CookieSessionProviderTest.php

Go to the documentation of this file.

<?php

namespace MediaWiki\Session;

use MediaWikiTestCase;
use User;
use Psr\Log\LogLevel;

class CookieSessionProviderTest extends MediaWikiTestCase {

    private function getConfig() {
        return new \HashConfig( [
            'CookiePrefix' => 'CookiePrefix',
            'CookiePath' => 'CookiePath',
            'CookieDomain' => 'CookieDomain',
            'CookieSecure' => true,
            'CookieHttpOnly' => true,
            'SessionName' => false,
            'CookieExpiration' => 100,
            'ExtendedLoginCookieExpiration' => 200,
        ] );
    }

    public function testConstructor() {
        try {
            new CookieSessionProvider();
            $this->fail( 'Expected exception not thrown' );
        } catch ( \InvalidArgumentException $ex ) {
            $this->assertSame(
                'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',
                $ex->getMessage()
            );
        }

        try {
            new CookieSessionProvider( [ 'priority' => 'foo' ] );
            $this->fail( 'Expected exception not thrown' );
        } catch ( \InvalidArgumentException $ex ) {
            $this->assertSame(
                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
                $ex->getMessage()
            );
        }
        try {
            new CookieSessionProvider( [ 'priority' => SessionInfo::MIN_PRIORITY - 1 ] );
            $this->fail( 'Expected exception not thrown' );
        } catch ( \InvalidArgumentException $ex ) {
            $this->assertSame(
                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
                $ex->getMessage()
            );
        }
        try {
            new CookieSessionProvider( [ 'priority' => SessionInfo::MAX_PRIORITY + 1 ] );
            $this->fail( 'Expected exception not thrown' );
        } catch ( \InvalidArgumentException $ex ) {
            $this->assertSame(
                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
                $ex->getMessage()
            );
        }

        try {
            new CookieSessionProvider( [ 'priority' => 1, 'cookieOptions' => null ] );
            $this->fail( 'Expected exception not thrown' );
        } catch ( \InvalidArgumentException $ex ) {
            $this->assertSame(
                'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',
                $ex->getMessage()
            );
        }

        $config = $this->getConfig();
        $p = \TestingAccessWrapper::newFromObject(
            new CookieSessionProvider( [ 'priority' => 1 ] )
        );
        $p->setLogger( new \TestLogger() );
        $p->setConfig( $config );
        $this->assertEquals( 1, $p->priority );
        $this->assertEquals( [
            'callUserSetCookiesHook' => false,
            'sessionName' => 'CookiePrefix_session',
        ], $p->params );
        $this->assertEquals( [
            'prefix' => 'CookiePrefix',
            'path' => 'CookiePath',
            'domain' => 'CookieDomain',
            'secure' => true,
            'httpOnly' => true,
        ], $p->cookieOptions );

        $config->set( 'SessionName', 'SessionName' );
        $p = \TestingAccessWrapper::newFromObject(
            new CookieSessionProvider( [ 'priority' => 3 ] )
        );
        $p->setLogger( new \TestLogger() );
        $p->setConfig( $config );
        $this->assertEquals( 3, $p->priority );
        $this->assertEquals( [
            'callUserSetCookiesHook' => false,
            'sessionName' => 'SessionName',
        ], $p->params );
        $this->assertEquals( [
            'prefix' => 'CookiePrefix',
            'path' => 'CookiePath',
            'domain' => 'CookieDomain',
            'secure' => true,
            'httpOnly' => true,
        ], $p->cookieOptions );

        $p = \TestingAccessWrapper::newFromObject( new CookieSessionProvider( [
            'priority' => 10,
            'callUserSetCookiesHook' => true,
            'cookieOptions' => [
                'prefix' => 'XPrefix',
                'path' => 'XPath',
                'domain' => 'XDomain',
                'secure' => 'XSecure',
                'httpOnly' => 'XHttpOnly',
            ],
            'sessionName' => 'XSession',
        ] ) );
        $p->setLogger( new \TestLogger() );
        $p->setConfig( $config );
        $this->assertEquals( 10, $p->priority );
        $this->assertEquals( [
            'callUserSetCookiesHook' => true,
            'sessionName' => 'XSession',
        ], $p->params );
        $this->assertEquals( [
            'prefix' => 'XPrefix',
            'path' => 'XPath',
            'domain' => 'XDomain',
            'secure' => 'XSecure',
            'httpOnly' => 'XHttpOnly',
        ], $p->cookieOptions );
    }

    public function testBasics() {
        $provider = new CookieSessionProvider( [ 'priority' => 10 ] );

        $this->assertTrue( $provider->persistsSessionId() );
        $this->assertTrue( $provider->canChangeUser() );

        $extendedCookies = [ 'UserID', 'UserName', 'Token' ];

        $this->assertEquals(
            $extendedCookies,
            \TestingAccessWrapper::newFromObject( $provider )->getExtendedLoginCookies(),
            'List of extended cookies (subclasses can add values, but we\'re calling the core one here)'
        );

        $msg = $provider->whyNoSession();
        $this->assertInstanceOf( 'Message', $msg );
        $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
    }

    public function testProvideSessionInfo() {
        $params = [
            'priority' => 20,
            'sessionName' => 'session',
            'cookieOptions' => [ 'prefix' => 'x' ],
        ];
        $provider = new CookieSessionProvider( $params );
        $logger = new \TestLogger( true );
        $provider->setLogger( $logger );
        $provider->setConfig( $this->getConfig() );
        $provider->setManager( new SessionManager() );

        $user = static::getTestSysop()->getUser();
        $id = $user->getId();
        $name = $user->getName();
        $token = $user->getToken( true );

        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        // No data
        $request = new \FauxRequest();
        $info = $provider->provideSessionInfo( $request );
        $this->assertNull( $info );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // Session key only
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNotNull( $info );
        $this->assertSame( $params['priority'], $info->getPriority() );
        $this->assertSame( $sessionId, $info->getId() );
        $this->assertNotNull( $info->getUserInfo() );
        $this->assertSame( 0, $info->getUserInfo()->getId() );
        $this->assertNull( $info->getUserInfo()->getName() );
        $this->assertFalse( $info->forceHTTPS() );
        $this->assertSame( [
            [
                LogLevel::DEBUG,
                'Session "{session}" requested without UserID cookie',
            ],
        ], $logger->getBuffer() );
        $logger->clearBuffer();

        // User, no session key
        $request = new \FauxRequest();
        $request->setCookies( [
            'xUserID' => $id,
            'xToken' => $token,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNotNull( $info );
        $this->assertSame( $params['priority'], $info->getPriority() );
        $this->assertNotSame( $sessionId, $info->getId() );
        $this->assertNotNull( $info->getUserInfo() );
        $this->assertSame( $id, $info->getUserInfo()->getId() );
        $this->assertSame( $name, $info->getUserInfo()->getName() );
        $this->assertFalse( $info->forceHTTPS() );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // User and session key
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => $id,
            'xToken' => $token,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNotNull( $info );
        $this->assertSame( $params['priority'], $info->getPriority() );
        $this->assertSame( $sessionId, $info->getId() );
        $this->assertNotNull( $info->getUserInfo() );
        $this->assertSame( $id, $info->getUserInfo()->getId() );
        $this->assertSame( $name, $info->getUserInfo()->getName() );
        $this->assertFalse( $info->forceHTTPS() );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // User with bad token
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => $id,
            'xToken' => 'BADTOKEN',
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNull( $info );
        $this->assertSame( [
            [
                LogLevel::WARNING,
                'Session "{session}" requested with invalid Token cookie.'
            ],
        ], $logger->getBuffer() );
        $logger->clearBuffer();

        // User id with no token
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => $id,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNotNull( $info );
        $this->assertSame( $params['priority'], $info->getPriority() );
        $this->assertSame( $sessionId, $info->getId() );
        $this->assertNotNull( $info->getUserInfo() );
        $this->assertFalse( $info->getUserInfo()->isVerified() );
        $this->assertSame( $id, $info->getUserInfo()->getId() );
        $this->assertSame( $name, $info->getUserInfo()->getName() );
        $this->assertFalse( $info->forceHTTPS() );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        $request = new \FauxRequest();
        $request->setCookies( [
            'xUserID' => $id,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNull( $info );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // User and session key, with forceHTTPS flag
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => $id,
            'xToken' => $token,
            'forceHTTPS' => true,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNotNull( $info );
        $this->assertSame( $params['priority'], $info->getPriority() );
        $this->assertSame( $sessionId, $info->getId() );
        $this->assertNotNull( $info->getUserInfo() );
        $this->assertSame( $id, $info->getUserInfo()->getId() );
        $this->assertSame( $name, $info->getUserInfo()->getName() );
        $this->assertTrue( $info->forceHTTPS() );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // Invalid user id
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => '-1',
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNull( $info );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // User id with matching name
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => $id,
            'xUserName' => $name,
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNotNull( $info );
        $this->assertSame( $params['priority'], $info->getPriority() );
        $this->assertSame( $sessionId, $info->getId() );
        $this->assertNotNull( $info->getUserInfo() );
        $this->assertFalse( $info->getUserInfo()->isVerified() );
        $this->assertSame( $id, $info->getUserInfo()->getId() );
        $this->assertSame( $name, $info->getUserInfo()->getName() );
        $this->assertFalse( $info->forceHTTPS() );
        $this->assertSame( [], $logger->getBuffer() );
        $logger->clearBuffer();

        // User id with wrong name
        $request = new \FauxRequest();
        $request->setCookies( [
            'session' => $sessionId,
            'xUserID' => $id,
            'xUserName' => 'Wrong',
        ], '' );
        $info = $provider->provideSessionInfo( $request );
        $this->assertNull( $info );
        $this->assertSame( [
            [
                LogLevel::WARNING,
                'Session "{session}" requested with mismatched UserID and UserName cookies.',
            ],
        ], $logger->getBuffer() );
        $logger->clearBuffer();
    }

    public function testGetVaryCookies() {
        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'cookieOptions' => [ 'prefix' => 'MyCookiePrefix' ],
        ] );
        $this->assertArrayEquals( [
            'MyCookiePrefixToken',
            'MyCookiePrefixLoggedOut',
            'MySessionName',
            'forceHTTPS',
        ], $provider->getVaryCookies() );
    }

    public function testSuggestLoginUsername() {
        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] );

        $request = new \FauxRequest();
        $this->assertEquals( null, $provider->suggestLoginUsername( $request ) );

        $request->setCookies( [
            'xUserName' => 'Example',
        ], '' );
        $this->assertEquals( 'Example', $provider->suggestLoginUsername( $request ) );
    }

    public function testPersistSession() {
        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'callUserSetCookiesHook' => false,
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] );
        $config = $this->getConfig();
        $provider->setLogger( new \TestLogger() );
        $provider->setConfig( $config );
        $provider->setManager( SessionManager::singleton() );

        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
        $store = new TestBagOStuff();
        $user = static::getTestSysop()->getUser();
        $anon = new User;

        $backend = new SessionBackend(
            new SessionId( $sessionId ),
            new SessionInfo( SessionInfo::MIN_PRIORITY, [
                'provider' => $provider,
                'id' => $sessionId,
                'persisted' => true,
                'idIsSafe' => true,
            ] ),
            $store,
            new \Psr\Log\NullLogger(),
            10
        );
        \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;

        $mock = $this->getMock( 'stdClass', [ 'onUserSetCookies' ] );
        $mock->expects( $this->never() )->method( 'onUserSetCookies' );
        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        // Anonymous user
        $backend->setUser( $anon );
        $backend->setRememberUser( true );
        $backend->setForceHTTPS( false );
        $request = new \FauxRequest();
        $provider->persistSession( $backend, $request );
        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
        $this->assertSame( [], $backend->getData() );

        // Logged-in user, no remember
        $backend->setUser( $user );
        $backend->setRememberUser( false );
        $backend->setForceHTTPS( false );
        $request = new \FauxRequest();
        $provider->persistSession( $backend, $request );
        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
        $this->assertSame( [], $backend->getData() );

        // Logged-in user, remember
        $backend->setUser( $user );
        $backend->setRememberUser( true );
        $backend->setForceHTTPS( true );
        $request = new \FauxRequest();
        $time = time();
        $provider->persistSession( $backend, $request );
        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
        $this->assertSame( [], $backend->getData() );
    }

    public function testCookieData( $secure, $remember ) {
        $this->setMwGlobals( [
            'wgSecureLogin' => false,
        ] );

        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'callUserSetCookiesHook' => false,
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] );
        $config = $this->getConfig();
        $config->set( 'CookieSecure', $secure );
        $provider->setLogger( new \TestLogger() );
        $provider->setConfig( $config );
        $provider->setManager( SessionManager::singleton() );

        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
        $user = static::getTestSysop()->getUser();
        $this->assertFalse( $user->requiresHTTPS(), 'sanity check' );

        $backend = new SessionBackend(
            new SessionId( $sessionId ),
            new SessionInfo( SessionInfo::MIN_PRIORITY, [
                'provider' => $provider,
                'id' => $sessionId,
                'persisted' => true,
                'idIsSafe' => true,
            ] ),
            new TestBagOStuff(),
            new \Psr\Log\NullLogger(),
            10
        );
        \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;
        $backend->setUser( $user );
        $backend->setRememberUser( $remember );
        $backend->setForceHTTPS( $secure );
        $request = new \FauxRequest();
        $time = time();
        $provider->persistSession( $backend, $request );

        $defaults = [
            'expire' => (int)100,
            'path' => $config->get( 'CookiePath' ),
            'domain' => $config->get( 'CookieDomain' ),
            'secure' => $secure,
            'httpOnly' => $config->get( 'CookieHttpOnly' ),
            'raw' => false,
        ];

        $normalExpiry = $config->get( 'CookieExpiration' );
        $extendedExpiry = $config->get( 'ExtendedLoginCookieExpiration' );
        $extendedExpiry = (int)( $extendedExpiry === null ? 0 : $extendedExpiry );
        $expect = [
            'MySessionName' => [
                'value' => (string)$sessionId,
                'expire' => 0,
            ] + $defaults,
            'xUserID' => [
                'value' => (string)$user->getId(),
                'expire' => $remember ? $extendedExpiry : $normalExpiry,
            ] + $defaults,
            'xUserName' => [
                'value' => $user->getName(),
                'expire' => $remember ? $extendedExpiry : $normalExpiry
            ] + $defaults,
            'xToken' => [
                'value' => $remember ? $user->getToken() : '',
                'expire' => $remember ? $extendedExpiry : -31536000,
            ] + $defaults,
            'forceHTTPS' => [
                'value' => $secure ? 'true' : '',
                'secure' => false,
                'expire' => $secure ? $remember ? $defaults['expire'] : 0 : -31536000,
            ] + $defaults,
        ];
        foreach ( $expect as $key => $value ) {
            $actual = $request->response()->getCookieData( $key );
            if ( $actual && $actual['expire'] > 0 ) {
                // Round expiry so we don't randomly fail if the seconds ticked during the test.
                $actual['expire'] = round( $actual['expire'] - $time, -2 );
            }
            $this->assertEquals( $value, $actual, "Cookie $key" );
        }
    }

    public static function provideCookieData() {
        return [
            [ false, false ],
            [ false, true ],
            [ true, false ],
            [ true, true ],
        ];
    }

    protected function getSentRequest() {
        $sentResponse = $this->getMock( 'FauxResponse', [ 'headersSent', 'setCookie', 'header' ] );
        $sentResponse->expects( $this->any() )->method( 'headersSent' )
            ->will( $this->returnValue( true ) );
        $sentResponse->expects( $this->never() )->method( 'setCookie' );
        $sentResponse->expects( $this->never() )->method( 'header' );

        $sentRequest = $this->getMock( 'FauxRequest', [ 'response' ] );
        $sentRequest->expects( $this->any() )->method( 'response' )
            ->will( $this->returnValue( $sentResponse ) );
        return $sentRequest;
    }

    public function testPersistSessionWithHook() {
        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'callUserSetCookiesHook' => true,
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] );
        $provider->setLogger( new \Psr\Log\NullLogger() );
        $provider->setConfig( $this->getConfig() );
        $provider->setManager( SessionManager::singleton() );

        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
        $store = new TestBagOStuff();
        $user = static::getTestSysop()->getUser();
        $anon = new User;

        $backend = new SessionBackend(
            new SessionId( $sessionId ),
            new SessionInfo( SessionInfo::MIN_PRIORITY, [
                'provider' => $provider,
                'id' => $sessionId,
                'persisted' => true,
                'idIsSafe' => true,
            ] ),
            $store,
            new \Psr\Log\NullLogger(),
            10
        );
        \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;

        // Anonymous user
        $mock = $this->getMock( 'stdClass', [ 'onUserSetCookies' ] );
        $mock->expects( $this->never() )->method( 'onUserSetCookies' );
        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );
        $backend->setUser( $anon );
        $backend->setRememberUser( true );
        $backend->setForceHTTPS( false );
        $request = new \FauxRequest();
        $provider->persistSession( $backend, $request );
        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
        $this->assertSame( [], $backend->getData() );

        $provider->persistSession( $backend, $this->getSentRequest() );

        // Logged-in user, no remember
        $mock = $this->getMock( __CLASS__, [ 'onUserSetCookies' ] );
        $mock->expects( $this->once() )->method( 'onUserSetCookies' )
            ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {
                $this->assertSame( $user, $u );
                $this->assertEquals( [
                    'wsUserID' => $user->getId(),
                    'wsUserName' => $user->getName(),
                    'wsToken' => $user->getToken(),
                ], $sessionData );
                $this->assertEquals( [
                    'UserID' => $user->getId(),
                    'UserName' => $user->getName(),
                    'Token' => false,
                ], $cookies );

                $sessionData['foo'] = 'foo!';
                $cookies['bar'] = 'bar!';
                return true;
            } ) );
        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );
        $backend->setUser( $user );
        $backend->setRememberUser( false );
        $backend->setForceHTTPS( false );
        $backend->setLoggedOutTimestamp( $loggedOut = time() );
        $request = new \FauxRequest();
        $provider->persistSession( $backend, $request );
        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
        $this->assertSame( 'bar!', $request->response()->getCookie( 'xbar' ) );
        $this->assertSame( (string)$loggedOut, $request->response()->getCookie( 'xLoggedOut' ) );
        $this->assertEquals( [
            'wsUserID' => $user->getId(),
            'wsUserName' => $user->getName(),
            'wsToken' => $user->getToken(),
            'foo' => 'foo!',
        ], $backend->getData() );

        $provider->persistSession( $backend, $this->getSentRequest() );

        // Logged-in user, remember
        $mock = $this->getMock( __CLASS__, [ 'onUserSetCookies' ] );
        $mock->expects( $this->once() )->method( 'onUserSetCookies' )
            ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {
                $this->assertSame( $user, $u );
                $this->assertEquals( [
                    'wsUserID' => $user->getId(),
                    'wsUserName' => $user->getName(),
                    'wsToken' => $user->getToken(),
                ], $sessionData );
                $this->assertEquals( [
                    'UserID' => $user->getId(),
                    'UserName' => $user->getName(),
                    'Token' => $user->getToken(),
                ], $cookies );

                $sessionData['foo'] = 'foo 2!';
                $cookies['bar'] = 'bar 2!';
                return true;
            } ) );
        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );
        $backend->setUser( $user );
        $backend->setRememberUser( true );
        $backend->setForceHTTPS( true );
        $backend->setLoggedOutTimestamp( 0 );
        $request = new \FauxRequest();
        $provider->persistSession( $backend, $request );
        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
        $this->assertSame( 'bar 2!', $request->response()->getCookie( 'xbar' ) );
        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
        $this->assertEquals( [
            'wsUserID' => $user->getId(),
            'wsUserName' => $user->getName(),
            'wsToken' => $user->getToken(),
            'foo' => 'foo 2!',
        ], $backend->getData() );

        $provider->persistSession( $backend, $this->getSentRequest() );
    }

    public function testUnpersistSession() {
        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] );
        $provider->setLogger( new \Psr\Log\NullLogger() );
        $provider->setConfig( $this->getConfig() );
        $provider->setManager( SessionManager::singleton() );

        $request = new \FauxRequest();
        $provider->unpersistSession( $request );
        $this->assertSame( '', $request->response()->getCookie( 'MySessionName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $provider->unpersistSession( $this->getSentRequest() );
    }

    public function testSetLoggedOutCookie() {
        $provider = \TestingAccessWrapper::newFromObject( new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] ) );
        $provider->setLogger( new \Psr\Log\NullLogger() );
        $provider->setConfig( $this->getConfig() );
        $provider->setManager( SessionManager::singleton() );

        $t1 = time();
        $t2 = time() - 86400 * 2;

        // Set it
        $request = new \FauxRequest();
        $provider->setLoggedOutCookie( $t1, $request );
        $this->assertSame( (string)$t1, $request->response()->getCookie( 'xLoggedOut' ) );

        // Too old
        $request = new \FauxRequest();
        $provider->setLoggedOutCookie( $t2, $request );
        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );

        // Don't reset if it's already set
        $request = new \FauxRequest();
        $request->setCookies( [
            'xLoggedOut' => $t1,
        ], '' );
        $provider->setLoggedOutCookie( $t1, $request );
        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
    }

    public function onUserSetCookies( $user, &$sessionData, &$cookies ) {
    }

    public function testGetCookie() {
        $provider = new CookieSessionProvider( [
            'priority' => 1,
            'sessionName' => 'MySessionName',
            'cookieOptions' => [ 'prefix' => 'x' ],
        ] );
        $provider->setLogger( new \Psr\Log\NullLogger() );
        $provider->setConfig( $this->getConfig() );
        $provider->setManager( SessionManager::singleton() );
        $provider = \TestingAccessWrapper::newFromObject( $provider );

        $request = new \FauxRequest();
        $request->setCookies( [
            'xFoo' => 'foo!',
            'xBar' => 'deleted',
        ], '' );
        $this->assertSame( 'foo!', $provider->getCookie( $request, 'Foo', 'x' ) );
        $this->assertNull( $provider->getCookie( $request, 'Bar', 'x' ) );
        $this->assertNull( $provider->getCookie( $request, 'Baz', 'x' ) );
    }

    public function testGetRememberUserDuration() {
        $config = $this->getConfig();
        $provider = new CookieSessionProvider( [ 'priority' => 10 ] );
        $provider->setLogger( new \Psr\Log\NullLogger() );
        $provider->setConfig( $config );
        $provider->setManager( SessionManager::singleton() );

        $this->assertSame( 200, $provider->getRememberUserDuration() );

        $config->set( 'ExtendedLoginCookieExpiration', null );

        $this->assertSame( 100, $provider->getRememberUserDuration() );

        $config->set( 'ExtendedLoginCookieExpiration', 0 );

        $this->assertSame( null, $provider->getRememberUserDuration() );
    }

    public function testGetLoginCookieExpiration() {
        $config = $this->getConfig();
        $provider = \TestingAccessWrapper::newFromObject( new CookieSessionProvider( [
            'priority' => 10
        ] ) );
        $provider->setLogger( new \Psr\Log\NullLogger() );
        $provider->setConfig( $config );
        $provider->setManager( SessionManager::singleton() );

        // First cookie is an extended cookie, remember me true
        $this->assertSame( 200, $provider->getLoginCookieExpiration( 'Token', true ) );
        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );

        // First cookie is an extended cookie, remember me false
        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'UserID', false ) );
        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );

        $config->set( 'ExtendedLoginCookieExpiration', null );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', true ) );
        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', false ) );
        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );
    }
}