vendor/pimcore/pimcore/lib/Targeting/Storage/CookieStorage.php line 226

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /**
  6.  * Pimcore
  7.  *
  8.  * This source file is available under two different licenses:
  9.  * - GNU General Public License version 3 (GPLv3)
  10.  * - Pimcore Commercial License (PCL)
  11.  * Full copyright and license information is available in
  12.  * LICENSE.md which is distributed with this source code.
  13.  *
  14.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  15.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  16.  */
  18. namespace Pimcore\Targeting\Storage;
  20. use Pimcore\Targeting\Model\VisitorInfo;
  21. use Pimcore\Targeting\Storage\Cookie\CookieSaveHandlerInterface;
  22. use Pimcore\Targeting\Storage\Traits\TimestampsTrait;
  23. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  24. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  25. use Symfony\Component\HttpKernel\KernelEvents;
  27. /**
  28.  * Stores data as cookie in the client's browser
  29.  *
  30.  * NOTE: using this storage without signed cookies is inherently insecure and can open vulnerabilities by injecting
  31.  * malicious data into the client cookie. Use only for testing!
  32.  */
  33. class CookieStorage implements TargetingStorageInterface
  34. {
  35.     use TimestampsTrait;
  37.     const COOKIE_NAME_SESSION '_pc_tss'// tss = targeting session storage
  39.     const COOKIE_NAME_VISITOR '_pc_tvs'// tvs = targeting visitor storage
  41.     const STORAGE_KEY_CREATED_AT '_c';
  43.     const STORAGE_KEY_UPDATED_AT '_u';
  45.     /**
  46.      * @var CookieSaveHandlerInterface
  47.      */
  48.     private $saveHandler;
  50.     /**
  51.      * @var EventDispatcherInterface
  52.      */
  53.     private $eventDispatcher;
  55.     /**
  56.      * @var array
  57.      */
  58.     private $data = [];
  60.     /**
  61.      * @var bool
  62.      */
  63.     private $changed false;
  65.     /**
  66.      * @var array
  67.      */
  68.     private $scopeCookieMapping = [
  69.         self::SCOPE_SESSION => self::COOKIE_NAME_SESSION,
  70.         self::SCOPE_VISITOR => self::COOKIE_NAME_VISITOR,
  71.     ];
  73.     public function __construct(
  74.         CookieSaveHandlerInterface $saveHandler,
  75.         EventDispatcherInterface $eventDispatcher
  76.     ) {
  77.         $this->saveHandler $saveHandler;
  78.         $this->eventDispatcher $eventDispatcher;
  79.     }
  81.     public function all(VisitorInfo $visitorInfostring $scope): array
  82.     {
  83.         $this->loadData($visitorInfo$scope);
  85.         $blacklist = [
  86.             self::STORAGE_KEY_CREATED_AT,
  87.             self::STORAGE_KEY_UPDATED_AT,
  88.             self::STORAGE_KEY_META_ENTRY,
  89.         ];
  91.         // filter internal values
  92.         $result array_filter($this->data[$scope], function ($key) use ($blacklist) {
  93.             return !in_array($key$blacklisttrue);
  94.         }, ARRAY_FILTER_USE_KEY);
  96.         return $result;
  97.     }
  99.     public function has(VisitorInfo $visitorInfostring $scopestring $name): bool
  100.     {
  101.         $this->loadData($visitorInfo$scope);
  103.         return isset($this->data[$scope][$name]);
  104.     }
  106.     /**
  107.      * {@inheritdoc}
  108.      */
  109.     public function get(VisitorInfo $visitorInfostring $scopestring $name$default null)
  110.     {
  111.         $this->loadData($visitorInfo$scope);
  113.         if (isset($this->data[$scope][$name])) {
  114.             return $this->data[$scope][$name];
  115.         }
  117.         return $default;
  118.     }
  120.     /**
  121.      * {@inheritdoc }
  122.      */
  123.     public function set(VisitorInfo $visitorInfostring $scopestring $name$value)
  124.     {
  125.         $this->loadData($visitorInfo$scope);
  127.         $this->data[$scope][$name] = $value;
  129.         $this->updateTimestamps($scope);
  130.         $this->addSaveListener($visitorInfo);
  131.     }
  133.     /**
  134.      * {@inheritdoc }
  135.      */
  136.     public function clear(VisitorInfo $visitorInfostring $scope null)
  137.     {
  138.         if (null === $scope) {
  139.             $this->data = [];
  140.         } else {
  141.             if (isset($this->data[$scope])) {
  142.                 unset($this->data[$scope]);
  143.             }
  144.         }
  146.         $this->addSaveListener($visitorInfo);
  147.     }
  149.     /**
  150.      * {@inheritdoc }
  151.      */
  152.     public function migrateFromStorage(TargetingStorageInterface $storageVisitorInfo $visitorInfostring $scope)
  153.     {
  154.         $values $storage->all($visitorInfo$scope);
  156.         $this->loadData($visitorInfo$scope);
  158.         foreach ($values as $name => $value) {
  159.             $this->data[$scope][$name] = $value;
  160.         }
  162.         // update created/updated at from storage
  163.         $this->updateTimestamps(
  164.             $scope,
  165.             $storage->getCreatedAt($visitorInfo$scope),
  166.             $storage->getUpdatedAt($visitorInfo$scope)
  167.         );
  169.         $this->addSaveListener($visitorInfo);
  170.     }
  172.     /**
  173.      * {@inheritdoc }
  174.      */
  175.     public function getCreatedAt(VisitorInfo $visitorInfostring $scope)
  176.     {
  177.         $this->loadData($visitorInfo$scope);
  179.         if (!isset($this->data[$scope][self::STORAGE_KEY_CREATED_AT])) {
  180.             return null;
  181.         }
  183.         return \DateTimeImmutable::createFromFormat('U', (string)$this->data[$scope][self::STORAGE_KEY_CREATED_AT]);
  184.     }
  186.     /**
  187.      * {@inheritdoc }
  188.      */
  189.     public function getUpdatedAt(VisitorInfo $visitorInfostring $scope)
  190.     {
  191.         $this->loadData($visitorInfo$scope);
  193.         if (!isset($this->data[$scope][self::STORAGE_KEY_UPDATED_AT])) {
  194.             return null;
  195.         }
  197.         return \DateTimeImmutable::createFromFormat('U', (string)$this->data[$scope][self::STORAGE_KEY_CREATED_AT]);
  198.     }
  200.     private function loadData(VisitorInfo $visitorInfostring $scope): array
  201.     {
  202.         if (!isset($this->scopeCookieMapping[$scope])) {
  203.             throw new \InvalidArgumentException(sprintf('Scope "%s" is not supported'$scope));
  204.         }
  206.         if (isset($this->data[$scope]) && null !== $this->data[$scope]) {
  207.             return $this->data[$scope];
  208.         }
  210.         $request $visitorInfo->getRequest();
  212.         $this->data[$scope] = $this->saveHandler->load($request$scope$this->scopeCookieMapping[$scope]);
  214.         return $this->data[$scope];
  215.     }
  217.     private function addSaveListener(VisitorInfo $visitorInfo)
  218.     {
  219.         if ($this->changed) {
  220.             return;
  221.         }
  223.         $this->changed true;
  225.         // adds a response listener setting the storage cookie
  226.         $listener = function (ResponseEvent $event) use ($visitorInfo) {
  227.             // only handle event for the visitor info which triggered the save
  228.             if ($event->getRequest() !== $visitorInfo->getRequest()) {
  229.                 return;
  230.             }
  232.             $response $event->getResponse();
  233.             foreach (array_keys($this->scopeCookieMapping) as $scope) {
  234.                 $this->saveHandler->save(
  235.                     $response,
  236.                     $scope,
  237.                     $this->scopeCookieMapping[$scope],
  238.                     $this->expiryFor($scope),
  239.                     $this->data[$scope] ?? null
  240.                 );
  241.             }
  242.         };
  244.         $this->eventDispatcher->addListener(KernelEvents::RESPONSE$listener);
  245.     }
  247.     private function updateTimestamps(
  248.         string $scope,
  249.         \DateTimeInterface $createdAt null,
  250.         \DateTimeInterface $updatedAt null
  251.     ) {
  252.         $timestamps $this->normalizeTimestamps($createdAt$updatedAt);
  254.         if (!isset($this->data[$scope][self::STORAGE_KEY_CREATED_AT])) {
  255.             $this->data[$scope][self::STORAGE_KEY_CREATED_AT] = $timestamps['createdAt']->getTimestamp();
  256.             $this->data[$scope][self::STORAGE_KEY_UPDATED_AT] = $timestamps['updatedAt']->getTimestamp();
  257.         } else {
  258.             $this->data[$scope][self::STORAGE_KEY_UPDATED_AT] = $timestamps['updatedAt']->getTimestamp();
  259.         }
  260.     }
  262.     /**
  263.      * @param string $scope
  264.      *
  265.      * @return \DateTime|int
  266.      */
  267.     protected function expiryFor(string $scope)
  268.     {
  269.         $expiry 0;
  270.         if (self::SCOPE_VISITOR === $scope) {
  271.             $expiry = new \DateTime('+1 year');
  272.         } elseif (self::SCOPE_SESSION === $scope) {
  273.             $expiry = new \DateTime('+30 minutes');
  274.         }
  276.         return $expiry;
  277.     }
  278. }