Enable custom umask for cache files

While #617 is well intentioned for its
security concerns, it has an annoying side effect when the cache is
shared between an application's CLI and Web Interface.  Unless you use
the same username for Apache or PHP-FPM to access the CLI (which you
shouldn't), a cache file will only be readable by whichever interface
created it.

My solution is to add a third constructor argument to `Google_Cache_File`
for setting a custom umask.  I've assigned it the default value `077` so
that default permissions for files and directories will remain `0600` and
`0700` respectively.

Author: huebs

src/Google/Cache/File.php

@@ -30,17 +30,19 @@ class Google_Cache_File implements CacheInterface
 {
   const MAX_LOCK_RETRIES = 10;
   private $path;
+  private $umask;
   private $fh;
 
   /**
    * @var use Psr\Log\LoggerInterface logger
    */
   private $logger;
 
-  public function __construct($path, LoggerInterface $logger = null)
+  public function __construct($path, LoggerInterface $logger = null, $umask = 077)
   {
     $this->path = $path;
     $this->logger = $logger;
+    $this->umask = $umask;
   }
 
   public function get($key, $expiration = false)
@@ -155,7 +157,7 @@ private function getCacheDir($file, $forWrite)
     // trim the directory separator from the path to prevent double separators
     $storageDir = rtrim($this->path, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $dirHash;
     if ($forWrite && ! is_dir($storageDir)) {
-      if (! mkdir($storageDir, 0700, true)) {
+      if (! mkdir($storageDir, 0770 & ~$this->umask, true)) {
         $this->log(
             'error',
             'File cache creation failed',
@@ -199,7 +201,7 @@ private function acquireLock($type, $storageFile)
       return false;
     }
     if ($type == LOCK_EX) {
-      chmod($storageFile, 0600);
+      chmod($storageFile, 0660 & ~$this->umask);
     }
     $count = 0;
     while (!flock($this->fh, $type | LOCK_NB)) {

tests/Google/CacheTest.php

@@ -40,6 +40,34 @@ public function testFileWithTrailingSlash()
     $this->getSetDelete($cache);
   }
 
+  public function testFileWithDefaultMask()
+  {
+    $dir = sys_get_temp_dir() . '/google-api-php-client/tests/';
+    $cache = new Google_Cache_File($dir);
+    $cache->set('foo', 'bar');
+
+    $method = new ReflectionMethod($cache, 'getWriteableCacheFile');
+    $method->setAccessible(true);
+    $filename = $method->invoke($cache, 'foo');
+    $stat = stat($filename);
+
+    $this->assertEquals($stat['mode'] & 0777, 0600);
+  }
+
+  public function testFileWithCustomMask()
+  {
+    $dir = sys_get_temp_dir() . '/google-api-php-client/tests/';
+    $cache = new Google_Cache_File($dir, null, 07);
+    $cache->set('foo', 'bar');
+
+    $method = new ReflectionMethod($cache, 'getWriteableCacheFile');
+    $method->setAccessible(true);
+    $filename = $method->invoke($cache, 'foo');
+    $stat = stat($filename);
+
+    $this->assertEquals($stat['mode'] & 0777, 0660);
+  }
+
   public function testNull()
   {
     $cache = new Google_Cache_Null();