MediaWiki
1.30.0
|
Dummy session provider. More...
Public Member Functions | |
canChangeUser () | |
Indicate whether the user associated with the request can be changed. More... | |
immutableSessionCouldExistForUser ( $user) | |
newSessionInfo ( $id=null) | |
Provide session info for a new, empty session. More... | |
persistSession (SessionBackend $session, WebRequest $request) | |
Persist a session into a request/response. More... | |
persistsSessionId () | |
Indicate whether self::persistSession() can save arbitrary session IDs. More... | |
preventImmutableSessionsForUser ( $user) | |
provideSessionInfo (WebRequest $request) | |
Provide session info for a request. More... | |
suggestLoginUsername (WebRequest $request) | |
Get a suggested username for the login form. More... | |
unpersistSession (WebRequest $request) | |
Remove any persisted session from a request/response. More... | |
Public Member Functions inherited from MediaWiki\Session\SessionProvider | |
__construct () | |
__toString () | |
describe (Language $lang) | |
Return an identifier for this session type. More... | |
getAllowedUserRights (SessionBackend $backend) | |
Fetch the rights allowed the user when the specified session is active. More... | |
getManager () | |
Get the session manager. More... | |
getRememberUserDuration () | |
Returns the duration (in seconds) for which users will be remembered when Session::setRememberUser() is set. More... | |
getVaryCookies () | |
Return the list of cookies that need varying on. More... | |
getVaryHeaders () | |
Return the HTTP headers that need varying on. More... | |
invalidateSessionsForUser (User $user) | |
Invalidate existing sessions for a user. More... | |
mergeMetadata (array $savedMetadata, array $providedMetadata) | |
Merge saved session provider metadata. More... | |
preventSessionsForUser ( $username) | |
Prevent future sessions for the user. More... | |
refreshSessionInfo (SessionInfo $info, WebRequest $request, &$metadata) | |
Validate a loaded SessionInfo and refresh provider metadata. More... | |
sessionIdWasReset (SessionBackend $session, $oldId) | |
Notification that the session ID was reset. More... | |
setConfig (Config $config) | |
Set configuration. More... | |
setLogger (LoggerInterface $logger) | |
setManager (SessionManager $manager) | |
Set the session manager. More... | |
whyNoSession () | |
Return a Message for why sessions might not be being persisted. More... | |
Public Attributes | |
const | ID = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' |
Additional Inherited Members | |
Protected Member Functions inherited from MediaWiki\Session\SessionProvider | |
describeMessage () | |
Return a Message identifying this session type. More... | |
hashToSessionId ( $data, $key=null) | |
Hash data as a session ID. More... | |
Protected Attributes inherited from MediaWiki\Session\SessionProvider | |
Config | $config |
LoggerInterface | $logger |
SessionManager | $manager |
int | $priority |
Session priority. More... | |
Dummy session provider.
An implementation of a session provider that doesn't actually do anything.
Definition at line 12 of file DummySessionProvider.php.
DummySessionProvider::canChangeUser | ( | ) |
Indicate whether the user associated with the request can be changed.
If false, any session passed to self::persistSession() will have a user that was originally provided by self::provideSessionInfo(). Further, self::provideSessionInfo() may only provide sessions that have a user already set.
If true, the provider may be passed sessions with arbitrary users, and will be expected to manipulate the request in such a way that future requests will cause self::provideSessionInfo() to provide a SessionInfo with that ID. This can be as simple as not passing any 'userInfo' into SessionInfo's constructor, in which case SessionInfo will load the user from the saved session's metadata.
For example, a session provider for OAuth or SSL client certificates would function by matching the OAuth headers or certificate to a particular user, and thus would return false here since it can't arbitrarily assign those OAuth credentials or that certificate to a different user. A session provider that shoves information into cookies, on the other hand, could easily do so.
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 39 of file DummySessionProvider.php.
References persistsSessionId().
DummySessionProvider::immutableSessionCouldExistForUser | ( | $user | ) |
Definition at line 49 of file DummySessionProvider.php.
DummySessionProvider::newSessionInfo | ( | $id = null | ) |
Provide session info for a new, empty session.
Return null if such a session cannot be created. This base implementation assumes that it only makes sense if a session ID can be persisted and changing users is allowed.
string | null | $id | ID to force for the new session |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 25 of file DummySessionProvider.php.
DummySessionProvider::persistSession | ( | SessionBackend | $session, |
WebRequest | $request | ||
) |
Persist a session into a request/response.
For example, you might set cookies for the session's ID, user ID, user name, and user token on the passed request.
To correctly persist a user independently of the session ID, the provider should persist both the user ID (or name, but preferably the ID) and the user token. When reading the data from the request, it should construct a User object from the ID/name and then verify that the User object's token matches the token included in the request. Should the tokens not match, an anonymous user must be passed to SessionInfo::__construct().
When persisting a user independently of the session ID, $session->shouldRememberUser() should be checked first. If this returns false, the user token must not be saved to cookies. The user name and/or ID may be persisted, and should be used to construct an unverified UserInfo to pass to SessionInfo::__construct().
A backend that cannot persist sesison ID or user info should implement this as a no-op.
SessionBackend | $session | Session to persist |
WebRequest | $request | Request into which to persist the session |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 43 of file DummySessionProvider.php.
DummySessionProvider::persistsSessionId | ( | ) |
Indicate whether self::persistSession() can save arbitrary session IDs.
If false, any session passed to self::persistSession() will have an ID that was originally provided by self::provideSessionInfo().
If true, the provider may be passed sessions with arbitrary session IDs, and will be expected to manipulate the request in such a way that future requests will cause self::provideSessionInfo() to provide a SessionInfo with that ID.
For example, a session provider for OAuth would function by matching the OAuth headers to a particular user, and then would use self::hashToSessionId() to turn the user and OAuth client ID (and maybe also the user token and client secret) into a session ID, and therefore can't easily assign that user+client a different ID. Similarly, a session provider for SSL client certificates would function by matching the certificate to a particular user, and then would use self::hashToSessionId() to turn the user and certificate fingerprint into a session ID, and therefore can't easily assign a different ID either. On the other hand, a provider that saves the session ID into a cookie can easily just set the cookie to a different value.
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 35 of file DummySessionProvider.php.
Referenced by canChangeUser().
DummySessionProvider::preventImmutableSessionsForUser | ( | $user | ) |
Definition at line 53 of file DummySessionProvider.php.
DummySessionProvider::provideSessionInfo | ( | WebRequest | $request | ) |
Provide session info for a request.
If no session exists for the request, return null. Otherwise return an SessionInfo object identifying the session.
If multiple SessionProviders provide sessions, the one with highest priority wins. In case of a tie, an exception is thrown. SessionProviders are encouraged to make priorities user-configurable unless only max-priority makes sense.
WebRequest | $request |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 16 of file DummySessionProvider.php.
DummySessionProvider::suggestLoginUsername | ( | WebRequest | $request | ) |
Get a suggested username for the login form.
WebRequest | $request |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 56 of file DummySessionProvider.php.
References $request.
DummySessionProvider::unpersistSession | ( | WebRequest | $request | ) |
Remove any persisted session from a request/response.
For example, blank and expire any cookies set by self::persistSession().
A backend that cannot persist sesison ID or user info should implement this as a no-op.
WebRequest | $request | Request from which to remove any session data |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 46 of file DummySessionProvider.php.
const DummySessionProvider::ID = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' |
Definition at line 14 of file DummySessionProvider.php.
Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().