Merge pull request #44 from BitBagCommerce/UC-30-fix-cookie

[UC-30] Fix cookie handling

Author: tomkalon

src/Manager/CookieManager.php

@@ -49,11 +49,22 @@ public function setUserComCookie(string $value): void
             ->withValue($value)
             ->withPath('/')
             ->withSecure(true)
-            ->withHttpOnly(true)
+            ->withExpires(new \DateTimeImmutable('+1 year'))
+            ->withHttpOnly(false)
             ->withSameSite('lax');
 
         if (null !== $this->cookieDomain && '' !== $this->cookieDomain) {
             $cookie = $cookie->withDomain($this->cookieDomain);
+        } else {
+            $request = $this->requestStack->getCurrentRequest();
+            if (null === $request) {
+                return;
+            }
+
+            $domain = $this->getBaseDomain($request->getHost());
+            if (null !== $domain) {
+                $cookie = $cookie->withDomain($domain);
+            }
         }
 
         $this->queue->queue($cookie);
@@ -70,4 +81,22 @@ private function isShopUser(): bool
 
         return true;
     }
+
+    private function getBaseDomain(string $host): ?string
+    {
+        $host = (string) preg_replace('/:\d+$/', '', $host);
+
+        if ($host === 'localhost' || filter_var($host, \FILTER_VALIDATE_IP) !== false) {
+            return null;
+        }
+
+        $parts = explode('.', $host);
+        $count = count($parts);
+
+        if ($count >= 2) {
+            return '.' . $parts[$count - 2] . '.' . $parts[$count - 1];
+        }
+
+        return null;
+    }
 }

src/Updater/CustomerWithKeyUpdater.php

@@ -108,13 +108,20 @@ public function updateWithUserKey(
             );
 
             $this->userApi->mergeUsers($apiAwareResource, $userByEmailFromForm['id'], [$userFoundByKey['id']]);
-            $this->changeCookieWithEvent($user, $apiAwareResource, $eventName, $payload);
+            if (is_array($user) && isset($user['email']) && is_string($user['email'])) {
+                $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
+            }
+            $this->changeCookie($user);
 
             return $user;
         }
 
         $user = $this->userApi->createUser($apiAwareResource, $payload);
-        $this->changeCookieWithEvent($user, $apiAwareResource, $eventName, $payload);
+
+        if (is_array($user) && isset($user['email']) && is_string($user['email'])) {
+            $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
+        }
+        $this->changeCookie($user);
 
         return $user;
     }
@@ -154,16 +161,16 @@ private function updateForUserWithoutEmail(
             $this->userApi->mergeUsers($apiAwareResource, $customerFoundByEmail['id'], [$userFromUserKey['id']]);
         }
 
-        $this->changeCookieWithEvent($user, $apiAwareResource, $eventName);
+        if (is_array($user) && isset($user['email']) && is_string($user['email'])) {
+            $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
+        }
+        $this->changeCookie($user);
 
         return $user;
     }
 
-    public function changeCookieWithEvent(
+    public function changeCookie(
         ?array $user,
-        UserComApiAwareInterface $apiAwareResource,
-        string $eventName,
-        ?array $payload = null,
     ): void {
         if (false === is_array($user) ||
             false === array_key_exists('id', $user) ||
@@ -173,6 +180,5 @@ public function changeCookieWithEvent(
         }
 
         $this->cookieManager->setUserComCookie($user['user_key']);
-        $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
     }
 }