Merge pull request #45 from BitBagCommerce/UC-30-fix-cookie

[UC-30] Fix cookie handling

Author: tomkalon

config/config.yml

@@ -8,7 +8,8 @@ parameters:
     user_com.frontend_api_key: '%env(USER_COM_FRONTEND_API_KEY)%'
     user_com.encryption_key: '%env(USER_COM_ENCRYPTION_KEY)%'
     user_com.encryption_iv: '%env(USER_COM_ENCRYPTION_IV)%'
-
+    user_com.cookie_domain: '%env(USER_COM_COOKIE_DOMAIN)%'
+    
 twig:
     globals:
         user_com_frontend_api_key: '%user_com.frontend_api_key%'

config/services/cookie.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+    <services>
+        <defaults autowire="false" autoconfigure="false"/>
+        <service id="bit_bag.sylius_user_com_plugin.cookie.cookie_queue" class="BitBag\SyliusUserComPlugin\Cookie\CookieQueue" />
+    </services>
+</container>

config/services/event_subscriber.xml

@@ -15,5 +15,13 @@
             <argument type="service" id="monolog.logger.user_com"/>
             <tag name="kernel.event_subscriber"/>
         </service>
+
+        <service id="bit_bag.sylius_user_com_plugin.event_subscriber.cookie_flusher_subscriber" class="BitBag\SyliusUserComPlugin\EventSubscriber\CookieFlusherSubscriber">
+            <argument type="service" id="bit_bag.sylius_user_com_plugin.cookie.cookie_queue" />
+            <tag name="kernel.event_listener"
+                 event="kernel.response"
+                 method="onResponse"
+                 priority="0"/>
+        </service>
     </services>
 </container>

config/services/manager.xml

@@ -9,6 +9,8 @@
         >
             <argument type="service" id="request_stack"/>
             <argument type="service" id="security.token_storage"/>
+            <argument type="service" id="bit_bag.sylius_user_com_plugin.cookie.cookie_queue"/>
+            <argument>%user_com.cookie_domain%</argument>
         </service>
 
         <service

src/Cookie/CookieQueue.php

@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file has been created by developers from BitBag.
+ * Feel free to contact us once you face any issues or want to start
+ * You can find more information about us on https://bitbag.io and write us
+ * an email on hello@bitbag.io.
+ */
+
+declare(strict_types=1);
+
+namespace BitBag\SyliusUserComPlugin\Cookie;
+
+use Symfony\Component\HttpFoundation\Cookie;
+
+final class CookieQueue implements CookieQueueInterface
+{
+    private array $queued = [];
+
+    public function queue(Cookie $cookie): void
+    {
+        $this->queued[] = $cookie;
+    }
+
+    /** @return Cookie[] */
+    public function pullAll(): array
+    {
+        $all = $this->queued;
+        $this->queued = [];
+
+        return $all;
+    }
+}

src/Cookie/CookieQueueInterface.php

@@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file has been created by developers from BitBag.
+ * Feel free to contact us once you face any issues or want to start
+ * You can find more information about us on https://bitbag.io and write us
+ * an email on hello@bitbag.io.
+ */
+
+declare(strict_types=1);
+
+namespace BitBag\SyliusUserComPlugin\Cookie;
+
+use Symfony\Component\HttpFoundation\Cookie;
+
+interface CookieQueueInterface
+{
+    public function queue(Cookie $cookie): void;
+
+    /** @return  Cookie[] */
+    public function pullAll(): array;
+}

src/EventSubscriber/CookieFlusherSubscriber.php

@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file has been created by developers from BitBag.
+ * Feel free to contact us once you face any issues or want to start
+ * You can find more information about us on https://bitbag.io and write us
+ * an email on hello@bitbag.io.
+ */
+
+declare(strict_types=1);
+
+namespace BitBag\SyliusUserComPlugin\EventSubscriber;
+
+use BitBag\SyliusUserComPlugin\Cookie\CookieQueueInterface;
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
+
+final class CookieFlusherSubscriber
+{
+    public function __construct(private readonly CookieQueueInterface $queue)
+    {
+    }
+
+    public function onResponse(ResponseEvent $event): void
+    {
+        $response = $event->getResponse();
+
+        foreach ($this->queue->pullAll() as $cookie) {
+            $response->headers->setCookie($cookie);
+        }
+    }
+}

src/Manager/CookieManager.php

@@ -11,7 +11,9 @@
 
 namespace BitBag\SyliusUserComPlugin\Manager;
 
+use BitBag\SyliusUserComPlugin\Cookie\CookieQueueInterface;
 use Sylius\Component\Core\Model\AdminUserInterface;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 
@@ -20,6 +22,8 @@ final class CookieManager implements CookieManagerInterface
     public function __construct(
         private readonly RequestStack $requestStack,
         private readonly TokenStorageInterface $tokenStorage,
+        private readonly CookieQueueInterface $queue,
+        private readonly ?string $cookieDomain = null,
     ) {
     }
 
@@ -41,11 +45,29 @@ public function getUserComCookie(): ?string
 
     public function setUserComCookie(string $value): void
     {
-        $request = $this->requestStack->getCurrentRequest();
-        if (null === $request) {
-            return;
+        $cookie = Cookie::create(self::CHAT_COOKIE_NAME)
+            ->withValue($value)
+            ->withPath('/')
+            ->withSecure(true)
+            ->withExpires(new \DateTimeImmutable('+1 year'))
+            ->withHttpOnly(false)
+            ->withSameSite('lax');
+
+        if (null !== $this->cookieDomain && '' !== $this->cookieDomain) {
+            $cookie = $cookie->withDomain($this->cookieDomain);
+        } else {
+            $request = $this->requestStack->getCurrentRequest();
+            if (null === $request) {
+                return;
+            }
+
+            $domain = $this->getBaseDomain($request->getHost());
+            if (null !== $domain) {
+                $cookie = $cookie->withDomain($domain);
+            }
         }
-        $request->cookies->set(self::CHAT_COOKIE_NAME, $value);
+
+        $this->queue->queue($cookie);
     }
 
     private function isShopUser(): bool
@@ -59,4 +81,22 @@ private function isShopUser(): bool
 
         return true;
     }
+
+    private function getBaseDomain(string $host): ?string
+    {
+        $host = (string) preg_replace('/:\d+$/', '', $host);
+
+        if ($host === 'localhost' || filter_var($host, \FILTER_VALIDATE_IP) !== false) {
+            return null;
+        }
+
+        $parts = explode('.', $host);
+        $count = count($parts);
+
+        if ($count >= 2) {
+            return '.' . $parts[$count - 2] . '.' . $parts[$count - 1];
+        }
+
+        return null;
+    }
 }

src/Updater/CustomerWithKeyUpdater.php

@@ -108,13 +108,20 @@ public function updateWithUserKey(
             );
 
             $this->userApi->mergeUsers($apiAwareResource, $userByEmailFromForm['id'], [$userFoundByKey['id']]);
-            $this->changeCookieWithEvent($user, $apiAwareResource, $eventName, $payload);
+            if (is_array($user) && isset($user['email']) && is_string($user['email'])) {
+                $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
+            }
+            $this->changeCookie($user);
 
             return $user;
         }
 
         $user = $this->userApi->createUser($apiAwareResource, $payload);
-        $this->changeCookieWithEvent($user, $apiAwareResource, $eventName, $payload);
+
+        if (is_array($user) && isset($user['email']) && is_string($user['email'])) {
+            $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
+        }
+        $this->changeCookie($user);
 
         return $user;
     }
@@ -154,16 +161,16 @@ private function updateForUserWithoutEmail(
             $this->userApi->mergeUsers($apiAwareResource, $customerFoundByEmail['id'], [$userFromUserKey['id']]);
         }
 
-        $this->sendEvent($apiAwareResource, $email, $eventName, $payload);
+        if (is_array($user) && isset($user['email']) && is_string($user['email'])) {
+            $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
+        }
+        $this->changeCookie($user);
 
         return $user;
     }
 
-    public function changeCookieWithEvent(
+    public function changeCookie(
         ?array $user,
-        UserComApiAwareInterface $apiAwareResource,
-        string $eventName,
-        ?array $payload = null,
     ): void {
         if (false === is_array($user) ||
             false === array_key_exists('id', $user) ||
@@ -173,6 +180,5 @@ public function changeCookieWithEvent(
         }
 
         $this->cookieManager->setUserComCookie($user['user_key']);
-        $this->sendEvent($apiAwareResource, $user['email'], $eventName, $payload);
     }
 }

tests/Application/.env

@@ -36,5 +36,6 @@ SYLIUS_MESSENGER_TRANSPORT_CATALOG_PROMOTION_REMOVAL_FAILED_DSN=doctrine://defau
 USER_COM_FRONTEND_API_KEY=""
 USER_COM_ENCRYPTION_KEY=your-32-character-long-key
 USER_COM_ENCRYPTION_IV=your-16-character-long-
+USER_COM_COOKIE_DOMAIN=""
 MESSENGER_USER_COM_ASYNCHRONOUS_DSN="doctrine://default"
 ###< UserCom