SecurityExtension: added section 'authentication'

Author: dg

composer.json

@@ -19,7 +19,7 @@
 		"nette/utils": "^3.1"
 	},
 	"require-dev": {
-		"nette/di": "^3.0.0",
+		"nette/di": "^3.0.1",
 		"nette/http": "^3.0.0",
 		"nette/tester": "^2.0",
 		"tracy/tracy": "^2.4",

src/Bridges/SecurityDI/SecurityExtension.php

@@ -44,6 +44,13 @@ public function getConfigSchema(): Nette\Schema\Schema
 			),
 			'roles' => Expect::arrayOf('string|array|null')->deprecated(), // role => parent(s)
 			'resources' => Expect::arrayOf('string|null')->deprecated(), // resource => parent
+			'authentication' => Expect::structure([
+				'storage' => Expect::anyOf('session', 'cookie')->default('session'),
+				'expiration' => Expect::string()->dynamic(),
+				'cookieName' => Expect::string(),
+				'cookieDomain' => Expect::string(),
+				'cookieSamesite' => Expect::anyOf('Lax', 'Strict', 'None'),
+			]),
 		]);
 	}
 
@@ -57,9 +64,20 @@ public function loadConfiguration()
 		$builder->addDefinition($this->prefix('passwords'))
 			->setFactory(Nette\Security\Passwords::class);
 
+		$auth = $config->authentication;
 		$storage = $builder->addDefinition($this->prefix('userStorage'))
 			->setType(Nette\Security\UserStorage::class)
-			->setFactory(Nette\Bridges\SecurityHttp\SessionStorage::class);
+			->setFactory([
+				'session' => Nette\Bridges\SecurityHttp\SessionStorage::class,
+				'cookie' => Nette\Bridges\SecurityHttp\CookieStorage::class,
+			][$auth->storage]);
+
+		if ($auth->storage === 'cookie') {
+			if ($auth->cookieDomain === 'domain') {
+				$auth->cookieDomain = $builder::literal('$this->getByType(Nette\Http\IRequest::class)->getUrl()->getDomain(2)');
+			}
+			$storage->addSetup('setCookieParameters', [$auth->cookieName, $auth->cookieDomain, $auth->cookieSamesite]);
+		}
 
 		$builder->addDefinition($this->prefix('legacyUserStorage')) // deprecated
 			->setType(Nette\Security\IUserStorage::class)
@@ -68,6 +86,10 @@ public function loadConfiguration()
 		$user = $builder->addDefinition($this->prefix('user'))
 			->setFactory(Nette\Security\User::class);
 
+		if ($auth->expiration) {
+			$user->addSetup('setExpiration', [$auth->expiration]);
+		}
+
 		if ($config->users) {
 			$usersList = $usersRoles = $usersData = [];
 			foreach ($config->users as $username => $data) {

tests/Security.DI/SecurityExtension.cookieStorage.phpt

@@ -17,7 +17,7 @@ require __DIR__ . '/../bootstrap.php';
 
 
 $compiler = new DI\Compiler;
-$compiler->addExtension('foo', new HttpExtension);
+$compiler->addExtension('http', new HttpExtension);
 $compiler->addExtension('session', new SessionExtension);
 $compiler->addExtension('security', new SecurityExtension);
 
@@ -28,16 +28,23 @@ security:
 		storage: cookie
 		expiration: 1 week
 		cookieName: abc
-		cookieDomain: xyz
+		cookieDomain: domain
 		cookieSamesite: Strict
+
+services:
+	http.request: Nette\Http\Request(Nette\Http\UrlScript("http://www.nette.org"))
 ', 'neon'));
 
 eval($compiler->addConfig($config)->compile());
 $container = new Container;
 
 $storage = $container->getService('security.userStorage');
+$user = $container->getService('security.user');
 Assert::type(Nette\Bridges\SecurityHttp\CookieStorage::class, $storage);
 
 Assert::with($storage, function () {
 	Assert::same('1 week', $this->cookieExpiration);
+	Assert::same('abc', $this->cookieName);
+	Assert::same('nette.org', $this->cookieDomain);
+	Assert::same('Strict', $this->cookieSameSite);
 });

tests/Security.DI/SecurityExtension.sessionStorage.phpt

@@ -31,4 +31,6 @@ security:
 eval($compiler->addConfig($config)->compile());
 $container = new Container;
 
-Assert::type(Nette\Bridges\SecurityHttp\SessionStorage::class, $container->getService('security.userStorage'));
+$storage = $container->getService('security.userStorage');
+$user = $container->getService('security.user');
+Assert::type(Nette\Bridges\SecurityHttp\SessionStorage::class, $storage);