1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\Tests\System;
use Piwik\Config;
use Piwik\SettingsPiwik;
use Piwik\Tests\Framework\Fixture;
use Piwik\Tests\Framework\TestCase\SystemTestCase;
class CookieTest extends SystemTestCase
{
const USERAGENT_CHROME = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.38 Safari/532.0';
const USERAGENT_FIREFOX = 'Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0';
const USERAGENT_SAFARI = 'Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+';
private $testVars;
private $originalAssumeSecureValue;
public function setUp()
{
parent::setUp();
$this->testVars = static::$fixture->getTestEnvironment();
$this->originalAssumeSecureValue = Config::getInstance()->General['assume_secure_protocol'];
}
public function tearDown()
{
parent::tearDown();
$this->testVars->overrideConfig('General', 'assume_secure_protocol', $this->originalAssumeSecureValue);
$this->testVars->save();
}
public function testIgnoreCookieSameSiteChromeSecure()
{
$this->testVars->overrideConfig('General', 'assume_secure_protocol', 1);
$this->testVars->save();
$headers = $this->setIgnoreCookie(self::USERAGENT_CHROME);
$cookie = $this->findIgnoreCookie($headers);
$this->assertCookieSameSiteMatches('None', $cookie);
}
public function testIgnoreCookieSameSiteChromeNotSecure()
{
$this->testVars->overrideConfig('General', 'assume_secure_protocol', 0);
$this->testVars->save();
$headers = $this->setIgnoreCookie(self::USERAGENT_CHROME);
$cookie = $this->findIgnoreCookie($headers);
$this->assertCookieSameSiteMatches('Lax', $cookie);
}
public function testIgnoreCookieSameSiteFirefox()
{
$headers = $this->setIgnoreCookie(self::USERAGENT_FIREFOX);
$cookie = $this->findIgnoreCookie($headers);
$this->assertCookieSameSiteMatches('None', $cookie);
}
public function testIgnoreCookieSameSiteSafari()
{
$headers = $this->setIgnoreCookie(self::USERAGENT_SAFARI);
$cookie = $this->findIgnoreCookie($headers);
$this->assertNotContains($cookie, 'SameSite');
}
private function setIgnoreCookie($userAgent)
{
$matomoUrl = Fixture::getTestRootUrl();
$tokenAuth = Fixture::getTokenAuth();
$params = array(
'module' => 'UsersManager',
'action' => 'setIgnoreCookie',
'idSite' => 1,
'period' => 'day',
'date' => 'yesterday',
'ignoreSalt' => md5(SettingsPiwik::getSalt()),
'token_auth' => $tokenAuth
);
$url = $matomoUrl . 'index.php?' . http_build_query($params);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
return curl_exec($ch);
}
private function findIgnoreCookie($rawHeaders)
{
$ignoreCookieName = Config::getInstance()->Tracker['ignore_visits_cookie_name'];
preg_match('/^Set-Cookie: ' . $ignoreCookieName . '=.*/m', $rawHeaders, $matches);
return $matches ? $matches[0] : '';
}
private function assertCookieSameSiteMatches($expectedSameSite, $cookieHeader)
{
$this->assertContains('SameSite=' . $expectedSameSite, $cookieHeader);
}
}
|
