167 'sessionName' =>
'session',
168 'cookieOptions' => [
'prefix' =>
'x' ],
171 $logger = new \TestLogger(
true );
172 $provider->setLogger( $logger );
173 $provider->setConfig( $this->
getConfig() );
176 $user = static::getTestSysop()->getUser();
177 $id = $user->getId();
178 $name = $user->getName();
179 $token = $user->getToken(
true );
181 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
185 $info = $provider->provideSessionInfo(
$request );
186 $this->assertNull( $info );
187 $this->assertSame( [], $logger->getBuffer() );
188 $logger->clearBuffer();
193 'session' => $sessionId,
195 $info = $provider->provideSessionInfo(
$request );
196 $this->assertNotNull( $info );
197 $this->assertSame(
$params[
'priority'], $info->getPriority() );
198 $this->assertSame( $sessionId, $info->getId() );
199 $this->assertNotNull( $info->getUserInfo() );
200 $this->assertSame( 0, $info->getUserInfo()->getId() );
201 $this->assertNull( $info->getUserInfo()->getName() );
202 $this->assertFalse( $info->forceHTTPS() );
206 'Session "{session}" requested without UserID cookie',
208 ], $logger->getBuffer() );
209 $logger->clearBuffer();
217 $info = $provider->provideSessionInfo(
$request );
218 $this->assertNotNull( $info );
219 $this->assertSame(
$params[
'priority'], $info->getPriority() );
220 $this->assertNotSame( $sessionId, $info->getId() );
221 $this->assertNotNull( $info->getUserInfo() );
222 $this->assertSame( $id, $info->getUserInfo()->getId() );
223 $this->assertSame( $name, $info->getUserInfo()->getName() );
224 $this->assertFalse( $info->forceHTTPS() );
225 $this->assertSame( [], $logger->getBuffer() );
226 $logger->clearBuffer();
231 'session' => $sessionId,
235 $info = $provider->provideSessionInfo(
$request );
236 $this->assertNotNull( $info );
237 $this->assertSame(
$params[
'priority'], $info->getPriority() );
238 $this->assertSame( $sessionId, $info->getId() );
239 $this->assertNotNull( $info->getUserInfo() );
240 $this->assertSame( $id, $info->getUserInfo()->getId() );
241 $this->assertSame( $name, $info->getUserInfo()->getName() );
242 $this->assertFalse( $info->forceHTTPS() );
243 $this->assertSame( [], $logger->getBuffer() );
244 $logger->clearBuffer();
249 'session' => $sessionId,
251 'xToken' =>
'BADTOKEN',
253 $info = $provider->provideSessionInfo(
$request );
254 $this->assertNull( $info );
258 'Session "{session}" requested with invalid Token cookie.'
260 ], $logger->getBuffer() );
261 $logger->clearBuffer();
266 'session' => $sessionId,
269 $info = $provider->provideSessionInfo(
$request );
270 $this->assertNotNull( $info );
271 $this->assertSame(
$params[
'priority'], $info->getPriority() );
272 $this->assertSame( $sessionId, $info->getId() );
273 $this->assertNotNull( $info->getUserInfo() );
274 $this->assertFalse( $info->getUserInfo()->isVerified() );
275 $this->assertSame( $id, $info->getUserInfo()->getId() );
276 $this->assertSame( $name, $info->getUserInfo()->getName() );
277 $this->assertFalse( $info->forceHTTPS() );
278 $this->assertSame( [], $logger->getBuffer() );
279 $logger->clearBuffer();
285 $info = $provider->provideSessionInfo(
$request );
286 $this->assertNull( $info );
287 $this->assertSame( [], $logger->getBuffer() );
288 $logger->clearBuffer();
293 'session' => $sessionId,
296 'forceHTTPS' =>
true,
298 $info = $provider->provideSessionInfo(
$request );
299 $this->assertNotNull( $info );
300 $this->assertSame(
$params[
'priority'], $info->getPriority() );
301 $this->assertSame( $sessionId, $info->getId() );
302 $this->assertNotNull( $info->getUserInfo() );
303 $this->assertSame( $id, $info->getUserInfo()->getId() );
304 $this->assertSame( $name, $info->getUserInfo()->getName() );
305 $this->assertTrue( $info->forceHTTPS() );
306 $this->assertSame( [], $logger->getBuffer() );
307 $logger->clearBuffer();
312 'session' => $sessionId,
315 $info = $provider->provideSessionInfo(
$request );
316 $this->assertNull( $info );
317 $this->assertSame( [], $logger->getBuffer() );
318 $logger->clearBuffer();
323 'session' => $sessionId,
325 'xUserName' => $name,
327 $info = $provider->provideSessionInfo(
$request );
328 $this->assertNotNull( $info );
329 $this->assertSame(
$params[
'priority'], $info->getPriority() );
330 $this->assertSame( $sessionId, $info->getId() );
331 $this->assertNotNull( $info->getUserInfo() );
332 $this->assertFalse( $info->getUserInfo()->isVerified() );
333 $this->assertSame( $id, $info->getUserInfo()->getId() );
334 $this->assertSame( $name, $info->getUserInfo()->getName() );
335 $this->assertFalse( $info->forceHTTPS() );
336 $this->assertSame( [], $logger->getBuffer() );
337 $logger->clearBuffer();
342 'session' => $sessionId,
344 'xUserName' =>
'Wrong',
346 $info = $provider->provideSessionInfo(
$request );
347 $this->assertNull( $info );
351 'Session "{session}" requested with mismatched UserID and UserName cookies.',
353 ], $logger->getBuffer() );
354 $logger->clearBuffer();
390 'sessionName' =>
'MySessionName',
391 'callUserSetCookiesHook' =>
false,
392 'cookieOptions' => [
'prefix' =>
'x' ],
396 $provider->setConfig( $config );
399 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
401 $user = static::getTestSysop()->getUser();
407 'provider' => $provider,
413 new \Psr\Log\NullLogger(),
416 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
418 $mock = $this->getMockBuilder( stdClass::class )
419 ->setMethods( [
'onUserSetCookies' ] )
421 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
425 $backend->setUser( $anon );
426 $backend->setRememberUser(
true );
427 $backend->setForceHTTPS(
false );
429 $provider->persistSession( $backend,
$request );
430 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
431 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
432 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
433 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
434 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
435 $this->assertSame( [], $backend->getData() );
438 $backend->setUser( $user );
439 $backend->setRememberUser(
false );
440 $backend->setForceHTTPS(
false );
442 $provider->persistSession( $backend,
$request );
443 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
444 $this->assertSame( (
string)$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
445 $this->assertSame( $user->getName(),
$request->response()->getCookie(
'xUserName' ) );
446 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
447 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
448 $this->assertSame( [], $backend->getData() );
451 $backend->setUser( $user );
452 $backend->setRememberUser(
true );
453 $backend->setForceHTTPS(
true );
456 $provider->persistSession( $backend,
$request );
457 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
458 $this->assertSame( (
string)$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
459 $this->assertSame( $user->getName(),
$request->response()->getCookie(
'xUserName' ) );
460 $this->assertSame( $user->getToken(),
$request->response()->getCookie(
'xToken' ) );
461 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
462 $this->assertSame( [], $backend->getData() );
472 'wgSecureLogin' =>
false,
477 'sessionName' =>
'MySessionName',
478 'callUserSetCookiesHook' =>
false,
479 'cookieOptions' => [
'prefix' =>
'x' ],
482 $config->set(
'CookieSecure', $secure );
484 $provider->setConfig( $config );
487 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
488 $user = static::getTestSysop()->getUser();
489 $this->assertFalse( $user->requiresHTTPS(),
'sanity check' );
494 'provider' => $provider,
500 new \Psr\Log\NullLogger(),
503 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
504 $backend->setUser( $user );
505 $backend->setRememberUser( $remember );
506 $backend->setForceHTTPS( $secure );
509 $provider->persistSession( $backend,
$request );
512 'expire' => (int)100,
513 'path' => $config->get(
'CookiePath' ),
514 'domain' => $config->get(
'CookieDomain' ),
516 'httpOnly' => $config->get(
'CookieHttpOnly' ),
520 $normalExpiry = $config->get(
'CookieExpiration' );
521 $extendedExpiry = $config->get(
'ExtendedLoginCookieExpiration' );
522 $extendedExpiry = (int)( $extendedExpiry ?? 0 );
525 'value' => (
string)$sessionId,
529 'value' => (
string)$user->getId(),
530 'expire' => $remember ? $extendedExpiry : $normalExpiry,
533 'value' => $user->getName(),
534 'expire' => $remember ? $extendedExpiry : $normalExpiry
537 'value' => $remember ? $user->getToken() :
'',
538 'expire' => $remember ? $extendedExpiry : -31536000,
541 'value' => $secure ?
'true' :
'',
543 'expire' => $secure ? ( $remember ? $defaults[
'expire'] : 0 ) : -31536000,
546 foreach ( $expect as $key =>
$value ) {
547 $actual =
$request->response()->getCookieData( $key );
548 if ( $actual && $actual[
'expire'] > 0 ) {
550 $actual[
'expire'] = round( $actual[
'expire'] -
$time, -2 );
552 $this->assertEquals(
$value, $actual,
"Cookie $key" );
583 'sessionName' =>
'MySessionName',
584 'callUserSetCookiesHook' =>
true,
585 'cookieOptions' => [
'prefix' =>
'x' ],
587 $provider->setLogger(
new \Psr\Log\NullLogger() );
588 $provider->setConfig( $this->
getConfig() );
591 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
593 $user = static::getTestSysop()->getUser();
599 'provider' => $provider,
605 new \Psr\Log\NullLogger(),
608 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
611 $mock = $this->getMockBuilder( stdClass::class )
612 ->setMethods( [
'onUserSetCookies' ] )->getMock();
613 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
615 $backend->setUser( $anon );
616 $backend->setRememberUser(
true );
617 $backend->setForceHTTPS(
false );
619 $provider->persistSession( $backend,
$request );
620 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
621 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
622 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
623 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
624 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
625 $this->assertSame( [], $backend->getData() );
630 $mock = $this->getMockBuilder( __CLASS__ )
631 ->setMethods( [
'onUserSetCookies' ] )->getMock();
632 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
633 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies ) use ( $user ) {
634 $this->assertSame( $user, $u );
635 $this->assertEquals( [
636 'wsUserID' => $user->getId(),
637 'wsUserName' => $user->getName(),
638 'wsToken' => $user->getToken(),
640 $this->assertEquals( [
641 'UserID' => $user->getId(),
642 'UserName' => $user->getName(),
646 $sessionData[
'foo'] =
'foo!';
647 $cookies[
'bar'] =
'bar!';
651 $backend->setUser( $user );
652 $backend->setRememberUser(
false );
653 $backend->setForceHTTPS(
false );
654 $backend->setLoggedOutTimestamp( $loggedOut = time() );
656 $provider->persistSession( $backend,
$request );
657 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
658 $this->assertSame( (
string)$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
659 $this->assertSame( $user->getName(),
$request->response()->getCookie(
'xUserName' ) );
660 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
661 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
662 $this->assertSame(
'bar!',
$request->response()->getCookie(
'xbar' ) );
663 $this->assertSame( (
string)$loggedOut,
$request->response()->getCookie(
'xLoggedOut' ) );
664 $this->assertEquals( [
665 'wsUserID' => $user->getId(),
666 'wsUserName' => $user->getName(),
667 'wsToken' => $user->getToken(),
669 ], $backend->getData() );
674 $mock = $this->getMockBuilder( __CLASS__ )
675 ->setMethods( [
'onUserSetCookies' ] )->getMock();
676 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
677 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies ) use ( $user ) {
678 $this->assertSame( $user, $u );
679 $this->assertEquals( [
680 'wsUserID' => $user->getId(),
681 'wsUserName' => $user->getName(),
682 'wsToken' => $user->getToken(),
684 $this->assertEquals( [
685 'UserID' => $user->getId(),
686 'UserName' => $user->getName(),
687 'Token' => $user->getToken(),
690 $sessionData[
'foo'] =
'foo 2!';
691 $cookies[
'bar'] =
'bar 2!';
695 $backend->setUser( $user );
696 $backend->setRememberUser(
true );
697 $backend->setForceHTTPS(
true );
698 $backend->setLoggedOutTimestamp( 0 );
700 $provider->persistSession( $backend,
$request );
701 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
702 $this->assertSame( (
string)$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
703 $this->assertSame( $user->getName(),
$request->response()->getCookie(
'xUserName' ) );
704 $this->assertSame( $user->getToken(),
$request->response()->getCookie(
'xToken' ) );
705 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
706 $this->assertSame(
'bar 2!',
$request->response()->getCookie(
'xbar' ) );
707 $this->assertSame(
null,
$request->response()->getCookie(
'xLoggedOut' ) );
708 $this->assertEquals( [
709 'wsUserID' => $user->getId(),
710 'wsUserName' => $user->getName(),
711 'wsToken' => $user->getToken(),
713 ], $backend->getData() );