update

mevdschee · mevdschee · commit bd4997b4aeac · 2022-11-30T07:48:21.000+01:00
diff --git a/src/Tqdev/PhpCrudApi/Middleware/BasicAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/BasicAuthMiddleware.php
@@ -86,6 +86,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 if ($sessionName) {
                     session_name($sessionName);
                 }
+                if (!ini_get('session.cookie_samesite')) {
+                    ini_set('session.cookie_samesite', 'Lax');
+                }
+                if (!ini_get('session.cookie_httponly')) {
+                    ini_set('session.cookie_httponly', 1);
+                }
+                if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                    ini_set('session.cookie_secure', 1);
+                }
                 session_start();
             }
         }
diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
@@ -38,6 +38,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 if ($sessionName) {
                     session_name($sessionName);
                 }
+                if (!ini_get('session.cookie_samesite')) {
+                    ini_set('session.cookie_samesite', 'Lax');
+                }
+                if (!ini_get('session.cookie_httponly')) {
+                    ini_set('session.cookie_httponly', 1);
+                }
+                if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                    ini_set('session.cookie_secure', 1);
+                }
                 session_start();
             }
         }
@@ -77,7 +86,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 if (!$registerUser) {
                     return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
                 }
-                if(strlen(trim($username)) == 0){
+                if (strlen(trim($username)) == 0) {
                     return $this->responder->error(ErrorCode::USERNAME_EMPTY, $username);
                 }
                 if (strlen($password) < $passwordLength) {
@@ -94,7 +103,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 $this->db->createSingle($table, $data);
                 $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
                 foreach ($users as $user) {
-                    if($loginAfterRegistration){
+                    if ($loginAfterRegistration) {
                         if (!headers_sent()) {
                             session_regenerate_id(true);
                         }
diff --git a/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php
@@ -140,6 +140,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 if ($sessionName) {
                     session_name($sessionName);
                 }
+                if (!ini_get('session.cookie_samesite')) {
+                    ini_set('session.cookie_samesite', 'Lax');
+                }
+                if (!ini_get('session.cookie_httponly')) {
+                    ini_set('session.cookie_httponly', 1);
+                }
+                if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+                    ini_set('session.cookie_secure', 1);
+                }
                 session_start();
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`86`	`86`	`if ($sessionName) {`
`87`	`87`	`session_name($sessionName);`
`88`	`88`	`}`
	`89`	`+ if (!ini_get('session.cookie_samesite')) {`
	`90`	`+ ini_set('session.cookie_samesite', 'Lax');`
	`91`	`+ }`
	`92`	`+ if (!ini_get('session.cookie_httponly')) {`
	`93`	`+ ini_set('session.cookie_httponly', 1);`
	`94`	`+ }`
	`95`	`+ if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {`
	`96`	`+ ini_set('session.cookie_secure', 1);`
	`97`	`+ }`
`89`	`98`	`session_start();`
`90`	`99`	`}`
`91`	`100`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`38`	`38`	`if ($sessionName) {`
`39`	`39`	`session_name($sessionName);`
`40`	`40`	`}`
	`41`	`+ if (!ini_get('session.cookie_samesite')) {`
	`42`	`+ ini_set('session.cookie_samesite', 'Lax');`
	`43`	`+ }`
	`44`	`+ if (!ini_get('session.cookie_httponly')) {`
	`45`	`+ ini_set('session.cookie_httponly', 1);`
	`46`	`+ }`
	`47`	`+ if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {`
	`48`	`+ ini_set('session.cookie_secure', 1);`
	`49`	`+ }`
`41`	`50`	`session_start();`
`42`	`51`	`}`
`43`	`52`	`}`
`@@ -77,7 +86,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`77`	`86`	`if (!$registerUser) {`
`78`	`87`	`return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);`
`79`	`88`	`}`
`80`		`- if(strlen(trim($username)) == 0){`
	`89`	`+ if (strlen(trim($username)) == 0) {`
`81`	`90`	`return $this->responder->error(ErrorCode::USERNAME_EMPTY, $username);`
`82`	`91`	`}`
`83`	`92`	`if (strlen($password) < $passwordLength) {`
`@@ -94,7 +103,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`94`	`103`	`$this->db->createSingle($table, $data);`
`95`	`104`	`$users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);`
`96`	`105`	`foreach ($users as $user) {`
`97`		`- if($loginAfterRegistration){`
	`106`	`+ if ($loginAfterRegistration) {`
`98`	`107`	`if (!headers_sent()) {`
`99`	`108`	`session_regenerate_id(true);`
`100`	`109`	`}`
Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,15 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`140`	`140`	`if ($sessionName) {`
`141`	`141`	`session_name($sessionName);`
`142`	`142`	`}`
	`143`	`+ if (!ini_get('session.cookie_samesite')) {`
	`144`	`+ ini_set('session.cookie_samesite', 'Lax');`
	`145`	`+ }`
	`146`	`+ if (!ini_get('session.cookie_httponly')) {`
	`147`	`+ ini_set('session.cookie_httponly', 1);`
	`148`	`+ }`
	`149`	`+ if (!ini_get('session.cookie_secure') && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {`
	`150`	`+ ini_set('session.cookie_secure', 1);`
	`151`	`+ }`
`143`	`152`	`session_start();`
`144`	`153`	`}`
`145`	`154`	`}`