MediaWiki  1.28.0
ImmutableSessionProviderWithCookieTest.php
Go to the documentation of this file.
1 <?php
2 
3 namespace MediaWiki\Session;
4 
6 use User;
7 
14 
15  private function getProvider( $name, $prefix = null ) {
16  $config = new \HashConfig();
17  $config->set( 'CookiePrefix', 'wgCookiePrefix' );
18 
19  $params = [
20  'sessionCookieName' => $name,
21  'sessionCookieOptions' => [],
22  ];
23  if ( $prefix !== null ) {
24  $params['sessionCookieOptions']['prefix'] = $prefix;
25  }
26 
27  $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie::class )
28  ->setConstructorArgs( [ $params ] )
29  ->getMockForAbstractClass();
30  $provider->setLogger( new \TestLogger() );
31  $provider->setConfig( $config );
32  $provider->setManager( new SessionManager() );
33 
34  return $provider;
35  }
36 
37  public function testConstructor() {
38  $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie::class )
39  ->getMockForAbstractClass();
40  $priv = \TestingAccessWrapper::newFromObject( $provider );
41  $this->assertNull( $priv->sessionCookieName );
42  $this->assertSame( [], $priv->sessionCookieOptions );
43 
44  $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie::class )
45  ->setConstructorArgs( [ [
46  'sessionCookieName' => 'Foo',
47  'sessionCookieOptions' => [ 'Bar' ],
48  ] ] )
49  ->getMockForAbstractClass();
50  $priv = \TestingAccessWrapper::newFromObject( $provider );
51  $this->assertSame( 'Foo', $priv->sessionCookieName );
52  $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions );
53 
54  try {
55  $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie::class )
56  ->setConstructorArgs( [ [
57  'sessionCookieName' => false,
58  ] ] )
59  ->getMockForAbstractClass();
60  $this->fail( 'Expected exception not thrown' );
61  } catch ( \InvalidArgumentException $ex ) {
62  $this->assertSame(
63  'sessionCookieName must be a string',
64  $ex->getMessage()
65  );
66  }
67 
68  try {
69  $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie::class )
70  ->setConstructorArgs( [ [
71  'sessionCookieOptions' => 'x',
72  ] ] )
73  ->getMockForAbstractClass();
74  $this->fail( 'Expected exception not thrown' );
75  } catch ( \InvalidArgumentException $ex ) {
76  $this->assertSame(
77  'sessionCookieOptions must be an array',
78  $ex->getMessage()
79  );
80  }
81  }
82 
83  public function testBasics() {
84  $provider = $this->getProvider( null );
85  $this->assertFalse( $provider->persistsSessionID() );
86  $this->assertFalse( $provider->canChangeUser() );
87 
88  $provider = $this->getProvider( 'Foo' );
89  $this->assertTrue( $provider->persistsSessionID() );
90  $this->assertFalse( $provider->canChangeUser() );
91 
92  $msg = $provider->whyNoSession();
93  $this->assertInstanceOf( 'Message', $msg );
94  $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
95  }
96 
97  public function testGetVaryCookies() {
98  $provider = $this->getProvider( null );
99  $this->assertSame( [], $provider->getVaryCookies() );
100 
101  $provider = $this->getProvider( 'Foo' );
102  $this->assertSame( [ 'wgCookiePrefixFoo' ], $provider->getVaryCookies() );
103 
104  $provider = $this->getProvider( 'Foo', 'Bar' );
105  $this->assertSame( [ 'BarFoo' ], $provider->getVaryCookies() );
106 
107  $provider = $this->getProvider( 'Foo', '' );
108  $this->assertSame( [ 'Foo' ], $provider->getVaryCookies() );
109  }
110 
111  public function testGetSessionIdFromCookie() {
112  $this->setMwGlobals( 'wgCookiePrefix', 'wgCookiePrefix' );
113  $request = new \FauxRequest();
114  $request->setCookies( [
115  '' => 'empty---------------------------',
116  'Foo' => 'foo-----------------------------',
117  'wgCookiePrefixFoo' => 'wgfoo---------------------------',
118  'BarFoo' => 'foobar--------------------------',
119  'bad' => 'bad',
120  ], '' );
121 
122  $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( null ) );
123  try {
124  $provider->getSessionIdFromCookie( $request );
125  $this->fail( 'Expected exception not thrown' );
126  } catch ( \BadMethodCallException $ex ) {
127  $this->assertSame(
128  'MediaWiki\\Session\\ImmutableSessionProviderWithCookie::getSessionIdFromCookie ' .
129  'may not be called when $this->sessionCookieName === null',
130  $ex->getMessage()
131  );
132  }
133 
134  $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'Foo' ) );
135  $this->assertSame(
136  'wgfoo---------------------------',
137  $provider->getSessionIdFromCookie( $request )
138  );
139 
140  $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'Foo', 'Bar' ) );
141  $this->assertSame(
142  'foobar--------------------------',
143  $provider->getSessionIdFromCookie( $request )
144  );
145 
146  $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'Foo', '' ) );
147  $this->assertSame(
148  'foo-----------------------------',
149  $provider->getSessionIdFromCookie( $request )
150  );
151 
152  $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'bad', '' ) );
153  $this->assertSame( null, $provider->getSessionIdFromCookie( $request ) );
154 
155  $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'none', '' ) );
156  $this->assertSame( null, $provider->getSessionIdFromCookie( $request ) );
157  }
158 
159  protected function getSentRequest() {
160  $sentResponse = $this->getMock( 'FauxResponse', [ 'headersSent', 'setCookie', 'header' ] );
161  $sentResponse->expects( $this->any() )->method( 'headersSent' )
162  ->will( $this->returnValue( true ) );
163  $sentResponse->expects( $this->never() )->method( 'setCookie' );
164  $sentResponse->expects( $this->never() )->method( 'header' );
165 
166  $sentRequest = $this->getMock( 'FauxRequest', [ 'response' ] );
167  $sentRequest->expects( $this->any() )->method( 'response' )
168  ->will( $this->returnValue( $sentResponse ) );
169  return $sentRequest;
170  }
171 
177  public function testPersistSession( $secure, $remember ) {
178  $this->setMwGlobals( [
179  'wgCookieExpiration' => 100,
180  'wgSecureLogin' => false,
181  ] );
182 
183  $provider = $this->getProvider( 'session' );
184  $provider->setLogger( new \Psr\Log\NullLogger() );
185  $priv = \TestingAccessWrapper::newFromObject( $provider );
186  $priv->sessionCookieOptions = [
187  'prefix' => 'x',
188  'path' => 'CookiePath',
189  'domain' => 'CookieDomain',
190  'secure' => false,
191  'httpOnly' => true,
192  ];
193 
194  $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
195  $user = User::newFromName( 'UTSysop' );
196  $this->assertFalse( $user->requiresHTTPS(), 'sanity check' );
197 
198  $backend = new SessionBackend(
199  new SessionId( $sessionId ),
201  'provider' => $provider,
202  'id' => $sessionId,
203  'persisted' => true,
204  'userInfo' => UserInfo::newFromUser( $user, true ),
205  'idIsSafe' => true,
206  ] ),
207  new TestBagOStuff(),
208  new \Psr\Log\NullLogger(),
209  10
210  );
211  \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;
212  $backend->setRememberUser( $remember );
213  $backend->setForceHTTPS( $secure );
214 
215  // No cookie
216  $priv->sessionCookieName = null;
217  $request = new \FauxRequest();
218  $provider->persistSession( $backend, $request );
219  $this->assertSame( [], $request->response()->getCookies() );
220 
221  // Cookie
222  $priv->sessionCookieName = 'session';
223  $request = new \FauxRequest();
224  $time = time();
225  $provider->persistSession( $backend, $request );
226 
227  $cookie = $request->response()->getCookieData( 'xsession' );
228  $this->assertInternalType( 'array', $cookie );
229  if ( isset( $cookie['expire'] ) && $cookie['expire'] > 0 ) {
230  // Round expiry so we don't randomly fail if the seconds ticked during the test.
231  $cookie['expire'] = round( $cookie['expire'] - $time, -2 );
232  }
233  $this->assertEquals( [
234  'value' => $sessionId,
235  'expire' => null,
236  'path' => 'CookiePath',
237  'domain' => 'CookieDomain',
238  'secure' => $secure,
239  'httpOnly' => true,
240  'raw' => false,
241  ], $cookie );
242 
243  $cookie = $request->response()->getCookieData( 'forceHTTPS' );
244  if ( $secure ) {
245  $this->assertInternalType( 'array', $cookie );
246  if ( isset( $cookie['expire'] ) && $cookie['expire'] > 0 ) {
247  // Round expiry so we don't randomly fail if the seconds ticked during the test.
248  $cookie['expire'] = round( $cookie['expire'] - $time, -2 );
249  }
250  $this->assertEquals( [
251  'value' => 'true',
252  'expire' => null,
253  'path' => 'CookiePath',
254  'domain' => 'CookieDomain',
255  'secure' => false,
256  'httpOnly' => true,
257  'raw' => false,
258  ], $cookie );
259  } else {
260  $this->assertNull( $cookie );
261  }
262 
263  // Headers sent
264  $request = $this->getSentRequest();
265  $provider->persistSession( $backend, $request );
266  $this->assertSame( [], $request->response()->getCookies() );
267  }
268 
269  public static function providePersistSession() {
270  return [
271  [ false, false ],
272  [ false, true ],
273  [ true, false ],
274  [ true, true ],
275  ];
276  }
277 
278  public function testUnpersistSession() {
279  $provider = $this->getProvider( 'session', '' );
280  $provider->setLogger( new \Psr\Log\NullLogger() );
281  $priv = \TestingAccessWrapper::newFromObject( $provider );
282 
283  // No cookie
284  $priv->sessionCookieName = null;
285  $request = new \FauxRequest();
286  $provider->unpersistSession( $request );
287  $this->assertSame( null, $request->response()->getCookie( 'session', '' ) );
288 
289  // Cookie
290  $priv->sessionCookieName = 'session';
291  $request = new \FauxRequest();
292  $provider->unpersistSession( $request );
293  $this->assertSame( '', $request->response()->getCookie( 'session', '' ) );
294 
295  // Headers sent
296  $request = $this->getSentRequest();
297  $provider->unpersistSession( $request );
298  $this->assertSame( null, $request->response()->getCookie( 'session', '' ) );
299  }
300 
301 }
static newFromName($name, $validate= 'valid')
Static factory method for creation from username.
Definition: User.php:525
const MIN_PRIORITY
Minimum allowed priority.
Definition: SessionInfo.php:36
Config $config
Definition: MediaWiki.php:38
This is the actual workhorse for Session.
processing should stop and the error should be shown to the user * false
Definition: hooks.txt:189
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
static newFromUser(User $user, $verified=false)
Create an instance from an existing User object.
Definition: UserInfo.php:116
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition: hooks.txt:1936
BagOStuff with utility functions for MediaWiki\\Session\\* testing.
A logger that may be configured to either buffer logs or to print them to the output where PHPUnit wi...
Definition: TestLogger.php:34
$params
Session Database MediaWiki\Session\ImmutableSessionProviderWithCookie.
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a local account $user
Definition: hooks.txt:242
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2573
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
Value object holding the session ID in a manner that can be globally updated.
Definition: SessionId.php:38
This serves as the entry point to the MediaWiki session handling system.
static newFromObject($object)
Return the same object, without access restrictions.
setMwGlobals($pairs, $value=null)
see documentation in includes Linker php for Linker::makeImageLink & $time
Definition: hooks.txt:1749
Value object returned by SessionProvider.
Definition: SessionInfo.php:34
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:300