/** * @covers RequestContext::importScopedSession */ public function testImportScopedSession() { // Make sure session handling is started if (!MediaWiki\Session\PHPSessionHandler::isInstalled()) { MediaWiki\Session\PHPSessionHandler::install(MediaWiki\Session\SessionManager::singleton()); } $oldSessionId = session_id(); $context = RequestContext::getMain(); $oInfo = $context->exportSession(); $this->assertEquals('127.0.0.1', $oInfo['ip'], "Correct initial IP address."); $this->assertEquals(0, $oInfo['userId'], "Correct initial user ID."); $this->assertFalse(MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent(), 'Global session isn\'t persistent to start'); $user = User::newFromName('UnitTestContextUser'); $user->addToDatabase(); $sinfo = ['sessionId' => 'd612ee607c87e749ef14da4983a702cd', 'userId' => $user->getId(), 'ip' => '192.0.2.0', 'headers' => ['USER-AGENT' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0']]; // importScopedSession() sets these variables $this->setMwGlobals(['wgUser' => new User(), 'wgRequest' => new FauxRequest()]); $sc = RequestContext::importScopedSession($sinfo); // load new context $info = $context->exportSession(); $this->assertEquals($sinfo['ip'], $info['ip'], "Correct IP address."); $this->assertEquals($sinfo['headers'], $info['headers'], "Correct headers."); $this->assertEquals($sinfo['sessionId'], $info['sessionId'], "Correct session ID."); $this->assertEquals($sinfo['userId'], $info['userId'], "Correct user ID."); $this->assertEquals($sinfo['ip'], $context->getRequest()->getIP(), "Correct context IP address."); $this->assertEquals($sinfo['headers'], $context->getRequest()->getAllHeaders(), "Correct context headers."); $this->assertEquals($sinfo['sessionId'], MediaWiki\Session\SessionManager::getGlobalSession()->getId(), "Correct context session ID."); if (\MediaWiki\Session\PHPSessionHandler::isEnabled()) { $this->assertEquals($sinfo['sessionId'], session_id(), "Correct context session ID."); } else { $this->assertEquals($oldSessionId, session_id(), "Unchanged PHP session ID."); } $this->assertEquals(true, $context->getUser()->isLoggedIn(), "Correct context user."); $this->assertEquals($sinfo['userId'], $context->getUser()->getId(), "Correct context user ID."); $this->assertEquals('UnitTestContextUser', $context->getUser()->getName(), "Correct context user name."); unset($sc); // restore previous context $info = $context->exportSession(); $this->assertEquals($oInfo['ip'], $info['ip'], "Correct restored IP address."); $this->assertEquals($oInfo['headers'], $info['headers'], "Correct restored headers."); $this->assertEquals($oInfo['sessionId'], $info['sessionId'], "Correct restored session ID."); $this->assertEquals($oInfo['userId'], $info['userId'], "Correct restored user ID."); $this->assertFalse(MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent(), 'Global session isn\'t persistent after restoring the context'); }
public function testEnableFlags() { $handler = \TestingAccessWrapper::newFromObject($this->getMockBuilder('MediaWiki\\Session\\PHPSessionHandler')->setMethods(null)->disableOriginalConstructor()->getMock()); $rProp = new \ReflectionProperty('MediaWiki\\Session\\PHPSessionHandler', 'instance'); $rProp->setAccessible(true); $reset = new \ScopedCallback(array($rProp, 'setValue'), array($rProp->getValue())); $rProp->setValue($handler); $handler->setEnableFlags('enable'); $this->assertTrue($handler->enable); $this->assertFalse($handler->warn); $this->assertTrue(PHPSessionHandler::isEnabled()); $handler->setEnableFlags('warn'); $this->assertTrue($handler->enable); $this->assertTrue($handler->warn); $this->assertTrue(PHPSessionHandler::isEnabled()); $handler->setEnableFlags('disable'); $this->assertFalse($handler->enable); $this->assertFalse(PHPSessionHandler::isEnabled()); $rProp->setValue(null); $this->assertFalse(PHPSessionHandler::isEnabled()); }
/** * Get the "global" session * * If PHP's session_id() has been set, returns that session. Otherwise * returns the session for RequestContext::getMain()->getRequest(). * * @return Session */ public static function getGlobalSession() { if (!PHPSessionHandler::isEnabled()) { $id = ''; } else { $id = session_id(); } $request = \RequestContext::getMain()->getRequest(); if (!self::$globalSession || self::$globalSessionRequest !== $request || $id !== '' && self::$globalSession->getId() !== $id) { self::$globalSessionRequest = $request; if ($id === '') { // session_id() wasn't used, so fetch the Session from the WebRequest. // We use $request->getSession() instead of $singleton->getSessionForRequest() // because doing the latter would require a public // "$request->getSessionId()" method that would confuse end // users by returning SessionId|null where they'd expect it to // be short for $request->getSession()->getId(), and would // wind up being a duplicate of the code in // $request->getSession() anyway. self::$globalSession = $request->getSession(); } else { // Someone used session_id(), so we need to follow suit. // Note this overwrites whatever session might already be // associated with $request with the one for $id. self::$globalSession = self::singleton()->getSessionById($id, true, $request) ?: $request->getSession(); } } return self::$globalSession; }
public function testResetIdOfGlobalSession() { if (!PHPSessionHandler::isInstalled()) { PHPSessionHandler::install(SessionManager::singleton()); } if (!PHPSessionHandler::isEnabled()) { $rProp = new \ReflectionProperty('MediaWiki\\Session\\PHPSessionHandler', 'instance'); $rProp->setAccessible(true); $handler = \TestingAccessWrapper::newFromObject($rProp->getValue()); $resetHandler = new \ScopedCallback(function () use($handler) { session_write_close(); $handler->enable = false; }); $handler->enable = true; } $backend = $this->getBackend(User::newFromName('UTSysop')); \TestingAccessWrapper::newFromObject($backend)->usePhpSessionHandling = true; TestUtils::setSessionManagerSingleton($this->manager); $manager = \TestingAccessWrapper::newFromObject($this->manager); $request = \RequestContext::getMain()->getRequest(); $manager->globalSession = $backend->getSession($request); $manager->globalSessionRequest = $request; session_id(self::SESSIONID); \MediaWiki\quietCall('session_start'); $backend->resetId(); $this->assertNotEquals(self::SESSIONID, $backend->getId()); $this->assertSame($backend->getId(), session_id()); session_write_close(); session_id(''); $this->assertNotSame($backend->getId(), session_id(), 'sanity check'); $backend->persist(); $this->assertSame($backend->getId(), session_id()); session_write_close(); }
/** * For backwards compatibility, open the PHP session when the global * session is persisted */ private function checkPHPSession() { if (!$this->checkPHPSessionRecursionGuard) { $this->checkPHPSessionRecursionGuard = true; $reset = new \ScopedCallback(function () { $this->checkPHPSessionRecursionGuard = false; }); if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) { $this->logger->debug('SessionBackend "{session}" Taking over PHP session', ['session' => $this->id]); session_id((string) $this->id); \MediaWiki\quietCall('session_start'); } } }
/** * For backwards compatibility, open the PHP session when the global * session is persisted */ private function checkPHPSession() { if (!$this->checkPHPSessionRecursionGuard) { $this->checkPHPSessionRecursionGuard = true; $ref =& $this->checkPHPSessionRecursionGuard; $reset = new \ScopedCallback(function () use(&$ref) { $ref = false; }); if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) { $this->logger->debug("SessionBackend {$this->id}: Taking over PHP session"); session_id((string) $this->id); \MediaWiki\quietCall('session_cache_limiter', 'private, must-revalidate'); \MediaWiki\quietCall('session_start'); } } }