Example #1
0
 /**
  * Fetch the rights allowed the user when the specified session is active.
  * @param SessionBackend $backend
  * @return null|string[] Allowed user rights, or null to allow all.
  */
 public function getAllowedUserRights(SessionBackend $backend)
 {
     if ($backend->getProvider() !== $this) {
         // Not that this should ever happen...
         throw new \InvalidArgumentException('Backend\'s provider isn\'t $this');
     }
     return null;
 }
Example #2
0
 /**
  * Set the "forceHTTPS" cookie
  * @param bool $set Whether the cookie should be set or not
  * @param SessionBackend|null $backend
  * @param WebRequest $request
  */
 protected function setForceHTTPSCookie($set, SessionBackend $backend = null, WebRequest $request)
 {
     $response = $request->response();
     if ($set) {
         $response->setCookie('forceHTTPS', 'true', $backend->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $this->cookieOptions);
     } else {
         $response->clearCookie('forceHTTPS', array('prefix' => '', 'secure' => false) + $this->cookieOptions);
     }
 }
Example #3
0
 /**
  * Change a SessionBackend's ID
  * @private For use from \\MediaWiki\\Session\\SessionBackend only
  * @param SessionBackend $backend
  */
 public function changeBackendId(SessionBackend $backend)
 {
     $sessionId = $backend->getSessionId();
     $oldId = (string) $sessionId;
     if (!isset($this->allSessionBackends[$oldId]) || !isset($this->allSessionIds[$oldId]) || $this->allSessionBackends[$oldId] !== $backend || $this->allSessionIds[$oldId] !== $sessionId) {
         throw new \InvalidArgumentException('Backend was not registered with this SessionManager');
     }
     $newId = $this->generateSessionId();
     unset($this->allSessionBackends[$oldId], $this->allSessionIds[$oldId]);
     $sessionId->setId($newId);
     $this->allSessionBackends[$newId] = $backend;
     $this->allSessionIds[$newId] = $sessionId;
 }
Example #4
0
 public function testConstructor()
 {
     // Set variables
     $this->getBackend();
     $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', false), 'idIsSafe' => true));
     $id = new SessionId($info->getId());
     $logger = new \Psr\Log\NullLogger();
     try {
         new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
         $this->fail('Expected exception not thrown');
     } catch (\InvalidArgumentException $ex) {
         $this->assertSame("Refusing to create session for unverified user {$info->getUserInfo()}", $ex->getMessage());
     }
     $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => self::SESSIONID, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true));
     $id = new SessionId($info->getId());
     try {
         new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
         $this->fail('Expected exception not thrown');
     } catch (\InvalidArgumentException $ex) {
         $this->assertSame('Cannot create session without a provider', $ex->getMessage());
     }
     $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true));
     $id = new SessionId('!' . $info->getId());
     try {
         new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
         $this->fail('Expected exception not thrown');
     } catch (\InvalidArgumentException $ex) {
         $this->assertSame('SessionId and SessionInfo don\'t match', $ex->getMessage());
     }
     $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true));
     $id = new SessionId($info->getId());
     $backend = new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
     $this->assertSame(self::SESSIONID, $backend->getId());
     $this->assertSame($id, $backend->getSessionId());
     $this->assertSame($this->provider, $backend->getProvider());
     $this->assertInstanceOf('User', $backend->getUser());
     $this->assertSame('UTSysop', $backend->getUser()->getName());
     $this->assertSame($info->wasPersisted(), $backend->isPersistent());
     $this->assertSame($info->wasRemembered(), $backend->shouldRememberUser());
     $this->assertSame($info->forceHTTPS(), $backend->shouldForceHTTPS());
     $expire = time() + 100;
     $this->store->setSessionMeta(self::SESSIONID, array('expires' => $expire), 2);
     $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'forceHTTPS' => true, 'metadata' => array('foo'), 'idIsSafe' => true));
     $id = new SessionId($info->getId());
     $backend = new SessionBackend($id, $info, $this->store, $this->store, $logger, 10);
     $this->assertSame(self::SESSIONID, $backend->getId());
     $this->assertSame($id, $backend->getSessionId());
     $this->assertSame($this->provider, $backend->getProvider());
     $this->assertInstanceOf('User', $backend->getUser());
     $this->assertTrue($backend->getUser()->isAnon());
     $this->assertSame($info->wasPersisted(), $backend->isPersistent());
     $this->assertSame($info->wasRemembered(), $backend->shouldRememberUser());
     $this->assertSame($info->forceHTTPS(), $backend->shouldForceHTTPS());
     $this->assertSame($expire, \TestingAccessWrapper::newFromObject($backend)->expires);
     $this->assertSame(array('foo'), $backend->getProviderMetadata());
 }
Example #5
0
 public function getAllowedUserRights(SessionBackend $backend)
 {
     if ($backend->getProvider() !== $this) {
         throw new \InvalidArgumentException('Backend\'s provider isn\'t $this');
     }
     $data = $backend->getProviderMetadata();
     if ($data && isset($data['rights']) && is_array($data['rights'])) {
         return $data['rights'];
     }
     // Should never happen
     $this->logger->debug(__METHOD__ . ': No provider metadata, returning no rights allowed');
     return [];
 }
Example #6
0
 public function persistSession(SessionBackend $session, WebRequest $request)
 {
     if ($this->sessionCookieName === null) {
         return;
     }
     $response = $request->response();
     if ($response->headersSent()) {
         // Can't do anything now
         $this->logger->debug(__METHOD__ . ': Headers already sent');
         return;
     }
     $options = $this->sessionCookieOptions;
     if ($session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS()) {
         $response->setCookie('forceHTTPS', 'true', $session->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $options);
         $options['secure'] = true;
     }
     $response->setCookie($this->sessionCookieName, $session->getId(), null, $options);
 }
Example #7
0
 /**
  * Set the "forceHTTPS" cookie
  * @param bool $set Whether the cookie should be set or not
  * @param SessionBackend|null $backend
  * @param WebRequest $request
  */
 protected function setForceHTTPSCookie($set, SessionBackend $backend = null, WebRequest $request)
 {
     $response = $request->response();
     if ($set) {
         if ($backend->shouldRememberUser()) {
             $expirationDuration = $this->getLoginCookieExpiration('forceHTTPS', true);
             $expiration = $expirationDuration ? $expirationDuration + time() : null;
         } else {
             $expiration = null;
         }
         $response->setCookie('forceHTTPS', 'true', $expiration, ['prefix' => '', 'secure' => false] + $this->cookieOptions);
     } else {
         $response->clearCookie('forceHTTPS', ['prefix' => '', 'secure' => false] + $this->cookieOptions);
     }
 }
Example #8
0
 public function persistSession(SessionBackend $session, WebRequest $request)
 {
     $response = $request->response();
     if ($response->headersSent()) {
         // Can't do anything now
         $this->logger->debug(__METHOD__ . ': Headers already sent');
         return;
     }
     $user = $session->getUser();
     $cookies = $this->cookieDataToExport($user, $session->shouldRememberUser());
     $sessionData = $this->sessionDataToExport($user);
     // Legacy hook
     if ($this->params['callUserSetCookiesHook'] && !$user->isAnon()) {
         \Hooks::run('UserSetCookies', array($user, &$sessionData, &$cookies));
     }
     $options = $this->cookieOptions;
     if ($session->shouldForceHTTPS() || $user->requiresHTTPS()) {
         $response->setCookie('forceHTTPS', 'true', $session->shouldRememberUser() ? 0 : null, array('prefix' => '', 'secure' => false) + $options);
         $options['secure'] = true;
     }
     $response->setCookie($this->params['sessionName'], $session->getId(), null, array('prefix' => '') + $options);
     $extendedCookies = $this->config->get('ExtendedLoginCookies');
     $extendedExpiry = $this->config->get('ExtendedLoginCookieExpiration');
     foreach ($cookies as $key => $value) {
         if ($value === false) {
             $response->clearCookie($key, $options);
         } else {
             if ($extendedExpiry !== null && in_array($key, $extendedCookies)) {
                 $expiry = time() + (int) $extendedExpiry;
             } else {
                 $expiry = 0;
                 // Default cookie expiration
             }
             $response->setCookie($key, (string) $value, $expiry, $options);
         }
     }
     $this->setLoggedOutCookie($session->getLoggedOutTimestamp(), $request);
     if ($sessionData) {
         $session->addData($sessionData);
     }
 }