Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 62 |
|
0.00% |
0 / 8 |
CRAP | |
0.00% |
0 / 1 |
CentralAuthSessionManager | |
0.00% |
0 / 62 |
|
0.00% |
0 / 8 |
462 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
2 | |||
makeSessionKey | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
makeTokenKey | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
getSessionStore | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
12 | |||
getTokenStore | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getCentralSession | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
12 | |||
getCentralSessionById | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
6 | |||
setCentralSession | |
0.00% |
0 / 28 |
|
0.00% |
0 / 1 |
90 |
1 | <?php |
2 | /** |
3 | * This program is free software; you can redistribute it and/or modify |
4 | * it under the terms of the GNU General Public License as published by |
5 | * the Free Software Foundation; either version 2 of the License, or |
6 | * (at your option) any later version. |
7 | * |
8 | * This program is distributed in the hope that it will be useful, |
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
11 | * GNU General Public License for more details. |
12 | * |
13 | * You should have received a copy of the GNU General Public License along |
14 | * with this program; if not, write to the Free Software Foundation, Inc., |
15 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
16 | * http://www.gnu.org/copyleft/gpl.html |
17 | * |
18 | * @file |
19 | */ |
20 | |
21 | namespace MediaWiki\Extension\CentralAuth; |
22 | |
23 | use BagOStuff; |
24 | use CachedBagOStuff; |
25 | use IBufferingStatsdDataFactory; |
26 | use MediaWiki\Config\ServiceOptions; |
27 | use MediaWiki\Session\Session; |
28 | use MediaWiki\Session\SessionManager; |
29 | use MWCryptRand; |
30 | use ObjectCache; |
31 | use Wikimedia\Stats\StatsFactory; |
32 | |
33 | class CentralAuthSessionManager { |
34 | /** |
35 | * @internal Only public for service wiring use |
36 | */ |
37 | public const CONSTRUCTOR_OPTIONS = [ |
38 | 'CentralAuthDatabase', |
39 | 'CentralAuthSessionCacheType', |
40 | 'SessionCacheType', |
41 | ]; |
42 | |
43 | /** @var BagOStuff|null Session cache */ |
44 | private $sessionStore = null; |
45 | |
46 | /** @var BagOStuff|null Token cache */ |
47 | private $tokenStore = null; |
48 | |
49 | /** @var ServiceOptions */ |
50 | private $options; |
51 | |
52 | /** @var IBufferingStatsdDataFactory */ |
53 | private $statsdDataFactory; |
54 | private StatsFactory $statsFactory; |
55 | |
56 | /** |
57 | * @param ServiceOptions $options |
58 | * @param IBufferingStatsdDataFactory $statsdDataFactory |
59 | * @param StatsFactory $statsFactory |
60 | * @param BagOStuff $microStash |
61 | */ |
62 | public function __construct( |
63 | ServiceOptions $options, |
64 | IBufferingStatsdDataFactory $statsdDataFactory, |
65 | StatsFactory $statsFactory, |
66 | BagOStuff $microStash |
67 | ) { |
68 | $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); |
69 | $this->options = $options; |
70 | $this->statsdDataFactory = $statsdDataFactory; |
71 | $this->statsFactory = $statsFactory; |
72 | $this->tokenStore = $microStash; |
73 | } |
74 | |
75 | /** |
76 | * @param string $keygroup |
77 | * @param string ...$components |
78 | * @return string The global session key (with proper escaping) |
79 | */ |
80 | public function makeSessionKey( string $keygroup, ...$components ): string { |
81 | return $this->getSessionStore()->makeGlobalKey( |
82 | $keygroup, $this->options->get( 'CentralAuthDatabase' ), ...$components |
83 | ); |
84 | } |
85 | |
86 | /** |
87 | * @param string $keygroup |
88 | * @param string ...$components |
89 | * @return string The global token key (with proper escaping) |
90 | */ |
91 | public function makeTokenKey( string $keygroup, ...$components ): string { |
92 | return $this->getTokenStore()->makeGlobalKey( |
93 | $keygroup, $this->options->get( 'CentralAuthDatabase' ), ...$components |
94 | ); |
95 | } |
96 | |
97 | /** |
98 | * Get a cache for storage of central sessions |
99 | * @return BagOStuff |
100 | */ |
101 | public function getSessionStore(): BagOStuff { |
102 | if ( !$this->sessionStore ) { |
103 | $sessionCacheType = $this->options->get( 'CentralAuthSessionCacheType' ) |
104 | ?? $this->options->get( 'SessionCacheType' ); |
105 | $cache = ObjectCache::getInstance( $sessionCacheType ); |
106 | $this->sessionStore = $cache instanceof CachedBagOStuff |
107 | ? $cache : new CachedBagOStuff( $cache ); |
108 | } |
109 | |
110 | return $this->sessionStore; |
111 | } |
112 | |
113 | /** |
114 | * Get a cache for storage of temporary cross-site tokens |
115 | * @return BagOStuff |
116 | */ |
117 | public function getTokenStore(): BagOStuff { |
118 | return $this->tokenStore; |
119 | } |
120 | |
121 | /** |
122 | * Get the central session data |
123 | * @param Session|null $session |
124 | * @return array |
125 | */ |
126 | public function getCentralSession( $session = null ) { |
127 | if ( !$session ) { |
128 | $session = SessionManager::getGlobalSession(); |
129 | } |
130 | $id = $session->get( 'CentralAuth::centralSessionId' ); |
131 | |
132 | if ( $id !== null ) { |
133 | return $this->getCentralSessionById( $id ); |
134 | } else { |
135 | return []; |
136 | } |
137 | } |
138 | |
139 | /** |
140 | * Get the central session data |
141 | * @param string $id |
142 | * @return array |
143 | */ |
144 | public function getCentralSessionById( $id ) { |
145 | $key = $this->makeSessionKey( 'session', $id ); |
146 | |
147 | $stime = microtime( true ); |
148 | $data = $this->getSessionStore()->get( $key ) ?: []; |
149 | $real = microtime( true ) - $stime; |
150 | |
151 | // Stay backward compatible with the dashboard feeding on |
152 | // this data. NOTE: $real is in second with microsecond-level |
153 | // precision. This is reconciled on the grafana dashboard. |
154 | $this->statsdDataFactory->timing( 'centralauth.session.read', $real ); |
155 | |
156 | $this->statsFactory->withComponent( 'CentralAuth' ) |
157 | ->getTiming( 'session_read_seconds' ) |
158 | ->observe( $real * 1000 ); |
159 | |
160 | return $data; |
161 | } |
162 | |
163 | /** |
164 | * Set data in the central session |
165 | * @param array $data |
166 | * @param bool|string $reset Reset the session ID. If a string, this is the new ID. |
167 | * @param Session|null $session |
168 | * @return string|null Session ID |
169 | */ |
170 | public function setCentralSession( array $data, $reset = false, $session = null ) { |
171 | $keepKeys = [ 'user' => true, 'token' => true, 'expiry' => true ]; |
172 | |
173 | $session ??= SessionManager::getGlobalSession(); |
174 | $id = $session->get( 'CentralAuth::centralSessionId' ); |
175 | |
176 | if ( $reset || $id === null ) { |
177 | $id = is_string( $reset ) ? $reset : MWCryptRand::generateHex( 32 ); |
178 | } |
179 | $data['sessionId'] = $id; |
180 | |
181 | $sessionStore = $this->getSessionStore(); |
182 | $key = $this->makeSessionKey( 'session', $id ); |
183 | |
184 | // Copy certain keys from the existing session, if any (T124821) |
185 | $existing = $sessionStore->get( $key ); |
186 | |
187 | if ( is_array( $existing ) ) { |
188 | $data += array_intersect_key( $existing, $keepKeys ); |
189 | } |
190 | |
191 | $isDirty = ( $data !== $existing ); |
192 | if ( $isDirty || !isset( $data['expiry'] ) || $data['expiry'] < time() + 32100 ) { |
193 | $data['expiry'] = time() + $sessionStore::TTL_DAY; |
194 | $stime = microtime( true ); |
195 | $sessionStore->set( |
196 | $key, |
197 | $data, |
198 | $sessionStore::TTL_DAY |
199 | ); |
200 | $real = microtime( true ) - $stime; |
201 | // Stay backward compatible with the dashboard feeding on |
202 | // this data. NOTE: $real is in second with microsecond-level |
203 | // precision. This is reconciled on the grafana dashboard. |
204 | $this->statsdDataFactory->timing( 'centralauth.session.write', $real ); |
205 | |
206 | $this->statsFactory->withComponent( 'CentralAuth' ) |
207 | ->getTiming( 'session_write_seconds' ) |
208 | ->observe( $real * 1000 ); |
209 | } |
210 | |
211 | if ( $session ) { |
212 | $session->set( 'CentralAuth::centralSessionId', $id ); |
213 | } |
214 | |
215 | return $id; |
216 | } |
217 | } |