Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
80.85% |
152 / 188 |
|
92.00% |
46 / 50 |
CRAP | |
0.00% |
0 / 1 |
Session | |
80.85% |
152 / 188 |
|
92.00% |
46 / 50 |
137.93 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
__destruct | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getId | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getSessionId | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
resetId | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getProvider | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
isPersistent | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
persist | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
unpersist | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
shouldRememberUser | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
setRememberUser | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getRequest | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getUser | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getAllowedUserRights | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getRestrictions | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
canSetUser | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
setUser | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
suggestLoginUsername | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
shouldForceHTTPS | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
setForceHTTPS | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getLoggedOutTimestamp | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
setLoggedOutTimestamp | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getProviderMetadata | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
clear | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
3 | |||
renew | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
sessionWithRequest | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
get | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
2 | |||
exists | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
set | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
remove | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
hasToken | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
getToken | |
100.00% |
13 / 13 |
|
100.00% |
1 / 1 |
5 | |||
resetToken | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
resetAllTokens | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getSecretKeys | |
100.00% |
18 / 18 |
|
100.00% |
1 / 1 |
4 | |||
getEncryptionAlgorithm | |
19.05% |
4 / 21 |
|
0.00% |
0 / 1 |
25.10 | |||
setSecret | |
65.00% |
13 / 20 |
|
0.00% |
0 / 1 |
6.07 | |||
getSecret | |
70.27% |
26 / 37 |
|
0.00% |
0 / 1 |
12.63 | |||
delaySave | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
save | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
count | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
current | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
key | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
next | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
rewind | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
valid | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
offsetExists | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
offsetGet | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
2 | |||
offsetSet | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
offsetUnset | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 |
1 | <?php |
2 | /** |
3 | * MediaWiki session |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | * @ingroup Session |
22 | */ |
23 | |
24 | namespace MediaWiki\Session; |
25 | |
26 | use BadMethodCallException; |
27 | use LogicException; |
28 | use MediaWiki\MainConfigNames; |
29 | use MediaWiki\MediaWikiServices; |
30 | use MediaWiki\Request\WebRequest; |
31 | use MediaWiki\User\User; |
32 | use MWRestrictions; |
33 | use Psr\Log\LoggerInterface; |
34 | use RuntimeException; |
35 | |
36 | /** |
37 | * Manages data for an authenticated session |
38 | * |
39 | * A Session represents the fact that the current HTTP request is part of a |
40 | * session. There are two broad types of Sessions, based on whether they |
41 | * return true or false from self::canSetUser(): |
42 | * * When true (mutable), the Session identifies multiple requests as part of |
43 | * a session generically, with no tie to a particular user. |
44 | * * When false (immutable), the Session identifies multiple requests as part |
45 | * of a session by identifying and authenticating the request itself as |
46 | * belonging to a particular user. |
47 | * |
48 | * The Session object also serves as a replacement for PHP's $_SESSION, |
49 | * managing access to per-session data. |
50 | * |
51 | * @ingroup Session |
52 | * @since 1.27 |
53 | */ |
54 | class Session implements \Countable, \Iterator, \ArrayAccess { |
55 | /** @var null|string[] Encryption algorithm to use */ |
56 | private static $encryptionAlgorithm = null; |
57 | |
58 | /** @var SessionBackend Session backend */ |
59 | private $backend; |
60 | |
61 | /** @var int Session index */ |
62 | private $index; |
63 | |
64 | /** @var LoggerInterface */ |
65 | private $logger; |
66 | |
67 | /** |
68 | * @param SessionBackend $backend |
69 | * @param int $index |
70 | * @param LoggerInterface $logger |
71 | */ |
72 | public function __construct( SessionBackend $backend, $index, LoggerInterface $logger ) { |
73 | $this->backend = $backend; |
74 | $this->index = $index; |
75 | $this->logger = $logger; |
76 | } |
77 | |
78 | public function __destruct() { |
79 | $this->backend->deregisterSession( $this->index ); |
80 | } |
81 | |
82 | /** |
83 | * Returns the session ID |
84 | * @return string |
85 | */ |
86 | public function getId() { |
87 | return $this->backend->getId(); |
88 | } |
89 | |
90 | /** |
91 | * Returns the SessionId object |
92 | * @internal For internal use by WebRequest |
93 | * @return SessionId |
94 | */ |
95 | public function getSessionId() { |
96 | return $this->backend->getSessionId(); |
97 | } |
98 | |
99 | /** |
100 | * Changes the session ID |
101 | * @return string New ID (might be the same as the old) |
102 | */ |
103 | public function resetId() { |
104 | return $this->backend->resetId(); |
105 | } |
106 | |
107 | /** |
108 | * Fetch the SessionProvider for this session |
109 | * @return SessionProviderInterface |
110 | */ |
111 | public function getProvider() { |
112 | return $this->backend->getProvider(); |
113 | } |
114 | |
115 | /** |
116 | * Indicate whether this session is persisted across requests |
117 | * |
118 | * For example, if cookies are set. |
119 | * |
120 | * @return bool |
121 | */ |
122 | public function isPersistent() { |
123 | return $this->backend->isPersistent(); |
124 | } |
125 | |
126 | /** |
127 | * Make this session persisted across requests |
128 | * |
129 | * If the session is already persistent, equivalent to calling |
130 | * $this->renew(). |
131 | */ |
132 | public function persist() { |
133 | $this->backend->persist(); |
134 | } |
135 | |
136 | /** |
137 | * Make this session not be persisted across requests |
138 | * |
139 | * This will remove persistence information (e.g. delete cookies) |
140 | * from the associated WebRequest(s), and delete session data in the |
141 | * backend. The session data will still be available via get() until |
142 | * the end of the request. |
143 | */ |
144 | public function unpersist() { |
145 | $this->backend->unpersist(); |
146 | } |
147 | |
148 | /** |
149 | * Indicate whether the user should be remembered independently of the |
150 | * session ID. |
151 | * @return bool |
152 | */ |
153 | public function shouldRememberUser() { |
154 | return $this->backend->shouldRememberUser(); |
155 | } |
156 | |
157 | /** |
158 | * Set whether the user should be remembered independently of the session |
159 | * ID. |
160 | * @param bool $remember |
161 | */ |
162 | public function setRememberUser( $remember ) { |
163 | $this->backend->setRememberUser( $remember ); |
164 | } |
165 | |
166 | /** |
167 | * Returns the request associated with this session |
168 | * @return WebRequest |
169 | */ |
170 | public function getRequest() { |
171 | return $this->backend->getRequest( $this->index ); |
172 | } |
173 | |
174 | /** |
175 | * Returns the authenticated user for this session |
176 | * @return User |
177 | */ |
178 | public function getUser(): User { |
179 | return $this->backend->getUser(); |
180 | } |
181 | |
182 | /** |
183 | * Fetch the rights allowed the user when this session is active. |
184 | * @return null|string[] Allowed user rights, or null to allow all. |
185 | */ |
186 | public function getAllowedUserRights() { |
187 | return $this->backend->getAllowedUserRights(); |
188 | } |
189 | |
190 | /** |
191 | * Fetch any restrictions imposed on logins or actions when this |
192 | * session is active. |
193 | * @return MWRestrictions|null |
194 | */ |
195 | public function getRestrictions(): ?MWRestrictions { |
196 | return $this->backend->getRestrictions(); |
197 | } |
198 | |
199 | /** |
200 | * Indicate whether the session user info can be changed |
201 | * @return bool |
202 | */ |
203 | public function canSetUser() { |
204 | return $this->backend->canSetUser(); |
205 | } |
206 | |
207 | /** |
208 | * Set a new user for this session |
209 | * @note This should only be called when the user has been authenticated |
210 | * @param User $user User to set on the session. |
211 | * This may become a "UserValue" in the future, or User may be refactored |
212 | * into such. |
213 | */ |
214 | public function setUser( $user ) { |
215 | $this->backend->setUser( $user ); |
216 | } |
217 | |
218 | /** |
219 | * Get a suggested username for the login form |
220 | * @return string|null |
221 | */ |
222 | public function suggestLoginUsername() { |
223 | return $this->backend->suggestLoginUsername( $this->index ); |
224 | } |
225 | |
226 | /** |
227 | * Get the expected value of the forceHTTPS cookie. This reflects whether |
228 | * session cookies were sent with the Secure attribute. If $wgForceHTTPS |
229 | * is true, the forceHTTPS cookie is not sent and this value is ignored. |
230 | * |
231 | * @return bool |
232 | */ |
233 | public function shouldForceHTTPS() { |
234 | return $this->backend->shouldForceHTTPS(); |
235 | } |
236 | |
237 | /** |
238 | * Set the value of the forceHTTPS cookie. This reflects whether session |
239 | * cookies were sent with the Secure attribute. If $wgForceHTTPS is true, |
240 | * the forceHTTPS cookie is not sent, and this value is ignored. |
241 | * |
242 | * @param bool $force |
243 | */ |
244 | public function setForceHTTPS( $force ) { |
245 | $this->backend->setForceHTTPS( $force ); |
246 | } |
247 | |
248 | /** |
249 | * Fetch the "logged out" timestamp |
250 | * @return int |
251 | */ |
252 | public function getLoggedOutTimestamp() { |
253 | return $this->backend->getLoggedOutTimestamp(); |
254 | } |
255 | |
256 | /** |
257 | * @param int $ts |
258 | */ |
259 | public function setLoggedOutTimestamp( $ts ) { |
260 | $this->backend->setLoggedOutTimestamp( $ts ); |
261 | } |
262 | |
263 | /** |
264 | * Fetch provider metadata |
265 | * @note For use by SessionProvider subclasses only |
266 | * @return mixed |
267 | */ |
268 | public function getProviderMetadata() { |
269 | return $this->backend->getProviderMetadata(); |
270 | } |
271 | |
272 | /** |
273 | * Delete all session data and clear the user (if possible) |
274 | */ |
275 | public function clear() { |
276 | $data = &$this->backend->getData(); |
277 | if ( $data ) { |
278 | $data = []; |
279 | $this->backend->dirty(); |
280 | } |
281 | if ( $this->backend->canSetUser() ) { |
282 | $this->backend->setUser( MediaWikiServices::getInstance()->getUserFactory()->newAnonymous() ); |
283 | } |
284 | $this->backend->save(); |
285 | } |
286 | |
287 | /** |
288 | * Resets the TTL in the backend store if the session is near expiring, and |
289 | * re-persists the session to any active WebRequests if persistent. |
290 | */ |
291 | public function renew() { |
292 | $this->backend->renew(); |
293 | } |
294 | |
295 | /** |
296 | * Fetch a copy of this session attached to an alternative WebRequest |
297 | * |
298 | * Actions on the copy will affect this session too, and vice versa. |
299 | * |
300 | * @param WebRequest $request Any existing session associated with this |
301 | * WebRequest object will be overwritten. |
302 | * @return Session |
303 | */ |
304 | public function sessionWithRequest( WebRequest $request ) { |
305 | $request->setSessionId( $this->backend->getSessionId() ); |
306 | return $this->backend->getSession( $request ); |
307 | } |
308 | |
309 | /** |
310 | * Fetch a value from the session |
311 | * @param string|int $key |
312 | * @param mixed|null $default Returned if $this->exists( $key ) would be false |
313 | * @return mixed |
314 | */ |
315 | public function get( $key, $default = null ) { |
316 | $data = &$this->backend->getData(); |
317 | return array_key_exists( $key, $data ) ? $data[$key] : $default; |
318 | } |
319 | |
320 | /** |
321 | * Test if a value exists in the session |
322 | * @note Unlike isset(), null values are considered to exist. |
323 | * @param string|int $key |
324 | * @return bool |
325 | */ |
326 | public function exists( $key ) { |
327 | $data = &$this->backend->getData(); |
328 | return array_key_exists( $key, $data ); |
329 | } |
330 | |
331 | /** |
332 | * Set a value in the session |
333 | * @param string|int $key |
334 | * @param mixed $value |
335 | */ |
336 | public function set( $key, $value ) { |
337 | $data = &$this->backend->getData(); |
338 | if ( !array_key_exists( $key, $data ) || $data[$key] !== $value ) { |
339 | $data[$key] = $value; |
340 | $this->backend->dirty(); |
341 | } |
342 | } |
343 | |
344 | /** |
345 | * Remove a value from the session |
346 | * @param string|int $key |
347 | */ |
348 | public function remove( $key ) { |
349 | $data = &$this->backend->getData(); |
350 | if ( array_key_exists( $key, $data ) ) { |
351 | unset( $data[$key] ); |
352 | $this->backend->dirty(); |
353 | } |
354 | } |
355 | |
356 | /** |
357 | * Check if a CSRF token is set for the session |
358 | * |
359 | * @since 1.37 |
360 | * @param string $key Token key |
361 | * @return bool |
362 | */ |
363 | public function hasToken( string $key = 'default' ): bool { |
364 | $secrets = $this->get( 'wsTokenSecrets' ); |
365 | if ( !is_array( $secrets ) ) { |
366 | return false; |
367 | } |
368 | return isset( $secrets[$key] ) && is_string( $secrets[$key] ); |
369 | } |
370 | |
371 | /** |
372 | * Fetch a CSRF token from the session |
373 | * |
374 | * Note that this does not persist the session, which you'll probably want |
375 | * to do if you want the token to actually be useful. |
376 | * |
377 | * @param string|string[] $salt Token salt |
378 | * @param string $key Token key |
379 | * @return Token |
380 | */ |
381 | public function getToken( $salt = '', $key = 'default' ) { |
382 | $new = false; |
383 | $secrets = $this->get( 'wsTokenSecrets' ); |
384 | if ( !is_array( $secrets ) ) { |
385 | $secrets = []; |
386 | } |
387 | if ( isset( $secrets[$key] ) && is_string( $secrets[$key] ) ) { |
388 | $secret = $secrets[$key]; |
389 | } else { |
390 | $secret = \MWCryptRand::generateHex( 32 ); |
391 | $secrets[$key] = $secret; |
392 | $this->set( 'wsTokenSecrets', $secrets ); |
393 | $new = true; |
394 | } |
395 | if ( is_array( $salt ) ) { |
396 | $salt = implode( '|', $salt ); |
397 | } |
398 | return new Token( $secret, (string)$salt, $new ); |
399 | } |
400 | |
401 | /** |
402 | * Remove a CSRF token from the session |
403 | * |
404 | * The next call to self::getToken() with $key will generate a new secret. |
405 | * |
406 | * @param string $key Token key |
407 | */ |
408 | public function resetToken( $key = 'default' ) { |
409 | $secrets = $this->get( 'wsTokenSecrets' ); |
410 | if ( is_array( $secrets ) && isset( $secrets[$key] ) ) { |
411 | unset( $secrets[$key] ); |
412 | $this->set( 'wsTokenSecrets', $secrets ); |
413 | } |
414 | } |
415 | |
416 | /** |
417 | * Remove all CSRF tokens from the session |
418 | */ |
419 | public function resetAllTokens() { |
420 | $this->remove( 'wsTokenSecrets' ); |
421 | } |
422 | |
423 | /** |
424 | * Fetch the secret keys for self::setSecret() and self::getSecret(). |
425 | * @return string[] Encryption key, HMAC key |
426 | */ |
427 | private function getSecretKeys() { |
428 | $mainConfig = MediaWikiServices::getInstance()->getMainConfig(); |
429 | $sessionSecret = $mainConfig->get( MainConfigNames::SessionSecret ); |
430 | $secretKey = $mainConfig->get( MainConfigNames::SecretKey ); |
431 | $sessionPbkdf2Iterations = $mainConfig->get( MainConfigNames::SessionPbkdf2Iterations ); |
432 | $wikiSecret = $sessionSecret ?: $secretKey; |
433 | $userSecret = $this->get( 'wsSessionSecret', null ); |
434 | if ( $userSecret === null ) { |
435 | $userSecret = \MWCryptRand::generateHex( 32 ); |
436 | $this->set( 'wsSessionSecret', $userSecret ); |
437 | } |
438 | $iterations = $this->get( 'wsSessionPbkdf2Iterations', null ); |
439 | if ( $iterations === null ) { |
440 | $iterations = $sessionPbkdf2Iterations; |
441 | $this->set( 'wsSessionPbkdf2Iterations', $iterations ); |
442 | } |
443 | |
444 | $keymats = hash_pbkdf2( 'sha256', $wikiSecret, $userSecret, $iterations, 64, true ); |
445 | return [ |
446 | substr( $keymats, 0, 32 ), |
447 | substr( $keymats, 32, 32 ), |
448 | ]; |
449 | } |
450 | |
451 | /** |
452 | * Decide what type of encryption to use, based on system capabilities. |
453 | * @return array |
454 | */ |
455 | private static function getEncryptionAlgorithm() { |
456 | $sessionInsecureSecrets = MediaWikiServices::getInstance()->getMainConfig() |
457 | ->get( MainConfigNames::SessionInsecureSecrets ); |
458 | |
459 | if ( self::$encryptionAlgorithm === null ) { |
460 | if ( function_exists( 'openssl_encrypt' ) ) { |
461 | $methods = openssl_get_cipher_methods(); |
462 | if ( in_array( 'aes-256-ctr', $methods, true ) ) { |
463 | self::$encryptionAlgorithm = [ 'openssl', 'aes-256-ctr' ]; |
464 | return self::$encryptionAlgorithm; |
465 | } |
466 | if ( in_array( 'aes-256-cbc', $methods, true ) ) { |
467 | self::$encryptionAlgorithm = [ 'openssl', 'aes-256-cbc' ]; |
468 | return self::$encryptionAlgorithm; |
469 | } |
470 | } |
471 | |
472 | if ( $sessionInsecureSecrets ) { |
473 | // @todo: import a pure-PHP library for AES instead of this |
474 | self::$encryptionAlgorithm = [ 'insecure' ]; |
475 | return self::$encryptionAlgorithm; |
476 | } |
477 | |
478 | throw new BadMethodCallException( |
479 | 'Encryption is not available. You really should install the PHP OpenSSL extension. ' . |
480 | 'But if you really can\'t and you\'re willing ' . |
481 | 'to accept insecure storage of sensitive session data, set ' . |
482 | '$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.' |
483 | ); |
484 | } |
485 | |
486 | return self::$encryptionAlgorithm; |
487 | } |
488 | |
489 | /** |
490 | * Set a value in the session, encrypted |
491 | * |
492 | * This relies on the secrecy of $wgSecretKey (by default), or $wgSessionSecret. |
493 | * |
494 | * @param string|int $key |
495 | * @param mixed $value |
496 | */ |
497 | public function setSecret( $key, $value ) { |
498 | [ $encKey, $hmacKey ] = $this->getSecretKeys(); |
499 | $serialized = serialize( $value ); |
500 | |
501 | // The code for encryption (with OpenSSL) and sealing is taken from |
502 | // Chris Steipp's OATHAuthUtils class in Extension::OATHAuth. |
503 | |
504 | // Encrypt |
505 | // @todo: import a pure-PHP library for AES instead of doing $wgSessionInsecureSecrets |
506 | $iv = random_bytes( 16 ); |
507 | $algorithm = self::getEncryptionAlgorithm(); |
508 | switch ( $algorithm[0] ) { |
509 | case 'openssl': |
510 | $ciphertext = openssl_encrypt( $serialized, $algorithm[1], $encKey, OPENSSL_RAW_DATA, $iv ); |
511 | if ( $ciphertext === false ) { |
512 | throw new \UnexpectedValueException( 'Encryption failed: ' . openssl_error_string() ); |
513 | } |
514 | break; |
515 | case 'insecure': |
516 | $ex = new RuntimeException( 'No encryption is available, storing data as plain text' ); |
517 | $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] ); |
518 | $ciphertext = $serialized; |
519 | break; |
520 | default: |
521 | throw new LogicException( 'invalid algorithm' ); |
522 | } |
523 | |
524 | // Seal |
525 | $sealed = base64_encode( $iv ) . '.' . base64_encode( $ciphertext ); |
526 | $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true ); |
527 | $encrypted = base64_encode( $hmac ) . '.' . $sealed; |
528 | |
529 | // Store |
530 | $this->set( $key, $encrypted ); |
531 | } |
532 | |
533 | /** |
534 | * Fetch a value from the session that was set with self::setSecret() |
535 | * @param string|int $key |
536 | * @param mixed|null $default Returned if $this->exists( $key ) would be false or decryption fails |
537 | * @return mixed |
538 | */ |
539 | public function getSecret( $key, $default = null ) { |
540 | // Fetch |
541 | $encrypted = $this->get( $key, null ); |
542 | if ( $encrypted === null ) { |
543 | return $default; |
544 | } |
545 | |
546 | // The code for unsealing, checking, and decrypting (with OpenSSL) is |
547 | // taken from Chris Steipp's OATHAuthUtils class in |
548 | // Extension::OATHAuth. |
549 | |
550 | // Unseal and check |
551 | $pieces = explode( '.', $encrypted, 4 ); |
552 | if ( count( $pieces ) !== 3 ) { |
553 | $ex = new RuntimeException( 'Invalid sealed-secret format' ); |
554 | $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] ); |
555 | return $default; |
556 | } |
557 | [ $hmac, $iv, $ciphertext ] = $pieces; |
558 | [ $encKey, $hmacKey ] = $this->getSecretKeys(); |
559 | $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, $hmacKey, true ); |
560 | if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) { |
561 | $ex = new RuntimeException( 'Sealed secret has been tampered with, aborting.' ); |
562 | $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] ); |
563 | return $default; |
564 | } |
565 | |
566 | // Decrypt |
567 | $algorithm = self::getEncryptionAlgorithm(); |
568 | switch ( $algorithm[0] ) { |
569 | case 'openssl': |
570 | $serialized = openssl_decrypt( base64_decode( $ciphertext ), $algorithm[1], $encKey, |
571 | OPENSSL_RAW_DATA, base64_decode( $iv ) ); |
572 | if ( $serialized === false ) { |
573 | $ex = new RuntimeException( 'Decyption failed: ' . openssl_error_string() ); |
574 | $this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] ); |
575 | return $default; |
576 | } |
577 | break; |
578 | case 'insecure': |
579 | $ex = new RuntimeException( |
580 | 'No encryption is available, retrieving data that was stored as plain text' |
581 | ); |
582 | $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] ); |
583 | $serialized = base64_decode( $ciphertext ); |
584 | break; |
585 | default: |
586 | throw new \LogicException( 'invalid algorithm' ); |
587 | } |
588 | |
589 | $value = unserialize( $serialized ); |
590 | if ( $value === false && $serialized !== serialize( false ) ) { |
591 | $value = $default; |
592 | } |
593 | return $value; |
594 | } |
595 | |
596 | /** |
597 | * Delay automatic saving while multiple updates are being made |
598 | * |
599 | * Calls to save() or clear() will not be delayed. |
600 | * |
601 | * @return \Wikimedia\ScopedCallback When this goes out of scope, a save will be triggered |
602 | */ |
603 | public function delaySave() { |
604 | return $this->backend->delaySave(); |
605 | } |
606 | |
607 | /** |
608 | * This will update the backend data and might re-persist the session |
609 | * if needed. |
610 | */ |
611 | public function save() { |
612 | $this->backend->save(); |
613 | } |
614 | |
615 | // region Interface methods |
616 | /** @name Interface methods |
617 | * @{ |
618 | */ |
619 | |
620 | /** @inheritDoc */ |
621 | public function count(): int { |
622 | $data = &$this->backend->getData(); |
623 | return count( $data ); |
624 | } |
625 | |
626 | /** @inheritDoc */ |
627 | #[\ReturnTypeWillChange] |
628 | public function current() { |
629 | $data = &$this->backend->getData(); |
630 | return current( $data ); |
631 | } |
632 | |
633 | /** @inheritDoc */ |
634 | #[\ReturnTypeWillChange] |
635 | public function key() { |
636 | $data = &$this->backend->getData(); |
637 | return key( $data ); |
638 | } |
639 | |
640 | /** @inheritDoc */ |
641 | public function next(): void { |
642 | $data = &$this->backend->getData(); |
643 | next( $data ); |
644 | } |
645 | |
646 | /** @inheritDoc */ |
647 | public function rewind(): void { |
648 | $data = &$this->backend->getData(); |
649 | reset( $data ); |
650 | } |
651 | |
652 | /** @inheritDoc */ |
653 | public function valid(): bool { |
654 | $data = &$this->backend->getData(); |
655 | return key( $data ) !== null; |
656 | } |
657 | |
658 | /** |
659 | * @note Despite the name, this seems to be intended to implement isset() |
660 | * rather than array_key_exists(). So do that. |
661 | * @inheritDoc |
662 | */ |
663 | public function offsetExists( $offset ): bool { |
664 | $data = &$this->backend->getData(); |
665 | return isset( $data[$offset] ); |
666 | } |
667 | |
668 | /** |
669 | * @note This supports indirect modifications but can't mark the session |
670 | * dirty when those happen. SessionBackend::save() checks the hash of the |
671 | * data to detect such changes. |
672 | * @note Accessing a nonexistent key via this mechanism causes that key to |
673 | * be created with a null value, and does not raise a PHP warning. |
674 | * @inheritDoc |
675 | */ |
676 | #[\ReturnTypeWillChange] |
677 | public function &offsetGet( $offset ) { |
678 | $data = &$this->backend->getData(); |
679 | if ( !array_key_exists( $offset, $data ) ) { |
680 | $ex = new LogicException( "Undefined index (auto-adds to session with a null value): $offset" ); |
681 | $this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] ); |
682 | } |
683 | return $data[$offset]; |
684 | } |
685 | |
686 | /** @inheritDoc */ |
687 | public function offsetSet( $offset, $value ): void { |
688 | $this->set( $offset, $value ); |
689 | } |
690 | |
691 | /** @inheritDoc */ |
692 | public function offsetUnset( $offset ): void { |
693 | $this->remove( $offset ); |
694 | } |
695 | |
696 | /** @} */ |
697 | // endregion -- end of Interface methods |
698 | } |