Class EncryptedCookieMiddleware
Middlware for encrypting & decrypting cookies.
This middleware layer will encrypt/decrypt the named cookies with the given key and cipher type. To support multiple keys/cipher types use this middleware multiple times.
Cookies in request data will be decrypted, while cookies in response headers will
be encrypted automatically. If the response is a Cake\Http\Response, the cookie
data set with withCookie() and `cookie()`` will also be encrypted.
The encryption types and padding are compatible with those used by CookieComponent for backwards compatibility.
Property Summary
-
$_validCiphers protected
string[]Valid cipher names for encrypted cookies.
-
$cipherType protected
stringEncryption type.
-
$cookieNames protected
arrayThe list of cookies to encrypt/decrypt
-
$key protected
stringEncryption key to use.
Method Summary
-
__construct() public
Constructor
-
__invoke() public
Apply cookie encryption/decryption.
-
_checkCipher() protected
Helper method for validating encryption cipher names.
-
_decode() protected
Decodes and decrypts a single value.
-
_decrypt() protected
Decrypts $value using public $type method in Security class
-
_encrypt() protected
Encrypts $value using public $type method in Security class
-
_explode() protected
Explode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
-
_getCookieEncryptionKey() protected
Fetch the cookie encryption key.
-
_implode() protected
Implode method to keep keys are multidimensional arrays
-
decodeCookies() protected
Decode cookies from the request.
-
encodeCookies() protected
Encode cookies from a response's CookieCollection.
-
encodeSetCookieHeader() protected
Encode cookies from a response's Set-Cookie header
Method Detail
__construct() ¶ public
__construct(array $cookieNames, string $key, string $cipherType = 'aes')Constructor
Parameters
-
array$cookieNames The list of cookie names that should have their values encrypted.
-
string$key The encryption key to use.
-
string$cipherType optional The cipher type to use. Defaults to 'aes', but can also be 'rijndael' for backwards compatibility.
__invoke() ¶ public
__invoke(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Message\ResponseInterface $response, callable $next): Psr\Http\Message\ResponseInterfaceApply cookie encryption/decryption.
Parameters
-
Psr\Http\Message\ServerRequestInterface$request The request.
-
Psr\Http\Message\ResponseInterface$response The response.
-
callable$next The next middleware to call.
Returns
Psr\Http\Message\ResponseInterfaceA response.
_checkCipher() ¶ protected
_checkCipher(string $encrypt): voidHelper method for validating encryption cipher names.
Parameters
-
string$encrypt The cipher name.
Returns
voidThrows
RuntimeExceptionWhen an invalid cipher is provided.
_decode() ¶ protected
_decode(string $value, string|false $encrypt, string|null $key): string|arrayDecodes and decrypts a single value.
Parameters
-
string$value The value to decode & decrypt.
-
string|false$encrypt The encryption cipher to use.
-
string|null$key Used as the security salt if specified.
Returns
string|arrayDecoded values.
_decrypt() ¶ protected
_decrypt(string[]|string $values, string|false $mode, string|null $key = null): string|arrayDecrypts $value using public $type method in Security class
Parameters
-
string[]|string$values Values to decrypt
-
string|false$mode Encryption mode
-
string|null$key optional Used as the security salt if specified.
Returns
string|arrayDecrypted values
_encrypt() ¶ protected
_encrypt(string|array $value, string|false $encrypt, string|null $key = null): stringEncrypts $value using public $type method in Security class
Parameters
-
string|array$value Value to encrypt
-
string|false$encrypt Encryption mode to use. False disabled encryption.
-
string|null$key optional Used as the security salt if specified.
Returns
stringEncoded values
_explode() ¶ protected
_explode(string $string): string|arrayExplode method to return array from string set in CookieComponent::_implode() Maintains reading backwards compatibility with 1.x CookieComponent::_implode().
Parameters
-
string$string A string containing JSON encoded data, or a bare string.
Returns
string|arrayMap of key and values
_getCookieEncryptionKey() ¶ protected
_getCookieEncryptionKey(): stringFetch the cookie encryption key.
Part of the CookieCryptTrait implementation.
Returns
string_implode() ¶ protected
_implode(array $array): stringImplode method to keep keys are multidimensional arrays
Parameters
-
array$array Map of key and values
Returns
stringA json encoded string.
decodeCookies() ¶ protected
decodeCookies(Psr\Http\Message\ServerRequestInterface $request): Psr\Http\Message\ServerRequestInterfaceDecode cookies from the request.
Parameters
-
Psr\Http\Message\ServerRequestInterface$request The request to decode cookies from.
Returns
Psr\Http\Message\ServerRequestInterfaceUpdated request with decoded cookies.
encodeCookies() ¶ protected
encodeCookies(Cake\Http\Response $response): Cake\Http\ResponseEncode cookies from a response's CookieCollection.
Parameters
-
Cake\Http\Response$response The response to encode cookies in.
Returns
Cake\Http\ResponseUpdated response with encoded cookies.
encodeSetCookieHeader() ¶ protected
encodeSetCookieHeader(Psr\Http\Message\ResponseInterface $response): Psr\Http\Message\ResponseInterfaceEncode cookies from a response's Set-Cookie header
Parameters
-
Psr\Http\Message\ResponseInterface$response The response to encode cookies in.
Returns
Psr\Http\Message\ResponseInterfaceUpdated response with encoded cookies.