feat: add support for partitioned cookies (#368)

* feat: add partitioned cookie configuration option

* docs: add mention of 'partitioned' option in README

* fix: throw LogicException when partitioned option is used in Symfony < 6.4

* style: add trailing comma to Cookie instantiation

DependencyInjection/Configuration.php

@@ -105,6 +105,7 @@ public function getConfigTreeBuilder(): TreeBuilder
                         ->scalarNode('domain')->defaultNull()->end()
                         ->scalarNode('http_only')->defaultTrue()->end()
                         ->scalarNode('secure')->defaultTrue()->end()
+                        ->scalarNode('partitioned')->defaultFalse()->end()
                         ->scalarNode('remove_token_from_body')->defaultTrue()->end()
                     ->end()
                 ->end()

EventListener/AttachRefreshTokenOnSuccessListener.php

@@ -19,6 +19,7 @@
 use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\HttpKernel\Kernel;
 
 class AttachRefreshTokenOnSuccessListener
 {
@@ -95,9 +96,14 @@ public function __construct(
             'http_only' => true,
             'secure' => true,
             'remove_token_from_body' => true,
+            'partitioned' => false,
         ], $cookieSettings);
         $this->returnExpiration = $returnExpiration;
         $this->returnExpirationParameterName = $returnExpirationParameterName;
+
+        if ($this->cookieSettings['partitioned'] && Kernel::VERSION < '6.4') {
+            throw new \LogicException(sprintf('The `partitioned` option for cookies is only available for Symfony 6.4 and above. You are currently on version %s', Kernel::VERSION));
+        }
     }
 
     public function attachRefreshToken(AuthenticationSuccessEvent $event): void
@@ -160,7 +166,8 @@ public function attachRefreshToken(AuthenticationSuccessEvent $event): void
                     $this->cookieSettings['secure'],
                     $this->cookieSettings['http_only'],
                     false,
-                    $this->cookieSettings['same_site']
+                    $this->cookieSettings['same_site'],
+                    $this->cookieSettings['partitioned'],
                 )
             );
 

EventListener/LogoutEventListener.php

@@ -41,6 +41,7 @@ public function __construct(
             'domain' => null,
             'http_only' => true,
             'secure' => true,
+            'partitioned' => false,
             'remove_token_from_body' => true,
         ], $cookieSettings);
         $this->logout_firewall_context = $logout_firewall_context;

README.md

@@ -400,6 +400,7 @@ gesdinet_jwt_refresh_token:
       domain: null                 # default value
       http_only: true              # default value
       secure: true                 # default value
+      partitioned: false           # default value
       remove_token_from_body: true # default value
 ```
 

Tests/Functional/DependencyInjection/ConfigurationTest.php

@@ -45,6 +45,7 @@ public function test_custom_configuration_is_valid(): void
                     'domain' => 'example.com',
                     'secure' => false,
                     'http_only' => false,
+                    'partitioned' => true,
                 ],
             ],
         ]);

Tests/Functional/DependencyInjection/GesdinetJWTRefreshTokenExtensionTest.php

@@ -37,6 +37,7 @@ public function test_container_is_loaded_with_default_configuration(): void
                 'domain' => null,
                 'secure' => true,
                 'http_only' => true,
+                'partitioned' => false,
                 'remove_token_from_body' => true,
             ],
         );
@@ -68,6 +69,7 @@ public function test_container_is_loaded_with_custom_configuration(): void
                 'domain' => 'example.com',
                 'secure' => false,
                 'http_only' => false,
+                'partitioned' => true,
             ],
         ]);
 
@@ -88,6 +90,7 @@ public function test_container_is_loaded_with_custom_configuration(): void
                 'domain' => 'example.com',
                 'secure' => false,
                 'http_only' => false,
+                'partitioned' => true,
                 'remove_token_from_body' => true,
             ],
         );