Add support for CHIPS

Author: natanfelles

src/Cookie.php

@@ -34,6 +34,7 @@ class Cookie implements \Stringable
     protected ?string $path = null;
     protected ?string $sameSite = null;
     protected bool $secure = false;
+    protected bool $partitioned = false;
     protected string $value;
 
     /**
@@ -86,6 +87,10 @@ public function toString() : string
         if ($part !== null) {
             $string .= '; SameSite=' . $part;
         }
+        $part = $this->isPartitioned();
+        if ($part) {
+            $string .= '; Partitioned';
+        }
         return $string;
     }
 
@@ -275,6 +280,29 @@ public function isSecure() : bool
         return $this->secure;
     }
 
+    /**
+     * @param bool $partitioned
+     *
+     * @see https://developer.mozilla.org/en-US/docs/Web/Privacy/Guides/Privacy_sandbox/Partitioned_cookies
+     * @see https://wiki.php.net/rfc/chips
+     *
+     * @return static
+     */
+    public function setPartitioned(bool $partitioned = true) : static
+    {
+        $this->partitioned = $partitioned;
+        return $this;
+    }
+
+    /**
+     * @return bool
+     */
+    #[Pure]
+    public function isPartitioned() : bool
+    {
+        return $this->partitioned;
+    }
+
     /**
      * @return bool
      */
@@ -299,6 +327,7 @@ public function send() : bool
         if ($value !== null) {
             $options['samesite'] = $value;
         }
+        $options['partitioned'] = $this->isPartitioned();
         // @phpstan-ignore-next-line
         return \setcookie($this->getName(), $this->getValue(), $options);
     }
@@ -347,6 +376,9 @@ public static function parse(string $line) : ?Cookie
                 case 'samesite':
                     $cookie->setSameSite($val);
                     break;
+                case 'partitioned':
+                    $cookie->setPartitioned();
+                    break;
             }
         }
         return $cookie;

tests/CookieTest.php

@@ -42,7 +42,10 @@ public function testExpires() : void
         self::assertSame((string) $time, $this->cookie->getExpires()->format('U'));
         $this->cookie->setExpires(new \DateTime('-5 hours'));
         self::assertInstanceOf(\DateTime::class, $this->cookie->getExpires());
-        self::assertSame((string) (\time() - 5 * 60 * 60), $this->cookie->getExpires()->format('U'));
+        self::assertSame(
+            (string) (\time() - 5 * 60 * 60),
+            $this->cookie->getExpires()->format('U')
+        );
         self::assertTrue($this->cookie->isExpired());
         $this->cookie->setExpires(null);
         self::assertNull($this->cookie->getExpires());
@@ -97,6 +100,15 @@ public function testSecure() : void
         self::assertFalse($this->cookie->isSecure());
     }
 
+    public function testPartitioned() : void
+    {
+        self::assertFalse($this->cookie->isPartitioned());
+        $this->cookie->setPartitioned();
+        self::assertTrue($this->cookie->isPartitioned());
+        $this->cookie->setPartitioned(false);
+        self::assertFalse($this->cookie->isPartitioned());
+    }
+
     /**
      * @runInSeparateProcess
      */
@@ -118,6 +130,7 @@ public function testSend() : void
         $this->cookie->setDomain('domain.tld')
             ->setPath('/blog')
             ->setSecure()
+            ->setPartitioned()
             ->setHttpOnly()
             ->setSameSite('strict')
             ->setValue('baz')
@@ -136,15 +149,35 @@ public function testSend() : void
         );
     }
 
+    /**
+     * @runInSeparateProcess
+     */
+    public function testSendWithPartitionedAndWithoutSecure() : void
+    {
+        $this->cookie->setPartitioned();
+        $this->expectException(\ValueError::class);
+        $this->expectExceptionMessage(
+            'setcookie(): "partitioned" option cannot be used without "secure" option'
+        );
+        $this->cookie->send();
+    }
+
     public function testString() : void
     {
         $time = \time() + 30;
-        $expected = 'foo=baz; expires='
-            . \date('D, d M Y H:i:s', $time)
-            . ' GMT; Max-Age=30; path=/blog; domain=domain.tld; secure; HttpOnly; SameSite=Strict';
+        $expected = 'foo=baz'
+            . '; expires=' . \date('D, d M Y H:i:s', $time) . ' GMT'
+            . '; Max-Age=30'
+            . '; path=/blog'
+            . '; domain=domain.tld'
+            . '; secure'
+            . '; HttpOnly'
+            . '; SameSite=Strict'
+            . '; Partitioned';
         $this->cookie->setDomain('domain.tld')
             ->setPath('/blog')
             ->setSecure()
+            ->setPartitioned()
             ->setHttpOnly()
             ->setSameSite('strict')
             ->setValue('baz')
@@ -163,7 +196,17 @@ public function testValue() : void
 
     public function testParse() : void
     {
-        $cookie = Cookie::parse('session_id=35ab1d7a4955d926a3694ab5990c0eb1; expires=Thu, 11-Jul-2019 04:57:19 GMT; Max-Age=0; path=/admin; domain=localhost; secure; HttpOnly; SameSite=Strict');
+        $cookie = Cookie::parse(
+            'session_id=35ab1d7a4955d926a3694ab5990c0eb1'
+            . '; expires=Thu, 11-Jul-2019 04:57:19 GMT'
+            . '; Max-Age=0'
+            . '; path=/admin'
+            . '; domain=localhost'
+            . '; secure'
+            . '; HttpOnly'
+            . '; SameSite=Strict'
+            . '; Partitioned'
+        );
         self::assertSame('session_id', $cookie->getName());
         self::assertSame('35ab1d7a4955d926a3694ab5990c0eb1', $cookie->getValue());
         self::assertSame('Thu, 11 Jul 2019 04:57:19 +0000', $cookie->getExpires()->format('r'));
@@ -172,11 +215,13 @@ public function testParse() : void
         self::assertTrue($cookie->isSecure());
         self::assertTrue($cookie->isHttpOnly());
         self::assertSame('Strict', $cookie->getSameSite());
+        self::assertTrue($cookie->isPartitioned());
         $cookie = Cookie::parse('sid=foo;secure;;HttpOnly;');
         self::assertSame('sid', $cookie->getName());
         self::assertSame('foo', $cookie->getValue());
         self::assertTrue($cookie->isSecure());
         self::assertTrue($cookie->isHttpOnly());
+        self::assertFalse($cookie->isPartitioned());
         self::assertNull(Cookie::parse('sid'));
         self::assertNull(Cookie::parse(';sid=foo'));
     }