SessionProvider.php

Go to the documentation of this file.

<?php
namespace MediaWiki\Session;
 
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerInterface;
use Config;
use Language;
use User;
use WebRequest;
 
abstract class SessionProvider implements SessionProviderInterface, LoggerAwareInterface {
 
    protected $logger;
 
    protected $config;
 
    protected $manager;
 
    protected $priority;
 
    public function __construct() {
        $this->priority = SessionInfo::MIN_PRIORITY + 10;
    }
 
    public function setLogger( LoggerInterface $logger ) {
        $this->logger = $logger;
    }
 
    public function setConfig( Config $config ) {
        $this->config = $config;
    }
 
    public function setManager( SessionManager $manager ) {
        $this->manager = $manager;
    }
 
    public function getManager() {
        return $this->manager;
    }
 
    abstract public function provideSessionInfo( WebRequest $request );
 
    public function newSessionInfo( $id = null ) {
        if ( $this->canChangeUser() && $this->persistsSessionId() ) {
            return new SessionInfo( $this->priority, [
                'id' => $id,
                'provider' => $this,
                'persisted' => false,
                'idIsSafe' => true,
            ] );
        }
        return null;
    }
 
    public function mergeMetadata( array $savedMetadata, array $providedMetadata ) {
        foreach ( $providedMetadata as $k => $v ) {
            if ( array_key_exists( $k, $savedMetadata ) && $savedMetadata[$k] !== $v ) {
                $e = new MetadataMergeException( "Key \"$k\" changed" );
                $e->setContext( [
                    'old_value' => $savedMetadata[$k],
                    'new_value' => $v,
                ] );
                throw $e;
            }
        }
        return $providedMetadata;
    }
 
    public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
        return true;
    }
 
    abstract public function persistsSessionId();
 
    abstract public function canChangeUser();
 
    public function getRememberUserDuration() {
        return null;
    }
 
    public function sessionIdWasReset( SessionBackend $session, $oldId ) {
    }
 
    abstract public function persistSession( SessionBackend $session, WebRequest $request );
 
    abstract public function unpersistSession( WebRequest $request );
 
    public function preventSessionsForUser( $username ) {
        if ( !$this->canChangeUser() ) {
            throw new \BadMethodCallException(
                __METHOD__ . ' must be implemented when canChangeUser() is false'
            );
        }
    }
 
    public function invalidateSessionsForUser( User $user ) {
    }
 
    public function getVaryHeaders() {
        return [];
    }
 
    public function getVaryCookies() {
        return [];
    }
 
    public function suggestLoginUsername( WebRequest $request ) {
        return null;
    }
 
    public function getAllowedUserRights( SessionBackend $backend ) {
        if ( $backend->getProvider() !== $this ) {
            // Not that this should ever happen...
            throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
        }
 
        return null;
    }
 
    public function __toString() {
        return static::class;
    }
 
    protected function describeMessage() {
        return wfMessage(
            'sessionprovider-' . str_replace( '\\', '-', strtolower( static::class ) )
        );
    }
 
    public function describe( Language $lang ) {
        $msg = $this->describeMessage();
        $msg->inLanguage( $lang );
        if ( $msg->isDisabled() ) {
            $msg = wfMessage( 'sessionprovider-generic', (string)$this )->inLanguage( $lang );
        }
        return $msg->plain();
    }
 
    public function whyNoSession() {
        return null;
    }
 
    final protected function hashToSessionId( $data, $key = null ) {
        if ( !is_string( $data ) ) {
            throw new \InvalidArgumentException(
                '$data must be a string, ' . gettype( $data ) . ' was passed'
            );
        }
        if ( $key !== null && !is_string( $key ) ) {
            throw new \InvalidArgumentException(
                '$key must be a string or null, ' . gettype( $key ) . ' was passed'
            );
        }
 
        $hash = \MWCryptHash::hmac( "$this\n$data", $key ?: $this->config->get( 'SecretKey' ), false );
        if ( strlen( $hash ) < 32 ) {
            // Should never happen, even md5 is 128 bits
            // @codeCoverageIgnoreStart
            throw new \UnexpectedValueException( 'Hash function returned less than 128 bits' );
            // @codeCoverageIgnoreEnd
        }
        if ( strlen( $hash ) >= 40 ) {
            $hash = \Wikimedia\base_convert( $hash, 16, 32, 32 );
        }
        return substr( $hash, -32 );
    }
 
}