vendor/pimcore/pimcore/lib/Targeting/Storage/CookieStorage.php line 214

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /**
  6.  * Pimcore
  7.  *
  8.  * This source file is available under two different licenses:
  9.  * - GNU General Public License version 3 (GPLv3)
  10.  * - Pimcore Enterprise License (PEL)
  11.  * Full copyright and license information is available in
  12.  * LICENSE.md which is distributed with this source code.
  13.  *
  14.  * @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  15.  * @license    http://www.pimcore.org/license     GPLv3 and PEL
  16.  */
  18. namespace Pimcore\Targeting\Storage;
  20. use Pimcore\Targeting\Model\VisitorInfo;
  21. use Pimcore\Targeting\Storage\Cookie\CookieSaveHandlerInterface;
  22. use Pimcore\Targeting\Storage\Traits\TimestampsTrait;
  23. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  24. use Symfony\Component\HttpFoundation\RequestStack;
  25. use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
  26. use Symfony\Component\HttpKernel\KernelEvents;
  28. /**
  29.  * Stores data as cookie in the client's browser
  30.  *
  31.  * NOTE: using this storage without signed cookies is inherently insecure and can open vulnerabilities by injecting
  32.  * malicious data into the client cookie. Use only for testing!
  33.  */
  34. class CookieStorage implements TargetingStorageInterface
  35. {
  36.     use TimestampsTrait;
  38.     const COOKIE_NAME_SESSION '_pc_tss'// tss = targeting session storage
  39.     const COOKIE_NAME_VISITOR '_pc_tvs'// tvs = targeting visitor storage
  41.     const STORAGE_KEY_CREATED_AT '_c';
  42.     const STORAGE_KEY_UPDATED_AT '_u';
  44.     /**
  45.      * @var CookieSaveHandlerInterface
  46.      */
  47.     private $saveHandler;
  49.     /**
  50.      * @var RequestStack
  51.      */
  52.     private $requestStack;
  54.     /**
  55.      * @var EventDispatcherInterface
  56.      */
  57.     private $eventDispatcher;
  59.     /**
  60.      * @var array
  61.      */
  62.     private $data = [];
  64.     /**
  65.      * @var bool
  66.      */
  67.     private $changed false;
  69.     /**
  70.      * @var array
  71.      */
  72.     private $scopeCookieMapping = [
  73.         self::SCOPE_SESSION => self::COOKIE_NAME_SESSION,
  74.         self::SCOPE_VISITOR => self::COOKIE_NAME_VISITOR,
  75.     ];
  77.     public function __construct(
  78.         CookieSaveHandlerInterface $saveHandler,
  79.         RequestStack $requestHelper,
  80.         EventDispatcherInterface $eventDispatcher
  81.     ) {
  82.         $this->saveHandler $saveHandler;
  83.         $this->requestStack $requestHelper;
  84.         $this->eventDispatcher $eventDispatcher;
  85.     }
  87.     public function all(VisitorInfo $visitorInfostring $scope): array
  88.     {
  89.         $this->loadData($visitorInfo$scope);
  91.         $blacklist = [
  92.             self::STORAGE_KEY_CREATED_AT,
  93.             self::STORAGE_KEY_UPDATED_AT,
  94.             self::STORAGE_KEY_META_ENTRY,
  95.         ];
  97.         // filter internal values
  98.         $result array_filter($this->data[$scope], function ($key) use ($blacklist) {
  99.             return !in_array($key$blacklisttrue);
  100.         }, ARRAY_FILTER_USE_KEY);
  102.         return $result;
  103.     }
  105.     public function has(VisitorInfo $visitorInfostring $scopestring $name): bool
  106.     {
  107.         $this->loadData($visitorInfo$scope);
  109.         return isset($this->data[$scope][$name]);
  110.     }
  112.     public function get(VisitorInfo $visitorInfostring $scopestring $name$default null)
  113.     {
  114.         $this->loadData($visitorInfo$scope);
  116.         if (isset($this->data[$scope][$name])) {
  117.             return $this->data[$scope][$name];
  118.         }
  120.         return $default;
  121.     }
  123.     public function set(VisitorInfo $visitorInfostring $scopestring $name$value)
  124.     {
  125.         $this->loadData($visitorInfo$scope);
  127.         $this->data[$scope][$name] = $value;
  129.         $this->updateTimestamps($scope);
  130.         $this->addSaveListener($visitorInfo);
  131.     }
  133.     public function clear(VisitorInfo $visitorInfostring $scope null)
  134.     {
  135.         if (null === $scope) {
  136.             $this->data null;
  137.         } else {
  138.             if (isset($this->data[$scope])) {
  139.                 unset($this->data[$scope]);
  140.             }
  141.         }
  143.         $this->addSaveListener($visitorInfo);
  144.     }
  146.     public function migrateFromStorage(TargetingStorageInterface $storageVisitorInfo $visitorInfostring $scope)
  147.     {
  148.         $values $storage->all($visitorInfo$scope);
  150.         $this->loadData($visitorInfo$scope);
  152.         foreach ($values as $name => $value) {
  153.             $this->data[$scope][$name] = $value;
  154.         }
  156.         // update created/updated at from storage
  157.         $this->updateTimestamps(
  158.             $scope,
  159.             $storage->getCreatedAt($visitorInfo$scope),
  160.             $storage->getUpdatedAt($visitorInfo$scope)
  161.         );
  163.         $this->addSaveListener($visitorInfo);
  164.     }
  166.     public function getCreatedAt(VisitorInfo $visitorInfostring $scope)
  167.     {
  168.         $this->loadData($visitorInfo$scope);
  170.         if (!isset($this->data[$scope][self::STORAGE_KEY_CREATED_AT])) {
  171.             return null;
  172.         }
  174.         return \DateTimeImmutable::createFromFormat('U', (string)$this->data[$scope][self::STORAGE_KEY_CREATED_AT]);
  175.     }
  177.     public function getUpdatedAt(VisitorInfo $visitorInfostring $scope)
  178.     {
  179.         $this->loadData($visitorInfo$scope);
  181.         if (!isset($this->data[$scope][self::STORAGE_KEY_UPDATED_AT])) {
  182.             return null;
  183.         }
  185.         return \DateTimeImmutable::createFromFormat('U', (string)$this->data[$scope][self::STORAGE_KEY_CREATED_AT]);
  186.     }
  188.     private function loadData(VisitorInfo $visitorInfostring $scope): array
  189.     {
  190.         if (!isset($this->scopeCookieMapping[$scope])) {
  191.             throw new \InvalidArgumentException(sprintf('Scope "%s" is not supported'$scope));
  192.         }
  194.         if (isset($this->data[$scope]) && null !== $this->data[$scope]) {
  195.             return $this->data[$scope];
  196.         }
  198.         $request $visitorInfo->getRequest();
  200.         $this->data[$scope] = $this->saveHandler->load($request$scope$this->scopeCookieMapping[$scope]);
  202.         return $this->data[$scope];
  203.     }
  205.     private function addSaveListener(VisitorInfo $visitorInfo)
  206.     {
  207.         if ($this->changed) {
  208.             return;
  209.         }
  211.         $this->changed true;
  213.         // adds a response listener setting the storage cookie
  214.         $listener = function (FilterResponseEvent $event) use ($visitorInfo) {
  215.             // only handle event for the visitor info which triggered the save
  216.             if ($event->getRequest() !== $visitorInfo->getRequest()) {
  217.                 return;
  218.             }
  220.             $response $event->getResponse();
  221.             foreach (array_keys($this->scopeCookieMapping) as $scope) {
  222.                 $this->saveHandler->save(
  223.                     $response,
  224.                     $scope,
  225.                     $this->scopeCookieMapping[$scope],
  226.                     $this->expiryFor($scope),
  227.                     $this->data[$scope] ?? null
  228.                 );
  229.             }
  230.         };
  232.         $this->eventDispatcher->addListener(KernelEvents::RESPONSE$listener);
  233.     }
  235.     private function updateTimestamps(
  236.         string $scope,
  237.         \DateTimeInterface $createdAt null,
  238.         \DateTimeInterface $updatedAt null
  239.     ) {
  240.         $timestamps $this->normalizeTimestamps($createdAt$updatedAt);
  242.         if (!isset($this->data[$scope][self::STORAGE_KEY_CREATED_AT])) {
  243.             $this->data[$scope][self::STORAGE_KEY_CREATED_AT] = $timestamps['createdAt']->getTimestamp();
  244.             $this->data[$scope][self::STORAGE_KEY_UPDATED_AT] = $timestamps['updatedAt']->getTimestamp();
  245.         } else {
  246.             $this->data[$scope][self::STORAGE_KEY_UPDATED_AT] = $timestamps['updatedAt']->getTimestamp();
  247.         }
  248.     }
  250.     protected function expiryFor(string $scope)
  251.     {
  252.         $expiry 0;
  253.         if (self::SCOPE_VISITOR === $scope) {
  254.             $expiry = new \DateTime('+1 year');
  255.         } elseif (self::SCOPE_SESSION === $scope) {
  256.             $expiry = new \DateTime('+30 minutes');
  257.         }
  259.         return $expiry;
  260.     }
  261. }