1.29.2/php/CookieSessionProviderTest_8php_source.html

<?php


namespace MediaWiki\Session;


use MediaWikiTestCase;

use User;

use Psr\Log\LogLevel;

use Wikimedia\TestingAccessWrapper;


class CookieSessionProviderTest extends MediaWikiTestCase {


    private function getConfig() {

        return new \HashConfig( [

            'CookiePrefix' => 'CookiePrefix',

            'CookiePath' => 'CookiePath',

            'CookieDomain' => 'CookieDomain',

            'CookieSecure' => true,

            'CookieHttpOnly' => true,

            'SessionName' => false,

            'CookieExpiration' => 100,

            'ExtendedLoginCookieExpiration' => 200,

        ] );

    }


    public function testConstructor() {

        try {

            new CookieSessionProvider();

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',

                $ex->getMessage()

            );

        }


        try {

            new CookieSessionProvider( [ 'priority' => 'foo' ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',

                $ex->getMessage()

            );

        }

        try {

            new CookieSessionProvider( [ 'priority' => SessionInfo::MIN_PRIORITY - 1 ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',

                $ex->getMessage()

            );

        }

        try {

            new CookieSessionProvider( [ 'priority' => SessionInfo::MAX_PRIORITY + 1 ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',

                $ex->getMessage()

            );

        }


        try {

            new CookieSessionProvider( [ 'priority' => 1, 'cookieOptions' => null ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',

                $ex->getMessage()

            );

        }


        $config = $this->getConfig();

        $p = TestingAccessWrapper::newFromObject(

            new CookieSessionProvider( [ 'priority' => 1 ] )

        );

        $p->setLogger( new \TestLogger() );

        $p->setConfig( $config );

        $this->assertEquals( 1, $p->priority );

        $this->assertEquals( [

            'callUserSetCookiesHook' => false,

            'sessionName' => 'CookiePrefix_session',

        ], $p->params );

        $this->assertEquals( [

            'prefix' => 'CookiePrefix',

            'path' => 'CookiePath',

            'domain' => 'CookieDomain',

            'secure' => true,

            'httpOnly' => true,

        ], $p->cookieOptions );


        $config->set( 'SessionName', 'SessionName' );

        $p = TestingAccessWrapper::newFromObject(

            new CookieSessionProvider( [ 'priority' => 3 ] )

        );

        $p->setLogger( new \TestLogger() );

        $p->setConfig( $config );

        $this->assertEquals( 3, $p->priority );

        $this->assertEquals( [

            'callUserSetCookiesHook' => false,

            'sessionName' => 'SessionName',

        ], $p->params );

        $this->assertEquals( [

            'prefix' => 'CookiePrefix',

            'path' => 'CookiePath',

            'domain' => 'CookieDomain',

            'secure' => true,

            'httpOnly' => true,

        ], $p->cookieOptions );


        $p = TestingAccessWrapper::newFromObject( new CookieSessionProvider( [

            'priority' => 10,

            'callUserSetCookiesHook' => true,

            'cookieOptions' => [

                'prefix' => 'XPrefix',

                'path' => 'XPath',

                'domain' => 'XDomain',

                'secure' => 'XSecure',

                'httpOnly' => 'XHttpOnly',

            ],

            'sessionName' => 'XSession',

        ] ) );

        $p->setLogger( new \TestLogger() );

        $p->setConfig( $config );

        $this->assertEquals( 10, $p->priority );

        $this->assertEquals( [

            'callUserSetCookiesHook' => true,

            'sessionName' => 'XSession',

        ], $p->params );

        $this->assertEquals( [

            'prefix' => 'XPrefix',

            'path' => 'XPath',

            'domain' => 'XDomain',

            'secure' => 'XSecure',

            'httpOnly' => 'XHttpOnly',

        ], $p->cookieOptions );

    }


    public function testBasics() {

        $provider = new CookieSessionProvider( [ 'priority' => 10 ] );


        $this->assertTrue( $provider->persistsSessionId() );

        $this->assertTrue( $provider->canChangeUser() );


        $extendedCookies = [ 'UserID', 'UserName', 'Token' ];


        $this->assertEquals(

            $extendedCookies,

            TestingAccessWrapper::newFromObject( $provider )->getExtendedLoginCookies(),

            'List of extended cookies (subclasses can add values, but we\'re calling the core one here)'

        );


        $msg = $provider->whyNoSession();

        $this->assertInstanceOf( 'Message', $msg );

        $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );

    }


    public function testProvideSessionInfo() {

        $params = [

            'priority' => 20,

            'sessionName' => 'session',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ];

        $provider = new CookieSessionProvider( $params );

        $logger = new \TestLogger( true );

        $provider->setLogger( $logger );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( new SessionManager() );


        $user = static::getTestSysop()->getUser();

        $id = $user->getId();

        $name = $user->getName();

        $token = $user->getToken( true );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';


        // No data

        $request = new \FauxRequest();

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // Session key only

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( 0, $info->getUserInfo()->getId() );

        $this->assertNull( $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [

            [

                LogLevel::DEBUG,

                'Session "{session}" requested without UserID cookie',

            ],

        ], $logger->getBuffer() );

        $logger->clearBuffer();


        // User, no session key

        $request = new \FauxRequest();

        $request->setCookies( [

            'xUserID' => $id,

            'xToken' => $token,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertNotSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User and session key

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xToken' => $token,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User with bad token

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xToken' => 'BADTOKEN',

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [

            [

                LogLevel::WARNING,

                'Session "{session}" requested with invalid Token cookie.'

            ],

        ], $logger->getBuffer() );

        $logger->clearBuffer();


        // User id with no token

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertFalse( $info->getUserInfo()->isVerified() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        $request = new \FauxRequest();

        $request->setCookies( [

            'xUserID' => $id,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User and session key, with forceHTTPS flag

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xToken' => $token,

            'forceHTTPS' => true,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertTrue( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // Invalid user id

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => '-1',

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User id with matching name

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xUserName' => $name,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertFalse( $info->getUserInfo()->isVerified() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User id with wrong name

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xUserName' => 'Wrong',

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [

            [

                LogLevel::WARNING,

                'Session "{session}" requested with mismatched UserID and UserName cookies.',

            ],

        ], $logger->getBuffer() );

        $logger->clearBuffer();

    }


    public function testGetVaryCookies() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'MyCookiePrefix' ],

        ] );

        $this->assertArrayEquals( [

            'MyCookiePrefixToken',

            'MyCookiePrefixLoggedOut',

            'MySessionName',

            'forceHTTPS',

        ], $provider->getVaryCookies() );

    }


    public function testSuggestLoginUsername() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );


        $request = new \FauxRequest();

        $this->assertEquals( null, $provider->suggestLoginUsername( $request ) );


        $request->setCookies( [

            'xUserName' => 'Example',

        ], '' );

        $this->assertEquals( 'Example', $provider->suggestLoginUsername( $request ) );

    }


    public function testPersistSession() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'callUserSetCookiesHook' => false,

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $config = $this->getConfig();

        $provider->setLogger( new \TestLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        $store = new TestBagOStuff();

        $user = static::getTestSysop()->getUser();

        $anon = new User;


        $backend = new SessionBackend(

            new SessionId( $sessionId ),

            new SessionInfo( SessionInfo::MIN_PRIORITY, [

                'provider' => $provider,

                'id' => $sessionId,

                'persisted' => true,

                'idIsSafe' => true,

            ] ),

            $store,

            new \Psr\Log\NullLogger(),

            10

        );

        TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;


        $mock = $this->getMockBuilder( 'stdClass' )

            ->setMethods( [ 'onUserSetCookies' ] )

            ->getMock();

        $mock->expects( $this->never() )->method( 'onUserSetCookies' );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );


        // Anonymous user

        $backend->setUser( $anon );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( false );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( [], $backend->getData() );


        // Logged-in user, no remember

        $backend->setUser( $user );

        $backend->setRememberUser( false );

        $backend->setForceHTTPS( false );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( [], $backend->getData() );


        // Logged-in user, remember

        $backend->setUser( $user );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( true );

        $request = new \FauxRequest();

        $time = time();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( [], $backend->getData() );

    }


    public function testCookieData( $secure, $remember ) {

        $this->setMwGlobals( [

            'wgSecureLogin' => false,

        ] );


        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'callUserSetCookiesHook' => false,

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $config = $this->getConfig();

        $config->set( 'CookieSecure', $secure );

        $provider->setLogger( new \TestLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        $user = static::getTestSysop()->getUser();

        $this->assertFalse( $user->requiresHTTPS(), 'sanity check' );


        $backend = new SessionBackend(

            new SessionId( $sessionId ),

            new SessionInfo( SessionInfo::MIN_PRIORITY, [

                'provider' => $provider,

                'id' => $sessionId,

                'persisted' => true,

                'idIsSafe' => true,

            ] ),

            new TestBagOStuff(),

            new \Psr\Log\NullLogger(),

            10

        );

        TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;

        $backend->setUser( $user );

        $backend->setRememberUser( $remember );

        $backend->setForceHTTPS( $secure );

        $request = new \FauxRequest();

        $time = time();

        $provider->persistSession( $backend, $request );


        $defaults = [

            'expire' => (int)100,

            'path' => $config->get( 'CookiePath' ),

            'domain' => $config->get( 'CookieDomain' ),

            'secure' => $secure,

            'httpOnly' => $config->get( 'CookieHttpOnly' ),

            'raw' => false,

        ];


        $normalExpiry = $config->get( 'CookieExpiration' );

        $extendedExpiry = $config->get( 'ExtendedLoginCookieExpiration' );

        $extendedExpiry = (int)( $extendedExpiry === null ? 0 : $extendedExpiry );

        $expect = [

            'MySessionName' => [

                'value' => (string)$sessionId,

                'expire' => 0,

            ] + $defaults,

            'xUserID' => [

                'value' => (string)$user->getId(),

                'expire' => $remember ? $extendedExpiry : $normalExpiry,

            ] + $defaults,

            'xUserName' => [

                'value' => $user->getName(),

                'expire' => $remember ? $extendedExpiry : $normalExpiry

            ] + $defaults,

            'xToken' => [

                'value' => $remember ? $user->getToken() : '',

                'expire' => $remember ? $extendedExpiry : -31536000,

            ] + $defaults,

            'forceHTTPS' => [

                'value' => $secure ? 'true' : '',

                'secure' => false,

                'expire' => $secure ? $remember ? $defaults['expire'] : 0 : -31536000,

            ] + $defaults,

        ];

        foreach ( $expect as $key => $value ) {

            $actual = $request->response()->getCookieData( $key );

            if ( $actual && $actual['expire'] > 0 ) {

                // Round expiry so we don't randomly fail if the seconds ticked during the test.

                $actual['expire'] = round( $actual['expire'] - $time, -2 );

            }

            $this->assertEquals( $value, $actual, "Cookie $key" );

        }

    }


    public static function provideCookieData() {

        return [

            [ false, false ],

            [ false, true ],

            [ true, false ],

            [ true, true ],

        ];

    }


    protected function getSentRequest() {

        $sentResponse = $this->getMockBuilder( 'FauxResponse' )

            ->setMethods( [ 'headersSent', 'setCookie', 'header' ] )->getMock();

        $sentResponse->expects( $this->any() )->method( 'headersSent' )

            ->will( $this->returnValue( true ) );

        $sentResponse->expects( $this->never() )->method( 'setCookie' );

        $sentResponse->expects( $this->never() )->method( 'header' );


        $sentRequest = $this->getMockBuilder( 'FauxRequest' )

            ->setMethods( [ 'response' ] )->getMock();

        $sentRequest->expects( $this->any() )->method( 'response' )

            ->will( $this->returnValue( $sentResponse ) );

        return $sentRequest;

    }


    public function testPersistSessionWithHook() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'callUserSetCookiesHook' => true,

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        $store = new TestBagOStuff();

        $user = static::getTestSysop()->getUser();

        $anon = new User;


        $backend = new SessionBackend(

            new SessionId( $sessionId ),

            new SessionInfo( SessionInfo::MIN_PRIORITY, [

                'provider' => $provider,

                'id' => $sessionId,

                'persisted' => true,

                'idIsSafe' => true,

            ] ),

            $store,

            new \Psr\Log\NullLogger(),

            10

        );

        TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;


        // Anonymous user

        $mock = $this->getMockBuilder( 'stdClass' )

            ->setMethods( [ 'onUserSetCookies' ] )->getMock();

        $mock->expects( $this->never() )->method( 'onUserSetCookies' );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        $backend->setUser( $anon );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( false );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( [], $backend->getData() );


        $provider->persistSession( $backend, $this->getSentRequest() );


        // Logged-in user, no remember

        $mock = $this->getMockBuilder( __CLASS__ )

            ->setMethods( [ 'onUserSetCookies' ] )->getMock();

        $mock->expects( $this->once() )->method( 'onUserSetCookies' )

            ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {

                $this->assertSame( $user, $u );

                $this->assertEquals( [

                    'wsUserID' => $user->getId(),

                    'wsUserName' => $user->getName(),

                    'wsToken' => $user->getToken(),

                ], $sessionData );

                $this->assertEquals( [

                    'UserID' => $user->getId(),

                    'UserName' => $user->getName(),

                    'Token' => false,

                ], $cookies );


                $sessionData['foo'] = 'foo!';

                $cookies['bar'] = 'bar!';

                return true;

            } ) );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        $backend->setUser( $user );

        $backend->setRememberUser( false );

        $backend->setForceHTTPS( false );

        $backend->setLoggedOutTimestamp( $loggedOut = time() );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( 'bar!', $request->response()->getCookie( 'xbar' ) );

        $this->assertSame( (string)$loggedOut, $request->response()->getCookie( 'xLoggedOut' ) );

        $this->assertEquals( [

            'wsUserID' => $user->getId(),

            'wsUserName' => $user->getName(),

            'wsToken' => $user->getToken(),

            'foo' => 'foo!',

        ], $backend->getData() );


        $provider->persistSession( $backend, $this->getSentRequest() );


        // Logged-in user, remember

        $mock = $this->getMockBuilder( __CLASS__ )

            ->setMethods( [ 'onUserSetCookies' ] )->getMock();

        $mock->expects( $this->once() )->method( 'onUserSetCookies' )

            ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {

                $this->assertSame( $user, $u );

                $this->assertEquals( [

                    'wsUserID' => $user->getId(),

                    'wsUserName' => $user->getName(),

                    'wsToken' => $user->getToken(),

                ], $sessionData );

                $this->assertEquals( [

                    'UserID' => $user->getId(),

                    'UserName' => $user->getName(),

                    'Token' => $user->getToken(),

                ], $cookies );


                $sessionData['foo'] = 'foo 2!';

                $cookies['bar'] = 'bar 2!';

                return true;

            } ) );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        $backend->setUser( $user );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( true );

        $backend->setLoggedOutTimestamp( 0 );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( 'bar 2!', $request->response()->getCookie( 'xbar' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );

        $this->assertEquals( [

            'wsUserID' => $user->getId(),

            'wsUserName' => $user->getName(),

            'wsToken' => $user->getToken(),

            'foo' => 'foo 2!',

        ], $backend->getData() );


        $provider->persistSession( $backend, $this->getSentRequest() );

    }


    public function testUnpersistSession() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );


        $request = new \FauxRequest();

        $provider->unpersistSession( $request );

        $this->assertSame( '', $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );


        $provider->unpersistSession( $this->getSentRequest() );

    }


    public function testSetLoggedOutCookie() {

        $provider = TestingAccessWrapper::newFromObject( new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] ) );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );


        $t1 = time();

        $t2 = time() - 86400 * 2;


        // Set it

        $request = new \FauxRequest();

        $provider->setLoggedOutCookie( $t1, $request );

        $this->assertSame( (string)$t1, $request->response()->getCookie( 'xLoggedOut' ) );


        // Too old

        $request = new \FauxRequest();

        $provider->setLoggedOutCookie( $t2, $request );

        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );


        // Don't reset if it's already set

        $request = new \FauxRequest();

        $request->setCookies( [

            'xLoggedOut' => $t1,

        ], '' );

        $provider->setLoggedOutCookie( $t1, $request );

        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );

    }


    public function onUserSetCookies( $user, &$sessionData, &$cookies ) {

    }


    public function testGetCookie() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );

        $provider = TestingAccessWrapper::newFromObject( $provider );


        $request = new \FauxRequest();

        $request->setCookies( [

            'xFoo' => 'foo!',

            'xBar' => 'deleted',

        ], '' );

        $this->assertSame( 'foo!', $provider->getCookie( $request, 'Foo', 'x' ) );

        $this->assertNull( $provider->getCookie( $request, 'Bar', 'x' ) );

        $this->assertNull( $provider->getCookie( $request, 'Baz', 'x' ) );

    }


    public function testGetRememberUserDuration() {

        $config = $this->getConfig();

        $provider = new CookieSessionProvider( [ 'priority' => 10 ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        $this->assertSame( 200, $provider->getRememberUserDuration() );


        $config->set( 'ExtendedLoginCookieExpiration', null );


        $this->assertSame( 100, $provider->getRememberUserDuration() );


        $config->set( 'ExtendedLoginCookieExpiration', 0 );


        $this->assertSame( null, $provider->getRememberUserDuration() );

    }


    public function testGetLoginCookieExpiration() {

        $config = $this->getConfig();

        $provider = TestingAccessWrapper::newFromObject( new CookieSessionProvider( [

            'priority' => 10

        ] ) );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        // First cookie is an extended cookie, remember me true

        $this->assertSame( 200, $provider->getLoginCookieExpiration( 'Token', true ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );


        // First cookie is an extended cookie, remember me false

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'UserID', false ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );


        $config->set( 'ExtendedLoginCookieExpiration', null );


        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', true ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );


        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', false ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );

    }

}