32 $this->fail(
'Expected exception not thrown' );
33 }
catch ( \InvalidArgumentException $ex ) {
35 'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',
42 $this->fail(
'Expected exception not thrown' );
43 }
catch ( \InvalidArgumentException $ex ) {
45 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
51 $this->fail(
'Expected exception not thrown' );
52 }
catch ( \InvalidArgumentException $ex ) {
54 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
60 $this->fail(
'Expected exception not thrown' );
61 }
catch ( \InvalidArgumentException $ex ) {
63 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
70 $this->fail(
'Expected exception not thrown' );
71 }
catch ( \InvalidArgumentException $ex ) {
73 'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',
79 $p = \TestingAccessWrapper::newFromObject(
83 $p->setConfig( $config );
84 $this->assertEquals( 1, $p->priority );
85 $this->assertEquals( [
86 'callUserSetCookiesHook' =>
false,
87 'sessionName' =>
'CookiePrefix_session',
89 $this->assertEquals( [
90 'prefix' =>
'CookiePrefix',
91 'path' =>
'CookiePath',
92 'domain' =>
'CookieDomain',
95 ], $p->cookieOptions );
97 $config->set(
'SessionName',
'SessionName' );
98 $p = \TestingAccessWrapper::newFromObject(
102 $p->setConfig( $config );
103 $this->assertEquals( 3, $p->priority );
104 $this->assertEquals( [
105 'callUserSetCookiesHook' =>
false,
106 'sessionName' =>
'SessionName',
108 $this->assertEquals( [
109 'prefix' =>
'CookiePrefix',
110 'path' =>
'CookiePath',
111 'domain' =>
'CookieDomain',
114 ], $p->cookieOptions );
118 'callUserSetCookiesHook' =>
true,
120 'prefix' =>
'XPrefix',
122 'domain' =>
'XDomain',
123 'secure' =>
'XSecure',
124 'httpOnly' =>
'XHttpOnly',
126 'sessionName' =>
'XSession',
129 $p->setConfig( $config );
130 $this->assertEquals( 10, $p->priority );
131 $this->assertEquals( [
132 'callUserSetCookiesHook' =>
true,
133 'sessionName' =>
'XSession',
135 $this->assertEquals( [
136 'prefix' =>
'XPrefix',
138 'domain' =>
'XDomain',
139 'secure' =>
'XSecure',
140 'httpOnly' =>
'XHttpOnly',
141 ], $p->cookieOptions );
166 'sessionName' =>
'session',
167 'cookieOptions' => [
'prefix' =>
'x' ],
170 $logger = new \TestLogger(
true );
171 $provider->setLogger( $logger );
172 $provider->setConfig( $this->
getConfig() );
175 $user = static::getTestSysop()->getUser();
176 $id =
$user->getId();
178 $token =
$user->getToken(
true );
180 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
184 $info = $provider->provideSessionInfo(
$request );
185 $this->assertNull( $info );
186 $this->assertSame( [], $logger->getBuffer() );
187 $logger->clearBuffer();
192 'session' => $sessionId,
194 $info = $provider->provideSessionInfo(
$request );
195 $this->assertNotNull( $info );
196 $this->assertSame(
$params[
'priority'], $info->getPriority() );
197 $this->assertSame( $sessionId, $info->getId() );
198 $this->assertNotNull( $info->getUserInfo() );
199 $this->assertSame( 0, $info->getUserInfo()->getId() );
200 $this->assertNull( $info->getUserInfo()->getName() );
201 $this->assertFalse( $info->forceHTTPS() );
205 'Session "{session}" requested without UserID cookie',
207 ], $logger->getBuffer() );
208 $logger->clearBuffer();
216 $info = $provider->provideSessionInfo(
$request );
217 $this->assertNotNull( $info );
218 $this->assertSame(
$params[
'priority'], $info->getPriority() );
219 $this->assertNotSame( $sessionId, $info->getId() );
220 $this->assertNotNull( $info->getUserInfo() );
221 $this->assertSame( $id, $info->getUserInfo()->getId() );
222 $this->assertSame(
$name, $info->getUserInfo()->getName() );
223 $this->assertFalse( $info->forceHTTPS() );
224 $this->assertSame( [], $logger->getBuffer() );
225 $logger->clearBuffer();
230 'session' => $sessionId,
234 $info = $provider->provideSessionInfo(
$request );
235 $this->assertNotNull( $info );
236 $this->assertSame(
$params[
'priority'], $info->getPriority() );
237 $this->assertSame( $sessionId, $info->getId() );
238 $this->assertNotNull( $info->getUserInfo() );
239 $this->assertSame( $id, $info->getUserInfo()->getId() );
240 $this->assertSame(
$name, $info->getUserInfo()->getName() );
241 $this->assertFalse( $info->forceHTTPS() );
242 $this->assertSame( [], $logger->getBuffer() );
243 $logger->clearBuffer();
248 'session' => $sessionId,
250 'xToken' =>
'BADTOKEN',
252 $info = $provider->provideSessionInfo(
$request );
253 $this->assertNull( $info );
257 'Session "{session}" requested with invalid Token cookie.'
259 ], $logger->getBuffer() );
260 $logger->clearBuffer();
265 'session' => $sessionId,
268 $info = $provider->provideSessionInfo(
$request );
269 $this->assertNotNull( $info );
270 $this->assertSame(
$params[
'priority'], $info->getPriority() );
271 $this->assertSame( $sessionId, $info->getId() );
272 $this->assertNotNull( $info->getUserInfo() );
273 $this->assertFalse( $info->getUserInfo()->isVerified() );
274 $this->assertSame( $id, $info->getUserInfo()->getId() );
275 $this->assertSame(
$name, $info->getUserInfo()->getName() );
276 $this->assertFalse( $info->forceHTTPS() );
277 $this->assertSame( [], $logger->getBuffer() );
278 $logger->clearBuffer();
284 $info = $provider->provideSessionInfo(
$request );
285 $this->assertNull( $info );
286 $this->assertSame( [], $logger->getBuffer() );
287 $logger->clearBuffer();
292 'session' => $sessionId,
295 'forceHTTPS' =>
true,
297 $info = $provider->provideSessionInfo(
$request );
298 $this->assertNotNull( $info );
299 $this->assertSame(
$params[
'priority'], $info->getPriority() );
300 $this->assertSame( $sessionId, $info->getId() );
301 $this->assertNotNull( $info->getUserInfo() );
302 $this->assertSame( $id, $info->getUserInfo()->getId() );
303 $this->assertSame(
$name, $info->getUserInfo()->getName() );
304 $this->assertTrue( $info->forceHTTPS() );
305 $this->assertSame( [], $logger->getBuffer() );
306 $logger->clearBuffer();
311 'session' => $sessionId,
314 $info = $provider->provideSessionInfo(
$request );
315 $this->assertNull( $info );
316 $this->assertSame( [], $logger->getBuffer() );
317 $logger->clearBuffer();
322 'session' => $sessionId,
324 'xUserName' =>
$name,
326 $info = $provider->provideSessionInfo(
$request );
327 $this->assertNotNull( $info );
328 $this->assertSame(
$params[
'priority'], $info->getPriority() );
329 $this->assertSame( $sessionId, $info->getId() );
330 $this->assertNotNull( $info->getUserInfo() );
331 $this->assertFalse( $info->getUserInfo()->isVerified() );
332 $this->assertSame( $id, $info->getUserInfo()->getId() );
333 $this->assertSame(
$name, $info->getUserInfo()->getName() );
334 $this->assertFalse( $info->forceHTTPS() );
335 $this->assertSame( [], $logger->getBuffer() );
336 $logger->clearBuffer();
341 'session' => $sessionId,
343 'xUserName' =>
'Wrong',
345 $info = $provider->provideSessionInfo(
$request );
346 $this->assertNull( $info );
350 'Session "{session}" requested with mismatched UserID and UserName cookies.',
352 ], $logger->getBuffer() );
353 $logger->clearBuffer();
389 'sessionName' =>
'MySessionName',
390 'callUserSetCookiesHook' =>
false,
391 'cookieOptions' => [
'prefix' =>
'x' ],
395 $provider->setConfig( $config );
398 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
400 $user = static::getTestSysop()->getUser();
406 'provider' => $provider,
412 new \Psr\Log\NullLogger(),
415 \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
417 $mock = $this->getMock(
'stdClass', [
'onUserSetCookies' ] );
418 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
422 $backend->setUser( $anon );
423 $backend->setRememberUser(
true );
424 $backend->setForceHTTPS(
false );
426 $provider->persistSession( $backend,
$request );
427 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
428 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
429 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
430 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
431 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
432 $this->assertSame( [], $backend->getData() );
435 $backend->setUser(
$user );
436 $backend->setRememberUser(
false );
437 $backend->setForceHTTPS(
false );
439 $provider->persistSession( $backend,
$request );
440 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
441 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
442 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
443 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
444 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
445 $this->assertSame( [], $backend->getData() );
448 $backend->setUser(
$user );
449 $backend->setRememberUser(
true );
450 $backend->setForceHTTPS(
true );
453 $provider->persistSession( $backend,
$request );
454 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
455 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
456 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
457 $this->assertSame(
$user->getToken(),
$request->response()->getCookie(
'xToken' ) );
458 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
459 $this->assertSame( [], $backend->getData() );
469 'wgSecureLogin' =>
false,
474 'sessionName' =>
'MySessionName',
475 'callUserSetCookiesHook' =>
false,
476 'cookieOptions' => [
'prefix' =>
'x' ],
479 $config->set(
'CookieSecure', $secure );
481 $provider->setConfig( $config );
484 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
485 $user = static::getTestSysop()->getUser();
486 $this->assertFalse(
$user->requiresHTTPS(),
'sanity check' );
491 'provider' => $provider,
497 new \Psr\Log\NullLogger(),
500 \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
501 $backend->setUser(
$user );
502 $backend->setRememberUser( $remember );
503 $backend->setForceHTTPS( $secure );
506 $provider->persistSession( $backend,
$request );
509 'expire' => (int)100,
510 'path' => $config->get(
'CookiePath' ),
511 'domain' => $config->get(
'CookieDomain' ),
513 'httpOnly' => $config->get(
'CookieHttpOnly' ),
517 $normalExpiry = $config->get(
'CookieExpiration' );
518 $extendedExpiry = $config->get(
'ExtendedLoginCookieExpiration' );
519 $extendedExpiry = (int)( $extendedExpiry ===
null ? 0 : $extendedExpiry );
522 'value' => (
string)$sessionId,
526 'value' => (
string)
$user->getId(),
527 'expire' => $remember ? $extendedExpiry : $normalExpiry,
530 'value' =>
$user->getName(),
531 'expire' => $remember ? $extendedExpiry : $normalExpiry
534 'value' => $remember ?
$user->getToken() :
'',
535 'expire' => $remember ? $extendedExpiry : -31536000,
538 'value' => $secure ?
'true' :
'',
540 'expire' => $secure ? $remember ? $defaults[
'expire'] : 0 : -31536000,
543 foreach ( $expect
as $key =>
$value ) {
544 $actual =
$request->response()->getCookieData( $key );
545 if ( $actual && $actual[
'expire'] > 0 ) {
547 $actual[
'expire'] = round( $actual[
'expire'] -
$time, -2 );
549 $this->assertEquals(
$value, $actual,
"Cookie $key" );
578 'sessionName' =>
'MySessionName',
579 'callUserSetCookiesHook' =>
true,
580 'cookieOptions' => [
'prefix' =>
'x' ],
582 $provider->setLogger(
new \Psr\Log\NullLogger() );
583 $provider->setConfig( $this->
getConfig() );
586 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
588 $user = static::getTestSysop()->getUser();
594 'provider' => $provider,
600 new \Psr\Log\NullLogger(),
603 \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
606 $mock = $this->getMock(
'stdClass', [
'onUserSetCookies' ] );
607 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
609 $backend->setUser( $anon );
610 $backend->setRememberUser(
true );
611 $backend->setForceHTTPS(
false );
613 $provider->persistSession( $backend,
$request );
614 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
615 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
616 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
617 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
618 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
619 $this->assertSame( [], $backend->getData() );
624 $mock = $this->getMock( __CLASS__, [
'onUserSetCookies' ] );
625 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
626 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies )
use (
$user ) {
627 $this->assertSame(
$user, $u );
628 $this->assertEquals( [
629 'wsUserID' =>
$user->getId(),
630 'wsUserName' =>
$user->getName(),
631 'wsToken' =>
$user->getToken(),
633 $this->assertEquals( [
634 'UserID' =>
$user->getId(),
635 'UserName' =>
$user->getName(),
639 $sessionData[
'foo'] =
'foo!';
640 $cookies[
'bar'] =
'bar!';
644 $backend->setUser(
$user );
645 $backend->setRememberUser(
false );
646 $backend->setForceHTTPS(
false );
647 $backend->setLoggedOutTimestamp( $loggedOut = time() );
649 $provider->persistSession( $backend,
$request );
650 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
651 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
652 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
653 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
654 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
655 $this->assertSame(
'bar!',
$request->response()->getCookie(
'xbar' ) );
656 $this->assertSame( (
string)$loggedOut,
$request->response()->getCookie(
'xLoggedOut' ) );
657 $this->assertEquals( [
658 'wsUserID' =>
$user->getId(),
659 'wsUserName' =>
$user->getName(),
660 'wsToken' =>
$user->getToken(),
662 ], $backend->getData() );
667 $mock = $this->getMock( __CLASS__, [
'onUserSetCookies' ] );
668 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
669 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies )
use (
$user ) {
670 $this->assertSame(
$user, $u );
671 $this->assertEquals( [
672 'wsUserID' =>
$user->getId(),
673 'wsUserName' =>
$user->getName(),
674 'wsToken' =>
$user->getToken(),
676 $this->assertEquals( [
677 'UserID' =>
$user->getId(),
678 'UserName' =>
$user->getName(),
679 'Token' =>
$user->getToken(),
682 $sessionData[
'foo'] =
'foo 2!';
683 $cookies[
'bar'] =
'bar 2!';
687 $backend->setUser(
$user );
688 $backend->setRememberUser(
true );
689 $backend->setForceHTTPS(
true );
690 $backend->setLoggedOutTimestamp( 0 );
692 $provider->persistSession( $backend,
$request );
693 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
694 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
695 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
696 $this->assertSame(
$user->getToken(),
$request->response()->getCookie(
'xToken' ) );
697 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
698 $this->assertSame(
'bar 2!',
$request->response()->getCookie(
'xbar' ) );
699 $this->assertSame(
null,
$request->response()->getCookie(
'xLoggedOut' ) );
700 $this->assertEquals( [
701 'wsUserID' =>
$user->getId(),
702 'wsUserName' =>
$user->getName(),
703 'wsToken' =>
$user->getToken(),
705 ], $backend->getData() );