomain);
     /** @return string */
     public function getCookieDomain();
 
-    /**
-     * @param bool $cookieSameSite
-     * @return void
-     */
-    public function setCookieSameSite($cookieSameSite);
-
-    /** @return bool */
-    public function getCookieSameSite();
-
     /**
      * @param bool $cookieSecure
      * @return void
diff --git a/src/Config/SameSiteCookieCapableInterface.php b/src/Config/SameSiteCookieCapableInterface.php
new file mode 100644
index 00000000..60e8c794
--- /dev/null
+++ b/src/Config/SameSiteCookieCapableInterface.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @see       https://github.com/laminas/laminas-session for the canonical source repository
+ * @copyright https://github.com/laminas/laminas-session/blob/master/COPYRIGHT.md
+ * @license   https://github.com/laminas/laminas-session/blob/master/LICENSE.md New BSD License
+ */
+
+namespace Laminas\Session\Config;
+
+interface SameSiteCookieCapableInterface extends ConfigInterface
+{
+    public function setCookieSameSite($cookieSameSite);
+    public function getCookieSameSite();
+}
\ No newline at end of file
diff --git a/src/Config/StandardConfig.php b/src/Config/StandardConfig.php
index ef551db0..410ee96f 100644
--- a/src/Config/StandardConfig.php
+++ b/src/Config/StandardConfig.php
@@ -33,7 +33,7 @@
 /**
  * Standard session configuration
  */
-class StandardConfig implements ConfigInterface
+class StandardConfig implements SameSiteCookieCapableInterface
 {
     /**
      * session.name
diff --git a/src/Service/SessionConfigFactory.php b/src/Service/SessionConfigFactory.php
index 0253499c..8dd7ac9d 100644
--- a/src/Service/SessionConfigFactory.php
+++ b/src/Service/SessionConfigFactory.php
@@ -7,6 +7,7 @@
 use Laminas\ServiceManager\FactoryInterface;
 use Laminas\ServiceManager\ServiceLocatorInterface;
 use Laminas\Session\Config\ConfigInterface;
+use Laminas\Session\Config\SameSiteCookieCapableInterface;
 use Laminas\Session\Config\SessionConfig;
 
 use function class_exists;
@@ -60,6 +61,17 @@ public function __invoke(ContainerInterface $container, $requestedName, ?array $
                 ConfigInterface::class
             ));
         }
+
+        if (
+            isset($config['cookie_samesite'])
+            && ! $sessionConfig instanceof SameSiteCookieCapableInterface
+        ) {
+            throw new ServiceNotCreatedException(sprintf(
+                'Invalid configuration class "%s". When configuration option "cookie_samesite" is used, the configuration class must implement %s',
+                $class,
+                SameSiteCookieCapableInterface::class
+            ));
+        }
         $sessionConfig->setOptions($config);
 
         return $sessionConfig;
diff --git a/test/Service/SessionConfigFactoryTest.php b/test/Service/SessionConfigFactoryTest.php
index 4d15953c..533e6b20 100644
--- a/test/Service/SessionConfigFactoryTest.php
+++ b/test/Service/SessionConfigFactoryTest.php
@@ -4,10 +4,12 @@
 
 use Laminas\ServiceManager\Config;
 use Laminas\ServiceManager\ServiceManager;
+use Laminas\ServiceManager\Exception\ServiceNotCreatedException;
 use Laminas\Session\Config\ConfigInterface;
 use Laminas\Session\Config\SessionConfig;
 use Laminas\Session\Config\StandardConfig;
 use Laminas\Session\Service\SessionConfigFactory;
+use LaminasTest\Session\TestAsset\TestConfig;
 use PHPUnit\Framework\TestCase;
 
 /**
@@ -73,4 +75,20 @@ public function testServiceReceivesConfiguration(): void
         $config = $this->services->get(ConfigInterface::class);
         self::assertEquals('laminas', $config->getName());
     }
+
+    public function testServiceNotCreatedWhenInvalidSamesiteConfig()
+    {
+        $this->services->setService(
+            'config',
+            [
+                'session_config' => [
+                    'config_class' => TestConfig::class,
+                    'cookie_samesite' => 'Lax',
+                ],
+            ]
+        );
+        $this->expectException(ServiceNotCreatedException::class);
+        $this->expectExceptionMessage('Invalid configuration class "LaminasTest\Session\TestAsset\TestConfig". When configuration option "cookie_samesite" is used, the configuration class must implement Laminas\Session\Config\SameSiteCookieCapableInterface');
+        $this->services->get(ConfigInterface::class);
+    }
 }
diff --git a/test/TestAsset/TestConfig.php b/test/TestAsset/TestConfig.php
new file mode 100644
index 00000000..55b73835
--- /dev/null
+++ b/test/TestAsset/TestConfig.php
@@ -0,0 +1,134 @@
+<?php
+
+/**
+ * @see       https://github.com/laminas/laminas-session for the canonical source repository
+ * @copyright https://github.com/laminas/laminas-session/blob/master/COPYRIGHT.md
+ * @license   https://github.com/laminas/laminas-session/blob/master/LICENSE.md New BSD License
+ */
+
+namespace LaminasTest\Session\TestAsset;
+
+use Laminas\Session\Config\ConfigInterface;
+
+class TestConfig implements ConfigInterface
+{
+    public function setOptions($options)
+    {
+        return;
+    }
+
+    public function getOptions()
+    {
+        return;
+    }
+
+    public function setOption($option, $value)
+    {
+        return;
+    }
+
+    public function getOption($option)
+    {
+        return;
+    }
+
+    public function hasOption($option)
+    {
+        return;
+    }
+
+    public function toArray()
+    {
+        return;
+    }
+
+    public function setName($name)
+    {
+        return;
+    }
+
+    public function getName()
+    {
+        return;
+    }
+
+    public function setSavePath($savePath)
+    {
+        return;
+    }
+
+    public function getSavePath()
+    {
+        return;
+    }
+
+    public function setCookieLifetime($cookieLifetime)
+    {
+        return;
+    }
+
+    public function getCookieLifetime()
+    {
+        return;
+    }
+
+    public function setCookiePath($cookiePath)
+    {
+        return;
+    }
+
+    public function getCookiePath()
+    {
+        return;
+    }
+
+    public function setCookieDomain($cookieDomain)
+    {
+        return;
+    }
+
+    public function getCookieDomain()
+    {
+        return;
+    }
+
+    public function setCookieSecure($cookieSecure)
+    {
+        return;
+    }
+
+    public function getCookieSecure()
+    {
+        return;
+    }
+
+    public function setCookieHttpOnly($cookieHttpOnly)
+    {
+        return;
+    }
+
+    public function getCookieHttpOnly()
+    {
+        return;
+    }
+
+    public function setUseCookies($useCookies)
+    {
+        return;
+    }
+
+    public function getUseCookies()
+    {
+        return;
+    }
+
+    public function setRememberMeSeconds($rememberMeSeconds)
+    {
+        return;
+    }
+
+    public function getRememberMeSeconds()
+    {
+        return;
+    }
+}
\ No newline at end of file

From 358c0a3a89e3275be34c339cb974130bf792ac76 Mon Sep 17 00:00:00 2001
From: Matthew Weier O'Phinney <matthew@weierophinney.net>
Date: Wed, 30 Jun 2021 10:27:36 -0500
Subject: [PATCH 3/3] qa: remove BC breaks and ensure conforms to CS guidelines

- Removes docblock headers from new files
- Ensures all types are documented in new interface and test assets
- Do not have SameSiteCookieCapableInterface extend ConfigInterface, and StandardConfig implement SameSiteCookieCapableInterface; instead, have StandarConfig implement both ConfigInterface and SameSiteCookieCapableInterface.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
---
 docs/book/config.md                           |  2 +-
 src/Config/SameSiteCookieCapableInterface.php | 16 ++--
 src/Config/StandardConfig.php                 |  2 +-
 src/Service/SessionConfigFactory.php          |  3 +-
 test/Service/SessionConfigFactoryTest.php     |  6 +-
 test/TestAsset/TestConfig.php                 | 96 +++++++++++++------
 6 files changed, 80 insertions(+), 45 deletions(-)

diff --git a/docs/book/config.md b/docs/book/config.md
index c32948d6..b6568bc7 100644
--- a/docs/book/config.md
+++ b/docs/book/config.md
@@ -22,7 +22,7 @@ Option                    | Data Type | Description
 `cookie_httponly`         | `boolean` | Marks the cookie as accessible only through the HTTP protocol.
 `cookie_lifetime`         | `integer` | Specifies the lifetime of the cookie in seconds which is sent to the browser.
 `cookie_path`             | `string`  | Specifies path to set in the session cookie.
-`cookie_samesite`         | `string`  | Specifies whether cookies should be sent along with cross-site requests.
+`cookie_samesite`         | `string`  | Specifies whether cookies should be sent along with cross-site requests. (Since 2.11.0)
 `cookie_secure`           | `boolean` | Specifies whether cookies should only be sent over secure connections.
 `entropy_length`          | `integer` | Specifies the number of bytes which will be read from the file specified in entropy_file. Removed in PHP 7.1.0.
 `entropy_file`            | `string`  | Defines a path to an external resource (file) which will be used as an additional entropy. Removed in PHP 7.1.0.
diff --git a/src/Config/SameSiteCookieCapableInterface.php b/src/Config/SameSiteCookieCapableInterface.php
index 60e8c794..2f5af695 100644
--- a/src/Config/SameSiteCookieCapableInterface.php
+++ b/src/Config/SameSiteCookieCapableInterface.php
@@ -1,15 +1,15 @@
 <?php
 
-/**
- * @see       https://github.com/laminas/laminas-session for the canonical source repository
- * @copyright https://github.com/laminas/laminas-session/blob/master/COPYRIGHT.md
- * @license   https://github.com/laminas/laminas-session/blob/master/LICENSE.md New BSD License
- */
-
 namespace Laminas\Session\Config;
 
-interface SameSiteCookieCapableInterface extends ConfigInterface
+interface SameSiteCookieCapableInterface
 {
+    /**
+     * @param string $cookieSameSite
+     * @return self
+     */
     public function setCookieSameSite($cookieSameSite);
+
+    /** @return string */
     public function getCookieSameSite();
-}
\ No newline at end of file
+}
diff --git a/src/Config/StandardConfig.php b/src/Config/StandardConfig.php
index 410ee96f..184e8ffb 100644
--- a/src/Config/StandardConfig.php
+++ b/src/Config/StandardConfig.php
@@ -33,7 +33,7 @@
 /**
  * Standard session configuration
  */
-class StandardConfig implements SameSiteCookieCapableInterface
+class StandardConfig implements ConfigInterface, SameSiteCookieCapableInterface
 {
     /**
      * session.name
diff --git a/src/Service/SessionConfigFactory.php b/src/Service/SessionConfigFactory.php
index 8dd7ac9d..e2d6b209 100644
--- a/src/Service/SessionConfigFactory.php
+++ b/src/Service/SessionConfigFactory.php
@@ -67,7 +67,8 @@ public function __invoke(ContainerInterface $container, $requestedName, ?array $
             && ! $sessionConfig instanceof SameSiteCookieCapableInterface
         ) {
             throw new ServiceNotCreatedException(sprintf(
-                'Invalid configuration class "%s". When configuration option "cookie_samesite" is used, the configuration class must implement %s',
+                'Invalid configuration class "%s". When configuration option "cookie_samesite" is used,'
+                . ' the configuration class must implement %s',
                 $class,
                 SameSiteCookieCapableInterface::class
             ));
diff --git a/test/Service/SessionConfigFactoryTest.php b/test/Service/SessionConfigFactoryTest.php
index 533e6b20..3cfe912f 100644
--- a/test/Service/SessionConfigFactoryTest.php
+++ b/test/Service/SessionConfigFactoryTest.php
@@ -3,8 +3,8 @@
 namespace LaminasTest\Session\Service;
 
 use Laminas\ServiceManager\Config;
-use Laminas\ServiceManager\ServiceManager;
 use Laminas\ServiceManager\Exception\ServiceNotCreatedException;
+use Laminas\ServiceManager\ServiceManager;
 use Laminas\Session\Config\ConfigInterface;
 use Laminas\Session\Config\SessionConfig;
 use Laminas\Session\Config\StandardConfig;
@@ -82,13 +82,13 @@ public function testServiceNotCreatedWhenInvalidSamesiteConfig()
             'config',
             [
                 'session_config' => [
-                    'config_class' => TestConfig::class,
+                    'config_class'    => TestConfig::class,
                     'cookie_samesite' => 'Lax',
                 ],
             ]
         );
         $this->expectException(ServiceNotCreatedException::class);
-        $this->expectExceptionMessage('Invalid configuration class "LaminasTest\Session\TestAsset\TestConfig". When configuration option "cookie_samesite" is used, the configuration class must implement Laminas\Session\Config\SameSiteCookieCapableInterface');
+        $this->expectExceptionMessage('"cookie_samesite"');
         $this->services->get(ConfigInterface::class);
     }
 }
diff --git a/test/TestAsset/TestConfig.php b/test/TestAsset/TestConfig.php
index 55b73835..82de07cc 100644
--- a/test/TestAsset/TestConfig.php
+++ b/test/TestAsset/TestConfig.php
@@ -1,134 +1,168 @@
 <?php
 
-/**
- * @see       https://github.com/laminas/laminas-session for the canonical source repository
- * @copyright https://github.com/laminas/laminas-session/blob/master/COPYRIGHT.md
- * @license   https://github.com/laminas/laminas-session/blob/master/LICENSE.md New BSD License
- */
-
 namespace LaminasTest\Session\TestAsset;
 
 use Laminas\Session\Config\ConfigInterface;
 
 class TestConfig implements ConfigInterface
 {
+    /**
+     * @param array $options
+     * @return void
+     */
     public function setOptions($options)
     {
-        return;
     }
 
+    /** @return void */
     public function getOptions()
     {
-        return;
     }
 
+    /**
+     * @param string $option
+     * @param mixed $value
+     * @return void
+     */
     public function setOption($option, $value)
     {
-        return;
     }
 
+    /**
+     * @param string $option
+     * @return void
+     */
     public function getOption($option)
     {
-        return;
     }
 
+    /**
+     * @param string $option
+     * @return void
+     */
     public function hasOption($option)
     {
-        return;
     }
 
+    /** @return void */
     public function toArray()
     {
-        return;
     }
 
+    /**
+     * @param string $name
+     * @return void
+     */
     public function setName($name)
     {
-        return;
     }
 
+    /** @return void */
     public function getName()
     {
-        return;
     }
 
+    /**
+     * @param string $savePath
+     * @return void
+     */
     public function setSavePath($savePath)
     {
-        return;
     }
 
+    /** @return void */
     public function getSavePath()
     {
-        return;
     }
 
+    /**
+     * @param int $cookieLifetime
+     * @return void
+     */
     public function setCookieLifetime($cookieLifetime)
     {
-        return;
     }
 
+    /** @return void */
     public function getCookieLifetime()
     {
-        return;
     }
 
+    /**
+     * @param string $cookiePath
+     * @return void
+     */
     public function setCookiePath($cookiePath)
     {
-        return;
     }
 
+    /** @return void */
     public function getCookiePath()
     {
-        return;
     }
 
+    /**
+     * @param string $cookieDomain
+     * @return void
+     */
     public function setCookieDomain($cookieDomain)
     {
-        return;
     }
 
+    /** @return void */
     public function getCookieDomain()
     {
-        return;
     }
 
+    /**
+     * @param bool $cookieSecure
+     * @return void
+     */
     public function setCookieSecure($cookieSecure)
     {
-        return;
     }
 
+    /** @return void */
     public function getCookieSecure()
     {
-        return;
     }
 
+    /**
+     * @param bool $cookieHttpOnly
+     * @return void
+     */
     public function setCookieHttpOnly($cookieHttpOnly)
     {
-        return;
     }
 
+    /** @return void */
     public function getCookieHttpOnly()
     {
-        return;
     }
 
+    /**
+     * @param bool $useCookies
+     * @return void
+     */
     public function setUseCookies($useCookies)
     {
-        return;
     }
 
+    /** @return void */
     public function getUseCookies()
     {
-        return;
     }
 
+    /**
+     * @param int $rememberMeSeconds
+     * @return void
+     */
     public function setRememberMeSeconds($rememberMeSeconds)
     {
-        return;
     }
 
+    /** @return void */
     public function getRememberMeSeconds()
     {
-        return;
     }
-}
\ No newline at end of file
+}