33 $this->fail(
'Expected exception not thrown' );
34 }
catch ( \InvalidArgumentException $ex ) {
36 'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',
43 $this->fail(
'Expected exception not thrown' );
44 }
catch ( \InvalidArgumentException $ex ) {
46 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
52 $this->fail(
'Expected exception not thrown' );
53 }
catch ( \InvalidArgumentException $ex ) {
55 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
61 $this->fail(
'Expected exception not thrown' );
62 }
catch ( \InvalidArgumentException $ex ) {
64 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
71 $this->fail(
'Expected exception not thrown' );
72 }
catch ( \InvalidArgumentException $ex ) {
74 'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',
80 $p = \TestingAccessWrapper::newFromObject(
84 $p->setConfig( $config );
85 $this->assertEquals( 1, $p->priority );
86 $this->assertEquals( [
87 'callUserSetCookiesHook' =>
false,
88 'sessionName' =>
'CookiePrefix_session',
90 $this->assertEquals( [
91 'prefix' =>
'CookiePrefix',
92 'path' =>
'CookiePath',
93 'domain' =>
'CookieDomain',
96 ], $p->cookieOptions );
98 $config->set(
'SessionName',
'SessionName' );
99 $p = \TestingAccessWrapper::newFromObject(
103 $p->setConfig( $config );
104 $this->assertEquals( 3, $p->priority );
105 $this->assertEquals( [
106 'callUserSetCookiesHook' =>
false,
107 'sessionName' =>
'SessionName',
109 $this->assertEquals( [
110 'prefix' =>
'CookiePrefix',
111 'path' =>
'CookiePath',
112 'domain' =>
'CookieDomain',
115 ], $p->cookieOptions );
119 'callUserSetCookiesHook' =>
true,
121 'prefix' =>
'XPrefix',
123 'domain' =>
'XDomain',
124 'secure' =>
'XSecure',
125 'httpOnly' =>
'XHttpOnly',
127 'sessionName' =>
'XSession',
130 $p->setConfig( $config );
131 $this->assertEquals( 10, $p->priority );
132 $this->assertEquals( [
133 'callUserSetCookiesHook' =>
true,
134 'sessionName' =>
'XSession',
136 $this->assertEquals( [
137 'prefix' =>
'XPrefix',
139 'domain' =>
'XDomain',
140 'secure' =>
'XSecure',
141 'httpOnly' =>
'XHttpOnly',
142 ], $p->cookieOptions );
159 'sessionName' =>
'session',
160 'cookieOptions' => [
'prefix' =>
'x' ],
163 $logger = new \TestLogger(
true );
164 $provider->setLogger( $logger );
165 $provider->setConfig( $this->
getConfig() );
168 $user = User::newFromName(
'UTSysop' );
169 $id =
$user->getId();
171 $token =
$user->getToken(
true );
173 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
177 $info = $provider->provideSessionInfo(
$request );
178 $this->assertNull( $info );
179 $this->assertSame( [], $logger->getBuffer() );
180 $logger->clearBuffer();
185 'session' => $sessionId,
187 $info = $provider->provideSessionInfo(
$request );
188 $this->assertNotNull( $info );
189 $this->assertSame(
$params[
'priority'], $info->getPriority() );
190 $this->assertSame( $sessionId, $info->getId() );
191 $this->assertNotNull( $info->getUserInfo() );
192 $this->assertSame( 0, $info->getUserInfo()->getId() );
193 $this->assertNull( $info->getUserInfo()->getName() );
194 $this->assertFalse( $info->forceHTTPS() );
198 'Session "{session}" requested without UserID cookie',
200 ], $logger->getBuffer() );
201 $logger->clearBuffer();
209 $info = $provider->provideSessionInfo(
$request );
210 $this->assertNotNull( $info );
211 $this->assertSame(
$params[
'priority'], $info->getPriority() );
212 $this->assertNotSame( $sessionId, $info->getId() );
213 $this->assertNotNull( $info->getUserInfo() );
214 $this->assertSame( $id, $info->getUserInfo()->getId() );
215 $this->assertSame(
$name, $info->getUserInfo()->getName() );
216 $this->assertFalse( $info->forceHTTPS() );
217 $this->assertSame( [], $logger->getBuffer() );
218 $logger->clearBuffer();
223 'session' => $sessionId,
227 $info = $provider->provideSessionInfo(
$request );
228 $this->assertNotNull( $info );
229 $this->assertSame(
$params[
'priority'], $info->getPriority() );
230 $this->assertSame( $sessionId, $info->getId() );
231 $this->assertNotNull( $info->getUserInfo() );
232 $this->assertSame( $id, $info->getUserInfo()->getId() );
233 $this->assertSame(
$name, $info->getUserInfo()->getName() );
234 $this->assertFalse( $info->forceHTTPS() );
235 $this->assertSame( [], $logger->getBuffer() );
236 $logger->clearBuffer();
241 'session' => $sessionId,
243 'xToken' =>
'BADTOKEN',
245 $info = $provider->provideSessionInfo(
$request );
246 $this->assertNull( $info );
250 'Session "{session}" requested with invalid Token cookie.'
252 ], $logger->getBuffer() );
253 $logger->clearBuffer();
258 'session' => $sessionId,
261 $info = $provider->provideSessionInfo(
$request );
262 $this->assertNotNull( $info );
263 $this->assertSame(
$params[
'priority'], $info->getPriority() );
264 $this->assertSame( $sessionId, $info->getId() );
265 $this->assertNotNull( $info->getUserInfo() );
266 $this->assertFalse( $info->getUserInfo()->isVerified() );
267 $this->assertSame( $id, $info->getUserInfo()->getId() );
268 $this->assertSame(
$name, $info->getUserInfo()->getName() );
269 $this->assertFalse( $info->forceHTTPS() );
270 $this->assertSame( [], $logger->getBuffer() );
271 $logger->clearBuffer();
277 $info = $provider->provideSessionInfo(
$request );
278 $this->assertNull( $info );
279 $this->assertSame( [], $logger->getBuffer() );
280 $logger->clearBuffer();
285 'session' => $sessionId,
288 'forceHTTPS' =>
true,
290 $info = $provider->provideSessionInfo(
$request );
291 $this->assertNotNull( $info );
292 $this->assertSame(
$params[
'priority'], $info->getPriority() );
293 $this->assertSame( $sessionId, $info->getId() );
294 $this->assertNotNull( $info->getUserInfo() );
295 $this->assertSame( $id, $info->getUserInfo()->getId() );
296 $this->assertSame(
$name, $info->getUserInfo()->getName() );
297 $this->assertTrue( $info->forceHTTPS() );
298 $this->assertSame( [], $logger->getBuffer() );
299 $logger->clearBuffer();
304 'session' => $sessionId,
307 $info = $provider->provideSessionInfo(
$request );
308 $this->assertNull( $info );
309 $this->assertSame( [], $logger->getBuffer() );
310 $logger->clearBuffer();
315 'session' => $sessionId,
317 'xUserName' =>
$name,
319 $info = $provider->provideSessionInfo(
$request );
320 $this->assertNotNull( $info );
321 $this->assertSame(
$params[
'priority'], $info->getPriority() );
322 $this->assertSame( $sessionId, $info->getId() );
323 $this->assertNotNull( $info->getUserInfo() );
324 $this->assertFalse( $info->getUserInfo()->isVerified() );
325 $this->assertSame( $id, $info->getUserInfo()->getId() );
326 $this->assertSame(
$name, $info->getUserInfo()->getName() );
327 $this->assertFalse( $info->forceHTTPS() );
328 $this->assertSame( [], $logger->getBuffer() );
329 $logger->clearBuffer();
334 'session' => $sessionId,
336 'xUserName' =>
'Wrong',
338 $info = $provider->provideSessionInfo(
$request );
339 $this->assertNull( $info );
343 'Session "{session}" requested with mismatched UserID and UserName cookies.',
345 ], $logger->getBuffer() );
346 $logger->clearBuffer();
382 'sessionName' =>
'MySessionName',
383 'callUserSetCookiesHook' =>
false,
384 'cookieOptions' => [
'prefix' =>
'x' ],
388 $provider->setConfig( $config );
391 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
393 $user = User::newFromName(
'UTSysop' );
399 'provider' => $provider,
405 new \Psr\Log\NullLogger(),
408 \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
410 $mock = $this->getMock(
'stdClass', [
'onUserSetCookies' ] );
411 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
415 $backend->setUser( $anon );
416 $backend->setRememberUser(
true );
417 $backend->setForceHTTPS(
false );
419 $provider->persistSession( $backend,
$request );
420 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
421 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
422 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
423 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
424 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
425 $this->assertSame( [], $backend->getData() );
428 $backend->setUser(
$user );
429 $backend->setRememberUser(
false );
430 $backend->setForceHTTPS(
false );
432 $provider->persistSession( $backend,
$request );
433 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
434 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
435 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
436 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
437 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
438 $this->assertSame( [], $backend->getData() );
441 $backend->setUser(
$user );
442 $backend->setRememberUser(
true );
443 $backend->setForceHTTPS(
true );
446 $provider->persistSession( $backend,
$request );
447 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
448 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
449 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
450 $this->assertSame(
$user->getToken(),
$request->response()->getCookie(
'xToken' ) );
451 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
452 $this->assertSame( [], $backend->getData() );
570 'sessionName' =>
'MySessionName',
571 'callUserSetCookiesHook' =>
true,
572 'cookieOptions' => [
'prefix' =>
'x' ],
574 $provider->setLogger(
new \Psr\Log\NullLogger() );
575 $provider->setConfig( $this->
getConfig() );
578 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
580 $user = User::newFromName(
'UTSysop' );
586 'provider' => $provider,
592 new \Psr\Log\NullLogger(),
595 \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
598 $mock = $this->getMock(
'stdClass', [
'onUserSetCookies' ] );
599 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
601 $backend->setUser( $anon );
602 $backend->setRememberUser(
true );
603 $backend->setForceHTTPS(
false );
605 $provider->persistSession( $backend,
$request );
606 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
607 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
608 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
609 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
610 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
611 $this->assertSame( [], $backend->getData() );
616 $mock = $this->getMock( __CLASS__, [
'onUserSetCookies' ] );
617 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
618 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies )
use (
$user ) {
619 $this->assertSame(
$user, $u );
620 $this->assertEquals( [
621 'wsUserID' =>
$user->getId(),
622 'wsUserName' =>
$user->getName(),
623 'wsToken' =>
$user->getToken(),
625 $this->assertEquals( [
626 'UserID' =>
$user->getId(),
627 'UserName' =>
$user->getName(),
631 $sessionData[
'foo'] =
'foo!';
632 $cookies[
'bar'] =
'bar!';
636 $backend->setUser(
$user );
637 $backend->setRememberUser(
false );
638 $backend->setForceHTTPS(
false );
639 $backend->setLoggedOutTimestamp( $loggedOut = time() );
641 $provider->persistSession( $backend,
$request );
642 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
643 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
644 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
645 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
646 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
647 $this->assertSame(
'bar!',
$request->response()->getCookie(
'xbar' ) );
648 $this->assertSame( (
string)$loggedOut,
$request->response()->getCookie(
'xLoggedOut' ) );
649 $this->assertEquals( [
650 'wsUserID' =>
$user->getId(),
651 'wsUserName' =>
$user->getName(),
652 'wsToken' =>
$user->getToken(),
654 ], $backend->getData() );
659 $mock = $this->getMock( __CLASS__, [
'onUserSetCookies' ] );
660 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
661 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies )
use (
$user ) {
662 $this->assertSame(
$user, $u );
663 $this->assertEquals( [
664 'wsUserID' =>
$user->getId(),
665 'wsUserName' =>
$user->getName(),
666 'wsToken' =>
$user->getToken(),
668 $this->assertEquals( [
669 'UserID' =>
$user->getId(),
670 'UserName' =>
$user->getName(),
671 'Token' =>
$user->getToken(),
674 $sessionData[
'foo'] =
'foo 2!';
675 $cookies[
'bar'] =
'bar 2!';
679 $backend->setUser(
$user );
680 $backend->setRememberUser(
true );
681 $backend->setForceHTTPS(
true );
682 $backend->setLoggedOutTimestamp( 0 );
684 $provider->persistSession( $backend,
$request );
685 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
686 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
687 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
688 $this->assertSame(
$user->getToken(),
$request->response()->getCookie(
'xToken' ) );
689 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
690 $this->assertSame(
'bar 2!',
$request->response()->getCookie(
'xbar' ) );
691 $this->assertSame(
null,
$request->response()->getCookie(
'xLoggedOut' ) );
692 $this->assertEquals( [
693 'wsUserID' =>
$user->getId(),
694 'wsUserName' =>
$user->getName(),
695 'wsToken' =>
$user->getToken(),
697 ], $backend->getData() );