/** * Create a session corresponding to the passed SessionInfo * @private For use by a SessionProvider that needs to specially create its * own session. * @param SessionInfo $info * @param WebRequest $request * @return Session */ public function getSessionFromInfo(SessionInfo $info, WebRequest $request) { $id = $info->getId(); if (!isset($this->allSessionBackends[$id])) { if (!isset($this->allSessionIds[$id])) { $this->allSessionIds[$id] = new SessionId($id); } $backend = new SessionBackend($this->allSessionIds[$id], $info, $this->store, $this->logger, $this->config->get('ObjectCacheSessionExpiry')); $this->allSessionBackends[$id] = $backend; $delay = $backend->delaySave(); } else { $backend = $this->allSessionBackends[$id]; $delay = $backend->delaySave(); if ($info->wasPersisted()) { $backend->persist(); } if ($info->wasRemembered()) { $backend->setRememberUser(true); } } $request->setSessionId($backend->getSessionId()); $session = $backend->getSession($request); if (!$info->isIdSafe()) { $session->resetId(); } \ScopedCallback::consume($delay); return $session; }
public function testBasics() { $anonInfo = UserInfo::newAnonymous(); $userInfo = UserInfo::newFromName('UTSysop', true); $unverifiedUserInfo = UserInfo::newFromName('UTSysop', false); try { new SessionInfo(SessionInfo::MIN_PRIORITY - 1, array()); $this->fail('Expected exception not thrown', 'priority < min'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid priority', $ex->getMessage(), 'priority < min'); } try { new SessionInfo(SessionInfo::MAX_PRIORITY + 1, array()); $this->fail('Expected exception not thrown', 'priority > max'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid priority', $ex->getMessage(), 'priority > max'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => 'ABC?')); $this->fail('Expected exception not thrown', 'bad session ID'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid session ID', $ex->getMessage(), 'bad session ID'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('userInfo' => new \stdClass())); $this->fail('Expected exception not thrown', 'bad userInfo'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid userInfo', $ex->getMessage(), 'bad userInfo'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array()); $this->fail('Expected exception not thrown', 'no provider, no id'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Must supply an ID when no provider is given', $ex->getMessage(), 'no provider, no id'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('copyFrom' => new \stdClass())); $this->fail('Expected exception not thrown', 'bad copyFrom'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid copyFrom', $ex->getMessage(), 'bad copyFrom'); } $manager = new SessionManager(); $provider = $this->getMockBuilder('MediaWiki\\Session\\SessionProvider')->setMethods(array('persistsSessionId', 'canChangeUser', '__toString'))->getMockForAbstractClass(); $provider->setManager($manager); $provider->expects($this->any())->method('persistsSessionId')->will($this->returnValue(true)); $provider->expects($this->any())->method('canChangeUser')->will($this->returnValue(true)); $provider->expects($this->any())->method('__toString')->will($this->returnValue('Mock')); $provider2 = $this->getMockBuilder('MediaWiki\\Session\\SessionProvider')->setMethods(array('persistsSessionId', 'canChangeUser', '__toString'))->getMockForAbstractClass(); $provider2->setManager($manager); $provider2->expects($this->any())->method('persistsSessionId')->will($this->returnValue(true)); $provider2->expects($this->any())->method('canChangeUser')->will($this->returnValue(true)); $provider2->expects($this->any())->method('__toString')->will($this->returnValue('Mock2')); try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider, 'userInfo' => $anonInfo, 'metadata' => 'foo')); $this->fail('Expected exception not thrown', 'bad metadata'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid metadata', $ex->getMessage(), 'bad metadata'); } $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'userInfo' => $anonInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertNotNull($info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($anonInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'userInfo' => $unverifiedUserInfo, 'metadata' => array('Foo'))); $this->assertSame($provider, $info->getProvider()); $this->assertNotNull($info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($unverifiedUserInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertSame(array('Foo'), $info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'userInfo' => $userInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertNotNull($info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertTrue($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $id = $manager->generateSessionId(); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'persisted' => true, 'userInfo' => $anonInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($anonInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertTrue($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'userInfo' => $userInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertTrue($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('id' => $id, 'persisted' => true, 'userInfo' => $userInfo, 'metadata' => array('Foo'))); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertTrue($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('id' => $id, 'remembered' => true, 'userInfo' => $userInfo)); $this->assertFalse($info->wasRemembered(), 'no provider'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => true)); $this->assertFalse($info->wasRemembered(), 'no user'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => true, 'userInfo' => $anonInfo)); $this->assertFalse($info->wasRemembered(), 'anonymous user'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => true, 'userInfo' => $unverifiedUserInfo)); $this->assertFalse($info->wasRemembered(), 'unverified user'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => false, 'userInfo' => $userInfo)); $this->assertFalse($info->wasRemembered(), 'specific override'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('id' => $id, 'idIsSafe' => true)); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertTrue($info->isIdSafe()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id, 'forceHTTPS' => 1)); $this->assertTrue($info->forceHTTPS()); $fromInfo = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id . 'A', 'provider' => $provider, 'userInfo' => $userInfo, 'idIsSafe' => true, 'persisted' => true, 'remembered' => true, 'forceHTTPS' => true, 'metadata' => array('foo!'))); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 4, array('copyFrom' => $fromInfo)); $this->assertSame($id . 'A', $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 4, $info->getPriority()); $this->assertSame($provider, $info->getProvider()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertTrue($info->wasPersisted()); $this->assertTrue($info->wasRemembered()); $this->assertTrue($info->forceHTTPS()); $this->assertSame(array('foo!'), $info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 4, array('id' => $id . 'X', 'provider' => $provider2, 'userInfo' => $unverifiedUserInfo, 'idIsSafe' => false, 'persisted' => false, 'remembered' => false, 'forceHTTPS' => false, 'metadata' => null, 'copyFrom' => $fromInfo)); $this->assertSame($id . 'X', $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 4, $info->getPriority()); $this->assertSame($provider2, $info->getProvider()); $this->assertSame($unverifiedUserInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id)); $this->assertSame('[' . SessionInfo::MIN_PRIORITY . "]null<null>{$id}", (string) $info, 'toString'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider, 'id' => $id, 'persisted' => true, 'userInfo' => $userInfo)); $this->assertSame('[' . SessionInfo::MIN_PRIORITY . "]Mock<+:{$userInfo->getId()}:UTSysop>{$id}", (string) $info, 'toString'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider, 'id' => $id, 'persisted' => true, 'userInfo' => $unverifiedUserInfo)); $this->assertSame('[' . SessionInfo::MIN_PRIORITY . "]Mock<-:{$userInfo->getId()}:UTSysop>{$id}", (string) $info, 'toString'); }
/** * @param SessionId $id Session ID object * @param SessionInfo $info Session info to populate from * @param CachedBagOStuff $store Backend data store * @param LoggerInterface $logger * @param int $lifetime Session data lifetime in seconds */ public function __construct(SessionId $id, SessionInfo $info, CachedBagOStuff $store, LoggerInterface $logger, $lifetime) { $phpSessionHandling = \RequestContext::getMain()->getConfig()->get('PHPSessionHandling'); $this->usePhpSessionHandling = $phpSessionHandling !== 'disable'; if ($info->getUserInfo() && !$info->getUserInfo()->isVerified()) { throw new \InvalidArgumentException("Refusing to create session for unverified user {$info->getUserInfo()}"); } if ($info->getProvider() === null) { throw new \InvalidArgumentException('Cannot create session without a provider'); } if ($info->getId() !== $id->getId()) { throw new \InvalidArgumentException('SessionId and SessionInfo don\'t match'); } $this->id = $id; $this->user = $info->getUserInfo() ? $info->getUserInfo()->getUser() : new User(); $this->store = $store; $this->logger = $logger; $this->lifetime = $lifetime; $this->provider = $info->getProvider(); $this->persist = $info->wasPersisted(); $this->remember = $info->wasRemembered(); $this->forceHTTPS = $info->forceHTTPS(); $this->providerMetadata = $info->getProviderMetadata(); $blob = $store->get(wfMemcKey('MWSession', (string) $this->id)); if (!is_array($blob) || !isset($blob['metadata']) || !is_array($blob['metadata']) || !isset($blob['data']) || !is_array($blob['data'])) { $this->data = []; $this->dataDirty = true; $this->metaDirty = true; $this->logger->debug('SessionBackend "{session}" is unsaved, marking dirty in constructor', ['session' => $this->id]); } else { $this->data = $blob['data']; if (isset($blob['metadata']['loggedOut'])) { $this->loggedOut = (int) $blob['metadata']['loggedOut']; } if (isset($blob['metadata']['expires'])) { $this->expires = (int) $blob['metadata']['expires']; } else { $this->metaDirty = true; $this->logger->debug('SessionBackend "{session}" metadata dirty due to missing expiration timestamp', ['session' => $this->id]); } } $this->dataHash = md5(serialize($this->data)); }
public function testConstructor() { // Set variables $this->getBackend(); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', false), 'idIsSafe' => true)); $id = new SessionId($info->getId()); $logger = new \Psr\Log\NullLogger(); try { new SessionBackend($id, $info, $this->store, $this->store, $logger, 10); $this->fail('Expected exception not thrown'); } catch (\InvalidArgumentException $ex) { $this->assertSame("Refusing to create session for unverified user {$info->getUserInfo()}", $ex->getMessage()); } $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => self::SESSIONID, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true)); $id = new SessionId($info->getId()); try { new SessionBackend($id, $info, $this->store, $this->store, $logger, 10); $this->fail('Expected exception not thrown'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Cannot create session without a provider', $ex->getMessage()); } $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true)); $id = new SessionId('!' . $info->getId()); try { new SessionBackend($id, $info, $this->store, $this->store, $logger, 10); $this->fail('Expected exception not thrown'); } catch (\InvalidArgumentException $ex) { $this->assertSame('SessionId and SessionInfo don\'t match', $ex->getMessage()); } $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'userInfo' => UserInfo::newFromName('UTSysop', true), 'idIsSafe' => true)); $id = new SessionId($info->getId()); $backend = new SessionBackend($id, $info, $this->store, $this->store, $logger, 10); $this->assertSame(self::SESSIONID, $backend->getId()); $this->assertSame($id, $backend->getSessionId()); $this->assertSame($this->provider, $backend->getProvider()); $this->assertInstanceOf('User', $backend->getUser()); $this->assertSame('UTSysop', $backend->getUser()->getName()); $this->assertSame($info->wasPersisted(), $backend->isPersistent()); $this->assertSame($info->wasRemembered(), $backend->shouldRememberUser()); $this->assertSame($info->forceHTTPS(), $backend->shouldForceHTTPS()); $expire = time() + 100; $this->store->setSessionMeta(self::SESSIONID, array('expires' => $expire), 2); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $this->provider, 'id' => self::SESSIONID, 'persisted' => true, 'forceHTTPS' => true, 'metadata' => array('foo'), 'idIsSafe' => true)); $id = new SessionId($info->getId()); $backend = new SessionBackend($id, $info, $this->store, $this->store, $logger, 10); $this->assertSame(self::SESSIONID, $backend->getId()); $this->assertSame($id, $backend->getSessionId()); $this->assertSame($this->provider, $backend->getProvider()); $this->assertInstanceOf('User', $backend->getUser()); $this->assertTrue($backend->getUser()->isAnon()); $this->assertSame($info->wasPersisted(), $backend->isPersistent()); $this->assertSame($info->wasRemembered(), $backend->shouldRememberUser()); $this->assertSame($info->forceHTTPS(), $backend->shouldForceHTTPS()); $this->assertSame($expire, \TestingAccessWrapper::newFromObject($backend)->expires); $this->assertSame(array('foo'), $backend->getProviderMetadata()); }
/** * Create a Session corresponding to the passed SessionInfo * @private For use by a SessionProvider that needs to specially create its * own Session. Most session providers won't need this. * @param SessionInfo $info * @param WebRequest $request * @return Session */ public function getSessionFromInfo(SessionInfo $info, WebRequest $request) { // @codeCoverageIgnoreStart if (defined('MW_NO_SESSION')) { if (MW_NO_SESSION === 'warn') { // Undocumented safety case for converting existing entry points $this->logger->error('Sessions are supposed to be disabled for this entry point', ['exception' => new \BadMethodCallException('Sessions are disabled for this entry point')]); } else { throw new \BadMethodCallException('Sessions are disabled for this entry point'); } } // @codeCoverageIgnoreEnd $id = $info->getId(); if (!isset($this->allSessionBackends[$id])) { if (!isset($this->allSessionIds[$id])) { $this->allSessionIds[$id] = new SessionId($id); } $backend = new SessionBackend($this->allSessionIds[$id], $info, $this->store, $this->logger, $this->config->get('ObjectCacheSessionExpiry')); $this->allSessionBackends[$id] = $backend; $delay = $backend->delaySave(); } else { $backend = $this->allSessionBackends[$id]; $delay = $backend->delaySave(); if ($info->wasPersisted()) { $backend->persist(); } if ($info->wasRemembered()) { $backend->setRememberUser(true); } } $request->setSessionId($backend->getSessionId()); $session = $backend->getSession($request); if (!$info->isIdSafe()) { $session->resetId(); } \Wikimedia\ScopedCallback::consume($delay); return $session; }