Use Zero Literally When Cookie Expiration is Zero (#37)

* Use Zero Literally When Cookie Expiration is Zero

Otherwise add the cookie expiration to the current time. This means that
folks using the `0` in their bundle config will have a cookie that lasts
the length of the browser session. Everyone else will get a cookie that
expiers $cookieExpire seconds in the future.

Should fix #33 and address some of the concerns raised in #35 and the
commit 5479263

* Add Tests to Verify the Cookie Expiration Behavior

- One test to verify that a zero value sets the cookie with no
  expiration (a session cookie).
- Another to test that an actual expiration is set to a time in the
  future.

Author: chrisguitarguy

EventListener/AngularCsrfCookieListener.php

@@ -98,7 +98,7 @@ public function onKernelResponse(FilterResponseEvent $event)
         $event->getResponse()->headers->setCookie(new Cookie(
             $this->cookieName,
             $this->angularCsrfTokenManager->getToken()->getValue(),
-            time() + $this->cookieExpire,
+            0 === $this->cookieExpire ? $this->cookieExpire : time() + $this->cookieExpire,
             $this->cookiePath,
             $this->cookieDomain,
             $this->cookieSecure,

spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php

@@ -13,6 +13,7 @@
 use Dunglas\AngularCsrfBundle\Routing\RouteMatcherInterface;
 use PhpSpec\ObjectBehavior;
 use Prophecy\Argument;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
@@ -35,6 +36,8 @@ class AngularCsrfCookieListenerSpec extends ObjectBehavior
     private $routes = array('^/punk', '^/rock$');
     private $secureRequest;
     private $unsecureRequest;
+    private $tokenManager;
+    private $routeMatcher;
 
     public function let(
         AngularCsrfTokenManager $tokenManager,
@@ -45,16 +48,18 @@ public function let(
     ) {
         $token->getValue()->willReturn(self::TOKEN_VALUE);
         $tokenManager->getToken()->willReturn($token);
+        $this->tokenManager = $tokenManager;
 
         $this->secureRequest = $secureRequest;
         $this->unsecureRequest = $unsecureRequest;
 
         $routeMatcher->match($this->secureRequest, $this->routes)->willReturn(true);
         $routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false);
+        $this->routeMatcher = $routeMatcher;
 
         $this->beConstructedWith(
-            $tokenManager,
-            $routeMatcher,
+            $this->tokenManager,
+            $this->routeMatcher,
             $this->routes,
             self::COOKIE_NAME,
             self::COOKIE_EXPIRE,
@@ -100,4 +105,56 @@ public function it_does_not_set_cookie_when_it_does_not(FilterResponseEvent $eve
 
         $this->onKernelResponse($event);
     }
+
+    public function it_sets_a_cookie_with_no_expiration_when_cookie_expire_is_zero(
+        FilterResponseEvent $event,
+        Response $response,
+        ResponseHeaderBag $headers
+    ) {
+        $headers->setCookie(Argument::allOf(
+            Argument::type('Symfony\Component\HttpFoundation\Cookie'),
+            Argument::that(function (Cookie $c) {
+                return $c->getExpiresTime() === 0;
+            })
+        ))->shouldBeCalled();
+        $response->headers = $headers;
+
+        $event->getRequestType()->willReturn(HttpKernelInterface::MASTER_REQUEST)->shouldBeCalled();
+        $event->getRequest()->willReturn($this->secureRequest)->shouldBeCalled();
+        $event->getResponse()->willReturn($response)->shouldBeCalled();
+
+        $this->onKernelResponse($event);
+    }
+
+    public function it_sets_a_cookie_with_expiration_in_the_future_when_expiration_when_required(
+        CsrfToken $token,
+        FilterResponseEvent $event,
+        Response $response,
+        ResponseHeaderBag $headers
+    ) {
+        $headers->setCookie(Argument::allOf(
+            Argument::type('Symfony\Component\HttpFoundation\Cookie'),
+            Argument::that(function (Cookie $c) {
+                return $c->getExpiresTime() > time();
+            })
+        ))->shouldBeCalled();
+        $response->headers = $headers;
+
+        $this->beConstructedWith(
+            $this->tokenManager,
+            $this->routeMatcher,
+            $this->routes,
+            self::COOKIE_NAME,
+            3600,
+            self::COOKIE_PATH,
+            self::COOKIE_DOMAIN,
+            self::COOKIE_SECURE
+        );
+
+        $event->getRequestType()->willReturn(HttpKernelInterface::MASTER_REQUEST)->shouldBeCalled();
+        $event->getRequest()->willReturn($this->secureRequest)->shouldBeCalled();
+        $event->getResponse()->willReturn($response)->shouldBeCalled();
+
+        $this->onKernelResponse($event);
+    }
 }