better cookie patching

creativeorange · Aug 29, 2020 · 921c28f · 921c28f
1 parent 0aaa1d5
commit 921c28f
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 34 deletions.
diff --git a/src/Console/Patch.php b/src/Console/Patch.php
@@ -143,18 +143,29 @@ private function handleCookiePatching()
         \file_put_contents($appConfigPath, $fileContents);
 
         $middlewarePath = \config('laravel-stubs.patch.middleware_folder').'/VerifyCsrfToken.php';
-        $middleware = \file_get_contents(__DIR__.'/../stubs/cookies/cookiemiddleware.stub');
+        $middlewareSerialized = \file_get_contents(__DIR__.'/../stubs/cookies/cookiemiddleware_serialized.stub');
+        $middlewareAddCookieToResponse = \file_get_contents(__DIR__.'/../stubs/cookies/cookiemiddleware_addCookieToResponse.stub');
+        $middlewareGetTokenFromRequest = \file_get_contents(__DIR__.'/../stubs/cookies/cookiemiddleware_getTokenFromRequest.stub');
+        $use = \file_get_contents(__DIR__.'/../stubs/cookies/cookiemiddleware_use.stub');
+
         $fileContents = \file_get_contents($middlewarePath);
-        if (!Str::contains($fileContents, $middleware)) {
-            $use = "use Illuminate\Cookie\CookieValuePrefix;
-            use Symfony\Component\HttpFoundation\Cookie;
-            use Illuminate\Contracts\Support\Responsable;";
+        if (!Str::contains($fileContents, $use)) {
             $fileContents = preg_replace('/(use .+;)([\s]+class)/', "$1\n".\preg_replace("/[ |\t]{2,}/", "", $use)."$2",
                 $fileContents);
-            $fileContents = preg_replace('/(})/', "\n".$middleware."\n$1",
+        }
+        if (!Str::contains($fileContents, 'protected function getTokenFromRequest')) {
+            $fileContents = preg_replace('/(class .*[\s\S]{[.|\s|\S]*)(})/', "$1\n".$middlewareGetTokenFromRequest."\n$2",
+                $fileContents);
+        }
+        if (!Str::contains($fileContents, 'protected function addCookieToResponse')) {
+            $fileContents = preg_replace('/(class .*[\s\S]{[.|\s|\S]*)(})/', "$1\n".$middlewareAddCookieToResponse."\n$2",
+                $fileContents);
+        }
+        if (!Str::contains($fileContents, 'public static function serialized')) {
+            $fileContents = preg_replace('/(class .*[\s\S]{[.|\s|\S]*)(})/', "$1\n".$middlewareSerialized."\n$2",
                 $fileContents);
-            \file_put_contents($middlewarePath, $fileContents);
         }
+        \file_put_contents($middlewarePath, $fileContents);
 
         $this->warn('Make sure to change the env values for local cookies or add a TLS certificate.');
         $this->info('Cookie patching done.');

diff --git a/src/stubs/cookies/cookiemiddleware.stub → ...cookiemiddleware_addCookieToResponse.stub b/src/stubs/cookies/cookiemiddleware.stub → ...cookiemiddleware_addCookieToResponse.stub
@@ -1,20 +1,3 @@
-    /**
-     * Get the CSRF token from the request.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @return string
-     */
-    protected function getTokenFromRequest($request)
-    {
-        $token = $request->input('_token') ?: $request->header(config('session.cookie_prefix').'X-CSRF-TOKEN');
-
-        if (! $token && $header = $request->header(config('session.cookie_prefix').'X-XSRF-TOKEN')) {
-            $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
-        }
-
-        return $token;
-    }
-
     /**
      * Add the CSRF token to the response cookies.
      *
@@ -38,14 +21,4 @@
         );
 
         return $response;
-    }
-
-    /**
-     * Determine if the cookie contents should be serialized.
-     *
-     * @return bool
-     */
-    public static function serialized()
-    {
-        return EncryptCookies::serialized(config('session.cookie_prefix').'XSRF-TOKEN');
     }
diff --git a/src/stubs/cookies/cookiemiddleware_getTokenFromRequest.stub b/src/stubs/cookies/cookiemiddleware_getTokenFromRequest.stub
@@ -0,0 +1,16 @@
+    /**
+     * Get the CSRF token from the request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return string
+     */
+    protected function getTokenFromRequest($request)
+    {
+        $token = $request->input('_token') ?: $request->header(config('session.cookie_prefix').'X-CSRF-TOKEN');
+
+        if (! $token && $header = $request->header(config('session.cookie_prefix').'X-XSRF-TOKEN')) {
+            $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
+        }
+
+        return $token;
+    }
diff --git a/src/stubs/cookies/cookiemiddleware_serialized.stub b/src/stubs/cookies/cookiemiddleware_serialized.stub
@@ -0,0 +1,9 @@
+    /**
+     * Determine if the cookie contents should be serialized.
+     *
+     * @return bool
+     */
+    public static function serialized()
+    {
+        return EncryptCookies::serialized(config('session.cookie_prefix').'XSRF-TOKEN');
+    }
diff --git a/src/stubs/cookies/cookiemiddleware_use.stub b/src/stubs/cookies/cookiemiddleware_use.stub
@@ -0,0 +1,3 @@
+use Illuminate\Cookie\CookieValuePrefix;
+use Symfony\Component\HttpFoundation\Cookie;
+use Illuminate\Contracts\Support\Responsable;