public function testNewAnonymous() { $userinfo = UserInfo::newAnonymous(); $this->assertTrue($userinfo->isAnon()); $this->assertTrue($userinfo->isVerified()); $this->assertSame(0, $userinfo->getId()); $this->assertSame(null, $userinfo->getName()); $this->assertSame('', $userinfo->getToken()); $this->assertNotNull($userinfo->getUser()); $this->assertSame($userinfo, $userinfo->verified()); $this->assertSame('<anon>', (string) $userinfo); }
/** * Load and verify the session info against the store * * @param SessionInfo &$info Will likely be replaced with an updated SessionInfo instance * @param WebRequest $request * @return bool Whether the session info matches the stored data (if any) */ private function loadSessionInfoFromStore(SessionInfo &$info, WebRequest $request) { $key = wfMemcKey('MWSession', $info->getId()); $blob = $this->store->get($key); $newParams = array(); if ($blob !== false) { // Sanity check: blob must be an array, if it's saved at all if (!is_array($blob)) { $this->logger->warning("Session {$info}: Bad data"); $this->store->delete($key); return false; } // Sanity check: blob has data and metadata arrays if (!isset($blob['data']) || !is_array($blob['data']) || !isset($blob['metadata']) || !is_array($blob['metadata'])) { $this->logger->warning("Session {$info}: Bad data structure"); $this->store->delete($key); return false; } $data = $blob['data']; $metadata = $blob['metadata']; // Sanity check: metadata must be an array and must contain certain // keys, if it's saved at all if (!array_key_exists('userId', $metadata) || !array_key_exists('userName', $metadata) || !array_key_exists('userToken', $metadata) || !array_key_exists('provider', $metadata)) { $this->logger->warning("Session {$info}: Bad metadata"); $this->store->delete($key); return false; } // First, load the provider from metadata, or validate it against the metadata. $provider = $info->getProvider(); if ($provider === null) { $newParams['provider'] = $provider = $this->getProvider($metadata['provider']); if (!$provider) { $this->logger->warning("Session {$info}: Unknown provider, " . $metadata['provider']); $this->store->delete($key); return false; } } elseif ($metadata['provider'] !== (string) $provider) { $this->logger->warning("Session {$info}: Wrong provider, " . $metadata['provider'] . ' !== ' . $provider); return false; } // Load provider metadata from metadata, or validate it against the metadata $providerMetadata = $info->getProviderMetadata(); if (isset($metadata['providerMetadata'])) { if ($providerMetadata === null) { $newParams['metadata'] = $metadata['providerMetadata']; } else { try { $newProviderMetadata = $provider->mergeMetadata($metadata['providerMetadata'], $providerMetadata); if ($newProviderMetadata !== $providerMetadata) { $newParams['metadata'] = $newProviderMetadata; } } catch (\UnexpectedValueException $ex) { $this->logger->warning("Session {$info}: Metadata merge failed: " . $ex->getMessage()); return false; } } } // Next, load the user from metadata, or validate it against the metadata. $userInfo = $info->getUserInfo(); if (!$userInfo) { // For loading, id is preferred to name. try { if ($metadata['userId']) { $userInfo = UserInfo::newFromId($metadata['userId']); } elseif ($metadata['userName'] !== null) { // Shouldn't happen, but just in case $userInfo = UserInfo::newFromName($metadata['userName']); } else { $userInfo = UserInfo::newAnonymous(); } } catch (\InvalidArgumentException $ex) { $this->logger->error("Session {$info}: " . $ex->getMessage()); return false; } $newParams['userInfo'] = $userInfo; } else { // User validation passes if user ID matches, or if there // is no saved ID and the names match. if ($metadata['userId']) { if ($metadata['userId'] !== $userInfo->getId()) { $this->logger->warning("Session {$info}: User ID mismatch, " . $metadata['userId'] . ' !== ' . $userInfo->getId()); return false; } // If the user was renamed, probably best to fail here. if ($metadata['userName'] !== null && $userInfo->getName() !== $metadata['userName']) { $this->logger->warning("Session {$info}: User ID matched but name didn't (rename?), " . $metadata['userName'] . ' !== ' . $userInfo->getName()); return false; } } elseif ($metadata['userName'] !== null) { // Shouldn't happen, but just in case if ($metadata['userName'] !== $userInfo->getName()) { $this->logger->warning("Session {$info}: User name mismatch, " . $metadata['userName'] . ' !== ' . $userInfo->getName()); return false; } } elseif (!$userInfo->isAnon()) { // Metadata specifies an anonymous user, but the passed-in // user isn't anonymous. $this->logger->warning("Session {$info}: Metadata has an anonymous user, " . 'but a non-anon user was provided'); return false; } } // And if we have a token in the metadata, it must match the loaded/provided user. if ($metadata['userToken'] !== null && $userInfo->getToken() !== $metadata['userToken']) { $this->logger->warning("Session {$info}: User token mismatch"); return false; } if (!$userInfo->isVerified()) { $newParams['userInfo'] = $userInfo->verified(); } if (!empty($metadata['remember']) && !$info->wasRemembered()) { $newParams['remembered'] = true; } if (!empty($metadata['forceHTTPS']) && !$info->forceHTTPS()) { $newParams['forceHTTPS'] = true; } if (!$info->isIdSafe()) { $newParams['idIsSafe'] = true; } } else { // No metadata, so we can't load the provider if one wasn't given. if ($info->getProvider() === null) { $this->logger->warning("Session {$info}: Null provider and no metadata"); return false; } // If no user was provided and no metadata, it must be anon. if (!$info->getUserInfo()) { if ($info->getProvider()->canChangeUser()) { $newParams['userInfo'] = UserInfo::newAnonymous(); } else { $this->logger->info("Session {$info}: No user provided and provider cannot set user"); return false; } } elseif (!$info->getUserInfo()->isVerified()) { $this->logger->warning("Session {$info}: Unverified user provided and no metadata to auth it"); return false; } $data = false; $metadata = false; if (!$info->getProvider()->persistsSessionId() && !$info->isIdSafe()) { // The ID doesn't come from the user, so it should be safe // (and if not, nothing we can do about it anyway) $newParams['idIsSafe'] = true; } } // Construct the replacement SessionInfo, if necessary if ($newParams) { $newParams['copyFrom'] = $info; $info = new SessionInfo($info->getPriority(), $newParams); } // Allow the provider to check the loaded SessionInfo $providerMetadata = $info->getProviderMetadata(); if (!$info->getProvider()->refreshSessionInfo($info, $request, $providerMetadata)) { return false; } if ($providerMetadata !== $info->getProviderMetadata()) { $info = new SessionInfo($info->getPriority(), array('metadata' => $providerMetadata, 'copyFrom' => $info)); } // Give hooks a chance to abort. Combined with the SessionMetadata // hook, this can allow for tying a session to an IP address or the // like. $reason = 'Hook aborted'; if (!\Hooks::run('SessionCheckInfo', array(&$reason, $info, $request, $metadata, $data))) { $this->logger->warning("Session {$info}: {$reason}"); return false; } return true; }
public function provideSessionInfo(WebRequest $request) { $sessionId = $this->getCookie($request, $this->params['sessionName'], ''); $info = array('provider' => $this, 'forceHTTPS' => $this->getCookie($request, 'forceHTTPS', '', false)); if (SessionManager::validateSessionId($sessionId)) { $info['id'] = $sessionId; $info['persisted'] = true; } list($userId, $userName, $token) = $this->getUserInfoFromCookies($request); if ($userId !== null) { try { $userInfo = UserInfo::newFromId($userId); } catch (\InvalidArgumentException $ex) { return null; } // Sanity check if ($userName !== null && $userInfo->getName() !== $userName) { $this->logger->warning('Session "{session}" requested with mismatched UserID and UserName cookies.', array('session' => $sessionId, 'mismatch' => array('userid' => $userId, 'cookie_username' => $userName, 'username' => $userInfo->getName()))); return null; } if ($token !== null) { if (!hash_equals($userInfo->getToken(), $token)) { $this->logger->warning('Session "{session}" requested with invalid Token cookie.', array('session' => $sessionId, 'userid' => $userId, 'username' => $userInfo->getName())); return null; } $info['userInfo'] = $userInfo->verified(); } elseif (isset($info['id'])) { $info['userInfo'] = $userInfo; } else { // No point in returning, loadSessionInfoFromStore() will // reject it anyway. return null; } } elseif (isset($info['id'])) { // No UserID cookie, so insist that the session is anonymous. // Note: this event occurs for several normal activities: // * anon visits Special:UserLogin // * anon browsing after seeing Special:UserLogin // * anon browsing after edit or preview $this->logger->debug('Session "{session}" requested without UserID cookie', array('session' => $info['id'])); $info['userInfo'] = UserInfo::newAnonymous(); } else { // No session ID and no user is the same as an empty session, so // there's no point. return null; } return new SessionInfo($this->priority, $info); }
public function testBasics() { $anonInfo = UserInfo::newAnonymous(); $userInfo = UserInfo::newFromName('UTSysop', true); $unverifiedUserInfo = UserInfo::newFromName('UTSysop', false); try { new SessionInfo(SessionInfo::MIN_PRIORITY - 1, array()); $this->fail('Expected exception not thrown', 'priority < min'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid priority', $ex->getMessage(), 'priority < min'); } try { new SessionInfo(SessionInfo::MAX_PRIORITY + 1, array()); $this->fail('Expected exception not thrown', 'priority > max'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid priority', $ex->getMessage(), 'priority > max'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => 'ABC?')); $this->fail('Expected exception not thrown', 'bad session ID'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid session ID', $ex->getMessage(), 'bad session ID'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('userInfo' => new \stdClass())); $this->fail('Expected exception not thrown', 'bad userInfo'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid userInfo', $ex->getMessage(), 'bad userInfo'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array()); $this->fail('Expected exception not thrown', 'no provider, no id'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Must supply an ID when no provider is given', $ex->getMessage(), 'no provider, no id'); } try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('copyFrom' => new \stdClass())); $this->fail('Expected exception not thrown', 'bad copyFrom'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid copyFrom', $ex->getMessage(), 'bad copyFrom'); } $manager = new SessionManager(); $provider = $this->getMockBuilder('MediaWiki\\Session\\SessionProvider')->setMethods(array('persistsSessionId', 'canChangeUser', '__toString'))->getMockForAbstractClass(); $provider->setManager($manager); $provider->expects($this->any())->method('persistsSessionId')->will($this->returnValue(true)); $provider->expects($this->any())->method('canChangeUser')->will($this->returnValue(true)); $provider->expects($this->any())->method('__toString')->will($this->returnValue('Mock')); $provider2 = $this->getMockBuilder('MediaWiki\\Session\\SessionProvider')->setMethods(array('persistsSessionId', 'canChangeUser', '__toString'))->getMockForAbstractClass(); $provider2->setManager($manager); $provider2->expects($this->any())->method('persistsSessionId')->will($this->returnValue(true)); $provider2->expects($this->any())->method('canChangeUser')->will($this->returnValue(true)); $provider2->expects($this->any())->method('__toString')->will($this->returnValue('Mock2')); try { new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider, 'userInfo' => $anonInfo, 'metadata' => 'foo')); $this->fail('Expected exception not thrown', 'bad metadata'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid metadata', $ex->getMessage(), 'bad metadata'); } $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'userInfo' => $anonInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertNotNull($info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($anonInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'userInfo' => $unverifiedUserInfo, 'metadata' => array('Foo'))); $this->assertSame($provider, $info->getProvider()); $this->assertNotNull($info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($unverifiedUserInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertSame(array('Foo'), $info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'userInfo' => $userInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertNotNull($info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertTrue($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $id = $manager->generateSessionId(); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'persisted' => true, 'userInfo' => $anonInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($anonInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertTrue($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'userInfo' => $userInfo)); $this->assertSame($provider, $info->getProvider()); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertTrue($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('id' => $id, 'persisted' => true, 'userInfo' => $userInfo, 'metadata' => array('Foo'))); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertTrue($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('id' => $id, 'remembered' => true, 'userInfo' => $userInfo)); $this->assertFalse($info->wasRemembered(), 'no provider'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => true)); $this->assertFalse($info->wasRemembered(), 'no user'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => true, 'userInfo' => $anonInfo)); $this->assertFalse($info->wasRemembered(), 'anonymous user'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => true, 'userInfo' => $unverifiedUserInfo)); $this->assertFalse($info->wasRemembered(), 'unverified user'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('provider' => $provider, 'id' => $id, 'remembered' => false, 'userInfo' => $userInfo)); $this->assertFalse($info->wasRemembered(), 'specific override'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 5, array('id' => $id, 'idIsSafe' => true)); $this->assertSame($id, $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 5, $info->getPriority()); $this->assertTrue($info->isIdSafe()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id, 'forceHTTPS' => 1)); $this->assertTrue($info->forceHTTPS()); $fromInfo = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id . 'A', 'provider' => $provider, 'userInfo' => $userInfo, 'idIsSafe' => true, 'persisted' => true, 'remembered' => true, 'forceHTTPS' => true, 'metadata' => array('foo!'))); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 4, array('copyFrom' => $fromInfo)); $this->assertSame($id . 'A', $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 4, $info->getPriority()); $this->assertSame($provider, $info->getProvider()); $this->assertSame($userInfo, $info->getUserInfo()); $this->assertTrue($info->isIdSafe()); $this->assertTrue($info->wasPersisted()); $this->assertTrue($info->wasRemembered()); $this->assertTrue($info->forceHTTPS()); $this->assertSame(array('foo!'), $info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY + 4, array('id' => $id . 'X', 'provider' => $provider2, 'userInfo' => $unverifiedUserInfo, 'idIsSafe' => false, 'persisted' => false, 'remembered' => false, 'forceHTTPS' => false, 'metadata' => null, 'copyFrom' => $fromInfo)); $this->assertSame($id . 'X', $info->getId()); $this->assertSame(SessionInfo::MIN_PRIORITY + 4, $info->getPriority()); $this->assertSame($provider2, $info->getProvider()); $this->assertSame($unverifiedUserInfo, $info->getUserInfo()); $this->assertFalse($info->isIdSafe()); $this->assertFalse($info->wasPersisted()); $this->assertFalse($info->wasRemembered()); $this->assertFalse($info->forceHTTPS()); $this->assertNull($info->getProviderMetadata()); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id)); $this->assertSame('[' . SessionInfo::MIN_PRIORITY . "]null<null>{$id}", (string) $info, 'toString'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider, 'id' => $id, 'persisted' => true, 'userInfo' => $userInfo)); $this->assertSame('[' . SessionInfo::MIN_PRIORITY . "]Mock<+:{$userInfo->getId()}:UTSysop>{$id}", (string) $info, 'toString'); $info = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider, 'id' => $id, 'persisted' => true, 'userInfo' => $unverifiedUserInfo)); $this->assertSame('[' . SessionInfo::MIN_PRIORITY . "]Mock<-:{$userInfo->getId()}:UTSysop>{$id}", (string) $info, 'toString'); }
public function testGetEmptySession() { $manager = $this->getManager(); $pmanager = \TestingAccessWrapper::newFromObject($manager); $request = new \FauxRequest(); $providerBuilder = $this->getMockBuilder('DummySessionProvider')->setMethods(array('provideSessionInfo', 'newSessionInfo', '__toString')); $expectId = null; $info1 = null; $info2 = null; $provider1 = $providerBuilder->getMock(); $provider1->expects($this->any())->method('provideSessionInfo')->will($this->returnValue(null)); $provider1->expects($this->any())->method('newSessionInfo')->with($this->callback(function ($id) use(&$expectId) { return $id === $expectId; }))->will($this->returnCallback(function () use(&$info1) { return $info1; })); $provider1->expects($this->any())->method('__toString')->will($this->returnValue('MockProvider1')); $provider2 = $providerBuilder->getMock(); $provider2->expects($this->any())->method('provideSessionInfo')->will($this->returnValue(null)); $provider2->expects($this->any())->method('newSessionInfo')->with($this->callback(function ($id) use(&$expectId) { return $id === $expectId; }))->will($this->returnCallback(function () use(&$info2) { return $info2; })); $provider1->expects($this->any())->method('__toString')->will($this->returnValue('MockProvider2')); $this->config->set('SessionProviders', array($this->objectCacheDef($provider1), $this->objectCacheDef($provider2))); // No info $expectId = null; $info1 = null; $info2 = null; try { $manager->getEmptySession(); $this->fail('Expected exception not thrown'); } catch (\UnexpectedValueException $ex) { $this->assertSame('No provider could provide an empty session!', $ex->getMessage()); } // Info $expectId = null; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider1, 'id' => 'empty---------------------------', 'persisted' => true, 'idIsSafe' => true)); $info2 = null; $session = $manager->getEmptySession(); $this->assertInstanceOf('MediaWiki\\Session\\Session', $session); $this->assertSame('empty---------------------------', $session->getId()); // Info, explicitly $expectId = 'expected------------------------'; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider1, 'id' => $expectId, 'persisted' => true, 'idIsSafe' => true)); $info2 = null; $session = $pmanager->getEmptySessionInternal(null, $expectId); $this->assertInstanceOf('MediaWiki\\Session\\Session', $session); $this->assertSame($expectId, $session->getId()); // Wrong ID $expectId = 'expected-----------------------2'; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider1, 'id' => "un{$expectId}", 'persisted' => true, 'idIsSafe' => true)); $info2 = null; try { $pmanager->getEmptySessionInternal(null, $expectId); $this->fail('Expected exception not thrown'); } catch (\UnexpectedValueException $ex) { $this->assertSame('MockProvider1 returned empty session info with a wrong id: ' . "un{$expectId} != {$expectId}", $ex->getMessage()); } // Unsafe ID $expectId = 'expected-----------------------2'; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider1, 'id' => $expectId, 'persisted' => true)); $info2 = null; try { $pmanager->getEmptySessionInternal(null, $expectId); $this->fail('Expected exception not thrown'); } catch (\UnexpectedValueException $ex) { $this->assertSame('MockProvider1 returned empty session info with id flagged unsafe', $ex->getMessage()); } // Wrong provider $expectId = null; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider2, 'id' => 'empty---------------------------', 'persisted' => true, 'idIsSafe' => true)); $info2 = null; try { $manager->getEmptySession(); $this->fail('Expected exception not thrown'); } catch (\UnexpectedValueException $ex) { $this->assertSame('MockProvider1 returned an empty session info for a different provider: ' . $info1, $ex->getMessage()); } // Highest priority wins $expectId = null; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY + 1, array('provider' => $provider1, 'id' => 'empty1--------------------------', 'persisted' => true, 'idIsSafe' => true)); $info2 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider2, 'id' => 'empty2--------------------------', 'persisted' => true, 'idIsSafe' => true)); $session = $manager->getEmptySession(); $this->assertInstanceOf('MediaWiki\\Session\\Session', $session); $this->assertSame('empty1--------------------------', $session->getId()); $expectId = null; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY + 1, array('provider' => $provider1, 'id' => 'empty1--------------------------', 'persisted' => true, 'idIsSafe' => true)); $info2 = new SessionInfo(SessionInfo::MIN_PRIORITY + 2, array('provider' => $provider2, 'id' => 'empty2--------------------------', 'persisted' => true, 'idIsSafe' => true)); $session = $manager->getEmptySession(); $this->assertInstanceOf('MediaWiki\\Session\\Session', $session); $this->assertSame('empty2--------------------------', $session->getId()); // Tied priorities throw an exception $expectId = null; $info1 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider1, 'id' => 'empty1--------------------------', 'persisted' => true, 'userInfo' => UserInfo::newAnonymous(), 'idIsSafe' => true)); $info2 = new SessionInfo(SessionInfo::MIN_PRIORITY, array('provider' => $provider2, 'id' => 'empty2--------------------------', 'persisted' => true, 'userInfo' => UserInfo::newAnonymous(), 'idIsSafe' => true)); try { $manager->getEmptySession(); $this->fail('Expected exception not thrown'); } catch (\UnexpectedValueException $ex) { $this->assertStringStartsWith('Multiple empty sessions tied for top priority: ', $ex->getMessage()); } // Bad id try { $pmanager->getEmptySessionInternal(null, 'bad'); $this->fail('Expected exception not thrown'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Invalid session ID', $ex->getMessage()); } // Session already exists $expectId = 'expected-----------------------3'; $this->store->setSessionMeta($expectId, array('provider' => 'MockProvider2', 'userId' => 0, 'userName' => null, 'userToken' => null)); try { $pmanager->getEmptySessionInternal(null, $expectId); $this->fail('Expected exception not thrown'); } catch (\InvalidArgumentException $ex) { $this->assertSame('Session ID already exists', $ex->getMessage()); } }
public function provideSessionInfo(WebRequest $request) { $info = array('id' => $this->getCookie($request, $this->params['sessionName'], ''), 'provider' => $this, 'forceHTTPS' => $this->getCookie($request, 'forceHTTPS', '', false)); if (!SessionManager::validateSessionId($info['id'])) { unset($info['id']); } $info['persisted'] = isset($info['id']); list($userId, $userName, $token) = $this->getUserInfoFromCookies($request); if ($userId !== null) { try { $userInfo = UserInfo::newFromId($userId); } catch (\InvalidArgumentException $ex) { return null; } // Sanity check if ($userName !== null && $userInfo->getName() !== $userName) { return null; } if ($token !== null) { if (!hash_equals($userInfo->getToken(), $token)) { return null; } $info['userInfo'] = $userInfo->verified(); } elseif (isset($info['id'])) { $info['userInfo'] = $userInfo; } else { // No point in returning, loadSessionInfoFromStore() will // reject it anyway. return null; } } elseif (isset($info['id'])) { // No UserID cookie, so insist that the session is anonymous. $info['userInfo'] = UserInfo::newAnonymous(); } else { // No session ID and no user is the same as an empty session, so // there's no point. return null; } return new SessionInfo($this->priority, $info); }
public function newSessionInfo($id = null) { return new SessionInfo(SessionInfo::MIN_PRIORITY, array('id' => $id, 'idIsSafe' => true, 'provider' => $this, 'persisted' => false, 'userInfo' => UserInfo::newAnonymous())); }