MDL-81405 tool_mobile: Set Partitioned cookie for the mobile app

admin/tool/mobile/classes/local/hooks/output/before_http_headers.php

@@ -0,0 +1,41 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace tool_mobile\local\hooks\output;
+use core\session\utility\cookie_helper;
+
+/**
+ * Allows plugins to modify headers.
+ *
+ * @package    tool_mobile
+ * @copyright  2024 Juan Leyva
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class before_http_headers {
+    /**
+     * Callback to allow modify headers.
+     *
+     * @param \core\hook\output\before_http_headers $hook
+     */
+    public static function callback(\core\hook\output\before_http_headers $hook): void {
+        global $CFG;
+
+        // Set Partitioned and Secure attributes to the MoodleSession cookie if the user is using the Moodle app.
+        if (\core_useragent::is_moodle_app()) {
+            cookie_helper::add_attributes_to_cookie_response_header('MoodleSession'.$CFG->sessioncookie, ['Secure', 'Partitioned']);
+        }
+    }
+}

admin/tool/mobile/classes/local/hooks/user/after_complete_login.php

@@ -15,6 +15,7 @@
 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 
 namespace tool_mobile\local\hooks\user;
+use core\session\utility\cookie_helper;
 
 /**
  * Handles mobile app launches when a third-party auth plugin did not properly set $SESSION->wantsurl.
@@ -39,5 +40,10 @@ class after_complete_login {
                 $SESSION->wantsurl = (new \moodle_url("/$CFG->admin/tool/mobile/launch.php", $params))->out(false);
             }
         }
+
+        // Set Partitioned and Secure attributes to the MoodleSession cookie if the user is using the Moodle app.
+        if (\core_useragent::is_moodle_app()) {
+            cookie_helper::add_attributes_to_cookie_response_header('MoodleSession'.$CFG->sessioncookie, ['Secure', 'Partitioned']);
+        }
     }
 }

admin/tool/mobile/db/hooks.php

@@ -44,4 +44,8 @@ $callbacks = [
         'callback' => 'tool_mobile\local\hooks\user\after_user_passed_mfa::callback',
         'priority' => 500,
     ],
+    [
+        'hook' => \core\hook\output\before_http_headers::class,
+        'callback' => [\tool_mobile\local\hooks\output\before_http_headers::class, 'callback'],
+    ],
 ];

lib/tests/component_test.php

@@ -540,7 +540,7 @@ class component_test extends advanced_testcase {
         $this->assertCount(5, core_component::get_component_classes_in_namespace('core_user', 'output\\myprofile'));
 
         // Without namespace it returns classes/ classes.
-        $this->assertCount(8, core_component::get_component_classes_in_namespace('tool_mobile', ''));
+        $this->assertCount(9, core_component::get_component_classes_in_namespace('tool_mobile', ''));
         $this->assertCount(2, core_component::get_component_classes_in_namespace('tool_filetypes'));
 
         // When no component is specified, classes are returned for the namespace in all components.