Fix #97: Add HTTP cookie authentication method

DikoIbragimov · web-flow · commit ddb536cb7db2 · 2025-05-05T23:46:58.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## 3.1.2 under development
 
 - Enh #92: Use `SensitiveParameter` attribute to mark sensitive parameters (@ev-gor)
+- New #97: Add HTTP cookie authentication method (@IbragimovDiyorbek)
 - Chg #95, #99: Change PHP constraint in `composer.json` to `8.0 - 8.4` (@vjik)
 - Bug #99: Explicitly mark nullable parameters (@vjik)
 
diff --git a/README.md b/README.md
@@ -104,6 +104,15 @@ $authenticationMethod = (new \Yiisoft\Auth\Method\QueryParameter($identityReposi
     ->withParameterName('token');
 ```
 
+### HTTP cookie authentication
+
+```php
+$authenticationMethod = (new \Yiisoft\Auth\Method\HttpCookie($identityRepository))
+    ->withCookieName('access-token');
+```
+
+Typical authentication for websites by storing a token in a browser cookie.
+
 ### Using multiple authentication methods
 
 To use multiple authentication methods, use `Yiisoft\Auth\Method\Composite`:
diff --git a/src/Method/HttpCookie.php b/src/Method/HttpCookie.php
@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yiisoft\Auth\Method;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Yiisoft\Auth\AuthenticationMethodInterface;
+use Yiisoft\Auth\IdentityInterface;
+use Yiisoft\Auth\IdentityWithTokenRepositoryInterface;
+
+/**
+ * HTTP cookie authentication method.
+ *
+ * @see https://tools.ietf.org/html/rfc6265
+ */
+final class HttpCookie implements AuthenticationMethodInterface
+{
+    private string $cookieName = 'access-token';
+    private ?string $tokenType = null;
+
+    public function __construct(
+        private IdentityWithTokenRepositoryInterface $identityRepository
+    ) {
+    }
+
+    public function authenticate(ServerRequestInterface $request): IdentityInterface|null
+    {
+        $authToken = $this->getAuthenticationToken($request);
+
+        if ($authToken === null) {
+            return null;
+        }
+
+        return $this->identityRepository->findIdentityByToken($authToken, $this->tokenType);
+    }
+
+    public function challenge(ResponseInterface $response): ResponseInterface
+    {
+        return $response;
+    }
+
+    /**
+     * @psalm-immutable
+     */
+    public function withCookieName(string $cookieName): self
+    {
+        $new = clone $this;
+        $new->cookieName = $cookieName;
+        return $new;
+    }
+
+    /**
+     * @psalm-immutable
+     */
+    public function withTokenType(?string $type): self
+    {
+        $new = clone $this;
+        $new->tokenType = $type;
+        return $new;
+    }
+
+    private function getAuthenticationToken(ServerRequestInterface $request): ?string
+    {
+        $cookies = $request->getCookieParams();
+
+        return $cookies[$this->cookieName] ?? null;
+    }
+}
diff --git a/tests/Method/HttpCookieTest.php b/tests/Method/HttpCookieTest.php
@@ -0,0 +1,124 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Yiisoft\Auth\Tests\Method;
+
+use Nyholm\Psr7\Response;
+use Nyholm\Psr7\ServerRequest;
+use PHPUnit\Framework\TestCase;
+use Psr\Http\Message\ServerRequestInterface;
+use Yiisoft\Auth\IdentityInterface;
+use Yiisoft\Auth\Method\HttpCookie;
+use Yiisoft\Auth\Tests\Stub\FakeIdentity;
+use Yiisoft\Auth\Tests\Stub\FakeIdentityRepository;
+use Yiisoft\Http\Method;
+
+final class HttpCookieTest extends TestCase
+{
+    public function testSuccessfulAuthentication(): void
+    {
+        $identity = $this->createIdentity();
+        $identityRepository = new FakeIdentityRepository($identity);
+        $result = (new HttpCookie($identityRepository))->authenticate(
+            $this->createRequest(['access-token' => 'access-token-value'])
+        );
+
+        $this->assertSame($result, $identity);
+        $this->assertEquals(
+            [
+                'findIdentityByToken' => [
+                    'token' => 'access-token-value',
+                    'type' => null,
+                ],
+            ],
+            $identityRepository->getCallParams()
+        );
+    }
+
+    public function testWithoutToken(): void
+    {
+        $identity = $this->createIdentity();
+        $identityRepository = new FakeIdentityRepository($identity);
+
+        $result = (new HttpCookie($identityRepository))->authenticate(
+            $this->createRequest()
+        );
+
+        $this->assertNull($result);
+    }
+
+    public function testIdentityNotFoundByToken(): void
+    {
+        $identityRepository = new FakeIdentityRepository(null);
+        $authenticationMethod = new HttpCookie($identityRepository);
+
+        $this->assertNull(
+            $authenticationMethod->authenticate(
+                $this->createRequest(['access-token' => 'access-token-value'])
+            )
+        );
+    }
+
+    public function testChallengeImmutabilityStatus(): void
+    {
+        $response = new Response(400);
+        $identityRepository = new FakeIdentityRepository($this->createIdentity());
+        $authenticationMethod = new HttpCookie($identityRepository);
+
+        $this->assertSame($response, $authenticationMethod->challenge($response));
+    }
+
+    public function testCustomTokenParam(): void
+    {
+        $identityRepository = new FakeIdentityRepository($this->createIdentity());
+        $authenticationMethod = (new HttpCookie($identityRepository))
+            ->withCookieName('AuthToken');
+
+        $result = $authenticationMethod->authenticate(
+            $this->createRequest(['AuthToken' => 'AccessTokenValue'])
+        );
+
+        $this->assertNotNull($result);
+        $this->assertEquals('test-id', $result->getId());
+    }
+
+    public function testImmutability(): void
+    {
+        $identityRepository = new FakeIdentityRepository($this->createIdentity());
+        $original = (new HttpCookie($identityRepository));
+        $this->assertNotSame($original, $original->withCookieName('cookieName'));
+        $this->assertNotSame($original, $original->withTokenType('another-token-type'));
+    }
+
+    public function testWithTokenType(): void
+    {
+        $identityRepository = new FakeIdentityRepository($this->createIdentity());
+        (new HttpCookie($identityRepository))
+            ->withTokenType('another-token-type')
+            ->authenticate(
+                $this->createRequest(['access-token' => 'access-token-value'])
+            );
+
+        $this->assertEquals(
+            [
+                'findIdentityByToken' => [
+                    'token' => 'access-token-value',
+                    'type' => 'another-token-type',
+                ],
+            ],
+            $identityRepository->getCallParams()
+        );
+    }
+
+    private function createIdentity(): IdentityInterface
+    {
+        return new FakeIdentity('test-id');
+    }
+
+    private function createRequest(array $cookieParams = []): ServerRequestInterface
+    {
+        return (new ServerRequest(Method::GET, '/'))
+            ->withCookieParams($cookieParams);
+    }
+}
