MediaWiki REL1_27
|
Session provider for bot passwords. More...
Public Member Functions | |
__construct (array $params=[]) | |
getAllowedUserRights (SessionBackend $backend) | |
Fetch the rights allowed the user when the specified session is active. | |
newSessionForRequest (User $user, BotPassword $bp, WebRequest $request) | |
Create a new session for a request. | |
newSessionInfo ( $id=null) | |
Provide session info for a new, empty session. | |
preventSessionsForUser ( $username) | |
Prevent future sessions for the user. | |
provideSessionInfo (WebRequest $request) | |
Provide session info for a request. | |
refreshSessionInfo (SessionInfo $info, WebRequest $request, &$metadata) | |
Validate a loaded SessionInfo and refresh provider metadata. | |
![]() | |
__construct ( $params=[]) | |
canChangeUser () | |
Indicate whether the user associated with the request can be changed. | |
getVaryCookies () | |
Return the list of cookies that need varying on. | |
persistSession (SessionBackend $session, WebRequest $request) | |
Persist a session into a request/response. | |
persistsSessionId () | |
Indicate whether self::persistSession() can save arbitrary session IDs. | |
unpersistSession (WebRequest $request) | |
Remove any persisted session from a request/response. | |
whyNoSession () | |
Return a Message for why sessions might not be being persisted. | |
![]() | |
__construct () | |
__toString () | |
describe (Language $lang) | |
Return an identifier for this session type. | |
getManager () | |
Get the session manager. | |
getRememberUserDuration () | |
Returns the duration (in seconds) for which users will be remembered when Session::setRememberUser() is set. | |
getVaryHeaders () | |
Return the HTTP headers that need varying on. | |
invalidateSessionsForUser (User $user) | |
Invalidate existing sessions for a user. | |
mergeMetadata (array $savedMetadata, array $providedMetadata) | |
Merge saved session provider metadata. | |
sessionIdWasReset (SessionBackend $session, $oldId) | |
Notification that the session ID was reset. | |
setConfig (Config $config) | |
Set configuration. | |
setLogger (LoggerInterface $logger) | |
setManager (SessionManager $manager) | |
Set the session manager. | |
suggestLoginUsername (WebRequest $request) | |
Get a suggested username for the login form. | |
Additional Inherited Members | |
![]() | |
getSessionIdFromCookie (WebRequest $request) | |
Get the session ID from the cookie, if any. | |
![]() | |
describeMessage () | |
Return a Message identifying this session type. | |
hashToSessionId ( $data, $key=null) | |
Hash data as a session ID. | |
![]() | |
string null | $sessionCookieName = null |
$sessionCookieOptions = [] | |
![]() | |
Config | $config |
LoggerInterface | $logger |
SessionManager | $manager |
int | $priority |
Session priority. | |
Session provider for bot passwords.
Definition at line 34 of file BotPasswordSessionProvider.php.
MediaWiki\Session\BotPasswordSessionProvider::__construct | ( | array | $params = [] | ) |
array | $params | Keys include:
|
Definition at line 42 of file BotPasswordSessionProvider.php.
References $params, MediaWiki\Session\SessionInfo\MAX_PRIORITY, and MediaWiki\Session\SessionInfo\MIN_PRIORITY.
MediaWiki\Session\BotPasswordSessionProvider::getAllowedUserRights | ( | SessionBackend | $backend | ) |
Fetch the rights allowed the user when the specified session is active.
SessionBackend | $backend |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 175 of file BotPasswordSessionProvider.php.
References MediaWiki\Session\SessionBackend\getProvider(), and MediaWiki\Session\SessionBackend\getProviderMetadata().
MediaWiki\Session\BotPasswordSessionProvider::newSessionForRequest | ( | User | $user, |
BotPassword | $bp, | ||
WebRequest | $request | ||
) |
Create a new session for a request.
User | $user | |
BotPassword | $bp | |
WebRequest | $request |
Definition at line 96 of file BotPasswordSessionProvider.php.
References $request, $user, BotPassword\getAppId(), MWGrants\getGrantRights(), BotPassword\getGrants(), MediaWiki\Session\SessionProvider\getManager(), MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie(), BotPassword\getToken(), BotPassword\getUserCentralId(), MediaWiki\Session\SessionInfo\MAX_PRIORITY, and MediaWiki\Session\UserInfo\newFromUser().
MediaWiki\Session\BotPasswordSessionProvider::newSessionInfo | ( | $id = null | ) |
Provide session info for a new, empty session.
Return null if such a session cannot be created. This base implementation assumes that it only makes sense if a session ID can be persisted and changing users is allowed.
string | null | $id | ID to force for the new session |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 84 of file BotPasswordSessionProvider.php.
MediaWiki\Session\BotPasswordSessionProvider::preventSessionsForUser | ( | $username | ) |
Prevent future sessions for the user.
If the provider is capable of returning a SessionInfo with a verified UserInfo for the named user in some manner other than by validating against $user->getToken(), steps must be taken to prevent that from occurring in the future. This might add the username to a blacklist, or it might just delete whatever authentication credentials would allow such a session in the first place (e.g. remove all OAuth grants or delete record of the SSL client certificate).
The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the prevention of access).
Note that the passed user name might not exist locally (i.e. User::idFromName( $username ) === 0); the name should still be prevented, if applicable.
string | $username |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 171 of file BotPasswordSessionProvider.php.
References $username, and BotPassword\removeAllPasswordsForUser().
MediaWiki\Session\BotPasswordSessionProvider::provideSessionInfo | ( | WebRequest | $request | ) |
Provide session info for a request.
If no session exists for the request, return null. Otherwise return an SessionInfo object identifying the session.
If multiple SessionProviders provide sessions, the one with highest priority wins. In case of a tie, an exception is thrown. SessionProviders are encouraged to make priorities user-configurable unless only max-priority makes sense.
WebRequest | $request |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 60 of file BotPasswordSessionProvider.php.
References MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie().
MediaWiki\Session\BotPasswordSessionProvider::refreshSessionInfo | ( | SessionInfo | $info, |
WebRequest | $request, | ||
& | $metadata | ||
) |
Validate a loaded SessionInfo and refresh provider metadata.
This is similar in purpose to the 'SessionCheckInfo' hook, and also allows for updating the provider metadata. On failure, the provider is expected to write an appropriate message to its logger.
SessionInfo | $info | |
WebRequest | $request | |
array | null | &$metadata | Provider metadata, may be altered. |
Reimplemented from MediaWiki\Session\SessionProvider.
Definition at line 115 of file BotPasswordSessionProvider.php.
References $request, $status, and BotPassword\newFromCentralId().