MediaWiki REL1_33
SessionManagerTest.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\Session;
4
6use Psr\Log\LogLevel;
8use Wikimedia\TestingAccessWrapper;
9
16
18 private $config;
19
21 private $logger;
22
24 private $store;
25
26 protected function getManager() {
27 \ObjectCache::$instances['testSessionStore'] = new TestBagOStuff();
28 $this->config = new \HashConfig( [
29 'LanguageCode' => 'en',
30 'SessionCacheType' => 'testSessionStore',
31 'ObjectCacheSessionExpiry' => 100,
32 'SessionProviders' => [
33 [ 'class' => \DummySessionProvider::class ],
34 ]
35 ] );
36 $this->logger = new \TestLogger( false, function ( $m ) {
37 return substr( $m, 0, 15 ) === 'SessionBackend ' ? null : $m;
38 } );
39 $this->store = new TestBagOStuff();
40
41 return new SessionManager( [
42 'config' => $this->config,
43 'logger' => $this->logger,
44 'store' => $this->store,
45 ] );
46 }
47
48 protected function objectCacheDef( $object ) {
49 return [ 'factory' => function () use ( $object ) {
50 return $object;
51 } ];
52 }
53
54 public function testSingleton() {
56
57 $singleton = SessionManager::singleton();
58 $this->assertInstanceOf( SessionManager::class, $singleton );
59 $this->assertSame( $singleton, SessionManager::singleton() );
60 }
61
62 public function testGetGlobalSession() {
63 $context = \RequestContext::getMain();
64
67 }
68 $rProp = new \ReflectionProperty( PHPSessionHandler::class, 'instance' );
69 $rProp->setAccessible( true );
70 $handler = TestingAccessWrapper::newFromObject( $rProp->getValue() );
71 $oldEnable = $handler->enable;
72 $reset[] = new \Wikimedia\ScopedCallback( function () use ( $handler, $oldEnable ) {
73 if ( $handler->enable ) {
74 session_write_close();
75 }
76 $handler->enable = $oldEnable;
77 } );
79
80 $handler->enable = true;
81 $request = new \FauxRequest();
82 $context->setRequest( $request );
83 $id = $request->getSession()->getId();
84
85 session_write_close();
86 session_id( '' );
88 $this->assertSame( $id, $session->getId() );
89
90 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
92 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $session->getId() );
93 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $request->getSession()->getId() );
94
95 session_write_close();
96 $handler->enable = false;
97 $request = new \FauxRequest();
98 $context->setRequest( $request );
99 $id = $request->getSession()->getId();
100
101 session_id( '' );
103 $this->assertSame( $id, $session->getId() );
104
105 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
107 $this->assertSame( $id, $session->getId() );
108 $this->assertSame( $id, $request->getSession()->getId() );
109 }
110
111 public function testConstructor() {
112 $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
113 $this->assertSame( $this->config, $manager->config );
114 $this->assertSame( $this->logger, $manager->logger );
115 $this->assertSame( $this->store, $manager->store );
116
117 $manager = TestingAccessWrapper::newFromObject( new SessionManager() );
118 $this->assertSame( \RequestContext::getMain()->getConfig(), $manager->config );
119
120 $manager = TestingAccessWrapper::newFromObject( new SessionManager( [
121 'config' => $this->config,
122 ] ) );
123 $this->assertSame( \ObjectCache::$instances['testSessionStore'], $manager->store );
124
125 foreach ( [
126 'config' => '$options[\'config\'] must be an instance of Config',
127 'logger' => '$options[\'logger\'] must be an instance of LoggerInterface',
128 'store' => '$options[\'store\'] must be an instance of BagOStuff',
129 ] as $key => $error ) {
130 try {
131 new SessionManager( [ $key => new \stdClass ] );
132 $this->fail( 'Expected exception not thrown' );
133 } catch ( \InvalidArgumentException $ex ) {
134 $this->assertSame( $error, $ex->getMessage() );
135 }
136 }
137 }
138
139 public function testGetSessionForRequest() {
140 $manager = $this->getManager();
141 $request = new \FauxRequest();
142 $request->unpersist1 = false;
143 $request->unpersist2 = false;
144
145 $id1 = '';
146 $id2 = '';
147 $idEmpty = 'empty-session-------------------';
148
149 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
150 ->setMethods(
151 [ 'provideSessionInfo', 'newSessionInfo', '__toString', 'describe', 'unpersistSession' ]
152 );
153
154 $provider1 = $providerBuilder->getMock();
155 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
156 ->with( $this->identicalTo( $request ) )
157 ->will( $this->returnCallback( function ( $request ) {
158 return $request->info1;
159 } ) );
160 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
161 ->will( $this->returnCallback( function () use ( $idEmpty, $provider1 ) {
163 'provider' => $provider1,
164 'id' => $idEmpty,
165 'persisted' => true,
166 'idIsSafe' => true,
167 ] );
168 } ) );
169 $provider1->expects( $this->any() )->method( '__toString' )
170 ->will( $this->returnValue( 'Provider1' ) );
171 $provider1->expects( $this->any() )->method( 'describe' )
172 ->will( $this->returnValue( '#1 sessions' ) );
173 $provider1->expects( $this->any() )->method( 'unpersistSession' )
174 ->will( $this->returnCallback( function ( $request ) {
175 $request->unpersist1 = true;
176 } ) );
177
178 $provider2 = $providerBuilder->getMock();
179 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
180 ->with( $this->identicalTo( $request ) )
181 ->will( $this->returnCallback( function ( $request ) {
182 return $request->info2;
183 } ) );
184 $provider2->expects( $this->any() )->method( '__toString' )
185 ->will( $this->returnValue( 'Provider2' ) );
186 $provider2->expects( $this->any() )->method( 'describe' )
187 ->will( $this->returnValue( '#2 sessions' ) );
188 $provider2->expects( $this->any() )->method( 'unpersistSession' )
189 ->will( $this->returnCallback( function ( $request ) {
190 $request->unpersist2 = true;
191 } ) );
192
193 $this->config->set( 'SessionProviders', [
194 $this->objectCacheDef( $provider1 ),
195 $this->objectCacheDef( $provider2 ),
196 ] );
197
198 // No provider returns info
199 $request->info1 = null;
200 $request->info2 = null;
201 $session = $manager->getSessionForRequest( $request );
202 $this->assertInstanceOf( Session::class, $session );
203 $this->assertSame( $idEmpty, $session->getId() );
204 $this->assertFalse( $request->unpersist1 );
205 $this->assertFalse( $request->unpersist2 );
206
207 // Both providers return info, picks best one
209 'provider' => $provider1,
210 'id' => ( $id1 = $manager->generateSessionId() ),
211 'persisted' => true,
212 'idIsSafe' => true,
213 ] );
215 'provider' => $provider2,
216 'id' => ( $id2 = $manager->generateSessionId() ),
217 'persisted' => true,
218 'idIsSafe' => true,
219 ] );
220 $session = $manager->getSessionForRequest( $request );
221 $this->assertInstanceOf( Session::class, $session );
222 $this->assertSame( $id2, $session->getId() );
223 $this->assertFalse( $request->unpersist1 );
224 $this->assertFalse( $request->unpersist2 );
225
227 'provider' => $provider1,
228 'id' => ( $id1 = $manager->generateSessionId() ),
229 'persisted' => true,
230 'idIsSafe' => true,
231 ] );
233 'provider' => $provider2,
234 'id' => ( $id2 = $manager->generateSessionId() ),
235 'persisted' => true,
236 'idIsSafe' => true,
237 ] );
238 $session = $manager->getSessionForRequest( $request );
239 $this->assertInstanceOf( Session::class, $session );
240 $this->assertSame( $id1, $session->getId() );
241 $this->assertFalse( $request->unpersist1 );
242 $this->assertFalse( $request->unpersist2 );
243
244 // Tied priorities
246 'provider' => $provider1,
247 'id' => ( $id1 = $manager->generateSessionId() ),
248 'persisted' => true,
249 'userInfo' => UserInfo::newAnonymous(),
250 'idIsSafe' => true,
251 ] );
253 'provider' => $provider2,
254 'id' => ( $id2 = $manager->generateSessionId() ),
255 'persisted' => true,
256 'userInfo' => UserInfo::newAnonymous(),
257 'idIsSafe' => true,
258 ] );
259 try {
260 $manager->getSessionForRequest( $request );
261 $this->fail( 'Expcected exception not thrown' );
262 } catch ( \OverflowException $ex ) {
263 $this->assertStringStartsWith(
264 'Multiple sessions for this request tied for top priority: ',
265 $ex->getMessage()
266 );
267 $this->assertCount( 2, $ex->sessionInfos );
268 $this->assertContains( $request->info1, $ex->sessionInfos );
269 $this->assertContains( $request->info2, $ex->sessionInfos );
270 }
271 $this->assertFalse( $request->unpersist1 );
272 $this->assertFalse( $request->unpersist2 );
273
274 // Bad provider
276 'provider' => $provider2,
277 'id' => ( $id1 = $manager->generateSessionId() ),
278 'persisted' => true,
279 'idIsSafe' => true,
280 ] );
281 $request->info2 = null;
282 try {
283 $manager->getSessionForRequest( $request );
284 $this->fail( 'Expcected exception not thrown' );
285 } catch ( \UnexpectedValueException $ex ) {
286 $this->assertSame(
287 'Provider1 returned session info for a different provider: ' . $request->info1,
288 $ex->getMessage()
289 );
290 }
291 $this->assertFalse( $request->unpersist1 );
292 $this->assertFalse( $request->unpersist2 );
293
294 // Unusable session info
295 $this->logger->setCollect( true );
297 'provider' => $provider1,
298 'id' => ( $id1 = $manager->generateSessionId() ),
299 'persisted' => true,
300 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
301 'idIsSafe' => true,
302 ] );
304 'provider' => $provider2,
305 'id' => ( $id2 = $manager->generateSessionId() ),
306 'persisted' => true,
307 'idIsSafe' => true,
308 ] );
309 $session = $manager->getSessionForRequest( $request );
310 $this->assertInstanceOf( Session::class, $session );
311 $this->assertSame( $id2, $session->getId() );
312 $this->logger->setCollect( false );
313 $this->assertTrue( $request->unpersist1 );
314 $this->assertFalse( $request->unpersist2 );
315 $request->unpersist1 = false;
316
317 $this->logger->setCollect( true );
319 'provider' => $provider1,
320 'id' => ( $id1 = $manager->generateSessionId() ),
321 'persisted' => true,
322 'idIsSafe' => true,
323 ] );
325 'provider' => $provider2,
326 'id' => ( $id2 = $manager->generateSessionId() ),
327 'persisted' => true,
328 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
329 'idIsSafe' => true,
330 ] );
331 $session = $manager->getSessionForRequest( $request );
332 $this->assertInstanceOf( Session::class, $session );
333 $this->assertSame( $id1, $session->getId() );
334 $this->logger->setCollect( false );
335 $this->assertFalse( $request->unpersist1 );
336 $this->assertTrue( $request->unpersist2 );
337 $request->unpersist2 = false;
338
339 // Unpersisted session ID
341 'provider' => $provider1,
342 'id' => ( $id1 = $manager->generateSessionId() ),
343 'persisted' => false,
344 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
345 'idIsSafe' => true,
346 ] );
347 $request->info2 = null;
348 $session = $manager->getSessionForRequest( $request );
349 $this->assertInstanceOf( Session::class, $session );
350 $this->assertSame( $id1, $session->getId() );
351 $this->assertTrue( $request->unpersist1 ); // The saving of the session does it
352 $this->assertFalse( $request->unpersist2 );
353 $session->persist();
354 $this->assertTrue( $session->isPersistent(), 'sanity check' );
355 }
356
357 public function testGetSessionById() {
358 $manager = $this->getManager();
359 try {
360 $manager->getSessionById( 'bad' );
361 $this->fail( 'Expected exception not thrown' );
362 } catch ( \InvalidArgumentException $ex ) {
363 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
364 }
365
366 // Unknown session ID
367 $id = $manager->generateSessionId();
368 $session = $manager->getSessionById( $id, true );
369 $this->assertInstanceOf( Session::class, $session );
370 $this->assertSame( $id, $session->getId() );
371
372 $id = $manager->generateSessionId();
373 $this->assertNull( $manager->getSessionById( $id, false ) );
374
375 // Known but unloadable session ID
376 $this->logger->setCollect( true );
377 $id = $manager->generateSessionId();
378 $this->store->setSession( $id, [ 'metadata' => [
379 'userId' => User::idFromName( 'UTSysop' ),
380 'userToken' => 'bad',
381 ] ] );
382
383 $this->assertNull( $manager->getSessionById( $id, true ) );
384 $this->assertNull( $manager->getSessionById( $id, false ) );
385 $this->logger->setCollect( false );
386
387 // Known session ID
388 $this->store->setSession( $id, [] );
389 $session = $manager->getSessionById( $id, false );
390 $this->assertInstanceOf( Session::class, $session );
391 $this->assertSame( $id, $session->getId() );
392
393 // Store isn't checked if the session is already loaded
394 $this->store->setSession( $id, [ 'metadata' => [
395 'userId' => User::idFromName( 'UTSysop' ),
396 'userToken' => 'bad',
397 ] ] );
398 $session2 = $manager->getSessionById( $id, false );
399 $this->assertInstanceOf( Session::class, $session2 );
400 $this->assertSame( $id, $session2->getId() );
401 unset( $session, $session2 );
402 $this->logger->setCollect( true );
403 $this->assertNull( $manager->getSessionById( $id, true ) );
404 $this->logger->setCollect( false );
405
406 // Failure to create an empty session
407 $manager = $this->getManager();
408 $provider = $this->getMockBuilder( \DummySessionProvider::class )
409 ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] )
410 ->getMock();
411 $provider->expects( $this->any() )->method( 'provideSessionInfo' )
412 ->will( $this->returnValue( null ) );
413 $provider->expects( $this->any() )->method( 'newSessionInfo' )
414 ->will( $this->returnValue( null ) );
415 $provider->expects( $this->any() )->method( '__toString' )
416 ->will( $this->returnValue( 'MockProvider' ) );
417 $this->config->set( 'SessionProviders', [
418 $this->objectCacheDef( $provider ),
419 ] );
420 $this->logger->setCollect( true );
421 $this->assertNull( $manager->getSessionById( $id, true ) );
422 $this->logger->setCollect( false );
423 $this->assertSame( [
424 [ LogLevel::ERROR, 'Failed to create empty session: {exception}' ]
425 ], $this->logger->getBuffer() );
426 }
427
428 public function testGetEmptySession() {
429 $manager = $this->getManager();
430 $pmanager = TestingAccessWrapper::newFromObject( $manager );
431 $request = new \FauxRequest();
432
433 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
434 ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] );
435
436 $expectId = null;
437 $info1 = null;
438 $info2 = null;
439
440 $provider1 = $providerBuilder->getMock();
441 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
442 ->will( $this->returnValue( null ) );
443 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
444 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
445 return $id === $expectId;
446 } ) )
447 ->will( $this->returnCallback( function () use ( &$info1 ) {
448 return $info1;
449 } ) );
450 $provider1->expects( $this->any() )->method( '__toString' )
451 ->will( $this->returnValue( 'MockProvider1' ) );
452
453 $provider2 = $providerBuilder->getMock();
454 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
455 ->will( $this->returnValue( null ) );
456 $provider2->expects( $this->any() )->method( 'newSessionInfo' )
457 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
458 return $id === $expectId;
459 } ) )
460 ->will( $this->returnCallback( function () use ( &$info2 ) {
461 return $info2;
462 } ) );
463 $provider1->expects( $this->any() )->method( '__toString' )
464 ->will( $this->returnValue( 'MockProvider2' ) );
465
466 $this->config->set( 'SessionProviders', [
467 $this->objectCacheDef( $provider1 ),
468 $this->objectCacheDef( $provider2 ),
469 ] );
470
471 // No info
472 $expectId = null;
473 $info1 = null;
474 $info2 = null;
475 try {
476 $manager->getEmptySession();
477 $this->fail( 'Expected exception not thrown' );
478 } catch ( \UnexpectedValueException $ex ) {
479 $this->assertSame(
480 'No provider could provide an empty session!',
481 $ex->getMessage()
482 );
483 }
484
485 // Info
486 $expectId = null;
488 'provider' => $provider1,
489 'id' => 'empty---------------------------',
490 'persisted' => true,
491 'idIsSafe' => true,
492 ] );
493 $info2 = null;
494 $session = $manager->getEmptySession();
495 $this->assertInstanceOf( Session::class, $session );
496 $this->assertSame( 'empty---------------------------', $session->getId() );
497
498 // Info, explicitly
499 $expectId = 'expected------------------------';
501 'provider' => $provider1,
502 'id' => $expectId,
503 'persisted' => true,
504 'idIsSafe' => true,
505 ] );
506 $info2 = null;
507 $session = $pmanager->getEmptySessionInternal( null, $expectId );
508 $this->assertInstanceOf( Session::class, $session );
509 $this->assertSame( $expectId, $session->getId() );
510
511 // Wrong ID
512 $expectId = 'expected-----------------------2';
514 'provider' => $provider1,
515 'id' => "un$expectId",
516 'persisted' => true,
517 'idIsSafe' => true,
518 ] );
519 $info2 = null;
520 try {
521 $pmanager->getEmptySessionInternal( null, $expectId );
522 $this->fail( 'Expected exception not thrown' );
523 } catch ( \UnexpectedValueException $ex ) {
524 $this->assertSame(
525 'MockProvider1 returned empty session info with a wrong id: ' .
526 "un$expectId != $expectId",
527 $ex->getMessage()
528 );
529 }
530
531 // Unsafe ID
532 $expectId = 'expected-----------------------2';
534 'provider' => $provider1,
535 'id' => $expectId,
536 'persisted' => true,
537 ] );
538 $info2 = null;
539 try {
540 $pmanager->getEmptySessionInternal( null, $expectId );
541 $this->fail( 'Expected exception not thrown' );
542 } catch ( \UnexpectedValueException $ex ) {
543 $this->assertSame(
544 'MockProvider1 returned empty session info with id flagged unsafe',
545 $ex->getMessage()
546 );
547 }
548
549 // Wrong provider
550 $expectId = null;
552 'provider' => $provider2,
553 'id' => 'empty---------------------------',
554 'persisted' => true,
555 'idIsSafe' => true,
556 ] );
557 $info2 = null;
558 try {
559 $manager->getEmptySession();
560 $this->fail( 'Expected exception not thrown' );
561 } catch ( \UnexpectedValueException $ex ) {
562 $this->assertSame(
563 'MockProvider1 returned an empty session info for a different provider: ' . $info1,
564 $ex->getMessage()
565 );
566 }
567
568 // Highest priority wins
569 $expectId = null;
570 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
571 'provider' => $provider1,
572 'id' => 'empty1--------------------------',
573 'persisted' => true,
574 'idIsSafe' => true,
575 ] );
577 'provider' => $provider2,
578 'id' => 'empty2--------------------------',
579 'persisted' => true,
580 'idIsSafe' => true,
581 ] );
582 $session = $manager->getEmptySession();
583 $this->assertInstanceOf( Session::class, $session );
584 $this->assertSame( 'empty1--------------------------', $session->getId() );
585
586 $expectId = null;
587 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
588 'provider' => $provider1,
589 'id' => 'empty1--------------------------',
590 'persisted' => true,
591 'idIsSafe' => true,
592 ] );
593 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
594 'provider' => $provider2,
595 'id' => 'empty2--------------------------',
596 'persisted' => true,
597 'idIsSafe' => true,
598 ] );
599 $session = $manager->getEmptySession();
600 $this->assertInstanceOf( Session::class, $session );
601 $this->assertSame( 'empty2--------------------------', $session->getId() );
602
603 // Tied priorities throw an exception
604 $expectId = null;
606 'provider' => $provider1,
607 'id' => 'empty1--------------------------',
608 'persisted' => true,
609 'userInfo' => UserInfo::newAnonymous(),
610 'idIsSafe' => true,
611 ] );
613 'provider' => $provider2,
614 'id' => 'empty2--------------------------',
615 'persisted' => true,
616 'userInfo' => UserInfo::newAnonymous(),
617 'idIsSafe' => true,
618 ] );
619 try {
620 $manager->getEmptySession();
621 $this->fail( 'Expected exception not thrown' );
622 } catch ( \UnexpectedValueException $ex ) {
623 $this->assertStringStartsWith(
624 'Multiple empty sessions tied for top priority: ',
625 $ex->getMessage()
626 );
627 }
628
629 // Bad id
630 try {
631 $pmanager->getEmptySessionInternal( null, 'bad' );
632 $this->fail( 'Expected exception not thrown' );
633 } catch ( \InvalidArgumentException $ex ) {
634 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
635 }
636
637 // Session already exists
638 $expectId = 'expected-----------------------3';
639 $this->store->setSessionMeta( $expectId, [
640 'provider' => 'MockProvider2',
641 'userId' => 0,
642 'userName' => null,
643 'userToken' => null,
644 ] );
645 try {
646 $pmanager->getEmptySessionInternal( null, $expectId );
647 $this->fail( 'Expected exception not thrown' );
648 } catch ( \InvalidArgumentException $ex ) {
649 $this->assertSame( 'Session ID already exists', $ex->getMessage() );
650 }
651 }
652
654 $user = User::newFromName( 'UTSysop' );
655 $manager = $this->getManager();
656
657 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
658 ->setMethods( [ 'invalidateSessionsForUser', '__toString' ] );
659
660 $provider1 = $providerBuilder->getMock();
661 $provider1->expects( $this->once() )->method( 'invalidateSessionsForUser' )
662 ->with( $this->identicalTo( $user ) );
663 $provider1->expects( $this->any() )->method( '__toString' )
664 ->will( $this->returnValue( 'MockProvider1' ) );
665
666 $provider2 = $providerBuilder->getMock();
667 $provider2->expects( $this->once() )->method( 'invalidateSessionsForUser' )
668 ->with( $this->identicalTo( $user ) );
669 $provider2->expects( $this->any() )->method( '__toString' )
670 ->will( $this->returnValue( 'MockProvider2' ) );
671
672 $this->config->set( 'SessionProviders', [
673 $this->objectCacheDef( $provider1 ),
674 $this->objectCacheDef( $provider2 ),
675 ] );
676
677 $oldToken = $user->getToken( true );
678 $manager->invalidateSessionsForUser( $user );
679 $this->assertNotEquals( $oldToken, $user->getToken() );
680 }
681
682 public function testGetVaryHeaders() {
683 $manager = $this->getManager();
684
685 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
686 ->setMethods( [ 'getVaryHeaders', '__toString' ] );
687
688 $provider1 = $providerBuilder->getMock();
689 $provider1->expects( $this->once() )->method( 'getVaryHeaders' )
690 ->will( $this->returnValue( [
691 'Foo' => null,
692 'Bar' => [ 'X', 'Bar1' ],
693 'Quux' => null,
694 ] ) );
695 $provider1->expects( $this->any() )->method( '__toString' )
696 ->will( $this->returnValue( 'MockProvider1' ) );
697
698 $provider2 = $providerBuilder->getMock();
699 $provider2->expects( $this->once() )->method( 'getVaryHeaders' )
700 ->will( $this->returnValue( [
701 'Baz' => null,
702 'Bar' => [ 'X', 'Bar2' ],
703 'Quux' => [ 'Quux' ],
704 ] ) );
705 $provider2->expects( $this->any() )->method( '__toString' )
706 ->will( $this->returnValue( 'MockProvider2' ) );
707
708 $this->config->set( 'SessionProviders', [
709 $this->objectCacheDef( $provider1 ),
710 $this->objectCacheDef( $provider2 ),
711 ] );
712
713 $expect = [
714 'Foo' => [],
715 'Bar' => [ 'X', 'Bar1', 3 => 'Bar2' ],
716 'Quux' => [ 'Quux' ],
717 'Baz' => [],
718 ];
719
720 $this->assertEquals( $expect, $manager->getVaryHeaders() );
721
722 // Again, to ensure it's cached
723 $this->assertEquals( $expect, $manager->getVaryHeaders() );
724 }
725
726 public function testGetVaryCookies() {
727 $manager = $this->getManager();
728
729 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
730 ->setMethods( [ 'getVaryCookies', '__toString' ] );
731
732 $provider1 = $providerBuilder->getMock();
733 $provider1->expects( $this->once() )->method( 'getVaryCookies' )
734 ->will( $this->returnValue( [ 'Foo', 'Bar' ] ) );
735 $provider1->expects( $this->any() )->method( '__toString' )
736 ->will( $this->returnValue( 'MockProvider1' ) );
737
738 $provider2 = $providerBuilder->getMock();
739 $provider2->expects( $this->once() )->method( 'getVaryCookies' )
740 ->will( $this->returnValue( [ 'Foo', 'Baz' ] ) );
741 $provider2->expects( $this->any() )->method( '__toString' )
742 ->will( $this->returnValue( 'MockProvider2' ) );
743
744 $this->config->set( 'SessionProviders', [
745 $this->objectCacheDef( $provider1 ),
746 $this->objectCacheDef( $provider2 ),
747 ] );
748
749 $expect = [ 'Foo', 'Bar', 'Baz' ];
750
751 $this->assertEquals( $expect, $manager->getVaryCookies() );
752
753 // Again, to ensure it's cached
754 $this->assertEquals( $expect, $manager->getVaryCookies() );
755 }
756
757 public function testGetProviders() {
758 $realManager = $this->getManager();
759 $manager = TestingAccessWrapper::newFromObject( $realManager );
760
761 $this->config->set( 'SessionProviders', [
762 [ 'class' => \DummySessionProvider::class ],
763 ] );
764 $providers = $manager->getProviders();
765 $this->assertArrayHasKey( 'DummySessionProvider', $providers );
766 $provider = TestingAccessWrapper::newFromObject( $providers['DummySessionProvider'] );
767 $this->assertSame( $manager->logger, $provider->logger );
768 $this->assertSame( $manager->config, $provider->config );
769 $this->assertSame( $realManager, $provider->getManager() );
770
771 $this->config->set( 'SessionProviders', [
772 [ 'class' => \DummySessionProvider::class ],
773 [ 'class' => \DummySessionProvider::class ],
774 ] );
775 $manager->sessionProviders = null;
776 try {
777 $manager->getProviders();
778 $this->fail( 'Expected exception not thrown' );
779 } catch ( \UnexpectedValueException $ex ) {
780 $this->assertSame(
781 'Duplicate provider name "DummySessionProvider"',
782 $ex->getMessage()
783 );
784 }
785 }
786
787 public function testShutdown() {
788 $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
789 $manager->setLogger( new \Psr\Log\NullLogger() );
790
791 $mock = $this->getMockBuilder( stdClass::class )
792 ->setMethods( [ 'shutdown' ] )->getMock();
793 $mock->expects( $this->once() )->method( 'shutdown' );
794
795 $manager->allSessionBackends = [ $mock ];
796 $manager->shutdown();
797 }
798
799 public function testGetSessionFromInfo() {
800 $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
801 $request = new \FauxRequest();
802
803 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
804
806 'provider' => $manager->getProvider( 'DummySessionProvider' ),
807 'id' => $id,
808 'persisted' => true,
809 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
810 'idIsSafe' => true,
811 ] );
812 TestingAccessWrapper::newFromObject( $info )->idIsSafe = true;
813 $session1 = TestingAccessWrapper::newFromObject(
814 $manager->getSessionFromInfo( $info, $request )
815 );
816 $session2 = TestingAccessWrapper::newFromObject(
817 $manager->getSessionFromInfo( $info, $request )
818 );
819
820 $this->assertSame( $session1->backend, $session2->backend );
821 $this->assertNotEquals( $session1->index, $session2->index );
822 $this->assertSame( $session1->getSessionId(), $session2->getSessionId() );
823 $this->assertSame( $id, $session1->getId() );
824
825 TestingAccessWrapper::newFromObject( $info )->idIsSafe = false;
826 $session3 = $manager->getSessionFromInfo( $info, $request );
827 $this->assertNotSame( $id, $session3->getId() );
828 }
829
830 public function testBackendRegistration() {
831 $manager = $this->getManager();
832
833 $session = $manager->getSessionForRequest( new \FauxRequest );
834 $backend = TestingAccessWrapper::newFromObject( $session )->backend;
835 $sessionId = $session->getSessionId();
836 $id = (string)$sessionId;
837
838 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
839
840 $manager->changeBackendId( $backend );
841 $this->assertSame( $sessionId, $session->getSessionId() );
842 $this->assertNotEquals( $id, (string)$sessionId );
843 $id = (string)$sessionId;
844
845 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
846
847 // Destruction of the session here causes the backend to be deregistered
848 $session = null;
849
850 try {
851 $manager->changeBackendId( $backend );
852 $this->fail( 'Expected exception not thrown' );
853 } catch ( \InvalidArgumentException $ex ) {
854 $this->assertSame(
855 'Backend was not registered with this SessionManager', $ex->getMessage()
856 );
857 }
858
859 try {
860 $manager->deregisterSessionBackend( $backend );
861 $this->fail( 'Expected exception not thrown' );
862 } catch ( \InvalidArgumentException $ex ) {
863 $this->assertSame(
864 'Backend was not registered with this SessionManager', $ex->getMessage()
865 );
866 }
867
868 $session = $manager->getSessionById( $id, true );
869 $this->assertSame( $sessionId, $session->getSessionId() );
870 }
871
872 public function testGenerateSessionId() {
873 $manager = $this->getManager();
874
875 $id = $manager->generateSessionId();
876 $this->assertTrue( SessionManager::validateSessionId( $id ), "Generated ID: $id" );
877 }
878
879 public function testPreventSessionsForUser() {
880 $manager = $this->getManager();
881
882 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
883 ->setMethods( [ 'preventSessionsForUser', '__toString' ] );
884
885 $provider1 = $providerBuilder->getMock();
886 $provider1->expects( $this->once() )->method( 'preventSessionsForUser' )
887 ->with( $this->equalTo( 'UTSysop' ) );
888 $provider1->expects( $this->any() )->method( '__toString' )
889 ->will( $this->returnValue( 'MockProvider1' ) );
890
891 $this->config->set( 'SessionProviders', [
892 $this->objectCacheDef( $provider1 ),
893 ] );
894
895 $this->assertFalse( $manager->isUserSessionPrevented( 'UTSysop' ) );
896 $manager->preventSessionsForUser( 'UTSysop' );
897 $this->assertTrue( $manager->isUserSessionPrevented( 'UTSysop' ) );
898 }
899
901 $manager = $this->getManager();
902 $logger = new \TestLogger( true );
903 $manager->setLogger( $logger );
904 $request = new \FauxRequest();
905
906 // TestingAccessWrapper can't handle methods with reference arguments, sigh.
907 $rClass = new \ReflectionClass( $manager );
908 $rMethod = $rClass->getMethod( 'loadSessionInfoFromStore' );
909 $rMethod->setAccessible( true );
910 $loadSessionInfoFromStore = function ( &$info ) use ( $rMethod, $manager, $request ) {
911 return $rMethod->invokeArgs( $manager, [ &$info, $request ] );
912 };
913
914 $userInfo = UserInfo::newFromName( 'UTSysop', true );
915 $unverifiedUserInfo = UserInfo::newFromName( 'UTSysop', false );
916
917 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
918 $metadata = [
919 'userId' => $userInfo->getId(),
920 'userName' => $userInfo->getName(),
921 'userToken' => $userInfo->getToken( true ),
922 'provider' => 'Mock',
923 ];
924
925 $builder = $this->getMockBuilder( SessionProvider::class )
926 ->setMethods( [ '__toString', 'mergeMetadata', 'refreshSessionInfo' ] );
927
928 $provider = $builder->getMockForAbstractClass();
929 $provider->setManager( $manager );
930 $provider->expects( $this->any() )->method( 'persistsSessionId' )
931 ->will( $this->returnValue( true ) );
932 $provider->expects( $this->any() )->method( 'canChangeUser' )
933 ->will( $this->returnValue( true ) );
934 $provider->expects( $this->any() )->method( 'refreshSessionInfo' )
935 ->will( $this->returnValue( true ) );
936 $provider->expects( $this->any() )->method( '__toString' )
937 ->will( $this->returnValue( 'Mock' ) );
938 $provider->expects( $this->any() )->method( 'mergeMetadata' )
939 ->will( $this->returnCallback( function ( $a, $b ) {
940 if ( $b === [ 'Throw' ] ) {
941 throw new MetadataMergeException( 'no merge!' );
942 }
943 return [ 'Merged' ];
944 } ) );
945
946 $provider2 = $builder->getMockForAbstractClass();
947 $provider2->setManager( $manager );
948 $provider2->expects( $this->any() )->method( 'persistsSessionId' )
949 ->will( $this->returnValue( false ) );
950 $provider2->expects( $this->any() )->method( 'canChangeUser' )
951 ->will( $this->returnValue( false ) );
952 $provider2->expects( $this->any() )->method( '__toString' )
953 ->will( $this->returnValue( 'Mock2' ) );
954 $provider2->expects( $this->any() )->method( 'refreshSessionInfo' )
955 ->will( $this->returnCallback( function ( $info, $request, &$metadata ) {
956 $metadata['changed'] = true;
957 return true;
958 } ) );
959
960 $provider3 = $builder->getMockForAbstractClass();
961 $provider3->setManager( $manager );
962 $provider3->expects( $this->any() )->method( 'persistsSessionId' )
963 ->will( $this->returnValue( true ) );
964 $provider3->expects( $this->any() )->method( 'canChangeUser' )
965 ->will( $this->returnValue( true ) );
966 $provider3->expects( $this->once() )->method( 'refreshSessionInfo' )
967 ->will( $this->returnValue( false ) );
968 $provider3->expects( $this->any() )->method( '__toString' )
969 ->will( $this->returnValue( 'Mock3' ) );
970
971 TestingAccessWrapper::newFromObject( $manager )->sessionProviders = [
972 (string)$provider => $provider,
973 (string)$provider2 => $provider2,
974 (string)$provider3 => $provider3,
975 ];
976
977 // No metadata, basic usage
979 'provider' => $provider,
980 'id' => $id,
981 'userInfo' => $userInfo
982 ] );
983 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
984 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
985 $this->assertFalse( $info->isIdSafe() );
986 $this->assertSame( [], $logger->getBuffer() );
987
989 'provider' => $provider,
990 'userInfo' => $userInfo
991 ] );
992 $this->assertTrue( $info->isIdSafe(), 'sanity check' );
993 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
994 $this->assertTrue( $info->isIdSafe() );
995 $this->assertSame( [], $logger->getBuffer() );
996
998 'provider' => $provider2,
999 'id' => $id,
1000 'userInfo' => $userInfo
1001 ] );
1002 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1003 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1004 $this->assertTrue( $info->isIdSafe() );
1005 $this->assertSame( [], $logger->getBuffer() );
1006
1007 // Unverified user, no metadata
1009 'provider' => $provider,
1010 'id' => $id,
1011 'userInfo' => $unverifiedUserInfo
1012 ] );
1013 $this->assertSame( $unverifiedUserInfo, $info->getUserInfo() );
1014 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1015 $this->assertSame( [
1016 [
1017 LogLevel::INFO,
1018 'Session "{session}": Unverified user provided and no metadata to auth it',
1019 ]
1020 ], $logger->getBuffer() );
1022
1023 // No metadata, missing data
1025 'id' => $id,
1026 'userInfo' => $userInfo
1027 ] );
1028 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1029 $this->assertSame( [
1030 [ LogLevel::WARNING, 'Session "{session}": Null provider and no metadata' ],
1031 ], $logger->getBuffer() );
1033
1035 'provider' => $provider,
1036 'id' => $id,
1037 ] );
1038 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1039 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1040 $this->assertInstanceOf( UserInfo::class, $info->getUserInfo() );
1041 $this->assertTrue( $info->getUserInfo()->isVerified() );
1042 $this->assertTrue( $info->getUserInfo()->isAnon() );
1043 $this->assertFalse( $info->isIdSafe() );
1044 $this->assertSame( [], $logger->getBuffer() );
1045
1047 'provider' => $provider2,
1048 'id' => $id,
1049 ] );
1050 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1051 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1052 $this->assertSame( [
1053 [ LogLevel::INFO, 'Session "{session}": No user provided and provider cannot set user' ]
1054 ], $logger->getBuffer() );
1056
1057 // Incomplete/bad metadata
1058 $this->store->setRawSession( $id, true );
1059 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1060 $this->assertSame( [
1061 [ LogLevel::WARNING, 'Session "{session}": Bad data' ],
1062 ], $logger->getBuffer() );
1064
1065 $this->store->setRawSession( $id, [ 'data' => [] ] );
1066 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1067 $this->assertSame( [
1068 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1069 ], $logger->getBuffer() );
1071
1072 $this->store->deleteSession( $id );
1073 $this->store->setRawSession( $id, [ 'metadata' => $metadata ] );
1074 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1075 $this->assertSame( [
1076 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1077 ], $logger->getBuffer() );
1079
1080 $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => true ] );
1081 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1082 $this->assertSame( [
1083 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1084 ], $logger->getBuffer() );
1086
1087 $this->store->setRawSession( $id, [ 'metadata' => true, 'data' => [] ] );
1088 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1089 $this->assertSame( [
1090 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1091 ], $logger->getBuffer() );
1093
1094 foreach ( $metadata as $key => $dummy ) {
1095 $tmp = $metadata;
1096 unset( $tmp[$key] );
1097 $this->store->setRawSession( $id, [ 'metadata' => $tmp, 'data' => [] ] );
1098 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1099 $this->assertSame( [
1100 [ LogLevel::WARNING, 'Session "{session}": Bad metadata' ],
1101 ], $logger->getBuffer() );
1103 }
1104
1105 // Basic usage with metadata
1106 $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => [] ] );
1108 'provider' => $provider,
1109 'id' => $id,
1110 'userInfo' => $userInfo
1111 ] );
1112 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1113 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1114 $this->assertTrue( $info->isIdSafe() );
1115 $this->assertSame( [], $logger->getBuffer() );
1116
1117 // Mismatched provider
1118 $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1120 'provider' => $provider,
1121 'id' => $id,
1122 'userInfo' => $userInfo
1123 ] );
1124 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1125 $this->assertSame( [
1126 [ LogLevel::WARNING, 'Session "{session}": Wrong provider Bad !== Mock' ],
1127 ], $logger->getBuffer() );
1129
1130 // Unknown provider
1131 $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1133 'id' => $id,
1134 'userInfo' => $userInfo
1135 ] );
1136 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1137 $this->assertSame( [
1138 [ LogLevel::WARNING, 'Session "{session}": Unknown provider Bad' ],
1139 ], $logger->getBuffer() );
1141
1142 // Fill in provider
1143 $this->store->setSessionMeta( $id, $metadata );
1145 'id' => $id,
1146 'userInfo' => $userInfo
1147 ] );
1148 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1149 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1150 $this->assertTrue( $info->isIdSafe() );
1151 $this->assertSame( [], $logger->getBuffer() );
1152
1153 // Bad user metadata
1154 $this->store->setSessionMeta( $id, [ 'userId' => -1, 'userToken' => null ] + $metadata );
1156 'provider' => $provider,
1157 'id' => $id,
1158 ] );
1159 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1160 $this->assertSame( [
1161 [ LogLevel::ERROR, 'Session "{session}": {exception}' ],
1162 ], $logger->getBuffer() );
1164
1165 $this->store->setSessionMeta(
1166 $id, [ 'userId' => 0, 'userName' => '<X>', 'userToken' => null ] + $metadata
1167 );
1169 'provider' => $provider,
1170 'id' => $id,
1171 ] );
1172 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1173 $this->assertSame( [
1174 [ LogLevel::ERROR, 'Session "{session}": {exception}', ],
1175 ], $logger->getBuffer() );
1177
1178 // Mismatched user by ID
1179 $this->store->setSessionMeta(
1180 $id, [ 'userId' => $userInfo->getId() + 1, 'userToken' => null ] + $metadata
1181 );
1183 'provider' => $provider,
1184 'id' => $id,
1185 'userInfo' => $userInfo
1186 ] );
1187 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1188 $this->assertSame( [
1189 [ LogLevel::WARNING, 'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}' ],
1190 ], $logger->getBuffer() );
1192
1193 // Mismatched user by name
1194 $this->store->setSessionMeta(
1195 $id, [ 'userId' => 0, 'userName' => 'X', 'userToken' => null ] + $metadata
1196 );
1198 'provider' => $provider,
1199 'id' => $id,
1200 'userInfo' => $userInfo
1201 ] );
1202 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1203 $this->assertSame( [
1204 [ LogLevel::WARNING, 'Session "{session}": User name mismatch, {uname_a} !== {uname_b}' ],
1205 ], $logger->getBuffer() );
1207
1208 // ID matches, name doesn't
1209 $this->store->setSessionMeta(
1210 $id, [ 'userId' => $userInfo->getId(), 'userName' => 'X', 'userToken' => null ] + $metadata
1211 );
1213 'provider' => $provider,
1214 'id' => $id,
1215 'userInfo' => $userInfo
1216 ] );
1217 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1218 $this->assertSame( [
1219 [
1220 LogLevel::WARNING,
1221 'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}'
1222 ],
1223 ], $logger->getBuffer() );
1225
1226 // Mismatched anon user
1227 $this->store->setSessionMeta(
1228 $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1229 );
1231 'provider' => $provider,
1232 'id' => $id,
1233 'userInfo' => $userInfo
1234 ] );
1235 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1236 $this->assertSame( [
1237 [
1238 LogLevel::WARNING,
1239 'Session "{session}": Metadata has an anonymous user, ' .
1240 'but a non-anon user was provided',
1241 ],
1242 ], $logger->getBuffer() );
1244
1245 // Lookup user by ID
1246 $this->store->setSessionMeta( $id, [ 'userToken' => null ] + $metadata );
1248 'provider' => $provider,
1249 'id' => $id,
1250 ] );
1251 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1252 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1253 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1254 $this->assertTrue( $info->isIdSafe() );
1255 $this->assertSame( [], $logger->getBuffer() );
1256
1257 // Lookup user by name
1258 $this->store->setSessionMeta(
1259 $id, [ 'userId' => 0, 'userName' => 'UTSysop', 'userToken' => null ] + $metadata
1260 );
1262 'provider' => $provider,
1263 'id' => $id,
1264 ] );
1265 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1266 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1267 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1268 $this->assertTrue( $info->isIdSafe() );
1269 $this->assertSame( [], $logger->getBuffer() );
1270
1271 // Lookup anonymous user
1272 $this->store->setSessionMeta(
1273 $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1274 );
1276 'provider' => $provider,
1277 'id' => $id,
1278 ] );
1279 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1280 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1281 $this->assertTrue( $info->getUserInfo()->isAnon() );
1282 $this->assertTrue( $info->isIdSafe() );
1283 $this->assertSame( [], $logger->getBuffer() );
1284
1285 // Unverified user with metadata
1286 $this->store->setSessionMeta( $id, $metadata );
1288 'provider' => $provider,
1289 'id' => $id,
1290 'userInfo' => $unverifiedUserInfo
1291 ] );
1292 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1293 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1294 $this->assertTrue( $info->getUserInfo()->isVerified() );
1295 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1296 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1297 $this->assertTrue( $info->isIdSafe() );
1298 $this->assertSame( [], $logger->getBuffer() );
1299
1300 // Unverified user with metadata
1301 $this->store->setSessionMeta( $id, $metadata );
1303 'provider' => $provider,
1304 'id' => $id,
1305 'userInfo' => $unverifiedUserInfo
1306 ] );
1307 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1308 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1309 $this->assertTrue( $info->getUserInfo()->isVerified() );
1310 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1311 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1312 $this->assertTrue( $info->isIdSafe() );
1313 $this->assertSame( [], $logger->getBuffer() );
1314
1315 // Wrong token
1316 $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1318 'provider' => $provider,
1319 'id' => $id,
1320 'userInfo' => $userInfo
1321 ] );
1322 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1323 $this->assertSame( [
1324 [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1325 ], $logger->getBuffer() );
1327
1328 // Provider metadata
1329 $this->store->setSessionMeta( $id, [ 'provider' => 'Mock2' ] + $metadata );
1331 'provider' => $provider2,
1332 'id' => $id,
1333 'userInfo' => $userInfo,
1334 'metadata' => [ 'Info' ],
1335 ] );
1336 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1337 $this->assertSame( [ 'Info', 'changed' => true ], $info->getProviderMetadata() );
1338 $this->assertSame( [], $logger->getBuffer() );
1339
1340 $this->store->setSessionMeta( $id, [ 'providerMetadata' => [ 'Saved' ] ] + $metadata );
1342 'provider' => $provider,
1343 'id' => $id,
1344 'userInfo' => $userInfo,
1345 ] );
1346 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1347 $this->assertSame( [ 'Saved' ], $info->getProviderMetadata() );
1348 $this->assertSame( [], $logger->getBuffer() );
1349
1351 'provider' => $provider,
1352 'id' => $id,
1353 'userInfo' => $userInfo,
1354 'metadata' => [ 'Info' ],
1355 ] );
1356 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1357 $this->assertSame( [ 'Merged' ], $info->getProviderMetadata() );
1358 $this->assertSame( [], $logger->getBuffer() );
1359
1361 'provider' => $provider,
1362 'id' => $id,
1363 'userInfo' => $userInfo,
1364 'metadata' => [ 'Throw' ],
1365 ] );
1366 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1367 $this->assertSame( [
1368 [
1369 LogLevel::WARNING,
1370 'Session "{session}": Metadata merge failed: {exception}',
1371 ],
1372 ], $logger->getBuffer() );
1374
1375 // Remember from session
1376 $this->store->setSessionMeta( $id, $metadata );
1378 'provider' => $provider,
1379 'id' => $id,
1380 ] );
1381 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1382 $this->assertFalse( $info->wasRemembered() );
1383 $this->assertSame( [], $logger->getBuffer() );
1384
1385 $this->store->setSessionMeta( $id, [ 'remember' => true ] + $metadata );
1387 'provider' => $provider,
1388 'id' => $id,
1389 ] );
1390 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1391 $this->assertTrue( $info->wasRemembered() );
1392 $this->assertSame( [], $logger->getBuffer() );
1393
1394 $this->store->setSessionMeta( $id, [ 'remember' => false ] + $metadata );
1396 'provider' => $provider,
1397 'id' => $id,
1398 'userInfo' => $userInfo
1399 ] );
1400 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1401 $this->assertTrue( $info->wasRemembered() );
1402 $this->assertSame( [], $logger->getBuffer() );
1403
1404 // forceHTTPS from session
1405 $this->store->setSessionMeta( $id, $metadata );
1407 'provider' => $provider,
1408 'id' => $id,
1409 'userInfo' => $userInfo
1410 ] );
1411 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1412 $this->assertFalse( $info->forceHTTPS() );
1413 $this->assertSame( [], $logger->getBuffer() );
1414
1415 $this->store->setSessionMeta( $id, [ 'forceHTTPS' => true ] + $metadata );
1417 'provider' => $provider,
1418 'id' => $id,
1419 'userInfo' => $userInfo
1420 ] );
1421 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1422 $this->assertTrue( $info->forceHTTPS() );
1423 $this->assertSame( [], $logger->getBuffer() );
1424
1425 $this->store->setSessionMeta( $id, [ 'forceHTTPS' => false ] + $metadata );
1427 'provider' => $provider,
1428 'id' => $id,
1429 'userInfo' => $userInfo,
1430 'forceHTTPS' => true
1431 ] );
1432 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1433 $this->assertTrue( $info->forceHTTPS() );
1434 $this->assertSame( [], $logger->getBuffer() );
1435
1436 // "Persist" flag from session
1437 $this->store->setSessionMeta( $id, $metadata );
1439 'provider' => $provider,
1440 'id' => $id,
1441 'userInfo' => $userInfo
1442 ] );
1443 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1444 $this->assertFalse( $info->wasPersisted() );
1445 $this->assertSame( [], $logger->getBuffer() );
1446
1447 $this->store->setSessionMeta( $id, [ 'persisted' => true ] + $metadata );
1449 'provider' => $provider,
1450 'id' => $id,
1451 'userInfo' => $userInfo
1452 ] );
1453 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1454 $this->assertTrue( $info->wasPersisted() );
1455 $this->assertSame( [], $logger->getBuffer() );
1456
1457 $this->store->setSessionMeta( $id, [ 'persisted' => false ] + $metadata );
1459 'provider' => $provider,
1460 'id' => $id,
1461 'userInfo' => $userInfo,
1462 'persisted' => true
1463 ] );
1464 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1465 $this->assertTrue( $info->wasPersisted() );
1466 $this->assertSame( [], $logger->getBuffer() );
1467
1468 // Provider refreshSessionInfo() returning false
1470 'provider' => $provider3,
1471 ] );
1472 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1473 $this->assertSame( [], $logger->getBuffer() );
1474
1475 // Hook
1476 $called = false;
1477 $data = [ 'foo' => 1 ];
1478 $this->store->setSession( $id, [ 'metadata' => $metadata, 'data' => $data ] );
1480 'provider' => $provider,
1481 'id' => $id,
1482 'userInfo' => $userInfo
1483 ] );
1484 $this->mergeMwGlobalArrayValue( 'wgHooks', [
1485 'SessionCheckInfo' => [ function ( &$reason, $i, $r, $m, $d ) use (
1486 $info, $metadata, $data, $request, &$called
1487 ) {
1488 $this->assertSame( $info->getId(), $i->getId() );
1489 $this->assertSame( $info->getProvider(), $i->getProvider() );
1490 $this->assertSame( $info->getUserInfo(), $i->getUserInfo() );
1491 $this->assertSame( $request, $r );
1492 $this->assertEquals( $metadata, $m );
1493 $this->assertEquals( $data, $d );
1494 $called = true;
1495 return false;
1496 } ]
1497 ] );
1498 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1499 $this->assertTrue( $called );
1500 $this->assertSame( [
1501 [ LogLevel::WARNING, 'Session "{session}": Hook aborted' ],
1502 ], $logger->getBuffer() );
1504 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'SessionCheckInfo' => [] ] );
1505
1506 // forceUse deletes bad backend data
1507 $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1509 'provider' => $provider,
1510 'id' => $id,
1511 'userInfo' => $userInfo,
1512 'forceUse' => true,
1513 ] );
1514 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1515 $this->assertFalse( $this->store->getSession( $id ) );
1516 $this->assertSame( [
1517 [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1518 ], $logger->getBuffer() );
1520 }
1521}
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
</td >< td > &</td >< td > t want your writing to be edited mercilessly and redistributed at will
WebRequest clone which takes values from a provided array.
A Config instance which stores all settings as a member variable.
mergeMwGlobalArrayValue( $name, $values)
Merges the given values into a MW global array variable.
$called
$called tracks whether the setUp and tearDown method has been called.
Subclass of UnexpectedValueException that can be annotated with additional data for debug logging.
static isInstalled()
Test whether the handler is installed.
static install(SessionManager $manager)
Install a session handler for the current web request.
Value object returned by SessionProvider.
const MIN_PRIORITY
Minimum allowed priority.
const MAX_PRIORITY
Maximum allowed priority.
Session Database MediaWiki\Session\SessionManager.
This serves as the entry point to the MediaWiki session handling system.
static getGlobalSession()
Get the "global" session.
static validateSessionId( $id)
Validate a session ID.
static singleton()
Get the global SessionManager.
BagOStuff with utility functions for MediaWiki\\Session\\* testing.
static setSessionManagerSingleton(SessionManager $manager=null)
Override the singleton for unit testing.
Definition TestUtils.php:18
static newFromName( $name, $verified=false)
Create an instance for a logged-in user by name.
Definition UserInfo.php:103
static newAnonymous()
Create an instance for an anonymous (i.e.
Definition UserInfo.php:75
static BagOStuff[] $instances
Map of (id => BagOStuff)
A logger that may be configured to either buffer logs or to print them to the output where PHPUnit wi...
clearBuffer()
Clear the collected log buffer.
getBuffer()
Return the collected logs.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:48
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:585
static idFromName( $name, $flags=self::READ_NORMAL)
Get database id given a user name.
Definition User.php:905
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2843
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not it can be in the form of< username >< more info > e g for bot passwords intended to be added to log contexts Fields it might only if the login was with a bot password it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable modifiable after all normalizations have been except for the $wgMaxImageArea check set to true or false to override the $wgMaxImageArea check result gives extension the possibility to transform it themselves $handler
Definition hooks.txt:894
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on and they can depend only on the ResourceLoaderContext $context
Definition hooks.txt:2848
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition hooks.txt:783
return true to allow those checks to and false if checking is done & $user
Definition hooks.txt:1510
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37