/**
* @covers RequestContext::importScopedSession
*/
public function testImportScopedSession()
{
// Make sure session handling is started
if (!MediaWiki\Session\PHPSessionHandler::isInstalled()) {
MediaWiki\Session\PHPSessionHandler::install(MediaWiki\Session\SessionManager::singleton());
}
$oldSessionId = session_id();
$context = RequestContext::getMain();
$oInfo = $context->exportSession();
$this->assertEquals('127.0.0.1', $oInfo['ip'], "Correct initial IP address.");
$this->assertEquals(0, $oInfo['userId'], "Correct initial user ID.");
$this->assertFalse(MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent(), 'Global session isn\'t persistent to start');
$user = User::newFromName('UnitTestContextUser');
$user->addToDatabase();
$sinfo = ['sessionId' => 'd612ee607c87e749ef14da4983a702cd', 'userId' => $user->getId(), 'ip' => '192.0.2.0', 'headers' => ['USER-AGENT' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0']];
// importScopedSession() sets these variables
$this->setMwGlobals(['wgUser' => new User(), 'wgRequest' => new FauxRequest()]);
$sc = RequestContext::importScopedSession($sinfo);
// load new context
$info = $context->exportSession();
$this->assertEquals($sinfo['ip'], $info['ip'], "Correct IP address.");
$this->assertEquals($sinfo['headers'], $info['headers'], "Correct headers.");
$this->assertEquals($sinfo['sessionId'], $info['sessionId'], "Correct session ID.");
$this->assertEquals($sinfo['userId'], $info['userId'], "Correct user ID.");
$this->assertEquals($sinfo['ip'], $context->getRequest()->getIP(), "Correct context IP address.");
$this->assertEquals($sinfo['headers'], $context->getRequest()->getAllHeaders(), "Correct context headers.");
$this->assertEquals($sinfo['sessionId'], MediaWiki\Session\SessionManager::getGlobalSession()->getId(), "Correct context session ID.");
if (\MediaWiki\Session\PHPSessionHandler::isEnabled()) {
$this->assertEquals($sinfo['sessionId'], session_id(), "Correct context session ID.");
} else {
$this->assertEquals($oldSessionId, session_id(), "Unchanged PHP session ID.");
}
$this->assertEquals(true, $context->getUser()->isLoggedIn(), "Correct context user.");
$this->assertEquals($sinfo['userId'], $context->getUser()->getId(), "Correct context user ID.");
$this->assertEquals('UnitTestContextUser', $context->getUser()->getName(), "Correct context user name.");
unset($sc);
// restore previous context
$info = $context->exportSession();
$this->assertEquals($oInfo['ip'], $info['ip'], "Correct restored IP address.");
$this->assertEquals($oInfo['headers'], $info['headers'], "Correct restored headers.");
$this->assertEquals($oInfo['sessionId'], $info['sessionId'], "Correct restored session ID.");
$this->assertEquals($oInfo['userId'], $info['userId'], "Correct restored user ID.");
$this->assertFalse(MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent(), 'Global session isn\'t persistent after restoring the context');
}
public function testEnableFlags()
{
$handler = \TestingAccessWrapper::newFromObject($this->getMockBuilder('MediaWiki\\Session\\PHPSessionHandler')->setMethods(null)->disableOriginalConstructor()->getMock());
$rProp = new \ReflectionProperty('MediaWiki\\Session\\PHPSessionHandler', 'instance');
$rProp->setAccessible(true);
$reset = new \ScopedCallback(array($rProp, 'setValue'), array($rProp->getValue()));
$rProp->setValue($handler);
$handler->setEnableFlags('enable');
$this->assertTrue($handler->enable);
$this->assertFalse($handler->warn);
$this->assertTrue(PHPSessionHandler::isEnabled());
$handler->setEnableFlags('warn');
$this->assertTrue($handler->enable);
$this->assertTrue($handler->warn);
$this->assertTrue(PHPSessionHandler::isEnabled());
$handler->setEnableFlags('disable');
$this->assertFalse($handler->enable);
$this->assertFalse(PHPSessionHandler::isEnabled());
$rProp->setValue(null);
$this->assertFalse(PHPSessionHandler::isEnabled());
}
/**
* Get the "global" session
*
* If PHP's session_id() has been set, returns that session. Otherwise
* returns the session for RequestContext::getMain()->getRequest().
*
* @return Session
*/
public static function getGlobalSession()
{
if (!PHPSessionHandler::isEnabled()) {
$id = '';
} else {
$id = session_id();
}
$request = \RequestContext::getMain()->getRequest();
if (!self::$globalSession || self::$globalSessionRequest !== $request || $id !== '' && self::$globalSession->getId() !== $id) {
self::$globalSessionRequest = $request;
if ($id === '') {
// session_id() wasn't used, so fetch the Session from the WebRequest.
// We use $request->getSession() instead of $singleton->getSessionForRequest()
// because doing the latter would require a public
// "$request->getSessionId()" method that would confuse end
// users by returning SessionId|null where they'd expect it to
// be short for $request->getSession()->getId(), and would
// wind up being a duplicate of the code in
// $request->getSession() anyway.
self::$globalSession = $request->getSession();
} else {
// Someone used session_id(), so we need to follow suit.
// Note this overwrites whatever session might already be
// associated with $request with the one for $id.
self::$globalSession = self::singleton()->getSessionById($id, true, $request) ?: $request->getSession();
}
}
return self::$globalSession;
}
public function testResetIdOfGlobalSession()
{
if (!PHPSessionHandler::isInstalled()) {
PHPSessionHandler::install(SessionManager::singleton());
}
if (!PHPSessionHandler::isEnabled()) {
$rProp = new \ReflectionProperty('MediaWiki\\Session\\PHPSessionHandler', 'instance');
$rProp->setAccessible(true);
$handler = \TestingAccessWrapper::newFromObject($rProp->getValue());
$resetHandler = new \ScopedCallback(function () use($handler) {
session_write_close();
$handler->enable = false;
});
$handler->enable = true;
}
$backend = $this->getBackend(User::newFromName('UTSysop'));
\TestingAccessWrapper::newFromObject($backend)->usePhpSessionHandling = true;
TestUtils::setSessionManagerSingleton($this->manager);
$manager = \TestingAccessWrapper::newFromObject($this->manager);
$request = \RequestContext::getMain()->getRequest();
$manager->globalSession = $backend->getSession($request);
$manager->globalSessionRequest = $request;
session_id(self::SESSIONID);
\MediaWiki\quietCall('session_start');
$backend->resetId();
$this->assertNotEquals(self::SESSIONID, $backend->getId());
$this->assertSame($backend->getId(), session_id());
session_write_close();
session_id('');
$this->assertNotSame($backend->getId(), session_id(), 'sanity check');
$backend->persist();
$this->assertSame($backend->getId(), session_id());
session_write_close();
}
/**
* For backwards compatibility, open the PHP session when the global
* session is persisted
*/
private function checkPHPSession()
{
if (!$this->checkPHPSessionRecursionGuard) {
$this->checkPHPSessionRecursionGuard = true;
$reset = new \ScopedCallback(function () {
$this->checkPHPSessionRecursionGuard = false;
});
if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) {
$this->logger->debug('SessionBackend "{session}" Taking over PHP session', ['session' => $this->id]);
session_id((string) $this->id);
\MediaWiki\quietCall('session_start');
}
}
}
/**
* For backwards compatibility, open the PHP session when the global
* session is persisted
*/
private function checkPHPSession()
{
if (!$this->checkPHPSessionRecursionGuard) {
$this->checkPHPSessionRecursionGuard = true;
$ref =& $this->checkPHPSessionRecursionGuard;
$reset = new \ScopedCallback(function () use(&$ref) {
$ref = false;
});
if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) {
$this->logger->debug("SessionBackend {$this->id}: Taking over PHP session");
session_id((string) $this->id);
\MediaWiki\quietCall('session_cache_limiter', 'private, must-revalidate');
\MediaWiki\quietCall('session_start');
}
}
}
