MediaWiki  1.32.0
SessionManagerTest.php
Go to the documentation of this file.
1 <?php
2 
3 namespace MediaWiki\Session;
4 
6 use Psr\Log\LogLevel;
7 use User;
8 use Wikimedia\TestingAccessWrapper;
9 
16 
18  private $config;
19 
21  private $logger;
22 
24  private $store;
25 
26  protected function getManager() {
27  \ObjectCache::$instances['testSessionStore'] = new TestBagOStuff();
28  $this->config = new \HashConfig( [
29  'LanguageCode' => 'en',
30  'SessionCacheType' => 'testSessionStore',
31  'ObjectCacheSessionExpiry' => 100,
32  'SessionProviders' => [
33  [ 'class' => \DummySessionProvider::class ],
34  ]
35  ] );
36  $this->logger = new \TestLogger( false, function ( $m ) {
37  return substr( $m, 0, 15 ) === 'SessionBackend ' ? null : $m;
38  } );
39  $this->store = new TestBagOStuff();
40 
41  return new SessionManager( [
42  'config' => $this->config,
43  'logger' => $this->logger,
44  'store' => $this->store,
45  ] );
46  }
47 
48  protected function objectCacheDef( $object ) {
49  return [ 'factory' => function () use ( $object ) {
50  return $object;
51  } ];
52  }
53 
54  public function testSingleton() {
56 
57  $singleton = SessionManager::singleton();
58  $this->assertInstanceOf( SessionManager::class, $singleton );
59  $this->assertSame( $singleton, SessionManager::singleton() );
60  }
61 
62  public function testGetGlobalSession() {
64 
67  }
68  $rProp = new \ReflectionProperty( PHPSessionHandler::class, 'instance' );
69  $rProp->setAccessible( true );
70  $handler = TestingAccessWrapper::newFromObject( $rProp->getValue() );
71  $oldEnable = $handler->enable;
72  $reset[] = new \Wikimedia\ScopedCallback( function () use ( $handler, $oldEnable ) {
73  if ( $handler->enable ) {
74  session_write_close();
75  }
76  $handler->enable = $oldEnable;
77  } );
79 
80  $handler->enable = true;
81  $request = new \FauxRequest();
82  $context->setRequest( $request );
83  $id = $request->getSession()->getId();
84 
85  session_write_close();
86  session_id( '' );
88  $this->assertSame( $id, $session->getId() );
89 
90  session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
92  $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $session->getId() );
93  $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $request->getSession()->getId() );
94 
95  session_write_close();
96  $handler->enable = false;
97  $request = new \FauxRequest();
98  $context->setRequest( $request );
99  $id = $request->getSession()->getId();
100 
101  session_id( '' );
103  $this->assertSame( $id, $session->getId() );
104 
105  session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
107  $this->assertSame( $id, $session->getId() );
108  $this->assertSame( $id, $request->getSession()->getId() );
109  }
110 
111  public function testConstructor() {
112  $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
113  $this->assertSame( $this->config, $manager->config );
114  $this->assertSame( $this->logger, $manager->logger );
115  $this->assertSame( $this->store, $manager->store );
116 
117  $manager = TestingAccessWrapper::newFromObject( new SessionManager() );
118  $this->assertSame( \RequestContext::getMain()->getConfig(), $manager->config );
119 
120  $manager = TestingAccessWrapper::newFromObject( new SessionManager( [
121  'config' => $this->config,
122  ] ) );
123  $this->assertSame( \ObjectCache::$instances['testSessionStore'], $manager->store );
124 
125  foreach ( [
126  'config' => '$options[\'config\'] must be an instance of Config',
127  'logger' => '$options[\'logger\'] must be an instance of LoggerInterface',
128  'store' => '$options[\'store\'] must be an instance of BagOStuff',
129  ] as $key => $error ) {
130  try {
131  new SessionManager( [ $key => new \stdClass ] );
132  $this->fail( 'Expected exception not thrown' );
133  } catch ( \InvalidArgumentException $ex ) {
134  $this->assertSame( $error, $ex->getMessage() );
135  }
136  }
137  }
138 
139  public function testGetSessionForRequest() {
140  $manager = $this->getManager();
141  $request = new \FauxRequest();
142  $request->unpersist1 = false;
143  $request->unpersist2 = false;
144 
145  $id1 = '';
146  $id2 = '';
147  $idEmpty = 'empty-session-------------------';
148 
149  $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
150  ->setMethods(
151  [ 'provideSessionInfo', 'newSessionInfo', '__toString', 'describe', 'unpersistSession' ]
152  );
153 
154  $provider1 = $providerBuilder->getMock();
155  $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
156  ->with( $this->identicalTo( $request ) )
157  ->will( $this->returnCallback( function ( $request ) {
158  return $request->info1;
159  } ) );
160  $provider1->expects( $this->any() )->method( 'newSessionInfo' )
161  ->will( $this->returnCallback( function () use ( $idEmpty, $provider1 ) {
163  'provider' => $provider1,
164  'id' => $idEmpty,
165  'persisted' => true,
166  'idIsSafe' => true,
167  ] );
168  } ) );
169  $provider1->expects( $this->any() )->method( '__toString' )
170  ->will( $this->returnValue( 'Provider1' ) );
171  $provider1->expects( $this->any() )->method( 'describe' )
172  ->will( $this->returnValue( '#1 sessions' ) );
173  $provider1->expects( $this->any() )->method( 'unpersistSession' )
174  ->will( $this->returnCallback( function ( $request ) {
175  $request->unpersist1 = true;
176  } ) );
177 
178  $provider2 = $providerBuilder->getMock();
179  $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
180  ->with( $this->identicalTo( $request ) )
181  ->will( $this->returnCallback( function ( $request ) {
182  return $request->info2;
183  } ) );
184  $provider2->expects( $this->any() )->method( '__toString' )
185  ->will( $this->returnValue( 'Provider2' ) );
186  $provider2->expects( $this->any() )->method( 'describe' )
187  ->will( $this->returnValue( '#2 sessions' ) );
188  $provider2->expects( $this->any() )->method( 'unpersistSession' )
189  ->will( $this->returnCallback( function ( $request ) {
190  $request->unpersist2 = true;
191  } ) );
192 
193  $this->config->set( 'SessionProviders', [
194  $this->objectCacheDef( $provider1 ),
195  $this->objectCacheDef( $provider2 ),
196  ] );
197 
198  // No provider returns info
199  $request->info1 = null;
200  $request->info2 = null;
201  $session = $manager->getSessionForRequest( $request );
202  $this->assertInstanceOf( Session::class, $session );
203  $this->assertSame( $idEmpty, $session->getId() );
204  $this->assertFalse( $request->unpersist1 );
205  $this->assertFalse( $request->unpersist2 );
206 
207  // Both providers return info, picks best one
208  $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
209  'provider' => $provider1,
210  'id' => ( $id1 = $manager->generateSessionId() ),
211  'persisted' => true,
212  'idIsSafe' => true,
213  ] );
214  $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
215  'provider' => $provider2,
216  'id' => ( $id2 = $manager->generateSessionId() ),
217  'persisted' => true,
218  'idIsSafe' => true,
219  ] );
220  $session = $manager->getSessionForRequest( $request );
221  $this->assertInstanceOf( Session::class, $session );
222  $this->assertSame( $id2, $session->getId() );
223  $this->assertFalse( $request->unpersist1 );
224  $this->assertFalse( $request->unpersist2 );
225 
226  $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
227  'provider' => $provider1,
228  'id' => ( $id1 = $manager->generateSessionId() ),
229  'persisted' => true,
230  'idIsSafe' => true,
231  ] );
232  $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
233  'provider' => $provider2,
234  'id' => ( $id2 = $manager->generateSessionId() ),
235  'persisted' => true,
236  'idIsSafe' => true,
237  ] );
238  $session = $manager->getSessionForRequest( $request );
239  $this->assertInstanceOf( Session::class, $session );
240  $this->assertSame( $id1, $session->getId() );
241  $this->assertFalse( $request->unpersist1 );
242  $this->assertFalse( $request->unpersist2 );
243 
244  // Tied priorities
246  'provider' => $provider1,
247  'id' => ( $id1 = $manager->generateSessionId() ),
248  'persisted' => true,
249  'userInfo' => UserInfo::newAnonymous(),
250  'idIsSafe' => true,
251  ] );
253  'provider' => $provider2,
254  'id' => ( $id2 = $manager->generateSessionId() ),
255  'persisted' => true,
256  'userInfo' => UserInfo::newAnonymous(),
257  'idIsSafe' => true,
258  ] );
259  try {
260  $manager->getSessionForRequest( $request );
261  $this->fail( 'Expcected exception not thrown' );
262  } catch ( \OverflowException $ex ) {
263  $this->assertStringStartsWith(
264  'Multiple sessions for this request tied for top priority: ',
265  $ex->getMessage()
266  );
267  $this->assertCount( 2, $ex->sessionInfos );
268  $this->assertContains( $request->info1, $ex->sessionInfos );
269  $this->assertContains( $request->info2, $ex->sessionInfos );
270  }
271  $this->assertFalse( $request->unpersist1 );
272  $this->assertFalse( $request->unpersist2 );
273 
274  // Bad provider
276  'provider' => $provider2,
277  'id' => ( $id1 = $manager->generateSessionId() ),
278  'persisted' => true,
279  'idIsSafe' => true,
280  ] );
281  $request->info2 = null;
282  try {
283  $manager->getSessionForRequest( $request );
284  $this->fail( 'Expcected exception not thrown' );
285  } catch ( \UnexpectedValueException $ex ) {
286  $this->assertSame(
287  'Provider1 returned session info for a different provider: ' . $request->info1,
288  $ex->getMessage()
289  );
290  }
291  $this->assertFalse( $request->unpersist1 );
292  $this->assertFalse( $request->unpersist2 );
293 
294  // Unusable session info
295  $this->logger->setCollect( true );
297  'provider' => $provider1,
298  'id' => ( $id1 = $manager->generateSessionId() ),
299  'persisted' => true,
300  'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
301  'idIsSafe' => true,
302  ] );
304  'provider' => $provider2,
305  'id' => ( $id2 = $manager->generateSessionId() ),
306  'persisted' => true,
307  'idIsSafe' => true,
308  ] );
309  $session = $manager->getSessionForRequest( $request );
310  $this->assertInstanceOf( Session::class, $session );
311  $this->assertSame( $id2, $session->getId() );
312  $this->logger->setCollect( false );
313  $this->assertTrue( $request->unpersist1 );
314  $this->assertFalse( $request->unpersist2 );
315  $request->unpersist1 = false;
316 
317  $this->logger->setCollect( true );
319  'provider' => $provider1,
320  'id' => ( $id1 = $manager->generateSessionId() ),
321  'persisted' => true,
322  'idIsSafe' => true,
323  ] );
325  'provider' => $provider2,
326  'id' => ( $id2 = $manager->generateSessionId() ),
327  'persisted' => true,
328  'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
329  'idIsSafe' => true,
330  ] );
331  $session = $manager->getSessionForRequest( $request );
332  $this->assertInstanceOf( Session::class, $session );
333  $this->assertSame( $id1, $session->getId() );
334  $this->logger->setCollect( false );
335  $this->assertFalse( $request->unpersist1 );
336  $this->assertTrue( $request->unpersist2 );
337  $request->unpersist2 = false;
338 
339  // Unpersisted session ID
341  'provider' => $provider1,
342  'id' => ( $id1 = $manager->generateSessionId() ),
343  'persisted' => false,
344  'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
345  'idIsSafe' => true,
346  ] );
347  $request->info2 = null;
348  $session = $manager->getSessionForRequest( $request );
349  $this->assertInstanceOf( Session::class, $session );
350  $this->assertSame( $id1, $session->getId() );
351  $this->assertTrue( $request->unpersist1 ); // The saving of the session does it
352  $this->assertFalse( $request->unpersist2 );
353  $session->persist();
354  $this->assertTrue( $session->isPersistent(), 'sanity check' );
355  }
356 
357  public function testGetSessionById() {
358  $manager = $this->getManager();
359  try {
360  $manager->getSessionById( 'bad' );
361  $this->fail( 'Expected exception not thrown' );
362  } catch ( \InvalidArgumentException $ex ) {
363  $this->assertSame( 'Invalid session ID', $ex->getMessage() );
364  }
365 
366  // Unknown session ID
367  $id = $manager->generateSessionId();
368  $session = $manager->getSessionById( $id, true );
369  $this->assertInstanceOf( Session::class, $session );
370  $this->assertSame( $id, $session->getId() );
371 
372  $id = $manager->generateSessionId();
373  $this->assertNull( $manager->getSessionById( $id, false ) );
374 
375  // Known but unloadable session ID
376  $this->logger->setCollect( true );
377  $id = $manager->generateSessionId();
378  $this->store->setSession( $id, [ 'metadata' => [
379  'userId' => User::idFromName( 'UTSysop' ),
380  'userToken' => 'bad',
381  ] ] );
382 
383  $this->assertNull( $manager->getSessionById( $id, true ) );
384  $this->assertNull( $manager->getSessionById( $id, false ) );
385  $this->logger->setCollect( false );
386 
387  // Known session ID
388  $this->store->setSession( $id, [] );
389  $session = $manager->getSessionById( $id, false );
390  $this->assertInstanceOf( Session::class, $session );
391  $this->assertSame( $id, $session->getId() );
392 
393  // Store isn't checked if the session is already loaded
394  $this->store->setSession( $id, [ 'metadata' => [
395  'userId' => User::idFromName( 'UTSysop' ),
396  'userToken' => 'bad',
397  ] ] );
398  $session2 = $manager->getSessionById( $id, false );
399  $this->assertInstanceOf( Session::class, $session2 );
400  $this->assertSame( $id, $session2->getId() );
401  unset( $session, $session2 );
402  $this->logger->setCollect( true );
403  $this->assertNull( $manager->getSessionById( $id, true ) );
404  $this->logger->setCollect( false );
405 
406  // Failure to create an empty session
407  $manager = $this->getManager();
408  $provider = $this->getMockBuilder( \DummySessionProvider::class )
409  ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] )
410  ->getMock();
411  $provider->expects( $this->any() )->method( 'provideSessionInfo' )
412  ->will( $this->returnValue( null ) );
413  $provider->expects( $this->any() )->method( 'newSessionInfo' )
414  ->will( $this->returnValue( null ) );
415  $provider->expects( $this->any() )->method( '__toString' )
416  ->will( $this->returnValue( 'MockProvider' ) );
417  $this->config->set( 'SessionProviders', [
418  $this->objectCacheDef( $provider ),
419  ] );
420  $this->logger->setCollect( true );
421  $this->assertNull( $manager->getSessionById( $id, true ) );
422  $this->logger->setCollect( false );
423  $this->assertSame( [
424  [ LogLevel::ERROR, 'Failed to create empty session: {exception}' ]
425  ], $this->logger->getBuffer() );
426  }
427 
428  public function testGetEmptySession() {
429  $manager = $this->getManager();
430  $pmanager = TestingAccessWrapper::newFromObject( $manager );
431  $request = new \FauxRequest();
432 
433  $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
434  ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] );
435 
436  $expectId = null;
437  $info1 = null;
438  $info2 = null;
439 
440  $provider1 = $providerBuilder->getMock();
441  $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
442  ->will( $this->returnValue( null ) );
443  $provider1->expects( $this->any() )->method( 'newSessionInfo' )
444  ->with( $this->callback( function ( $id ) use ( &$expectId ) {
445  return $id === $expectId;
446  } ) )
447  ->will( $this->returnCallback( function () use ( &$info1 ) {
448  return $info1;
449  } ) );
450  $provider1->expects( $this->any() )->method( '__toString' )
451  ->will( $this->returnValue( 'MockProvider1' ) );
452 
453  $provider2 = $providerBuilder->getMock();
454  $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
455  ->will( $this->returnValue( null ) );
456  $provider2->expects( $this->any() )->method( 'newSessionInfo' )
457  ->with( $this->callback( function ( $id ) use ( &$expectId ) {
458  return $id === $expectId;
459  } ) )
460  ->will( $this->returnCallback( function () use ( &$info2 ) {
461  return $info2;
462  } ) );
463  $provider1->expects( $this->any() )->method( '__toString' )
464  ->will( $this->returnValue( 'MockProvider2' ) );
465 
466  $this->config->set( 'SessionProviders', [
467  $this->objectCacheDef( $provider1 ),
468  $this->objectCacheDef( $provider2 ),
469  ] );
470 
471  // No info
472  $expectId = null;
473  $info1 = null;
474  $info2 = null;
475  try {
476  $manager->getEmptySession();
477  $this->fail( 'Expected exception not thrown' );
478  } catch ( \UnexpectedValueException $ex ) {
479  $this->assertSame(
480  'No provider could provide an empty session!',
481  $ex->getMessage()
482  );
483  }
484 
485  // Info
486  $expectId = null;
487  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
488  'provider' => $provider1,
489  'id' => 'empty---------------------------',
490  'persisted' => true,
491  'idIsSafe' => true,
492  ] );
493  $info2 = null;
494  $session = $manager->getEmptySession();
495  $this->assertInstanceOf( Session::class, $session );
496  $this->assertSame( 'empty---------------------------', $session->getId() );
497 
498  // Info, explicitly
499  $expectId = 'expected------------------------';
500  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
501  'provider' => $provider1,
502  'id' => $expectId,
503  'persisted' => true,
504  'idIsSafe' => true,
505  ] );
506  $info2 = null;
507  $session = $pmanager->getEmptySessionInternal( null, $expectId );
508  $this->assertInstanceOf( Session::class, $session );
509  $this->assertSame( $expectId, $session->getId() );
510 
511  // Wrong ID
512  $expectId = 'expected-----------------------2';
513  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
514  'provider' => $provider1,
515  'id' => "un$expectId",
516  'persisted' => true,
517  'idIsSafe' => true,
518  ] );
519  $info2 = null;
520  try {
521  $pmanager->getEmptySessionInternal( null, $expectId );
522  $this->fail( 'Expected exception not thrown' );
523  } catch ( \UnexpectedValueException $ex ) {
524  $this->assertSame(
525  'MockProvider1 returned empty session info with a wrong id: ' .
526  "un$expectId != $expectId",
527  $ex->getMessage()
528  );
529  }
530 
531  // Unsafe ID
532  $expectId = 'expected-----------------------2';
533  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
534  'provider' => $provider1,
535  'id' => $expectId,
536  'persisted' => true,
537  ] );
538  $info2 = null;
539  try {
540  $pmanager->getEmptySessionInternal( null, $expectId );
541  $this->fail( 'Expected exception not thrown' );
542  } catch ( \UnexpectedValueException $ex ) {
543  $this->assertSame(
544  'MockProvider1 returned empty session info with id flagged unsafe',
545  $ex->getMessage()
546  );
547  }
548 
549  // Wrong provider
550  $expectId = null;
551  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
552  'provider' => $provider2,
553  'id' => 'empty---------------------------',
554  'persisted' => true,
555  'idIsSafe' => true,
556  ] );
557  $info2 = null;
558  try {
559  $manager->getEmptySession();
560  $this->fail( 'Expected exception not thrown' );
561  } catch ( \UnexpectedValueException $ex ) {
562  $this->assertSame(
563  'MockProvider1 returned an empty session info for a different provider: ' . $info1,
564  $ex->getMessage()
565  );
566  }
567 
568  // Highest priority wins
569  $expectId = null;
570  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
571  'provider' => $provider1,
572  'id' => 'empty1--------------------------',
573  'persisted' => true,
574  'idIsSafe' => true,
575  ] );
576  $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
577  'provider' => $provider2,
578  'id' => 'empty2--------------------------',
579  'persisted' => true,
580  'idIsSafe' => true,
581  ] );
582  $session = $manager->getEmptySession();
583  $this->assertInstanceOf( Session::class, $session );
584  $this->assertSame( 'empty1--------------------------', $session->getId() );
585 
586  $expectId = null;
587  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
588  'provider' => $provider1,
589  'id' => 'empty1--------------------------',
590  'persisted' => true,
591  'idIsSafe' => true,
592  ] );
593  $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
594  'provider' => $provider2,
595  'id' => 'empty2--------------------------',
596  'persisted' => true,
597  'idIsSafe' => true,
598  ] );
599  $session = $manager->getEmptySession();
600  $this->assertInstanceOf( Session::class, $session );
601  $this->assertSame( 'empty2--------------------------', $session->getId() );
602 
603  // Tied priorities throw an exception
604  $expectId = null;
605  $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
606  'provider' => $provider1,
607  'id' => 'empty1--------------------------',
608  'persisted' => true,
609  'userInfo' => UserInfo::newAnonymous(),
610  'idIsSafe' => true,
611  ] );
612  $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
613  'provider' => $provider2,
614  'id' => 'empty2--------------------------',
615  'persisted' => true,
616  'userInfo' => UserInfo::newAnonymous(),
617  'idIsSafe' => true,
618  ] );
619  try {
620  $manager->getEmptySession();
621  $this->fail( 'Expected exception not thrown' );
622  } catch ( \UnexpectedValueException $ex ) {
623  $this->assertStringStartsWith(
624  'Multiple empty sessions tied for top priority: ',
625  $ex->getMessage()
626  );
627  }
628 
629  // Bad id
630  try {
631  $pmanager->getEmptySessionInternal( null, 'bad' );
632  $this->fail( 'Expected exception not thrown' );
633  } catch ( \InvalidArgumentException $ex ) {
634  $this->assertSame( 'Invalid session ID', $ex->getMessage() );
635  }
636 
637  // Session already exists
638  $expectId = 'expected-----------------------3';
639  $this->store->setSessionMeta( $expectId, [
640  'provider' => 'MockProvider2',
641  'userId' => 0,
642  'userName' => null,
643  'userToken' => null,
644  ] );
645  try {
646  $pmanager->getEmptySessionInternal( null, $expectId );
647  $this->fail( 'Expected exception not thrown' );
648  } catch ( \InvalidArgumentException $ex ) {
649  $this->assertSame( 'Session ID already exists', $ex->getMessage() );
650  }
651  }
652 
653  public function testInvalidateSessionsForUser() {
654  $user = User::newFromName( 'UTSysop' );
655  $manager = $this->getManager();
656 
657  $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
658  ->setMethods( [ 'invalidateSessionsForUser', '__toString' ] );
659 
660  $provider1 = $providerBuilder->getMock();
661  $provider1->expects( $this->once() )->method( 'invalidateSessionsForUser' )
662  ->with( $this->identicalTo( $user ) );
663  $provider1->expects( $this->any() )->method( '__toString' )
664  ->will( $this->returnValue( 'MockProvider1' ) );
665 
666  $provider2 = $providerBuilder->getMock();
667  $provider2->expects( $this->once() )->method( 'invalidateSessionsForUser' )
668  ->with( $this->identicalTo( $user ) );
669  $provider2->expects( $this->any() )->method( '__toString' )
670  ->will( $this->returnValue( 'MockProvider2' ) );
671 
672  $this->config->set( 'SessionProviders', [
673  $this->objectCacheDef( $provider1 ),
674  $this->objectCacheDef( $provider2 ),
675  ] );
676 
677  $oldToken = $user->getToken( true );
678  $manager->invalidateSessionsForUser( $user );
679  $this->assertNotEquals( $oldToken, $user->getToken() );
680  }
681 
682  public function testGetVaryHeaders() {
683  $manager = $this->getManager();
684 
685  $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
686  ->setMethods( [ 'getVaryHeaders', '__toString' ] );
687 
688  $provider1 = $providerBuilder->getMock();
689  $provider1->expects( $this->once() )->method( 'getVaryHeaders' )
690  ->will( $this->returnValue( [
691  'Foo' => null,
692  'Bar' => [ 'X', 'Bar1' ],
693  'Quux' => null,
694  ] ) );
695  $provider1->expects( $this->any() )->method( '__toString' )
696  ->will( $this->returnValue( 'MockProvider1' ) );
697 
698  $provider2 = $providerBuilder->getMock();
699  $provider2->expects( $this->once() )->method( 'getVaryHeaders' )
700  ->will( $this->returnValue( [
701  'Baz' => null,
702  'Bar' => [ 'X', 'Bar2' ],
703  'Quux' => [ 'Quux' ],
704  ] ) );
705  $provider2->expects( $this->any() )->method( '__toString' )
706  ->will( $this->returnValue( 'MockProvider2' ) );
707 
708  $this->config->set( 'SessionProviders', [
709  $this->objectCacheDef( $provider1 ),
710  $this->objectCacheDef( $provider2 ),
711  ] );
712 
713  $expect = [
714  'Foo' => [],
715  'Bar' => [ 'X', 'Bar1', 3 => 'Bar2' ],
716  'Quux' => [ 'Quux' ],
717  'Baz' => [],
718  ];
719 
720  $this->assertEquals( $expect, $manager->getVaryHeaders() );
721 
722  // Again, to ensure it's cached
723  $this->assertEquals( $expect, $manager->getVaryHeaders() );
724  }
725 
726  public function testGetVaryCookies() {
727  $manager = $this->getManager();
728 
729  $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
730  ->setMethods( [ 'getVaryCookies', '__toString' ] );
731 
732  $provider1 = $providerBuilder->getMock();
733  $provider1->expects( $this->once() )->method( 'getVaryCookies' )
734  ->will( $this->returnValue( [ 'Foo', 'Bar' ] ) );
735  $provider1->expects( $this->any() )->method( '__toString' )
736  ->will( $this->returnValue( 'MockProvider1' ) );
737 
738  $provider2 = $providerBuilder->getMock();
739  $provider2->expects( $this->once() )->method( 'getVaryCookies' )
740  ->will( $this->returnValue( [ 'Foo', 'Baz' ] ) );
741  $provider2->expects( $this->any() )->method( '__toString' )
742  ->will( $this->returnValue( 'MockProvider2' ) );
743 
744  $this->config->set( 'SessionProviders', [
745  $this->objectCacheDef( $provider1 ),
746  $this->objectCacheDef( $provider2 ),
747  ] );
748 
749  $expect = [ 'Foo', 'Bar', 'Baz' ];
750 
751  $this->assertEquals( $expect, $manager->getVaryCookies() );
752 
753  // Again, to ensure it's cached
754  $this->assertEquals( $expect, $manager->getVaryCookies() );
755  }
756 
757  public function testGetProviders() {
758  $realManager = $this->getManager();
759  $manager = TestingAccessWrapper::newFromObject( $realManager );
760 
761  $this->config->set( 'SessionProviders', [
762  [ 'class' => \DummySessionProvider::class ],
763  ] );
764  $providers = $manager->getProviders();
765  $this->assertArrayHasKey( 'DummySessionProvider', $providers );
766  $provider = TestingAccessWrapper::newFromObject( $providers['DummySessionProvider'] );
767  $this->assertSame( $manager->logger, $provider->logger );
768  $this->assertSame( $manager->config, $provider->config );
769  $this->assertSame( $realManager, $provider->getManager() );
770 
771  $this->config->set( 'SessionProviders', [
772  [ 'class' => \DummySessionProvider::class ],
773  [ 'class' => \DummySessionProvider::class ],
774  ] );
775  $manager->sessionProviders = null;
776  try {
777  $manager->getProviders();
778  $this->fail( 'Expected exception not thrown' );
779  } catch ( \UnexpectedValueException $ex ) {
780  $this->assertSame(
781  'Duplicate provider name "DummySessionProvider"',
782  $ex->getMessage()
783  );
784  }
785  }
786 
787  public function testShutdown() {
788  $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
789  $manager->setLogger( new \Psr\Log\NullLogger() );
790 
791  $mock = $this->getMockBuilder( stdClass::class )
792  ->setMethods( [ 'shutdown' ] )->getMock();
793  $mock->expects( $this->once() )->method( 'shutdown' );
794 
795  $manager->allSessionBackends = [ $mock ];
796  $manager->shutdown();
797  }
798 
799  public function testGetSessionFromInfo() {
800  $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
801  $request = new \FauxRequest();
802 
803  $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
804 
805  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
806  'provider' => $manager->getProvider( 'DummySessionProvider' ),
807  'id' => $id,
808  'persisted' => true,
809  'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
810  'idIsSafe' => true,
811  ] );
812  TestingAccessWrapper::newFromObject( $info )->idIsSafe = true;
813  $session1 = TestingAccessWrapper::newFromObject(
814  $manager->getSessionFromInfo( $info, $request )
815  );
816  $session2 = TestingAccessWrapper::newFromObject(
817  $manager->getSessionFromInfo( $info, $request )
818  );
819 
820  $this->assertSame( $session1->backend, $session2->backend );
821  $this->assertNotEquals( $session1->index, $session2->index );
822  $this->assertSame( $session1->getSessionId(), $session2->getSessionId() );
823  $this->assertSame( $id, $session1->getId() );
824 
825  TestingAccessWrapper::newFromObject( $info )->idIsSafe = false;
826  $session3 = $manager->getSessionFromInfo( $info, $request );
827  $this->assertNotSame( $id, $session3->getId() );
828  }
829 
830  public function testBackendRegistration() {
831  $manager = $this->getManager();
832 
833  $session = $manager->getSessionForRequest( new \FauxRequest );
834  $backend = TestingAccessWrapper::newFromObject( $session )->backend;
835  $sessionId = $session->getSessionId();
836  $id = (string)$sessionId;
837 
838  $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
839 
840  $manager->changeBackendId( $backend );
841  $this->assertSame( $sessionId, $session->getSessionId() );
842  $this->assertNotEquals( $id, (string)$sessionId );
843  $id = (string)$sessionId;
844 
845  $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
846 
847  // Destruction of the session here causes the backend to be deregistered
848  $session = null;
849 
850  try {
851  $manager->changeBackendId( $backend );
852  $this->fail( 'Expected exception not thrown' );
853  } catch ( \InvalidArgumentException $ex ) {
854  $this->assertSame(
855  'Backend was not registered with this SessionManager', $ex->getMessage()
856  );
857  }
858 
859  try {
860  $manager->deregisterSessionBackend( $backend );
861  $this->fail( 'Expected exception not thrown' );
862  } catch ( \InvalidArgumentException $ex ) {
863  $this->assertSame(
864  'Backend was not registered with this SessionManager', $ex->getMessage()
865  );
866  }
867 
868  $session = $manager->getSessionById( $id, true );
869  $this->assertSame( $sessionId, $session->getSessionId() );
870  }
871 
872  public function testGenerateSessionId() {
873  $manager = $this->getManager();
874 
875  $id = $manager->generateSessionId();
876  $this->assertTrue( SessionManager::validateSessionId( $id ), "Generated ID: $id" );
877  }
878 
879  public function testPreventSessionsForUser() {
880  $manager = $this->getManager();
881 
882  $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
883  ->setMethods( [ 'preventSessionsForUser', '__toString' ] );
884 
885  $provider1 = $providerBuilder->getMock();
886  $provider1->expects( $this->once() )->method( 'preventSessionsForUser' )
887  ->with( $this->equalTo( 'UTSysop' ) );
888  $provider1->expects( $this->any() )->method( '__toString' )
889  ->will( $this->returnValue( 'MockProvider1' ) );
890 
891  $this->config->set( 'SessionProviders', [
892  $this->objectCacheDef( $provider1 ),
893  ] );
894 
895  $this->assertFalse( $manager->isUserSessionPrevented( 'UTSysop' ) );
896  $manager->preventSessionsForUser( 'UTSysop' );
897  $this->assertTrue( $manager->isUserSessionPrevented( 'UTSysop' ) );
898  }
899 
900  public function testLoadSessionInfoFromStore() {
901  $manager = $this->getManager();
902  $logger = new \TestLogger( true );
903  $manager->setLogger( $logger );
904  $request = new \FauxRequest();
905 
906  // TestingAccessWrapper can't handle methods with reference arguments, sigh.
907  $rClass = new \ReflectionClass( $manager );
908  $rMethod = $rClass->getMethod( 'loadSessionInfoFromStore' );
909  $rMethod->setAccessible( true );
910  $loadSessionInfoFromStore = function ( &$info ) use ( $rMethod, $manager, $request ) {
911  return $rMethod->invokeArgs( $manager, [ &$info, $request ] );
912  };
913 
914  $userInfo = UserInfo::newFromName( 'UTSysop', true );
915  $unverifiedUserInfo = UserInfo::newFromName( 'UTSysop', false );
916 
917  $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
918  $metadata = [
919  'userId' => $userInfo->getId(),
920  'userName' => $userInfo->getName(),
921  'userToken' => $userInfo->getToken( true ),
922  'provider' => 'Mock',
923  ];
924 
925  $builder = $this->getMockBuilder( SessionProvider::class )
926  ->setMethods( [ '__toString', 'mergeMetadata', 'refreshSessionInfo' ] );
927 
928  $provider = $builder->getMockForAbstractClass();
929  $provider->setManager( $manager );
930  $provider->expects( $this->any() )->method( 'persistsSessionId' )
931  ->will( $this->returnValue( true ) );
932  $provider->expects( $this->any() )->method( 'canChangeUser' )
933  ->will( $this->returnValue( true ) );
934  $provider->expects( $this->any() )->method( 'refreshSessionInfo' )
935  ->will( $this->returnValue( true ) );
936  $provider->expects( $this->any() )->method( '__toString' )
937  ->will( $this->returnValue( 'Mock' ) );
938  $provider->expects( $this->any() )->method( 'mergeMetadata' )
939  ->will( $this->returnCallback( function ( $a, $b ) {
940  if ( $b === [ 'Throw' ] ) {
941  throw new MetadataMergeException( 'no merge!' );
942  }
943  return [ 'Merged' ];
944  } ) );
945 
946  $provider2 = $builder->getMockForAbstractClass();
947  $provider2->setManager( $manager );
948  $provider2->expects( $this->any() )->method( 'persistsSessionId' )
949  ->will( $this->returnValue( false ) );
950  $provider2->expects( $this->any() )->method( 'canChangeUser' )
951  ->will( $this->returnValue( false ) );
952  $provider2->expects( $this->any() )->method( '__toString' )
953  ->will( $this->returnValue( 'Mock2' ) );
954  $provider2->expects( $this->any() )->method( 'refreshSessionInfo' )
955  ->will( $this->returnCallback( function ( $info, $request, &$metadata ) {
956  $metadata['changed'] = true;
957  return true;
958  } ) );
959 
960  $provider3 = $builder->getMockForAbstractClass();
961  $provider3->setManager( $manager );
962  $provider3->expects( $this->any() )->method( 'persistsSessionId' )
963  ->will( $this->returnValue( true ) );
964  $provider3->expects( $this->any() )->method( 'canChangeUser' )
965  ->will( $this->returnValue( true ) );
966  $provider3->expects( $this->once() )->method( 'refreshSessionInfo' )
967  ->will( $this->returnValue( false ) );
968  $provider3->expects( $this->any() )->method( '__toString' )
969  ->will( $this->returnValue( 'Mock3' ) );
970 
971  TestingAccessWrapper::newFromObject( $manager )->sessionProviders = [
972  (string)$provider => $provider,
973  (string)$provider2 => $provider2,
974  (string)$provider3 => $provider3,
975  ];
976 
977  // No metadata, basic usage
978  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
979  'provider' => $provider,
980  'id' => $id,
981  'userInfo' => $userInfo
982  ] );
983  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
984  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
985  $this->assertFalse( $info->isIdSafe() );
986  $this->assertSame( [], $logger->getBuffer() );
987 
988  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
989  'provider' => $provider,
990  'userInfo' => $userInfo
991  ] );
992  $this->assertTrue( $info->isIdSafe(), 'sanity check' );
993  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
994  $this->assertTrue( $info->isIdSafe() );
995  $this->assertSame( [], $logger->getBuffer() );
996 
997  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
998  'provider' => $provider2,
999  'id' => $id,
1000  'userInfo' => $userInfo
1001  ] );
1002  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1003  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1004  $this->assertTrue( $info->isIdSafe() );
1005  $this->assertSame( [], $logger->getBuffer() );
1006 
1007  // Unverified user, no metadata
1008  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1009  'provider' => $provider,
1010  'id' => $id,
1011  'userInfo' => $unverifiedUserInfo
1012  ] );
1013  $this->assertSame( $unverifiedUserInfo, $info->getUserInfo() );
1014  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1015  $this->assertSame( [
1016  [
1017  LogLevel::INFO,
1018  'Session "{session}": Unverified user provided and no metadata to auth it',
1019  ]
1020  ], $logger->getBuffer() );
1021  $logger->clearBuffer();
1022 
1023  // No metadata, missing data
1024  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1025  'id' => $id,
1026  'userInfo' => $userInfo
1027  ] );
1028  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1029  $this->assertSame( [
1030  [ LogLevel::WARNING, 'Session "{session}": Null provider and no metadata' ],
1031  ], $logger->getBuffer() );
1032  $logger->clearBuffer();
1033 
1034  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1035  'provider' => $provider,
1036  'id' => $id,
1037  ] );
1038  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1039  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1040  $this->assertInstanceOf( UserInfo::class, $info->getUserInfo() );
1041  $this->assertTrue( $info->getUserInfo()->isVerified() );
1042  $this->assertTrue( $info->getUserInfo()->isAnon() );
1043  $this->assertFalse( $info->isIdSafe() );
1044  $this->assertSame( [], $logger->getBuffer() );
1045 
1046  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1047  'provider' => $provider2,
1048  'id' => $id,
1049  ] );
1050  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1051  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1052  $this->assertSame( [
1053  [ LogLevel::INFO, 'Session "{session}": No user provided and provider cannot set user' ]
1054  ], $logger->getBuffer() );
1055  $logger->clearBuffer();
1056 
1057  // Incomplete/bad metadata
1058  $this->store->setRawSession( $id, true );
1059  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1060  $this->assertSame( [
1061  [ LogLevel::WARNING, 'Session "{session}": Bad data' ],
1062  ], $logger->getBuffer() );
1063  $logger->clearBuffer();
1064 
1065  $this->store->setRawSession( $id, [ 'data' => [] ] );
1066  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1067  $this->assertSame( [
1068  [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1069  ], $logger->getBuffer() );
1070  $logger->clearBuffer();
1071 
1072  $this->store->deleteSession( $id );
1073  $this->store->setRawSession( $id, [ 'metadata' => $metadata ] );
1074  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1075  $this->assertSame( [
1076  [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1077  ], $logger->getBuffer() );
1078  $logger->clearBuffer();
1079 
1080  $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => true ] );
1081  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1082  $this->assertSame( [
1083  [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1084  ], $logger->getBuffer() );
1085  $logger->clearBuffer();
1086 
1087  $this->store->setRawSession( $id, [ 'metadata' => true, 'data' => [] ] );
1088  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1089  $this->assertSame( [
1090  [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1091  ], $logger->getBuffer() );
1092  $logger->clearBuffer();
1093 
1094  foreach ( $metadata as $key => $dummy ) {
1095  $tmp = $metadata;
1096  unset( $tmp[$key] );
1097  $this->store->setRawSession( $id, [ 'metadata' => $tmp, 'data' => [] ] );
1098  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1099  $this->assertSame( [
1100  [ LogLevel::WARNING, 'Session "{session}": Bad metadata' ],
1101  ], $logger->getBuffer() );
1102  $logger->clearBuffer();
1103  }
1104 
1105  // Basic usage with metadata
1106  $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => [] ] );
1107  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1108  'provider' => $provider,
1109  'id' => $id,
1110  'userInfo' => $userInfo
1111  ] );
1112  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1113  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1114  $this->assertTrue( $info->isIdSafe() );
1115  $this->assertSame( [], $logger->getBuffer() );
1116 
1117  // Mismatched provider
1118  $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1119  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1120  'provider' => $provider,
1121  'id' => $id,
1122  'userInfo' => $userInfo
1123  ] );
1124  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1125  $this->assertSame( [
1126  [ LogLevel::WARNING, 'Session "{session}": Wrong provider Bad !== Mock' ],
1127  ], $logger->getBuffer() );
1128  $logger->clearBuffer();
1129 
1130  // Unknown provider
1131  $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1132  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1133  'id' => $id,
1134  'userInfo' => $userInfo
1135  ] );
1136  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1137  $this->assertSame( [
1138  [ LogLevel::WARNING, 'Session "{session}": Unknown provider Bad' ],
1139  ], $logger->getBuffer() );
1140  $logger->clearBuffer();
1141 
1142  // Fill in provider
1143  $this->store->setSessionMeta( $id, $metadata );
1144  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1145  'id' => $id,
1146  'userInfo' => $userInfo
1147  ] );
1148  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1149  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1150  $this->assertTrue( $info->isIdSafe() );
1151  $this->assertSame( [], $logger->getBuffer() );
1152 
1153  // Bad user metadata
1154  $this->store->setSessionMeta( $id, [ 'userId' => -1, 'userToken' => null ] + $metadata );
1155  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1156  'provider' => $provider,
1157  'id' => $id,
1158  ] );
1159  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1160  $this->assertSame( [
1161  [ LogLevel::ERROR, 'Session "{session}": {exception}' ],
1162  ], $logger->getBuffer() );
1163  $logger->clearBuffer();
1164 
1165  $this->store->setSessionMeta(
1166  $id, [ 'userId' => 0, 'userName' => '<X>', 'userToken' => null ] + $metadata
1167  );
1168  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1169  'provider' => $provider,
1170  'id' => $id,
1171  ] );
1172  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1173  $this->assertSame( [
1174  [ LogLevel::ERROR, 'Session "{session}": {exception}', ],
1175  ], $logger->getBuffer() );
1176  $logger->clearBuffer();
1177 
1178  // Mismatched user by ID
1179  $this->store->setSessionMeta(
1180  $id, [ 'userId' => $userInfo->getId() + 1, 'userToken' => null ] + $metadata
1181  );
1182  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1183  'provider' => $provider,
1184  'id' => $id,
1185  'userInfo' => $userInfo
1186  ] );
1187  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1188  $this->assertSame( [
1189  [ LogLevel::WARNING, 'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}' ],
1190  ], $logger->getBuffer() );
1191  $logger->clearBuffer();
1192 
1193  // Mismatched user by name
1194  $this->store->setSessionMeta(
1195  $id, [ 'userId' => 0, 'userName' => 'X', 'userToken' => null ] + $metadata
1196  );
1197  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1198  'provider' => $provider,
1199  'id' => $id,
1200  'userInfo' => $userInfo
1201  ] );
1202  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1203  $this->assertSame( [
1204  [ LogLevel::WARNING, 'Session "{session}": User name mismatch, {uname_a} !== {uname_b}' ],
1205  ], $logger->getBuffer() );
1206  $logger->clearBuffer();
1207 
1208  // ID matches, name doesn't
1209  $this->store->setSessionMeta(
1210  $id, [ 'userId' => $userInfo->getId(), 'userName' => 'X', 'userToken' => null ] + $metadata
1211  );
1212  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1213  'provider' => $provider,
1214  'id' => $id,
1215  'userInfo' => $userInfo
1216  ] );
1217  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1218  $this->assertSame( [
1219  [
1220  LogLevel::WARNING,
1221  'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}'
1222  ],
1223  ], $logger->getBuffer() );
1224  $logger->clearBuffer();
1225 
1226  // Mismatched anon user
1227  $this->store->setSessionMeta(
1228  $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1229  );
1230  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1231  'provider' => $provider,
1232  'id' => $id,
1233  'userInfo' => $userInfo
1234  ] );
1235  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1236  $this->assertSame( [
1237  [
1238  LogLevel::WARNING,
1239  'Session "{session}": Metadata has an anonymous user, ' .
1240  'but a non-anon user was provided',
1241  ],
1242  ], $logger->getBuffer() );
1243  $logger->clearBuffer();
1244 
1245  // Lookup user by ID
1246  $this->store->setSessionMeta( $id, [ 'userToken' => null ] + $metadata );
1247  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1248  'provider' => $provider,
1249  'id' => $id,
1250  ] );
1251  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1252  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1253  $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1254  $this->assertTrue( $info->isIdSafe() );
1255  $this->assertSame( [], $logger->getBuffer() );
1256 
1257  // Lookup user by name
1258  $this->store->setSessionMeta(
1259  $id, [ 'userId' => 0, 'userName' => 'UTSysop', 'userToken' => null ] + $metadata
1260  );
1261  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1262  'provider' => $provider,
1263  'id' => $id,
1264  ] );
1265  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1266  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1267  $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1268  $this->assertTrue( $info->isIdSafe() );
1269  $this->assertSame( [], $logger->getBuffer() );
1270 
1271  // Lookup anonymous user
1272  $this->store->setSessionMeta(
1273  $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1274  );
1275  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1276  'provider' => $provider,
1277  'id' => $id,
1278  ] );
1279  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1280  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1281  $this->assertTrue( $info->getUserInfo()->isAnon() );
1282  $this->assertTrue( $info->isIdSafe() );
1283  $this->assertSame( [], $logger->getBuffer() );
1284 
1285  // Unverified user with metadata
1286  $this->store->setSessionMeta( $id, $metadata );
1287  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1288  'provider' => $provider,
1289  'id' => $id,
1290  'userInfo' => $unverifiedUserInfo
1291  ] );
1292  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1293  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1294  $this->assertTrue( $info->getUserInfo()->isVerified() );
1295  $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1296  $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1297  $this->assertTrue( $info->isIdSafe() );
1298  $this->assertSame( [], $logger->getBuffer() );
1299 
1300  // Unverified user with metadata
1301  $this->store->setSessionMeta( $id, $metadata );
1302  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1303  'provider' => $provider,
1304  'id' => $id,
1305  'userInfo' => $unverifiedUserInfo
1306  ] );
1307  $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1308  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1309  $this->assertTrue( $info->getUserInfo()->isVerified() );
1310  $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1311  $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1312  $this->assertTrue( $info->isIdSafe() );
1313  $this->assertSame( [], $logger->getBuffer() );
1314 
1315  // Wrong token
1316  $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1317  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1318  'provider' => $provider,
1319  'id' => $id,
1320  'userInfo' => $userInfo
1321  ] );
1322  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1323  $this->assertSame( [
1324  [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1325  ], $logger->getBuffer() );
1326  $logger->clearBuffer();
1327 
1328  // Provider metadata
1329  $this->store->setSessionMeta( $id, [ 'provider' => 'Mock2' ] + $metadata );
1330  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1331  'provider' => $provider2,
1332  'id' => $id,
1333  'userInfo' => $userInfo,
1334  'metadata' => [ 'Info' ],
1335  ] );
1336  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1337  $this->assertSame( [ 'Info', 'changed' => true ], $info->getProviderMetadata() );
1338  $this->assertSame( [], $logger->getBuffer() );
1339 
1340  $this->store->setSessionMeta( $id, [ 'providerMetadata' => [ 'Saved' ] ] + $metadata );
1341  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1342  'provider' => $provider,
1343  'id' => $id,
1344  'userInfo' => $userInfo,
1345  ] );
1346  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1347  $this->assertSame( [ 'Saved' ], $info->getProviderMetadata() );
1348  $this->assertSame( [], $logger->getBuffer() );
1349 
1350  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1351  'provider' => $provider,
1352  'id' => $id,
1353  'userInfo' => $userInfo,
1354  'metadata' => [ 'Info' ],
1355  ] );
1356  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1357  $this->assertSame( [ 'Merged' ], $info->getProviderMetadata() );
1358  $this->assertSame( [], $logger->getBuffer() );
1359 
1360  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1361  'provider' => $provider,
1362  'id' => $id,
1363  'userInfo' => $userInfo,
1364  'metadata' => [ 'Throw' ],
1365  ] );
1366  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1367  $this->assertSame( [
1368  [
1369  LogLevel::WARNING,
1370  'Session "{session}": Metadata merge failed: {exception}',
1371  ],
1372  ], $logger->getBuffer() );
1373  $logger->clearBuffer();
1374 
1375  // Remember from session
1376  $this->store->setSessionMeta( $id, $metadata );
1377  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1378  'provider' => $provider,
1379  'id' => $id,
1380  ] );
1381  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1382  $this->assertFalse( $info->wasRemembered() );
1383  $this->assertSame( [], $logger->getBuffer() );
1384 
1385  $this->store->setSessionMeta( $id, [ 'remember' => true ] + $metadata );
1386  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1387  'provider' => $provider,
1388  'id' => $id,
1389  ] );
1390  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1391  $this->assertTrue( $info->wasRemembered() );
1392  $this->assertSame( [], $logger->getBuffer() );
1393 
1394  $this->store->setSessionMeta( $id, [ 'remember' => false ] + $metadata );
1395  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1396  'provider' => $provider,
1397  'id' => $id,
1398  'userInfo' => $userInfo
1399  ] );
1400  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1401  $this->assertTrue( $info->wasRemembered() );
1402  $this->assertSame( [], $logger->getBuffer() );
1403 
1404  // forceHTTPS from session
1405  $this->store->setSessionMeta( $id, $metadata );
1406  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1407  'provider' => $provider,
1408  'id' => $id,
1409  'userInfo' => $userInfo
1410  ] );
1411  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1412  $this->assertFalse( $info->forceHTTPS() );
1413  $this->assertSame( [], $logger->getBuffer() );
1414 
1415  $this->store->setSessionMeta( $id, [ 'forceHTTPS' => true ] + $metadata );
1416  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1417  'provider' => $provider,
1418  'id' => $id,
1419  'userInfo' => $userInfo
1420  ] );
1421  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1422  $this->assertTrue( $info->forceHTTPS() );
1423  $this->assertSame( [], $logger->getBuffer() );
1424 
1425  $this->store->setSessionMeta( $id, [ 'forceHTTPS' => false ] + $metadata );
1426  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1427  'provider' => $provider,
1428  'id' => $id,
1429  'userInfo' => $userInfo,
1430  'forceHTTPS' => true
1431  ] );
1432  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1433  $this->assertTrue( $info->forceHTTPS() );
1434  $this->assertSame( [], $logger->getBuffer() );
1435 
1436  // "Persist" flag from session
1437  $this->store->setSessionMeta( $id, $metadata );
1438  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1439  'provider' => $provider,
1440  'id' => $id,
1441  'userInfo' => $userInfo
1442  ] );
1443  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1444  $this->assertFalse( $info->wasPersisted() );
1445  $this->assertSame( [], $logger->getBuffer() );
1446 
1447  $this->store->setSessionMeta( $id, [ 'persisted' => true ] + $metadata );
1448  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1449  'provider' => $provider,
1450  'id' => $id,
1451  'userInfo' => $userInfo
1452  ] );
1453  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1454  $this->assertTrue( $info->wasPersisted() );
1455  $this->assertSame( [], $logger->getBuffer() );
1456 
1457  $this->store->setSessionMeta( $id, [ 'persisted' => false ] + $metadata );
1458  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1459  'provider' => $provider,
1460  'id' => $id,
1461  'userInfo' => $userInfo,
1462  'persisted' => true
1463  ] );
1464  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1465  $this->assertTrue( $info->wasPersisted() );
1466  $this->assertSame( [], $logger->getBuffer() );
1467 
1468  // Provider refreshSessionInfo() returning false
1469  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1470  'provider' => $provider3,
1471  ] );
1472  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1473  $this->assertSame( [], $logger->getBuffer() );
1474 
1475  // Hook
1476  $called = false;
1477  $data = [ 'foo' => 1 ];
1478  $this->store->setSession( $id, [ 'metadata' => $metadata, 'data' => $data ] );
1479  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1480  'provider' => $provider,
1481  'id' => $id,
1482  'userInfo' => $userInfo
1483  ] );
1484  $this->mergeMwGlobalArrayValue( 'wgHooks', [
1485  'SessionCheckInfo' => [ function ( &$reason, $i, $r, $m, $d ) use (
1486  $info, $metadata, $data, $request, &$called
1487  ) {
1488  $this->assertSame( $info->getId(), $i->getId() );
1489  $this->assertSame( $info->getProvider(), $i->getProvider() );
1490  $this->assertSame( $info->getUserInfo(), $i->getUserInfo() );
1491  $this->assertSame( $request, $r );
1492  $this->assertEquals( $metadata, $m );
1493  $this->assertEquals( $data, $d );
1494  $called = true;
1495  return false;
1496  } ]
1497  ] );
1498  $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1499  $this->assertTrue( $called );
1500  $this->assertSame( [
1501  [ LogLevel::WARNING, 'Session "{session}": Hook aborted' ],
1502  ], $logger->getBuffer() );
1503  $logger->clearBuffer();
1504  $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'SessionCheckInfo' => [] ] );
1505 
1506  // forceUse deletes bad backend data
1507  $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1508  $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1509  'provider' => $provider,
1510  'id' => $id,
1511  'userInfo' => $userInfo,
1512  'forceUse' => true,
1513  ] );
1514  $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1515  $this->assertFalse( $this->store->getSession( $id ) );
1516  $this->assertSame( [
1517  [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1518  ], $logger->getBuffer() );
1519  $logger->clearBuffer();
1520  }
1521 }
MediaWiki\Session\SessionManagerTest\testConstructor
testConstructor()
Definition: SessionManagerTest.php:111
MediaWiki\Session\SessionManagerTest\testShutdown
testShutdown()
Definition: SessionManagerTest.php:787
MediaWiki\Session\UserInfo\newAnonymous
static newAnonymous()
Create an instance for an anonymous (i.e.
Definition: UserInfo.php:74
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:244
FauxRequest
WebRequest clone which takes values from a provided array.
Definition: FauxRequest.php:33
MediaWiki\Session\PHPSessionHandler\install
static install(SessionManager $manager)
Install a session handler for the current web request.
Definition: PHPSessionHandler.php:108
MediaWikiTestCase\mergeMwGlobalArrayValue
mergeMwGlobalArrayValue( $name, $values)
Merges the given values into a MW global array variable.
Definition: MediaWikiTestCase.php:901
MediaWiki\Session\SessionManagerTest\testInvalidateSessionsForUser
testInvalidateSessionsForUser()
Definition: SessionManagerTest.php:653
HashConfig
A Config instance which stores all settings as a member variable.
Definition: HashConfig.php:28
TestLogger\getBuffer
getBuffer()
Return the collected logs.
Definition: TestLogger.php:79
MediaWiki\Session\SessionManagerTest
Session Database MediaWiki\Session\SessionManager.
Definition: SessionManagerTest.php:15
ObjectCache\$instances
static BagOStuff[] $instances
Map of (id => BagOStuff)
Definition: ObjectCache.php:82
MediaWiki\Session\MetadataMergeException
Subclass of UnexpectedValueException that can be annotated with additional data for debug logging.
Definition: MetadataMergeException.php:35
TestLogger
A logger that may be configured to either buffer logs or to print them to the output where PHPUnit wi...
Definition: TestLogger.php:33
TestLogger\clearBuffer
clearBuffer()
Clear the collected log buffer.
Definition: TestLogger.php:86
MediaWiki\Session\SessionInfo\getId
getId()
Return the session ID.
Definition: SessionInfo.php:178
MediaWiki\Session\TestUtils\setSessionManagerSingleton
static setSessionManagerSingleton(SessionManager $manager=null)
Override the singleton for unit testing.
Definition: TestUtils.php:18
MediaWiki\Session\SessionManagerTest\objectCacheDef
objectCacheDef( $object)
Definition: SessionManagerTest.php:48
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition: User.php:592
MediaWiki\Session\SessionManagerTest\getManager
getManager()
Definition: SessionManagerTest.php:26
User
User
Definition: All_system_messages.txt:425
MediaWiki\Session\SessionManagerTest\testGetGlobalSession
testGetGlobalSession()
Definition: SessionManagerTest.php:62
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
MediaWiki\Session\SessionManagerTest\testPreventSessionsForUser
testPreventSessionsForUser()
Definition: SessionManagerTest.php:879
MediaWikiTestCase\$called
$called
$called tracks whether the setUp and tearDown method has been called.
Definition: MediaWikiTestCase.php:46
MediaWiki\Session\SessionManagerTest\$config
HashConfig $config
Definition: SessionManagerTest.php:18
MediaWiki\Session\SessionManagerTest\testGetSessionById
testGetSessionById()
Definition: SessionManagerTest.php:357
MediaWiki\Session\SessionManager\validateSessionId
static validateSessionId( $id)
Validate a session ID.
Definition: SessionManager.php:371
MediaWiki\Session\SessionManagerTest\testGetProviders
testGetProviders()
Definition: SessionManagerTest.php:757
MediaWikiTestCase
Definition: MediaWikiTestCase.php:16
store
MediaWiki s SiteStore can be cached and stored in a flat in a json format If the SiteStore is frequently the file cache may provide a performance benefit over a database store
Definition: sitescache.txt:1
MediaWiki\Session\SessionManager\singleton
static singleton()
Get the global SessionManager.
Definition: SessionManager.php:92
use
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation to deal in the Software without including without limitation the rights to use
Definition: MIT-LICENSE.txt:10
MediaWiki\Session\SessionManagerTest\$logger
TestLogger $logger
Definition: SessionManagerTest.php:21
MediaWiki\Session
Definition: BotPasswordSessionProvider.php:24
string
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition: hooks.txt:175
$request
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2675
MediaWiki\Session\SessionInfo\MAX_PRIORITY
const MAX_PRIORITY
Maximum allowed priority.
Definition: SessionInfo.php:39
any
they could even be mouse clicks or menu items whatever suits your program You should also get your if any
Definition: COPYING.txt:326
MediaWiki\Session\SessionManager\getGlobalSession
static getGlobalSession()
Get the "global" session.
Definition: SessionManager.php:107
MediaWiki\Session\SessionManagerTest\testSingleton
testSingleton()
Definition: SessionManagerTest.php:54
MediaWiki\Session\SessionManagerTest\testBackendRegistration
testBackendRegistration()
Definition: SessionManagerTest.php:830
MediaWiki\Session\SessionManagerTest\$store
TestBagOStuff $store
Definition: SessionManagerTest.php:24
MediaWiki\Session\TestBagOStuff
BagOStuff with utility functions for MediaWiki\\Session\\* testing.
Definition: TestBagOStuff.php:8
MediaWiki\Session\UserInfo\newFromName
static newFromName( $name, $verified=false)
Create an instance for a logged-in user by name.
Definition: UserInfo.php:102
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition: SessionManager.php:50
$handler
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable modifiable after all normalizations have been except for the $wgMaxImageArea check set to true or false to override the $wgMaxImageArea check result gives extension the possibility to transform it themselves $handler
Definition: hooks.txt:813
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:432
MediaWiki\Session\SessionManagerTest\testGetEmptySession
testGetEmptySession()
Definition: SessionManagerTest.php:428
MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition: SessionInfo.php:34
MediaWiki\Session\SessionManagerTest\testGetVaryCookies
testGetVaryCookies()
Definition: SessionManagerTest.php:726
User\idFromName
static idFromName( $name, $flags=self::READ_NORMAL)
Get database id given a user name.
Definition: User.php:911
MediaWiki\Session\SessionManagerTest\testLoadSessionInfoFromStore
testLoadSessionInfoFromStore()
Definition: SessionManagerTest.php:900
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
MediaWiki\Session\PHPSessionHandler\isInstalled
static isInstalled()
Test whether the handler is installed.
Definition: PHPSessionHandler.php:92
MediaWiki\$context
IContextSource $context
Definition: MediaWiki.php:38
MediaWiki\Session\SessionManagerTest\testGetSessionFromInfo
testGetSessionFromInfo()
Definition: SessionManagerTest.php:799
MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition: SessionInfo.php:36
MediaWiki\Session\SessionManagerTest\testGenerateSessionId
testGenerateSessionId()
Definition: SessionManagerTest.php:872
MediaWiki\Session\SessionManagerTest\testGetSessionForRequest
testGetSessionForRequest()
Definition: SessionManagerTest.php:139
MediaWiki\Session\SessionManagerTest\testGetVaryHeaders
testGetVaryHeaders()
Definition: SessionManagerTest.php:682