REL1_31/php/CookieSessionProviderTest_8php_source.html

<?php


namespace MediaWiki\Session;


use MediaWikiTestCase;

use User;

use Psr\Log\LogLevel;

use Wikimedia\TestingAccessWrapper;


class CookieSessionProviderTest extends MediaWikiTestCase {


    private function getConfig() {

        return new \HashConfig( [

            'CookiePrefix' => 'CookiePrefix',

            'CookiePath' => 'CookiePath',

            'CookieDomain' => 'CookieDomain',

            'CookieSecure' => true,

            'CookieHttpOnly' => true,

            'CookieSameSite' => '',

            'SessionName' => false,

            'CookieExpiration' => 100,

            'ExtendedLoginCookieExpiration' => 200,

            'ForceHTTPS' => false,

        ] );

    }


    public static function provideForceHTTPS() {

        return [

            [ false ],

            [ true ]

        ];

    }


    public function testConstructor() {

        try {

            new CookieSessionProvider();

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',

                $ex->getMessage()

            );

        }


        try {

            new CookieSessionProvider( [ 'priority' => 'foo' ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',

                $ex->getMessage()

            );

        }

        try {

            new CookieSessionProvider( [ 'priority' => SessionInfo::MIN_PRIORITY - 1 ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',

                $ex->getMessage()

            );

        }

        try {

            new CookieSessionProvider( [ 'priority' => SessionInfo::MAX_PRIORITY + 1 ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',

                $ex->getMessage()

            );

        }


        try {

            new CookieSessionProvider( [ 'priority' => 1, 'cookieOptions' => null ] );

            $this->fail( 'Expected exception not thrown' );

        } catch ( \InvalidArgumentException $ex ) {

            $this->assertSame(

                'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',

                $ex->getMessage()

            );

        }


        $config = $this->getConfig();

        $p = TestingAccessWrapper::newFromObject(

            new CookieSessionProvider( [ 'priority' => 1 ] )

        );

        $p->setLogger( new \TestLogger() );

        $p->setConfig( $config );

        $this->assertEquals( 1, $p->priority );

        $this->assertEquals( [

            'callUserSetCookiesHook' => false,

            'sessionName' => 'CookiePrefix_session',

        ], $p->params );

        $this->assertEquals( [

            'prefix' => 'CookiePrefix',

            'path' => 'CookiePath',

            'domain' => 'CookieDomain',

            'secure' => true,

            'httpOnly' => true,

            'sameSite' => '',

        ], $p->cookieOptions );


        $config->set( 'SessionName', 'SessionName' );

        $p = TestingAccessWrapper::newFromObject(

            new CookieSessionProvider( [ 'priority' => 3 ] )

        );

        $p->setLogger( new \TestLogger() );

        $p->setConfig( $config );

        $this->assertEquals( 3, $p->priority );

        $this->assertEquals( [

            'callUserSetCookiesHook' => false,

            'sessionName' => 'SessionName',

        ], $p->params );

        $this->assertEquals( [

            'prefix' => 'CookiePrefix',

            'path' => 'CookiePath',

            'domain' => 'CookieDomain',

            'secure' => true,

            'httpOnly' => true,

            'sameSite' => '',

        ], $p->cookieOptions );


        $p = TestingAccessWrapper::newFromObject( new CookieSessionProvider( [

            'priority' => 10,

            'callUserSetCookiesHook' => true,

            'cookieOptions' => [

                'prefix' => 'XPrefix',

                'path' => 'XPath',

                'domain' => 'XDomain',

                'secure' => 'XSecure',

                'httpOnly' => 'XHttpOnly',

                'sameSite' => 'XSameSite',

            ],

            'sessionName' => 'XSession',

        ] ) );

        $p->setLogger( new \TestLogger() );

        $p->setConfig( $config );

        $this->assertEquals( 10, $p->priority );

        $this->assertEquals( [

            'callUserSetCookiesHook' => true,

            'sessionName' => 'XSession',

        ], $p->params );

        $this->assertEquals( [

            'prefix' => 'XPrefix',

            'path' => 'XPath',

            'domain' => 'XDomain',

            'secure' => 'XSecure',

            'httpOnly' => 'XHttpOnly',

            'sameSite' => 'XSameSite',

        ], $p->cookieOptions );

    }


    public function testBasics() {

        $provider = new CookieSessionProvider( [ 'priority' => 10 ] );


        $this->assertTrue( $provider->persistsSessionId() );

        $this->assertTrue( $provider->canChangeUser() );


        $extendedCookies = [ 'UserID', 'UserName', 'Token' ];


        $this->assertEquals(

            $extendedCookies,

            TestingAccessWrapper::newFromObject( $provider )->getExtendedLoginCookies(),

            'List of extended cookies (subclasses can add values, but we\'re calling the core one here)'

        );


        $msg = $provider->whyNoSession();

        $this->assertInstanceOf( \Message::class, $msg );

        $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );

    }


    public function testProvideSessionInfo() {

        $params = [

            'priority' => 20,

            'sessionName' => 'session',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ];

        $provider = new CookieSessionProvider( $params );

        $logger = new \TestLogger( true );

        $provider->setLogger( $logger );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( new SessionManager() );


        $user = static::getTestSysop()->getUser();

        $id = $user->getId();

        $name = $user->getName();

        $token = $user->getToken( true );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';


        // No data

        $request = new \FauxRequest();

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // Session key only

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( 0, $info->getUserInfo()->getId() );

        $this->assertNull( $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [

            [

                LogLevel::DEBUG,

                'Session "{session}" requested without UserID cookie',

            ],

        ], $logger->getBuffer() );

        $logger->clearBuffer();


        // User, no session key

        $request = new \FauxRequest();

        $request->setCookies( [

            'xUserID' => $id,

            'xToken' => $token,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertNotSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User and session key

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xToken' => $token,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User with bad token

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xToken' => 'BADTOKEN',

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [

            [

                LogLevel::WARNING,

                'Session "{session}" requested with invalid Token cookie.'

            ],

        ], $logger->getBuffer() );

        $logger->clearBuffer();


        // User id with no token

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertFalse( $info->getUserInfo()->isVerified() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        $request = new \FauxRequest();

        $request->setCookies( [

            'xUserID' => $id,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User and session key, with forceHTTPS flag

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xToken' => $token,

            'forceHTTPS' => true,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertTrue( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // Invalid user id

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => '-1',

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User id with matching name

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xUserName' => $name,

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNotNull( $info );

        $this->assertSame( $params['priority'], $info->getPriority() );

        $this->assertSame( $sessionId, $info->getId() );

        $this->assertNotNull( $info->getUserInfo() );

        $this->assertFalse( $info->getUserInfo()->isVerified() );

        $this->assertSame( $id, $info->getUserInfo()->getId() );

        $this->assertSame( $name, $info->getUserInfo()->getName() );

        $this->assertFalse( $info->forceHTTPS() );

        $this->assertSame( [], $logger->getBuffer() );

        $logger->clearBuffer();


        // User id with wrong name

        $request = new \FauxRequest();

        $request->setCookies( [

            'session' => $sessionId,

            'xUserID' => $id,

            'xUserName' => 'Wrong',

        ], '' );

        $info = $provider->provideSessionInfo( $request );

        $this->assertNull( $info );

        $this->assertSame( [

            [

                LogLevel::WARNING,

                'Session "{session}" requested with mismatched UserID and UserName cookies.',

            ],

        ], $logger->getBuffer() );

        $logger->clearBuffer();

    }


    public function testGetVaryCookies() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'MyCookiePrefix' ],

        ] );

        $this->assertArrayEquals( [

            'MyCookiePrefixToken',

            'MyCookiePrefixLoggedOut',

            'MySessionName',

            'forceHTTPS',

        ], $provider->getVaryCookies() );

    }


    public function testSuggestLoginUsername() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );


        $request = new \FauxRequest();

        $this->assertEquals( null, $provider->suggestLoginUsername( $request ) );


        $request->setCookies( [

            'xUserName' => 'Example',

        ], '' );

        $this->assertEquals( 'Example', $provider->suggestLoginUsername( $request ) );

    }


    public function testPersistSession( $forceHTTPS ) {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'callUserSetCookiesHook' => false,

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $config = $this->getConfig();

        $config->set( 'ForceHTTPS', $forceHTTPS );

        $provider->setLogger( new \TestLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        $store = new TestBagOStuff();


        // For User::requiresHTTPS

        $this->setMwGlobals( [ 'wgForceHTTPS' => $forceHTTPS ] );


        $user = static::getTestSysop()->getUser();

        $anon = new User;


        $backend = new SessionBackend(

            new SessionId( $sessionId ),

            new SessionInfo( SessionInfo::MIN_PRIORITY, [

                'provider' => $provider,

                'id' => $sessionId,

                'persisted' => true,

                'idIsSafe' => true,

            ] ),

            $store,

            new \Psr\Log\NullLogger(),

            10

        );

        TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;


        $mock = $this->getMockBuilder( stdClass::class )

            ->setMethods( [ 'onUserSetCookies' ] )

            ->getMock();

        $mock->expects( $this->never() )->method( 'onUserSetCookies' );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );


        // Anonymous user

        $backend->setUser( $anon );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( false );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        if ( $forceHTTPS ) {

            $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );

        } else {

            $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        }

        $this->assertSame( [], $backend->getData() );


        // Logged-in user, no remember

        $backend->setUser( $user );

        $backend->setRememberUser( false );

        $backend->setForceHTTPS( false );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        if ( $forceHTTPS ) {

            $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );

        } else {

            $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        }

        $this->assertSame( [], $backend->getData() );


        // Logged-in user, remember

        $backend->setUser( $user );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( true );

        $request = new \FauxRequest();

        $time = time();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );

        if ( $forceHTTPS ) {

            $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );

        } else {

            $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );

        }

        $this->assertSame( [], $backend->getData() );

    }


    public function testCookieData( $secure, $remember, $forceHTTPS ) {

        $this->setMwGlobals( [

            'wgSecureLogin' => false,

            'wgForceHTTPS' => $forceHTTPS,

        ] );


        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'callUserSetCookiesHook' => false,

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $config = $this->getConfig();

        $config->set( 'CookieSecure', $secure );

        $config->set( 'ForceHTTPS', $forceHTTPS );

        $provider->setLogger( new \TestLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        $user = static::getTestSysop()->getUser();

        $this->assertSame( $user->requiresHTTPS(), $forceHTTPS, 'sanity check' );


        $backend = new SessionBackend(

            new SessionId( $sessionId ),

            new SessionInfo( SessionInfo::MIN_PRIORITY, [

                'provider' => $provider,

                'id' => $sessionId,

                'persisted' => true,

                'idIsSafe' => true,

            ] ),

            new TestBagOStuff(),

            new \Psr\Log\NullLogger(),

            10

        );

        TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;

        $backend->setUser( $user );

        $backend->setRememberUser( $remember );

        $backend->setForceHTTPS( $secure );

        $request = new \FauxRequest();

        $time = time();

        $provider->persistSession( $backend, $request );


        $defaults = [

            'expire' => (int)100,

            'path' => $config->get( 'CookiePath' ),

            'domain' => $config->get( 'CookieDomain' ),

            'secure' => $secure || $forceHTTPS,

            'httpOnly' => $config->get( 'CookieHttpOnly' ),

            'raw' => false,

        ];


        $normalExpiry = $config->get( 'CookieExpiration' );

        $extendedExpiry = $config->get( 'ExtendedLoginCookieExpiration' );

        $extendedExpiry = (int)( $extendedExpiry === null ? 0 : $extendedExpiry );

        $expect = [

            'MySessionName' => [

                'value' => (string)$sessionId,

                'expire' => 0,

            ] + $defaults,

            'xUserID' => [

                'value' => (string)$user->getId(),

                'expire' => $remember ? $extendedExpiry : $normalExpiry,

            ] + $defaults,

            'xUserName' => [

                'value' => $user->getName(),

                'expire' => $remember ? $extendedExpiry : $normalExpiry

            ] + $defaults,

            'xToken' => [

                'value' => $remember ? $user->getToken() : '',

                'expire' => $remember ? $extendedExpiry : -31536000,

            ] + $defaults

        ];

        if ( !$forceHTTPS ) {

            $expect['forceHTTPS'] = [

                'value' => $secure ? 'true' : '',

                'secure' => false,

                'expire' => $secure ? $remember ? $defaults['expire'] : 0 : -31536000,

            ] + $defaults;

        }

        foreach ( $expect as $key => $value ) {

            $actual = $request->response()->getCookieData( $key );

            if ( $actual && $actual['expire'] > 0 ) {

                // Round expiry so we don't randomly fail if the seconds ticked during the test.

                $actual['expire'] = round( $actual['expire'] - $time, -2 );

            }

            $this->assertEquals( $value, $actual, "Cookie $key" );

        }

    }


    public static function provideCookieData() {

        return \ArrayUtils::cartesianProduct(

            [ false, true ], // $secure

            [ false, true ], // $remember

            [ false, true ] // $forceHTTPS

        );

    }


    protected function getSentRequest() {

        $sentResponse = $this->getMockBuilder( \FauxResponse::class )

            ->setMethods( [ 'headersSent', 'setCookie', 'header' ] )->getMock();

        $sentResponse->expects( $this->any() )->method( 'headersSent' )

            ->will( $this->returnValue( true ) );

        $sentResponse->expects( $this->never() )->method( 'setCookie' );

        $sentResponse->expects( $this->never() )->method( 'header' );


        $sentRequest = $this->getMockBuilder( \FauxRequest::class )

            ->setMethods( [ 'response' ] )->getMock();

        $sentRequest->expects( $this->any() )->method( 'response' )

            ->will( $this->returnValue( $sentResponse ) );

        return $sentRequest;

    }


    public function testPersistSessionWithHook() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'callUserSetCookiesHook' => true,

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );


        // For User::requiresHTTPS

        $this->setMwGlobals( [ 'wgForceHTTPS' => false ] );


        $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';

        $store = new TestBagOStuff();

        $user = static::getTestSysop()->getUser();

        $anon = new User;


        $backend = new SessionBackend(

            new SessionId( $sessionId ),

            new SessionInfo( SessionInfo::MIN_PRIORITY, [

                'provider' => $provider,

                'id' => $sessionId,

                'persisted' => true,

                'idIsSafe' => true,

            ] ),

            $store,

            new \Psr\Log\NullLogger(),

            10

        );

        TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;


        // Anonymous user

        $mock = $this->getMockBuilder( stdClass::class )

            ->setMethods( [ 'onUserSetCookies' ] )->getMock();

        $mock->expects( $this->never() )->method( 'onUserSetCookies' );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        $backend->setUser( $anon );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( false );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( [], $backend->getData() );


        $provider->persistSession( $backend, $this->getSentRequest() );


        // Logged-in user, no remember

        $mock = $this->getMockBuilder( __CLASS__ )

            ->setMethods( [ 'onUserSetCookies' ] )->getMock();

        $mock->expects( $this->once() )->method( 'onUserSetCookies' )

            ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {

                $this->assertSame( $user, $u );

                $this->assertEquals( [

                    'wsUserID' => $user->getId(),

                    'wsUserName' => $user->getName(),

                    'wsToken' => $user->getToken(),

                ], $sessionData );

                $this->assertEquals( [

                    'UserID' => $user->getId(),

                    'UserName' => $user->getName(),

                    'Token' => false,

                ], $cookies );


                $sessionData['foo'] = 'foo!';

                $cookies['bar'] = 'bar!';

                return true;

            } ) );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        $backend->setUser( $user );

        $backend->setRememberUser( false );

        $backend->setForceHTTPS( false );

        $backend->setLoggedOutTimestamp( $loggedOut = time() );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( 'bar!', $request->response()->getCookie( 'xbar' ) );

        $this->assertSame( (string)$loggedOut, $request->response()->getCookie( 'xLoggedOut' ) );

        $this->assertEquals( [

            'wsUserID' => $user->getId(),

            'wsUserName' => $user->getName(),

            'wsToken' => $user->getToken(),

            'foo' => 'foo!',

        ], $backend->getData() );


        $provider->persistSession( $backend, $this->getSentRequest() );


        // Logged-in user, remember

        $mock = $this->getMockBuilder( __CLASS__ )

            ->setMethods( [ 'onUserSetCookies' ] )->getMock();

        $mock->expects( $this->once() )->method( 'onUserSetCookies' )

            ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {

                $this->assertSame( $user, $u );

                $this->assertEquals( [

                    'wsUserID' => $user->getId(),

                    'wsUserName' => $user->getName(),

                    'wsToken' => $user->getToken(),

                ], $sessionData );

                $this->assertEquals( [

                    'UserID' => $user->getId(),

                    'UserName' => $user->getName(),

                    'Token' => $user->getToken(),

                ], $cookies );


                $sessionData['foo'] = 'foo 2!';

                $cookies['bar'] = 'bar 2!';

                return true;

            } ) );

        $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserSetCookies' => [ $mock ] ] );

        $backend->setUser( $user );

        $backend->setRememberUser( true );

        $backend->setForceHTTPS( true );

        $backend->setLoggedOutTimestamp( 0 );

        $request = new \FauxRequest();

        $provider->persistSession( $backend, $request );

        $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );

        $this->assertSame( 'bar 2!', $request->response()->getCookie( 'xbar' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );

        $this->assertEquals( [

            'wsUserID' => $user->getId(),

            'wsUserName' => $user->getName(),

            'wsToken' => $user->getToken(),

            'foo' => 'foo 2!',

        ], $backend->getData() );


        $provider->persistSession( $backend, $this->getSentRequest() );

    }


    public function testUnpersistSession() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );


        $request = new \FauxRequest();

        $provider->unpersistSession( $request );

        $this->assertSame( '', $request->response()->getCookie( 'MySessionName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );

        $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );

        $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );

        $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );


        $provider->unpersistSession( $this->getSentRequest() );

    }


    public function testSetLoggedOutCookie() {

        $provider = TestingAccessWrapper::newFromObject( new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] ) );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );


        $t1 = time();

        $t2 = time() - 86400 * 2;


        // Set it

        $request = new \FauxRequest();

        $provider->setLoggedOutCookie( $t1, $request );

        $this->assertSame( (string)$t1, $request->response()->getCookie( 'xLoggedOut' ) );


        // Too old

        $request = new \FauxRequest();

        $provider->setLoggedOutCookie( $t2, $request );

        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );


        // Don't reset if it's already set

        $request = new \FauxRequest();

        $request->setCookies( [

            'xLoggedOut' => $t1,

        ], '' );

        $provider->setLoggedOutCookie( $t1, $request );

        $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );

    }


    public function onUserSetCookies( $user, &$sessionData, &$cookies ) {

    }


    public function testGetCookie() {

        $provider = new CookieSessionProvider( [

            'priority' => 1,

            'sessionName' => 'MySessionName',

            'cookieOptions' => [ 'prefix' => 'x' ],

        ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $this->getConfig() );

        $provider->setManager( SessionManager::singleton() );

        $provider = TestingAccessWrapper::newFromObject( $provider );


        $request = new \FauxRequest();

        $request->setCookies( [

            'xFoo' => 'foo!',

            'xBar' => 'deleted',

        ], '' );

        $this->assertSame( 'foo!', $provider->getCookie( $request, 'Foo', 'x' ) );

        $this->assertNull( $provider->getCookie( $request, 'Bar', 'x' ) );

        $this->assertNull( $provider->getCookie( $request, 'Baz', 'x' ) );

    }


    public function testGetRememberUserDuration() {

        $config = $this->getConfig();

        $provider = new CookieSessionProvider( [ 'priority' => 10 ] );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        $this->assertSame( 200, $provider->getRememberUserDuration() );


        $config->set( 'ExtendedLoginCookieExpiration', null );


        $this->assertSame( 100, $provider->getRememberUserDuration() );


        $config->set( 'ExtendedLoginCookieExpiration', 0 );


        $this->assertSame( null, $provider->getRememberUserDuration() );

    }


    public function testGetLoginCookieExpiration() {

        $config = $this->getConfig();

        $provider = TestingAccessWrapper::newFromObject( new CookieSessionProvider( [

            'priority' => 10

        ] ) );

        $provider->setLogger( new \Psr\Log\NullLogger() );

        $provider->setConfig( $config );

        $provider->setManager( SessionManager::singleton() );


        // First cookie is an extended cookie, remember me true

        $this->assertSame( 200, $provider->getLoginCookieExpiration( 'Token', true ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );


        // First cookie is an extended cookie, remember me false

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'UserID', false ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );


        $config->set( 'ExtendedLoginCookieExpiration', null );


        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', true ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );


        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', false ) );

        $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );

    }


}


any
they could even be mouse clicks or menu items whatever suits your program You should also get your if any
Definition COPYING.txt:326

MediaWikiTestCase
Definition MediaWikiTestCase.php:17

MediaWikiTestCase\mergeMwGlobalArrayValue
mergeMwGlobalArrayValue( $name, $values)
Merges the given values into a MW global array variable.
Definition MediaWikiTestCase.php:813

MediaWikiTestCase\setMwGlobals
setMwGlobals( $pairs, $value=null)
Sets a global, maintaining a stashed version of the previous global to be restored in tearDown.
Definition MediaWikiTestCase.php:678

MediaWikiTestCase\assertArrayEquals
assertArrayEquals(array $expected, array $actual, $ordered=false, $named=false)
Assert that two arrays are equal.
Definition MediaWikiTestCase.php:1771

MediaWiki\Session\CookieSessionProviderTest
Session Database MediaWiki\Session\CookieSessionProvider.
Definition CookieSessionProviderTest.php:15

MediaWiki\Session\CookieSessionProviderTest\testSetLoggedOutCookie
testSetLoggedOutCookie()
Definition CookieSessionProviderTest.php:780

MediaWiki\Session\CookieSessionProviderTest\onUserSetCookies
onUserSetCookies( $user, &$sessionData, &$cookies)
To be mocked for hooks, since PHPUnit can't otherwise mock methods that take references.
Definition CookieSessionProviderTest.php:816

MediaWiki\Session\CookieSessionProviderTest\testSuggestLoginUsername
testSuggestLoginUsername()
Definition CookieSessionProviderTest.php:387

MediaWiki\Session\CookieSessionProviderTest\testConstructor
testConstructor()
Definition CookieSessionProviderTest.php:42

MediaWiki\Session\CookieSessionProviderTest\provideForceHTTPS
static provideForceHTTPS()
Provider for testing both values of $wgForceHTTPS.
Definition CookieSessionProviderTest.php:35

MediaWiki\Session\CookieSessionProviderTest\testGetLoginCookieExpiration
testGetLoginCookieExpiration()
Definition CookieSessionProviderTest.php:858

MediaWiki\Session\CookieSessionProviderTest\testProvideSessionInfo
testProvideSessionInfo()
Definition CookieSessionProviderTest.php:180

MediaWiki\Session\CookieSessionProviderTest\testPersistSessionWithHook
testPersistSessionWithHook()
Definition CookieSessionProviderTest.php:618

MediaWiki\Session\CookieSessionProviderTest\testGetCookie
testGetCookie()
Definition CookieSessionProviderTest.php:819

MediaWiki\Session\CookieSessionProviderTest\testUnpersistSession
testUnpersistSession()
Definition CookieSessionProviderTest.php:759

MediaWiki\Session\CookieSessionProviderTest\testGetRememberUserDuration
testGetRememberUserDuration()
Definition CookieSessionProviderTest.php:840

MediaWiki\Session\CookieSessionProviderTest\testCookieData
testCookieData( $secure, $remember, $forceHTTPS)
provideCookieData
Definition CookieSessionProviderTest.php:505

MediaWiki\Session\CookieSessionProviderTest\getSentRequest
getSentRequest()
Definition CookieSessionProviderTest.php:603

MediaWiki\Session\CookieSessionProviderTest\testBasics
testBasics()
Definition CookieSessionProviderTest.php:161

MediaWiki\Session\CookieSessionProviderTest\provideCookieData
static provideCookieData()
Definition CookieSessionProviderTest.php:595

MediaWiki\Session\CookieSessionProviderTest\getConfig
getConfig()
Definition CookieSessionProviderTest.php:17

MediaWiki\Session\CookieSessionProviderTest\testGetVaryCookies
testGetVaryCookies()
Definition CookieSessionProviderTest.php:373

MediaWiki\Session\CookieSessionProviderTest\testPersistSession
testPersistSession( $forceHTTPS)
provideForceHTTPS
Definition CookieSessionProviderTest.php:404

MediaWiki\Session\CookieSessionProvider
A CookieSessionProvider persists sessions using cookies.
Definition CookieSessionProvider.php:36

MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition SessionBackend.php:49

MediaWiki\Session\SessionId
Value object holding the session ID in a manner that can be globally updated.
Definition SessionId.php:38

MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition SessionInfo.php:34

MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition SessionInfo.php:36

MediaWiki\Session\SessionInfo\MAX_PRIORITY
const MAX_PRIORITY
Maximum allowed priority.
Definition SessionInfo.php:39

MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition SessionManager.php:50

MediaWiki\Session\SessionManager\singleton
static singleton()
Get the global SessionManager.
Definition SessionManager.php:92

MediaWiki\Session\TestBagOStuff
BagOStuff with utility functions for MediaWiki\\Session\\* testing.
Definition TestBagOStuff.php:8

TestLogger
A logger that may be configured to either buffer logs or to print them to the output where PHPUnit wi...
Definition TestLogger.php:33

User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:53

$request
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2806

$time
see documentation in includes Linker php for Linker::makeImageLink & $time
Definition hooks.txt:1795

string
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181

true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition hooks.txt:2006

false
processing should stop and the error should be shown to the user * false
Definition hooks.txt:187

MediaWiki\Session
Definition BotPasswordSessionProvider.php:24

$value
$value
Definition styleTest.css.php:45

$params
$params
Definition styleTest.css.php:40