vendor/pimcore/pimcore/lib/Targeting/Storage/CookieStorage.php line 208

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /**
  6.  * Pimcore
  7.  *
  8.  * This source file is available under two different licenses:
  9.  * - GNU General Public License version 3 (GPLv3)
  10.  * - Pimcore Commercial License (PCL)
  11.  * Full copyright and license information is available in
  12.  * LICENSE.md which is distributed with this source code.
  13.  *
  14.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  15.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  16.  */
  18. namespace Pimcore\Targeting\Storage;
  20. use Pimcore\Targeting\Model\VisitorInfo;
  21. use Pimcore\Targeting\Storage\Cookie\CookieSaveHandlerInterface;
  22. use Pimcore\Targeting\Storage\Traits\TimestampsTrait;
  23. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  24. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  25. use Symfony\Component\HttpKernel\KernelEvents;
  27. /**
  28.  * Stores data as cookie in the client's browser
  29.  *
  30.  * NOTE: using this storage without signed cookies is inherently insecure and can open vulnerabilities by injecting
  31.  * malicious data into the client cookie. Use only for testing!
  32.  */
  33. class CookieStorage implements TargetingStorageInterface
  34. {
  35.     use TimestampsTrait;
  37.     const COOKIE_NAME_SESSION '_pc_tss'// tss = targeting session storage
  39.     const COOKIE_NAME_VISITOR '_pc_tvs'// tvs = targeting visitor storage
  41.     const STORAGE_KEY_CREATED_AT '_c';
  43.     const STORAGE_KEY_UPDATED_AT '_u';
  45.     /**
  46.      * @var CookieSaveHandlerInterface
  47.      */
  48.     private $saveHandler;
  50.     /**
  51.      * @var EventDispatcherInterface
  52.      */
  53.     private $eventDispatcher;
  55.     /**
  56.      * @var array
  57.      */
  58.     private $data = [];
  60.     /**
  61.      * @var bool
  62.      */
  63.     private $changed false;
  65.     /**
  66.      * @var array
  67.      */
  68.     private $scopeCookieMapping = [
  69.         self::SCOPE_SESSION => self::COOKIE_NAME_SESSION,
  70.         self::SCOPE_VISITOR => self::COOKIE_NAME_VISITOR,
  71.     ];
  73.     public function __construct(
  74.         CookieSaveHandlerInterface $saveHandler,
  75.         EventDispatcherInterface $eventDispatcher
  76.     ) {
  77.         $this->saveHandler $saveHandler;
  78.         $this->eventDispatcher $eventDispatcher;
  79.     }
  81.     public function all(VisitorInfo $visitorInfostring $scope): array
  82.     {
  83.         $this->loadData($visitorInfo$scope);
  85.         $blacklist = [
  86.             self::STORAGE_KEY_CREATED_AT,
  87.             self::STORAGE_KEY_UPDATED_AT,
  88.             self::STORAGE_KEY_META_ENTRY,
  89.         ];
  91.         // filter internal values
  92.         $result array_filter($this->data[$scope], function ($key) use ($blacklist) {
  93.             return !in_array($key$blacklisttrue);
  94.         }, ARRAY_FILTER_USE_KEY);
  96.         return $result;
  97.     }
  99.     public function has(VisitorInfo $visitorInfostring $scopestring $name): bool
  100.     {
  101.         $this->loadData($visitorInfo$scope);
  103.         return isset($this->data[$scope][$name]);
  104.     }
  106.     public function get(VisitorInfo $visitorInfostring $scopestring $name$default null)
  107.     {
  108.         $this->loadData($visitorInfo$scope);
  110.         if (isset($this->data[$scope][$name])) {
  111.             return $this->data[$scope][$name];
  112.         }
  114.         return $default;
  115.     }
  117.     public function set(VisitorInfo $visitorInfostring $scopestring $name$value)
  118.     {
  119.         $this->loadData($visitorInfo$scope);
  121.         $this->data[$scope][$name] = $value;
  123.         $this->updateTimestamps($scope);
  124.         $this->addSaveListener($visitorInfo);
  125.     }
  127.     public function clear(VisitorInfo $visitorInfostring $scope null)
  128.     {
  129.         if (null === $scope) {
  130.             $this->data = [];
  131.         } else {
  132.             if (isset($this->data[$scope])) {
  133.                 unset($this->data[$scope]);
  134.             }
  135.         }
  137.         $this->addSaveListener($visitorInfo);
  138.     }
  140.     public function migrateFromStorage(TargetingStorageInterface $storageVisitorInfo $visitorInfostring $scope)
  141.     {
  142.         $values $storage->all($visitorInfo$scope);
  144.         $this->loadData($visitorInfo$scope);
  146.         foreach ($values as $name => $value) {
  147.             $this->data[$scope][$name] = $value;
  148.         }
  150.         // update created/updated at from storage
  151.         $this->updateTimestamps(
  152.             $scope,
  153.             $storage->getCreatedAt($visitorInfo$scope),
  154.             $storage->getUpdatedAt($visitorInfo$scope)
  155.         );
  157.         $this->addSaveListener($visitorInfo);
  158.     }
  160.     public function getCreatedAt(VisitorInfo $visitorInfostring $scope)
  161.     {
  162.         $this->loadData($visitorInfo$scope);
  164.         if (!isset($this->data[$scope][self::STORAGE_KEY_CREATED_AT])) {
  165.             return null;
  166.         }
  168.         return \DateTimeImmutable::createFromFormat('U', (string)$this->data[$scope][self::STORAGE_KEY_CREATED_AT]);
  169.     }
  171.     public function getUpdatedAt(VisitorInfo $visitorInfostring $scope)
  172.     {
  173.         $this->loadData($visitorInfo$scope);
  175.         if (!isset($this->data[$scope][self::STORAGE_KEY_UPDATED_AT])) {
  176.             return null;
  177.         }
  179.         return \DateTimeImmutable::createFromFormat('U', (string)$this->data[$scope][self::STORAGE_KEY_CREATED_AT]);
  180.     }
  182.     private function loadData(VisitorInfo $visitorInfostring $scope): array
  183.     {
  184.         if (!isset($this->scopeCookieMapping[$scope])) {
  185.             throw new \InvalidArgumentException(sprintf('Scope "%s" is not supported'$scope));
  186.         }
  188.         if (isset($this->data[$scope]) && null !== $this->data[$scope]) {
  189.             return $this->data[$scope];
  190.         }
  192.         $request $visitorInfo->getRequest();
  194.         $this->data[$scope] = $this->saveHandler->load($request$scope$this->scopeCookieMapping[$scope]);
  196.         return $this->data[$scope];
  197.     }
  199.     private function addSaveListener(VisitorInfo $visitorInfo)
  200.     {
  201.         if ($this->changed) {
  202.             return;
  203.         }
  205.         $this->changed true;
  207.         // adds a response listener setting the storage cookie
  208.         $listener = function (ResponseEvent $event) use ($visitorInfo) {
  209.             // only handle event for the visitor info which triggered the save
  210.             if ($event->getRequest() !== $visitorInfo->getRequest()) {
  211.                 return;
  212.             }
  214.             $response $event->getResponse();
  215.             foreach (array_keys($this->scopeCookieMapping) as $scope) {
  216.                 $this->saveHandler->save(
  217.                     $response,
  218.                     $scope,
  219.                     $this->scopeCookieMapping[$scope],
  220.                     $this->expiryFor($scope),
  221.                     $this->data[$scope] ?? null
  222.                 );
  223.             }
  224.         };
  226.         $this->eventDispatcher->addListener(KernelEvents::RESPONSE$listener);
  227.     }
  229.     private function updateTimestamps(
  230.         string $scope,
  231.         \DateTimeInterface $createdAt null,
  232.         \DateTimeInterface $updatedAt null
  233.     ) {
  234.         $timestamps $this->normalizeTimestamps($createdAt$updatedAt);
  236.         if (!isset($this->data[$scope][self::STORAGE_KEY_CREATED_AT])) {
  237.             $this->data[$scope][self::STORAGE_KEY_CREATED_AT] = $timestamps['createdAt']->getTimestamp();
  238.             $this->data[$scope][self::STORAGE_KEY_UPDATED_AT] = $timestamps['updatedAt']->getTimestamp();
  239.         } else {
  240.             $this->data[$scope][self::STORAGE_KEY_UPDATED_AT] = $timestamps['updatedAt']->getTimestamp();
  241.         }
  242.     }
  244.     protected function expiryFor(string $scope)
  245.     {
  246.         $expiry 0;
  247.         if (self::SCOPE_VISITOR === $scope) {
  248.             $expiry = new \DateTime('+1 year');
  249.         } elseif (self::SCOPE_SESSION === $scope) {
  250.             $expiry = new \DateTime('+30 minutes');
  251.         }
  253.         return $expiry;
  254.     }
  255. }