MediaWiki REL1_33
SessionManagerTest.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\Session;
4
5use MediaWikiTestCase;
6use Psr\Log\LogLevel;
7use User;
8use Wikimedia\TestingAccessWrapper;
9
15class SessionManagerTest extends MediaWikiTestCase {
16
18 private $config;
19
21 private $logger;
22
24 private $store;
25
26 protected function getManager() {
27 \ObjectCache::$instances['testSessionStore'] = new TestBagOStuff();
28 $this->config = new \HashConfig( [
29 'LanguageCode' => 'en',
30 'SessionCacheType' => 'testSessionStore',
31 'ObjectCacheSessionExpiry' => 100,
32 'SessionProviders' => [
33 [ 'class' => \DummySessionProvider::class ],
34 ]
35 ] );
36 $this->logger = new \TestLogger( false, function ( $m ) {
37 return substr( $m, 0, 15 ) === 'SessionBackend ' ? null : $m;
38 } );
39 $this->store = new TestBagOStuff();
40
41 return new SessionManager( [
42 'config' => $this->config,
43 'logger' => $this->logger,
44 'store' => $this->store,
45 ] );
46 }
47
48 protected function objectCacheDef( $object ) {
49 return [ 'factory' => function () use ( $object ) {
50 return $object;
51 } ];
52 }
53
54 public function testSingleton() {
55 $reset = TestUtils::setSessionManagerSingleton( null );
56
57 $singleton = SessionManager::singleton();
58 $this->assertInstanceOf( SessionManager::class, $singleton );
59 $this->assertSame( $singleton, SessionManager::singleton() );
60 }
61
62 public function testGetGlobalSession() {
63 $context = \RequestContext::getMain();
64
65 if ( !PHPSessionHandler::isInstalled() ) {
66 PHPSessionHandler::install( SessionManager::singleton() );
67 }
68 $rProp = new \ReflectionProperty( PHPSessionHandler::class, 'instance' );
69 $rProp->setAccessible( true );
70 $handler = TestingAccessWrapper::newFromObject( $rProp->getValue() );
71 $oldEnable = $handler->enable;
72 $reset[] = new \Wikimedia\ScopedCallback( function () use ( $handler, $oldEnable ) {
73 if ( $handler->enable ) {
74 session_write_close();
75 }
76 $handler->enable = $oldEnable;
77 } );
78 $reset[] = TestUtils::setSessionManagerSingleton( $this->getManager() );
79
80 $handler->enable = true;
81 $request = new \FauxRequest();
82 $context->setRequest( $request );
83 $id = $request->getSession()->getId();
84
85 session_write_close();
86 session_id( '' );
87 $session = SessionManager::getGlobalSession();
88 $this->assertSame( $id, $session->getId() );
89
90 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
91 $session = SessionManager::getGlobalSession();
92 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $session->getId() );
93 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $request->getSession()->getId() );
94
95 session_write_close();
96 $handler->enable = false;
97 $request = new \FauxRequest();
98 $context->setRequest( $request );
99 $id = $request->getSession()->getId();
100
101 session_id( '' );
102 $session = SessionManager::getGlobalSession();
103 $this->assertSame( $id, $session->getId() );
104
105 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
106 $session = SessionManager::getGlobalSession();
107 $this->assertSame( $id, $session->getId() );
108 $this->assertSame( $id, $request->getSession()->getId() );
109 }
110
111 public function testConstructor() {
112 $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
113 $this->assertSame( $this->config, $manager->config );
114 $this->assertSame( $this->logger, $manager->logger );
115 $this->assertSame( $this->store, $manager->store );
116
117 $manager = TestingAccessWrapper::newFromObject( new SessionManager() );
118 $this->assertSame( \RequestContext::getMain()->getConfig(), $manager->config );
119
120 $manager = TestingAccessWrapper::newFromObject( new SessionManager( [
121 'config' => $this->config,
122 ] ) );
123 $this->assertSame( \ObjectCache::$instances['testSessionStore'], $manager->store );
124
125 foreach ( [
126 'config' => '$options[\'config\'] must be an instance of Config',
127 'logger' => '$options[\'logger\'] must be an instance of LoggerInterface',
128 'store' => '$options[\'store\'] must be an instance of BagOStuff',
129 ] as $key => $error ) {
130 try {
131 new SessionManager( [ $key => new \stdClass ] );
132 $this->fail( 'Expected exception not thrown' );
133 } catch ( \InvalidArgumentException $ex ) {
134 $this->assertSame( $error, $ex->getMessage() );
135 }
136 }
137 }
138
139 public function testGetSessionForRequest() {
140 $manager = $this->getManager();
141 $request = new \FauxRequest();
142 $request->unpersist1 = false;
143 $request->unpersist2 = false;
144
145 $id1 = '';
146 $id2 = '';
147 $idEmpty = 'empty-session-------------------';
148
149 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
150 ->setMethods(
151 [ 'provideSessionInfo', 'newSessionInfo', '__toString', 'describe', 'unpersistSession' ]
152 );
153
154 $provider1 = $providerBuilder->getMock();
155 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
156 ->with( $this->identicalTo( $request ) )
157 ->will( $this->returnCallback( function ( $request ) {
158 return $request->info1;
159 } ) );
160 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
161 ->will( $this->returnCallback( function () use ( $idEmpty, $provider1 ) {
162 return new SessionInfo( SessionInfo::MIN_PRIORITY, [
163 'provider' => $provider1,
164 'id' => $idEmpty,
165 'persisted' => true,
166 'idIsSafe' => true,
167 ] );
168 } ) );
169 $provider1->expects( $this->any() )->method( '__toString' )
170 ->will( $this->returnValue( 'Provider1' ) );
171 $provider1->expects( $this->any() )->method( 'describe' )
172 ->will( $this->returnValue( '#1 sessions' ) );
173 $provider1->expects( $this->any() )->method( 'unpersistSession' )
174 ->will( $this->returnCallback( function ( $request ) {
175 $request->unpersist1 = true;
176 } ) );
177
178 $provider2 = $providerBuilder->getMock();
179 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
180 ->with( $this->identicalTo( $request ) )
181 ->will( $this->returnCallback( function ( $request ) {
182 return $request->info2;
183 } ) );
184 $provider2->expects( $this->any() )->method( '__toString' )
185 ->will( $this->returnValue( 'Provider2' ) );
186 $provider2->expects( $this->any() )->method( 'describe' )
187 ->will( $this->returnValue( '#2 sessions' ) );
188 $provider2->expects( $this->any() )->method( 'unpersistSession' )
189 ->will( $this->returnCallback( function ( $request ) {
190 $request->unpersist2 = true;
191 } ) );
192
193 $this->config->set( 'SessionProviders', [
194 $this->objectCacheDef( $provider1 ),
195 $this->objectCacheDef( $provider2 ),
196 ] );
197
198 // No provider returns info
199 $request->info1 = null;
200 $request->info2 = null;
201 $session = $manager->getSessionForRequest( $request );
202 $this->assertInstanceOf( Session::class, $session );
203 $this->assertSame( $idEmpty, $session->getId() );
204 $this->assertFalse( $request->unpersist1 );
205 $this->assertFalse( $request->unpersist2 );
206
207 // Both providers return info, picks best one
208 $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
209 'provider' => $provider1,
210 'id' => ( $id1 = $manager->generateSessionId() ),
211 'persisted' => true,
212 'idIsSafe' => true,
213 ] );
214 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
215 'provider' => $provider2,
216 'id' => ( $id2 = $manager->generateSessionId() ),
217 'persisted' => true,
218 'idIsSafe' => true,
219 ] );
220 $session = $manager->getSessionForRequest( $request );
221 $this->assertInstanceOf( Session::class, $session );
222 $this->assertSame( $id2, $session->getId() );
223 $this->assertFalse( $request->unpersist1 );
224 $this->assertFalse( $request->unpersist2 );
225
226 $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
227 'provider' => $provider1,
228 'id' => ( $id1 = $manager->generateSessionId() ),
229 'persisted' => true,
230 'idIsSafe' => true,
231 ] );
232 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
233 'provider' => $provider2,
234 'id' => ( $id2 = $manager->generateSessionId() ),
235 'persisted' => true,
236 'idIsSafe' => true,
237 ] );
238 $session = $manager->getSessionForRequest( $request );
239 $this->assertInstanceOf( Session::class, $session );
240 $this->assertSame( $id1, $session->getId() );
241 $this->assertFalse( $request->unpersist1 );
242 $this->assertFalse( $request->unpersist2 );
243
244 // Tied priorities
245 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
246 'provider' => $provider1,
247 'id' => ( $id1 = $manager->generateSessionId() ),
248 'persisted' => true,
249 'userInfo' => UserInfo::newAnonymous(),
250 'idIsSafe' => true,
251 ] );
252 $request->info2 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
253 'provider' => $provider2,
254 'id' => ( $id2 = $manager->generateSessionId() ),
255 'persisted' => true,
256 'userInfo' => UserInfo::newAnonymous(),
257 'idIsSafe' => true,
258 ] );
259 try {
260 $manager->getSessionForRequest( $request );
261 $this->fail( 'Expcected exception not thrown' );
262 } catch ( \OverflowException $ex ) {
263 $this->assertStringStartsWith(
264 'Multiple sessions for this request tied for top priority: ',
265 $ex->getMessage()
266 );
267 $this->assertCount( 2, $ex->sessionInfos );
268 $this->assertContains( $request->info1, $ex->sessionInfos );
269 $this->assertContains( $request->info2, $ex->sessionInfos );
270 }
271 $this->assertFalse( $request->unpersist1 );
272 $this->assertFalse( $request->unpersist2 );
273
274 // Bad provider
275 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
276 'provider' => $provider2,
277 'id' => ( $id1 = $manager->generateSessionId() ),
278 'persisted' => true,
279 'idIsSafe' => true,
280 ] );
281 $request->info2 = null;
282 try {
283 $manager->getSessionForRequest( $request );
284 $this->fail( 'Expcected exception not thrown' );
285 } catch ( \UnexpectedValueException $ex ) {
286 $this->assertSame(
287 'Provider1 returned session info for a different provider: ' . $request->info1,
288 $ex->getMessage()
289 );
290 }
291 $this->assertFalse( $request->unpersist1 );
292 $this->assertFalse( $request->unpersist2 );
293
294 // Unusable session info
295 $this->logger->setCollect( true );
296 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
297 'provider' => $provider1,
298 'id' => ( $id1 = $manager->generateSessionId() ),
299 'persisted' => true,
300 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
301 'idIsSafe' => true,
302 ] );
303 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
304 'provider' => $provider2,
305 'id' => ( $id2 = $manager->generateSessionId() ),
306 'persisted' => true,
307 'idIsSafe' => true,
308 ] );
309 $session = $manager->getSessionForRequest( $request );
310 $this->assertInstanceOf( Session::class, $session );
311 $this->assertSame( $id2, $session->getId() );
312 $this->logger->setCollect( false );
313 $this->assertTrue( $request->unpersist1 );
314 $this->assertFalse( $request->unpersist2 );
315 $request->unpersist1 = false;
316
317 $this->logger->setCollect( true );
318 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
319 'provider' => $provider1,
320 'id' => ( $id1 = $manager->generateSessionId() ),
321 'persisted' => true,
322 'idIsSafe' => true,
323 ] );
324 $request->info2 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
325 'provider' => $provider2,
326 'id' => ( $id2 = $manager->generateSessionId() ),
327 'persisted' => true,
328 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
329 'idIsSafe' => true,
330 ] );
331 $session = $manager->getSessionForRequest( $request );
332 $this->assertInstanceOf( Session::class, $session );
333 $this->assertSame( $id1, $session->getId() );
334 $this->logger->setCollect( false );
335 $this->assertFalse( $request->unpersist1 );
336 $this->assertTrue( $request->unpersist2 );
337 $request->unpersist2 = false;
338
339 // Unpersisted session ID
340 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
341 'provider' => $provider1,
342 'id' => ( $id1 = $manager->generateSessionId() ),
343 'persisted' => false,
344 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
345 'idIsSafe' => true,
346 ] );
347 $request->info2 = null;
348 $session = $manager->getSessionForRequest( $request );
349 $this->assertInstanceOf( Session::class, $session );
350 $this->assertSame( $id1, $session->getId() );
351 $this->assertTrue( $request->unpersist1 ); // The saving of the session does it
352 $this->assertFalse( $request->unpersist2 );
353 $session->persist();
354 $this->assertTrue( $session->isPersistent(), 'sanity check' );
355 }
356
357 public function testGetSessionById() {
358 $manager = $this->getManager();
359 try {
360 $manager->getSessionById( 'bad' );
361 $this->fail( 'Expected exception not thrown' );
362 } catch ( \InvalidArgumentException $ex ) {
363 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
364 }
365
366 // Unknown session ID
367 $id = $manager->generateSessionId();
368 $session = $manager->getSessionById( $id, true );
369 $this->assertInstanceOf( Session::class, $session );
370 $this->assertSame( $id, $session->getId() );
371
372 $id = $manager->generateSessionId();
373 $this->assertNull( $manager->getSessionById( $id, false ) );
374
375 // Known but unloadable session ID
376 $this->logger->setCollect( true );
377 $id = $manager->generateSessionId();
378 $this->store->setSession( $id, [ 'metadata' => [
379 'userId' => User::idFromName( 'UTSysop' ),
380 'userToken' => 'bad',
381 ] ] );
382
383 $this->assertNull( $manager->getSessionById( $id, true ) );
384 $this->assertNull( $manager->getSessionById( $id, false ) );
385 $this->logger->setCollect( false );
386
387 // Known session ID
388 $this->store->setSession( $id, [] );
389 $session = $manager->getSessionById( $id, false );
390 $this->assertInstanceOf( Session::class, $session );
391 $this->assertSame( $id, $session->getId() );
392
393 // Store isn't checked if the session is already loaded
394 $this->store->setSession( $id, [ 'metadata' => [
395 'userId' => User::idFromName( 'UTSysop' ),
396 'userToken' => 'bad',
397 ] ] );
398 $session2 = $manager->getSessionById( $id, false );
399 $this->assertInstanceOf( Session::class, $session2 );
400 $this->assertSame( $id, $session2->getId() );
401 unset( $session, $session2 );
402 $this->logger->setCollect( true );
403 $this->assertNull( $manager->getSessionById( $id, true ) );
404 $this->logger->setCollect( false );
405
406 // Failure to create an empty session
407 $manager = $this->getManager();
408 $provider = $this->getMockBuilder( \DummySessionProvider::class )
409 ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] )
410 ->getMock();
411 $provider->expects( $this->any() )->method( 'provideSessionInfo' )
412 ->will( $this->returnValue( null ) );
413 $provider->expects( $this->any() )->method( 'newSessionInfo' )
414 ->will( $this->returnValue( null ) );
415 $provider->expects( $this->any() )->method( '__toString' )
416 ->will( $this->returnValue( 'MockProvider' ) );
417 $this->config->set( 'SessionProviders', [
418 $this->objectCacheDef( $provider ),
419 ] );
420 $this->logger->setCollect( true );
421 $this->assertNull( $manager->getSessionById( $id, true ) );
422 $this->logger->setCollect( false );
423 $this->assertSame( [
424 [ LogLevel::ERROR, 'Failed to create empty session: {exception}' ]
425 ], $this->logger->getBuffer() );
426 }
427
428 public function testGetEmptySession() {
429 $manager = $this->getManager();
430 $pmanager = TestingAccessWrapper::newFromObject( $manager );
431 $request = new \FauxRequest();
432
433 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
434 ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] );
435
436 $expectId = null;
437 $info1 = null;
438 $info2 = null;
439
440 $provider1 = $providerBuilder->getMock();
441 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
442 ->will( $this->returnValue( null ) );
443 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
444 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
445 return $id === $expectId;
446 } ) )
447 ->will( $this->returnCallback( function () use ( &$info1 ) {
448 return $info1;
449 } ) );
450 $provider1->expects( $this->any() )->method( '__toString' )
451 ->will( $this->returnValue( 'MockProvider1' ) );
452
453 $provider2 = $providerBuilder->getMock();
454 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
455 ->will( $this->returnValue( null ) );
456 $provider2->expects( $this->any() )->method( 'newSessionInfo' )
457 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
458 return $id === $expectId;
459 } ) )
460 ->will( $this->returnCallback( function () use ( &$info2 ) {
461 return $info2;
462 } ) );
463 $provider1->expects( $this->any() )->method( '__toString' )
464 ->will( $this->returnValue( 'MockProvider2' ) );
465
466 $this->config->set( 'SessionProviders', [
467 $this->objectCacheDef( $provider1 ),
468 $this->objectCacheDef( $provider2 ),
469 ] );
470
471 // No info
472 $expectId = null;
473 $info1 = null;
474 $info2 = null;
475 try {
476 $manager->getEmptySession();
477 $this->fail( 'Expected exception not thrown' );
478 } catch ( \UnexpectedValueException $ex ) {
479 $this->assertSame(
480 'No provider could provide an empty session!',
481 $ex->getMessage()
482 );
483 }
484
485 // Info
486 $expectId = null;
487 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
488 'provider' => $provider1,
489 'id' => 'empty---------------------------',
490 'persisted' => true,
491 'idIsSafe' => true,
492 ] );
493 $info2 = null;
494 $session = $manager->getEmptySession();
495 $this->assertInstanceOf( Session::class, $session );
496 $this->assertSame( 'empty---------------------------', $session->getId() );
497
498 // Info, explicitly
499 $expectId = 'expected------------------------';
500 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
501 'provider' => $provider1,
502 'id' => $expectId,
503 'persisted' => true,
504 'idIsSafe' => true,
505 ] );
506 $info2 = null;
507 $session = $pmanager->getEmptySessionInternal( null, $expectId );
508 $this->assertInstanceOf( Session::class, $session );
509 $this->assertSame( $expectId, $session->getId() );
510
511 // Wrong ID
512 $expectId = 'expected-----------------------2';
513 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
514 'provider' => $provider1,
515 'id' => "un$expectId",
516 'persisted' => true,
517 'idIsSafe' => true,
518 ] );
519 $info2 = null;
520 try {
521 $pmanager->getEmptySessionInternal( null, $expectId );
522 $this->fail( 'Expected exception not thrown' );
523 } catch ( \UnexpectedValueException $ex ) {
524 $this->assertSame(
525 'MockProvider1 returned empty session info with a wrong id: ' .
526 "un$expectId != $expectId",
527 $ex->getMessage()
528 );
529 }
530
531 // Unsafe ID
532 $expectId = 'expected-----------------------2';
533 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
534 'provider' => $provider1,
535 'id' => $expectId,
536 'persisted' => true,
537 ] );
538 $info2 = null;
539 try {
540 $pmanager->getEmptySessionInternal( null, $expectId );
541 $this->fail( 'Expected exception not thrown' );
542 } catch ( \UnexpectedValueException $ex ) {
543 $this->assertSame(
544 'MockProvider1 returned empty session info with id flagged unsafe',
545 $ex->getMessage()
546 );
547 }
548
549 // Wrong provider
550 $expectId = null;
551 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
552 'provider' => $provider2,
553 'id' => 'empty---------------------------',
554 'persisted' => true,
555 'idIsSafe' => true,
556 ] );
557 $info2 = null;
558 try {
559 $manager->getEmptySession();
560 $this->fail( 'Expected exception not thrown' );
561 } catch ( \UnexpectedValueException $ex ) {
562 $this->assertSame(
563 'MockProvider1 returned an empty session info for a different provider: ' . $info1,
564 $ex->getMessage()
565 );
566 }
567
568 // Highest priority wins
569 $expectId = null;
570 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
571 'provider' => $provider1,
572 'id' => 'empty1--------------------------',
573 'persisted' => true,
574 'idIsSafe' => true,
575 ] );
576 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
577 'provider' => $provider2,
578 'id' => 'empty2--------------------------',
579 'persisted' => true,
580 'idIsSafe' => true,
581 ] );
582 $session = $manager->getEmptySession();
583 $this->assertInstanceOf( Session::class, $session );
584 $this->assertSame( 'empty1--------------------------', $session->getId() );
585
586 $expectId = null;
587 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
588 'provider' => $provider1,
589 'id' => 'empty1--------------------------',
590 'persisted' => true,
591 'idIsSafe' => true,
592 ] );
593 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
594 'provider' => $provider2,
595 'id' => 'empty2--------------------------',
596 'persisted' => true,
597 'idIsSafe' => true,
598 ] );
599 $session = $manager->getEmptySession();
600 $this->assertInstanceOf( Session::class, $session );
601 $this->assertSame( 'empty2--------------------------', $session->getId() );
602
603 // Tied priorities throw an exception
604 $expectId = null;
605 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
606 'provider' => $provider1,
607 'id' => 'empty1--------------------------',
608 'persisted' => true,
609 'userInfo' => UserInfo::newAnonymous(),
610 'idIsSafe' => true,
611 ] );
612 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
613 'provider' => $provider2,
614 'id' => 'empty2--------------------------',
615 'persisted' => true,
616 'userInfo' => UserInfo::newAnonymous(),
617 'idIsSafe' => true,
618 ] );
619 try {
620 $manager->getEmptySession();
621 $this->fail( 'Expected exception not thrown' );
622 } catch ( \UnexpectedValueException $ex ) {
623 $this->assertStringStartsWith(
624 'Multiple empty sessions tied for top priority: ',
625 $ex->getMessage()
626 );
627 }
628
629 // Bad id
630 try {
631 $pmanager->getEmptySessionInternal( null, 'bad' );
632 $this->fail( 'Expected exception not thrown' );
633 } catch ( \InvalidArgumentException $ex ) {
634 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
635 }
636
637 // Session already exists
638 $expectId = 'expected-----------------------3';
639 $this->store->setSessionMeta( $expectId, [
640 'provider' => 'MockProvider2',
641 'userId' => 0,
642 'userName' => null,
643 'userToken' => null,
644 ] );
645 try {
646 $pmanager->getEmptySessionInternal( null, $expectId );
647 $this->fail( 'Expected exception not thrown' );
648 } catch ( \InvalidArgumentException $ex ) {
649 $this->assertSame( 'Session ID already exists', $ex->getMessage() );
650 }
651 }
652
653 public function testInvalidateSessionsForUser() {
654 $user = User::newFromName( 'UTSysop' );
655 $manager = $this->getManager();
656
657 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
658 ->setMethods( [ 'invalidateSessionsForUser', '__toString' ] );
659
660 $provider1 = $providerBuilder->getMock();
661 $provider1->expects( $this->once() )->method( 'invalidateSessionsForUser' )
662 ->with( $this->identicalTo( $user ) );
663 $provider1->expects( $this->any() )->method( '__toString' )
664 ->will( $this->returnValue( 'MockProvider1' ) );
665
666 $provider2 = $providerBuilder->getMock();
667 $provider2->expects( $this->once() )->method( 'invalidateSessionsForUser' )
668 ->with( $this->identicalTo( $user ) );
669 $provider2->expects( $this->any() )->method( '__toString' )
670 ->will( $this->returnValue( 'MockProvider2' ) );
671
672 $this->config->set( 'SessionProviders', [
673 $this->objectCacheDef( $provider1 ),
674 $this->objectCacheDef( $provider2 ),
675 ] );
676
677 $oldToken = $user->getToken( true );
678 $manager->invalidateSessionsForUser( $user );
679 $this->assertNotEquals( $oldToken, $user->getToken() );
680 }
681
682 public function testGetVaryHeaders() {
683 $manager = $this->getManager();
684
685 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
686 ->setMethods( [ 'getVaryHeaders', '__toString' ] );
687
688 $provider1 = $providerBuilder->getMock();
689 $provider1->expects( $this->once() )->method( 'getVaryHeaders' )
690 ->will( $this->returnValue( [
691 'Foo' => null,
692 'Bar' => [ 'X', 'Bar1' ],
693 'Quux' => null,
694 ] ) );
695 $provider1->expects( $this->any() )->method( '__toString' )
696 ->will( $this->returnValue( 'MockProvider1' ) );
697
698 $provider2 = $providerBuilder->getMock();
699 $provider2->expects( $this->once() )->method( 'getVaryHeaders' )
700 ->will( $this->returnValue( [
701 'Baz' => null,
702 'Bar' => [ 'X', 'Bar2' ],
703 'Quux' => [ 'Quux' ],
704 ] ) );
705 $provider2->expects( $this->any() )->method( '__toString' )
706 ->will( $this->returnValue( 'MockProvider2' ) );
707
708 $this->config->set( 'SessionProviders', [
709 $this->objectCacheDef( $provider1 ),
710 $this->objectCacheDef( $provider2 ),
711 ] );
712
713 $expect = [
714 'Foo' => [],
715 'Bar' => [ 'X', 'Bar1', 3 => 'Bar2' ],
716 'Quux' => [ 'Quux' ],
717 'Baz' => [],
718 ];
719
720 $this->assertEquals( $expect, $manager->getVaryHeaders() );
721
722 // Again, to ensure it's cached
723 $this->assertEquals( $expect, $manager->getVaryHeaders() );
724 }
725
726 public function testGetVaryCookies() {
727 $manager = $this->getManager();
728
729 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
730 ->setMethods( [ 'getVaryCookies', '__toString' ] );
731
732 $provider1 = $providerBuilder->getMock();
733 $provider1->expects( $this->once() )->method( 'getVaryCookies' )
734 ->will( $this->returnValue( [ 'Foo', 'Bar' ] ) );
735 $provider1->expects( $this->any() )->method( '__toString' )
736 ->will( $this->returnValue( 'MockProvider1' ) );
737
738 $provider2 = $providerBuilder->getMock();
739 $provider2->expects( $this->once() )->method( 'getVaryCookies' )
740 ->will( $this->returnValue( [ 'Foo', 'Baz' ] ) );
741 $provider2->expects( $this->any() )->method( '__toString' )
742 ->will( $this->returnValue( 'MockProvider2' ) );
743
744 $this->config->set( 'SessionProviders', [
745 $this->objectCacheDef( $provider1 ),
746 $this->objectCacheDef( $provider2 ),
747 ] );
748
749 $expect = [ 'Foo', 'Bar', 'Baz' ];
750
751 $this->assertEquals( $expect, $manager->getVaryCookies() );
752
753 // Again, to ensure it's cached
754 $this->assertEquals( $expect, $manager->getVaryCookies() );
755 }
756
757 public function testGetProviders() {
758 $realManager = $this->getManager();
759 $manager = TestingAccessWrapper::newFromObject( $realManager );
760
761 $this->config->set( 'SessionProviders', [
762 [ 'class' => \DummySessionProvider::class ],
763 ] );
764 $providers = $manager->getProviders();
765 $this->assertArrayHasKey( 'DummySessionProvider', $providers );
766 $provider = TestingAccessWrapper::newFromObject( $providers['DummySessionProvider'] );
767 $this->assertSame( $manager->logger, $provider->logger );
768 $this->assertSame( $manager->config, $provider->config );
769 $this->assertSame( $realManager, $provider->getManager() );
770
771 $this->config->set( 'SessionProviders', [
772 [ 'class' => \DummySessionProvider::class ],
773 [ 'class' => \DummySessionProvider::class ],
774 ] );
775 $manager->sessionProviders = null;
776 try {
777 $manager->getProviders();
778 $this->fail( 'Expected exception not thrown' );
779 } catch ( \UnexpectedValueException $ex ) {
780 $this->assertSame(
781 'Duplicate provider name "DummySessionProvider"',
782 $ex->getMessage()
783 );
784 }
785 }
786
787 public function testShutdown() {
788 $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
789 $manager->setLogger( new \Psr\Log\NullLogger() );
790
791 $mock = $this->getMockBuilder( stdClass::class )
792 ->setMethods( [ 'shutdown' ] )->getMock();
793 $mock->expects( $this->once() )->method( 'shutdown' );
794
795 $manager->allSessionBackends = [ $mock ];
796 $manager->shutdown();
797 }
798
799 public function testGetSessionFromInfo() {
800 $manager = TestingAccessWrapper::newFromObject( $this->getManager() );
801 $request = new \FauxRequest();
802
803 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
804
805 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
806 'provider' => $manager->getProvider( 'DummySessionProvider' ),
807 'id' => $id,
808 'persisted' => true,
809 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
810 'idIsSafe' => true,
811 ] );
812 TestingAccessWrapper::newFromObject( $info )->idIsSafe = true;
813 $session1 = TestingAccessWrapper::newFromObject(
814 $manager->getSessionFromInfo( $info, $request )
815 );
816 $session2 = TestingAccessWrapper::newFromObject(
817 $manager->getSessionFromInfo( $info, $request )
818 );
819
820 $this->assertSame( $session1->backend, $session2->backend );
821 $this->assertNotEquals( $session1->index, $session2->index );
822 $this->assertSame( $session1->getSessionId(), $session2->getSessionId() );
823 $this->assertSame( $id, $session1->getId() );
824
825 TestingAccessWrapper::newFromObject( $info )->idIsSafe = false;
826 $session3 = $manager->getSessionFromInfo( $info, $request );
827 $this->assertNotSame( $id, $session3->getId() );
828 }
829
830 public function testBackendRegistration() {
831 $manager = $this->getManager();
832
833 $session = $manager->getSessionForRequest( new \FauxRequest );
834 $backend = TestingAccessWrapper::newFromObject( $session )->backend;
835 $sessionId = $session->getSessionId();
836 $id = (string)$sessionId;
837
838 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
839
840 $manager->changeBackendId( $backend );
841 $this->assertSame( $sessionId, $session->getSessionId() );
842 $this->assertNotEquals( $id, (string)$sessionId );
843 $id = (string)$sessionId;
844
845 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
846
847 // Destruction of the session here causes the backend to be deregistered
848 $session = null;
849
850 try {
851 $manager->changeBackendId( $backend );
852 $this->fail( 'Expected exception not thrown' );
853 } catch ( \InvalidArgumentException $ex ) {
854 $this->assertSame(
855 'Backend was not registered with this SessionManager', $ex->getMessage()
856 );
857 }
858
859 try {
860 $manager->deregisterSessionBackend( $backend );
861 $this->fail( 'Expected exception not thrown' );
862 } catch ( \InvalidArgumentException $ex ) {
863 $this->assertSame(
864 'Backend was not registered with this SessionManager', $ex->getMessage()
865 );
866 }
867
868 $session = $manager->getSessionById( $id, true );
869 $this->assertSame( $sessionId, $session->getSessionId() );
870 }
871
872 public function testGenerateSessionId() {
873 $manager = $this->getManager();
874
875 $id = $manager->generateSessionId();
876 $this->assertTrue( SessionManager::validateSessionId( $id ), "Generated ID: $id" );
877 }
878
879 public function testPreventSessionsForUser() {
880 $manager = $this->getManager();
881
882 $providerBuilder = $this->getMockBuilder( \DummySessionProvider::class )
883 ->setMethods( [ 'preventSessionsForUser', '__toString' ] );
884
885 $provider1 = $providerBuilder->getMock();
886 $provider1->expects( $this->once() )->method( 'preventSessionsForUser' )
887 ->with( $this->equalTo( 'UTSysop' ) );
888 $provider1->expects( $this->any() )->method( '__toString' )
889 ->will( $this->returnValue( 'MockProvider1' ) );
890
891 $this->config->set( 'SessionProviders', [
892 $this->objectCacheDef( $provider1 ),
893 ] );
894
895 $this->assertFalse( $manager->isUserSessionPrevented( 'UTSysop' ) );
896 $manager->preventSessionsForUser( 'UTSysop' );
897 $this->assertTrue( $manager->isUserSessionPrevented( 'UTSysop' ) );
898 }
899
900 public function testLoadSessionInfoFromStore() {
901 $manager = $this->getManager();
902 $logger = new \TestLogger( true );
903 $manager->setLogger( $logger );
904 $request = new \FauxRequest();
905
906 // TestingAccessWrapper can't handle methods with reference arguments, sigh.
907 $rClass = new \ReflectionClass( $manager );
908 $rMethod = $rClass->getMethod( 'loadSessionInfoFromStore' );
909 $rMethod->setAccessible( true );
910 $loadSessionInfoFromStore = function ( &$info ) use ( $rMethod, $manager, $request ) {
911 return $rMethod->invokeArgs( $manager, [ &$info, $request ] );
912 };
913
914 $userInfo = UserInfo::newFromName( 'UTSysop', true );
915 $unverifiedUserInfo = UserInfo::newFromName( 'UTSysop', false );
916
917 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
918 $metadata = [
919 'userId' => $userInfo->getId(),
920 'userName' => $userInfo->getName(),
921 'userToken' => $userInfo->getToken( true ),
922 'provider' => 'Mock',
923 ];
924
925 $builder = $this->getMockBuilder( SessionProvider::class )
926 ->setMethods( [ '__toString', 'mergeMetadata', 'refreshSessionInfo' ] );
927
928 $provider = $builder->getMockForAbstractClass();
929 $provider->setManager( $manager );
930 $provider->expects( $this->any() )->method( 'persistsSessionId' )
931 ->will( $this->returnValue( true ) );
932 $provider->expects( $this->any() )->method( 'canChangeUser' )
933 ->will( $this->returnValue( true ) );
934 $provider->expects( $this->any() )->method( 'refreshSessionInfo' )
935 ->will( $this->returnValue( true ) );
936 $provider->expects( $this->any() )->method( '__toString' )
937 ->will( $this->returnValue( 'Mock' ) );
938 $provider->expects( $this->any() )->method( 'mergeMetadata' )
939 ->will( $this->returnCallback( function ( $a, $b ) {
940 if ( $b === [ 'Throw' ] ) {
941 throw new MetadataMergeException( 'no merge!' );
942 }
943 return [ 'Merged' ];
944 } ) );
945
946 $provider2 = $builder->getMockForAbstractClass();
947 $provider2->setManager( $manager );
948 $provider2->expects( $this->any() )->method( 'persistsSessionId' )
949 ->will( $this->returnValue( false ) );
950 $provider2->expects( $this->any() )->method( 'canChangeUser' )
951 ->will( $this->returnValue( false ) );
952 $provider2->expects( $this->any() )->method( '__toString' )
953 ->will( $this->returnValue( 'Mock2' ) );
954 $provider2->expects( $this->any() )->method( 'refreshSessionInfo' )
955 ->will( $this->returnCallback( function ( $info, $request, &$metadata ) {
956 $metadata['changed'] = true;
957 return true;
958 } ) );
959
960 $provider3 = $builder->getMockForAbstractClass();
961 $provider3->setManager( $manager );
962 $provider3->expects( $this->any() )->method( 'persistsSessionId' )
963 ->will( $this->returnValue( true ) );
964 $provider3->expects( $this->any() )->method( 'canChangeUser' )
965 ->will( $this->returnValue( true ) );
966 $provider3->expects( $this->once() )->method( 'refreshSessionInfo' )
967 ->will( $this->returnValue( false ) );
968 $provider3->expects( $this->any() )->method( '__toString' )
969 ->will( $this->returnValue( 'Mock3' ) );
970
971 TestingAccessWrapper::newFromObject( $manager )->sessionProviders = [
972 (string)$provider => $provider,
973 (string)$provider2 => $provider2,
974 (string)$provider3 => $provider3,
975 ];
976
977 // No metadata, basic usage
978 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
979 'provider' => $provider,
980 'id' => $id,
981 'userInfo' => $userInfo
982 ] );
983 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
984 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
985 $this->assertFalse( $info->isIdSafe() );
986 $this->assertSame( [], $logger->getBuffer() );
987
988 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
989 'provider' => $provider,
990 'userInfo' => $userInfo
991 ] );
992 $this->assertTrue( $info->isIdSafe(), 'sanity check' );
993 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
994 $this->assertTrue( $info->isIdSafe() );
995 $this->assertSame( [], $logger->getBuffer() );
996
997 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
998 'provider' => $provider2,
999 'id' => $id,
1000 'userInfo' => $userInfo
1001 ] );
1002 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1003 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1004 $this->assertTrue( $info->isIdSafe() );
1005 $this->assertSame( [], $logger->getBuffer() );
1006
1007 // Unverified user, no metadata
1008 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1009 'provider' => $provider,
1010 'id' => $id,
1011 'userInfo' => $unverifiedUserInfo
1012 ] );
1013 $this->assertSame( $unverifiedUserInfo, $info->getUserInfo() );
1014 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1015 $this->assertSame( [
1016 [
1017 LogLevel::INFO,
1018 'Session "{session}": Unverified user provided and no metadata to auth it',
1019 ]
1020 ], $logger->getBuffer() );
1021 $logger->clearBuffer();
1022
1023 // No metadata, missing data
1024 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1025 'id' => $id,
1026 'userInfo' => $userInfo
1027 ] );
1028 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1029 $this->assertSame( [
1030 [ LogLevel::WARNING, 'Session "{session}": Null provider and no metadata' ],
1031 ], $logger->getBuffer() );
1032 $logger->clearBuffer();
1033
1034 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1035 'provider' => $provider,
1036 'id' => $id,
1037 ] );
1038 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1039 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1040 $this->assertInstanceOf( UserInfo::class, $info->getUserInfo() );
1041 $this->assertTrue( $info->getUserInfo()->isVerified() );
1042 $this->assertTrue( $info->getUserInfo()->isAnon() );
1043 $this->assertFalse( $info->isIdSafe() );
1044 $this->assertSame( [], $logger->getBuffer() );
1045
1046 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1047 'provider' => $provider2,
1048 'id' => $id,
1049 ] );
1050 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1051 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1052 $this->assertSame( [
1053 [ LogLevel::INFO, 'Session "{session}": No user provided and provider cannot set user' ]
1054 ], $logger->getBuffer() );
1055 $logger->clearBuffer();
1056
1057 // Incomplete/bad metadata
1058 $this->store->setRawSession( $id, true );
1059 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1060 $this->assertSame( [
1061 [ LogLevel::WARNING, 'Session "{session}": Bad data' ],
1062 ], $logger->getBuffer() );
1063 $logger->clearBuffer();
1064
1065 $this->store->setRawSession( $id, [ 'data' => [] ] );
1066 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1067 $this->assertSame( [
1068 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1069 ], $logger->getBuffer() );
1070 $logger->clearBuffer();
1071
1072 $this->store->deleteSession( $id );
1073 $this->store->setRawSession( $id, [ 'metadata' => $metadata ] );
1074 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1075 $this->assertSame( [
1076 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1077 ], $logger->getBuffer() );
1078 $logger->clearBuffer();
1079
1080 $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => true ] );
1081 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1082 $this->assertSame( [
1083 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1084 ], $logger->getBuffer() );
1085 $logger->clearBuffer();
1086
1087 $this->store->setRawSession( $id, [ 'metadata' => true, 'data' => [] ] );
1088 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1089 $this->assertSame( [
1090 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1091 ], $logger->getBuffer() );
1092 $logger->clearBuffer();
1093
1094 foreach ( $metadata as $key => $dummy ) {
1095 $tmp = $metadata;
1096 unset( $tmp[$key] );
1097 $this->store->setRawSession( $id, [ 'metadata' => $tmp, 'data' => [] ] );
1098 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1099 $this->assertSame( [
1100 [ LogLevel::WARNING, 'Session "{session}": Bad metadata' ],
1101 ], $logger->getBuffer() );
1102 $logger->clearBuffer();
1103 }
1104
1105 // Basic usage with metadata
1106 $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => [] ] );
1107 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1108 'provider' => $provider,
1109 'id' => $id,
1110 'userInfo' => $userInfo
1111 ] );
1112 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1113 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1114 $this->assertTrue( $info->isIdSafe() );
1115 $this->assertSame( [], $logger->getBuffer() );
1116
1117 // Mismatched provider
1118 $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1119 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1120 'provider' => $provider,
1121 'id' => $id,
1122 'userInfo' => $userInfo
1123 ] );
1124 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1125 $this->assertSame( [
1126 [ LogLevel::WARNING, 'Session "{session}": Wrong provider Bad !== Mock' ],
1127 ], $logger->getBuffer() );
1128 $logger->clearBuffer();
1129
1130 // Unknown provider
1131 $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1132 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1133 'id' => $id,
1134 'userInfo' => $userInfo
1135 ] );
1136 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1137 $this->assertSame( [
1138 [ LogLevel::WARNING, 'Session "{session}": Unknown provider Bad' ],
1139 ], $logger->getBuffer() );
1140 $logger->clearBuffer();
1141
1142 // Fill in provider
1143 $this->store->setSessionMeta( $id, $metadata );
1144 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1145 'id' => $id,
1146 'userInfo' => $userInfo
1147 ] );
1148 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1149 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1150 $this->assertTrue( $info->isIdSafe() );
1151 $this->assertSame( [], $logger->getBuffer() );
1152
1153 // Bad user metadata
1154 $this->store->setSessionMeta( $id, [ 'userId' => -1, 'userToken' => null ] + $metadata );
1155 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1156 'provider' => $provider,
1157 'id' => $id,
1158 ] );
1159 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1160 $this->assertSame( [
1161 [ LogLevel::ERROR, 'Session "{session}": {exception}' ],
1162 ], $logger->getBuffer() );
1163 $logger->clearBuffer();
1164
1165 $this->store->setSessionMeta(
1166 $id, [ 'userId' => 0, 'userName' => '<X>', 'userToken' => null ] + $metadata
1167 );
1168 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1169 'provider' => $provider,
1170 'id' => $id,
1171 ] );
1172 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1173 $this->assertSame( [
1174 [ LogLevel::ERROR, 'Session "{session}": {exception}', ],
1175 ], $logger->getBuffer() );
1176 $logger->clearBuffer();
1177
1178 // Mismatched user by ID
1179 $this->store->setSessionMeta(
1180 $id, [ 'userId' => $userInfo->getId() + 1, 'userToken' => null ] + $metadata
1181 );
1182 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1183 'provider' => $provider,
1184 'id' => $id,
1185 'userInfo' => $userInfo
1186 ] );
1187 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1188 $this->assertSame( [
1189 [ LogLevel::WARNING, 'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}' ],
1190 ], $logger->getBuffer() );
1191 $logger->clearBuffer();
1192
1193 // Mismatched user by name
1194 $this->store->setSessionMeta(
1195 $id, [ 'userId' => 0, 'userName' => 'X', 'userToken' => null ] + $metadata
1196 );
1197 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1198 'provider' => $provider,
1199 'id' => $id,
1200 'userInfo' => $userInfo
1201 ] );
1202 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1203 $this->assertSame( [
1204 [ LogLevel::WARNING, 'Session "{session}": User name mismatch, {uname_a} !== {uname_b}' ],
1205 ], $logger->getBuffer() );
1206 $logger->clearBuffer();
1207
1208 // ID matches, name doesn't
1209 $this->store->setSessionMeta(
1210 $id, [ 'userId' => $userInfo->getId(), 'userName' => 'X', 'userToken' => null ] + $metadata
1211 );
1212 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1213 'provider' => $provider,
1214 'id' => $id,
1215 'userInfo' => $userInfo
1216 ] );
1217 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1218 $this->assertSame( [
1219 [
1220 LogLevel::WARNING,
1221 'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}'
1222 ],
1223 ], $logger->getBuffer() );
1224 $logger->clearBuffer();
1225
1226 // Mismatched anon user
1227 $this->store->setSessionMeta(
1228 $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1229 );
1230 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1231 'provider' => $provider,
1232 'id' => $id,
1233 'userInfo' => $userInfo
1234 ] );
1235 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1236 $this->assertSame( [
1237 [
1238 LogLevel::WARNING,
1239 'Session "{session}": Metadata has an anonymous user, ' .
1240 'but a non-anon user was provided',
1241 ],
1242 ], $logger->getBuffer() );
1243 $logger->clearBuffer();
1244
1245 // Lookup user by ID
1246 $this->store->setSessionMeta( $id, [ 'userToken' => null ] + $metadata );
1247 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1248 'provider' => $provider,
1249 'id' => $id,
1250 ] );
1251 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1252 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1253 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1254 $this->assertTrue( $info->isIdSafe() );
1255 $this->assertSame( [], $logger->getBuffer() );
1256
1257 // Lookup user by name
1258 $this->store->setSessionMeta(
1259 $id, [ 'userId' => 0, 'userName' => 'UTSysop', 'userToken' => null ] + $metadata
1260 );
1261 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1262 'provider' => $provider,
1263 'id' => $id,
1264 ] );
1265 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1266 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1267 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1268 $this->assertTrue( $info->isIdSafe() );
1269 $this->assertSame( [], $logger->getBuffer() );
1270
1271 // Lookup anonymous user
1272 $this->store->setSessionMeta(
1273 $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1274 );
1275 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1276 'provider' => $provider,
1277 'id' => $id,
1278 ] );
1279 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1280 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1281 $this->assertTrue( $info->getUserInfo()->isAnon() );
1282 $this->assertTrue( $info->isIdSafe() );
1283 $this->assertSame( [], $logger->getBuffer() );
1284
1285 // Unverified user with metadata
1286 $this->store->setSessionMeta( $id, $metadata );
1287 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1288 'provider' => $provider,
1289 'id' => $id,
1290 'userInfo' => $unverifiedUserInfo
1291 ] );
1292 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1293 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1294 $this->assertTrue( $info->getUserInfo()->isVerified() );
1295 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1296 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1297 $this->assertTrue( $info->isIdSafe() );
1298 $this->assertSame( [], $logger->getBuffer() );
1299
1300 // Unverified user with metadata
1301 $this->store->setSessionMeta( $id, $metadata );
1302 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1303 'provider' => $provider,
1304 'id' => $id,
1305 'userInfo' => $unverifiedUserInfo
1306 ] );
1307 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1308 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1309 $this->assertTrue( $info->getUserInfo()->isVerified() );
1310 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1311 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1312 $this->assertTrue( $info->isIdSafe() );
1313 $this->assertSame( [], $logger->getBuffer() );
1314
1315 // Wrong token
1316 $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1317 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1318 'provider' => $provider,
1319 'id' => $id,
1320 'userInfo' => $userInfo
1321 ] );
1322 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1323 $this->assertSame( [
1324 [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1325 ], $logger->getBuffer() );
1326 $logger->clearBuffer();
1327
1328 // Provider metadata
1329 $this->store->setSessionMeta( $id, [ 'provider' => 'Mock2' ] + $metadata );
1330 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1331 'provider' => $provider2,
1332 'id' => $id,
1333 'userInfo' => $userInfo,
1334 'metadata' => [ 'Info' ],
1335 ] );
1336 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1337 $this->assertSame( [ 'Info', 'changed' => true ], $info->getProviderMetadata() );
1338 $this->assertSame( [], $logger->getBuffer() );
1339
1340 $this->store->setSessionMeta( $id, [ 'providerMetadata' => [ 'Saved' ] ] + $metadata );
1341 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1342 'provider' => $provider,
1343 'id' => $id,
1344 'userInfo' => $userInfo,
1345 ] );
1346 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1347 $this->assertSame( [ 'Saved' ], $info->getProviderMetadata() );
1348 $this->assertSame( [], $logger->getBuffer() );
1349
1350 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1351 'provider' => $provider,
1352 'id' => $id,
1353 'userInfo' => $userInfo,
1354 'metadata' => [ 'Info' ],
1355 ] );
1356 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1357 $this->assertSame( [ 'Merged' ], $info->getProviderMetadata() );
1358 $this->assertSame( [], $logger->getBuffer() );
1359
1360 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1361 'provider' => $provider,
1362 'id' => $id,
1363 'userInfo' => $userInfo,
1364 'metadata' => [ 'Throw' ],
1365 ] );
1366 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1367 $this->assertSame( [
1368 [
1369 LogLevel::WARNING,
1370 'Session "{session}": Metadata merge failed: {exception}',
1371 ],
1372 ], $logger->getBuffer() );
1373 $logger->clearBuffer();
1374
1375 // Remember from session
1376 $this->store->setSessionMeta( $id, $metadata );
1377 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1378 'provider' => $provider,
1379 'id' => $id,
1380 ] );
1381 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1382 $this->assertFalse( $info->wasRemembered() );
1383 $this->assertSame( [], $logger->getBuffer() );
1384
1385 $this->store->setSessionMeta( $id, [ 'remember' => true ] + $metadata );
1386 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1387 'provider' => $provider,
1388 'id' => $id,
1389 ] );
1390 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1391 $this->assertTrue( $info->wasRemembered() );
1392 $this->assertSame( [], $logger->getBuffer() );
1393
1394 $this->store->setSessionMeta( $id, [ 'remember' => false ] + $metadata );
1395 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1396 'provider' => $provider,
1397 'id' => $id,
1398 'userInfo' => $userInfo
1399 ] );
1400 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1401 $this->assertTrue( $info->wasRemembered() );
1402 $this->assertSame( [], $logger->getBuffer() );
1403
1404 // forceHTTPS from session
1405 $this->store->setSessionMeta( $id, $metadata );
1406 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1407 'provider' => $provider,
1408 'id' => $id,
1409 'userInfo' => $userInfo
1410 ] );
1411 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1412 $this->assertFalse( $info->forceHTTPS() );
1413 $this->assertSame( [], $logger->getBuffer() );
1414
1415 $this->store->setSessionMeta( $id, [ 'forceHTTPS' => true ] + $metadata );
1416 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1417 'provider' => $provider,
1418 'id' => $id,
1419 'userInfo' => $userInfo
1420 ] );
1421 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1422 $this->assertTrue( $info->forceHTTPS() );
1423 $this->assertSame( [], $logger->getBuffer() );
1424
1425 $this->store->setSessionMeta( $id, [ 'forceHTTPS' => false ] + $metadata );
1426 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1427 'provider' => $provider,
1428 'id' => $id,
1429 'userInfo' => $userInfo,
1430 'forceHTTPS' => true
1431 ] );
1432 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1433 $this->assertTrue( $info->forceHTTPS() );
1434 $this->assertSame( [], $logger->getBuffer() );
1435
1436 // "Persist" flag from session
1437 $this->store->setSessionMeta( $id, $metadata );
1438 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1439 'provider' => $provider,
1440 'id' => $id,
1441 'userInfo' => $userInfo
1442 ] );
1443 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1444 $this->assertFalse( $info->wasPersisted() );
1445 $this->assertSame( [], $logger->getBuffer() );
1446
1447 $this->store->setSessionMeta( $id, [ 'persisted' => true ] + $metadata );
1448 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1449 'provider' => $provider,
1450 'id' => $id,
1451 'userInfo' => $userInfo
1452 ] );
1453 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1454 $this->assertTrue( $info->wasPersisted() );
1455 $this->assertSame( [], $logger->getBuffer() );
1456
1457 $this->store->setSessionMeta( $id, [ 'persisted' => false ] + $metadata );
1458 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1459 'provider' => $provider,
1460 'id' => $id,
1461 'userInfo' => $userInfo,
1462 'persisted' => true
1463 ] );
1464 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1465 $this->assertTrue( $info->wasPersisted() );
1466 $this->assertSame( [], $logger->getBuffer() );
1467
1468 // Provider refreshSessionInfo() returning false
1469 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1470 'provider' => $provider3,
1471 ] );
1472 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1473 $this->assertSame( [], $logger->getBuffer() );
1474
1475 // Hook
1476 $called = false;
1477 $data = [ 'foo' => 1 ];
1478 $this->store->setSession( $id, [ 'metadata' => $metadata, 'data' => $data ] );
1479 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1480 'provider' => $provider,
1481 'id' => $id,
1482 'userInfo' => $userInfo
1483 ] );
1484 $this->mergeMwGlobalArrayValue( 'wgHooks', [
1485 'SessionCheckInfo' => [ function ( &$reason, $i, $r, $m, $d ) use (
1486 $info, $metadata, $data, $request, &$called
1487 ) {
1488 $this->assertSame( $info->getId(), $i->getId() );
1489 $this->assertSame( $info->getProvider(), $i->getProvider() );
1490 $this->assertSame( $info->getUserInfo(), $i->getUserInfo() );
1491 $this->assertSame( $request, $r );
1492 $this->assertEquals( $metadata, $m );
1493 $this->assertEquals( $data, $d );
1494 $called = true;
1495 return false;
1496 } ]
1497 ] );
1498 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1499 $this->assertTrue( $called );
1500 $this->assertSame( [
1501 [ LogLevel::WARNING, 'Session "{session}": Hook aborted' ],
1502 ], $logger->getBuffer() );
1503 $logger->clearBuffer();
1504 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'SessionCheckInfo' => [] ] );
1505
1506 // forceUse deletes bad backend data
1507 $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1508 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1509 'provider' => $provider,
1510 'id' => $id,
1511 'userInfo' => $userInfo,
1512 'forceUse' => true,
1513 ] );
1514 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1515 $this->assertFalse( $this->store->getSession( $id ) );
1516 $this->assertSame( [
1517 [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1518 ], $logger->getBuffer() );
1519 $logger->clearBuffer();
1520 }
1521}
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition APACHE-LICENSE-2.0.txt:10
will
</td >< td > &</td >< td > t want your writing to be edited mercilessly and redistributed at will
Definition All_system_messages.txt:1007
FauxRequest
WebRequest clone which takes values from a provided array.
Definition FauxRequest.php:33
HashConfig
A Config instance which stores all settings as a member variable.
Definition HashConfig.php:28
MediaWikiTestCase\mergeMwGlobalArrayValue
mergeMwGlobalArrayValue( $name, $values)
Merges the given values into a MW global array variable.
Definition MediaWikiTestCase.php:904
MediaWikiTestCase\$called
$called
$called tracks whether the setUp and tearDown method has been called.
Definition MediaWikiTestCase.php:47
MediaWiki\Session\MetadataMergeException
Subclass of UnexpectedValueException that can be annotated with additional data for debug logging.
Definition MetadataMergeException.php:35
MediaWiki\Session\PHPSessionHandler\isInstalled
static isInstalled()
Test whether the handler is installed.
Definition PHPSessionHandler.php:94
MediaWiki\Session\PHPSessionHandler\install
static install(SessionManager $manager)
Install a session handler for the current web request.
Definition PHPSessionHandler.php:110
MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition SessionInfo.php:34
MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition SessionInfo.php:36
MediaWiki\Session\SessionInfo\MAX_PRIORITY
const MAX_PRIORITY
Maximum allowed priority.
Definition SessionInfo.php:39
MediaWiki\Session\SessionManagerTest
Session Database MediaWiki\Session\SessionManager.
Definition SessionManagerTest.php:15
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition SessionManager.php:50
MediaWiki\Session\SessionManager\getGlobalSession
static getGlobalSession()
Get the "global" session.
Definition SessionManager.php:107
MediaWiki\Session\SessionManager\validateSessionId
static validateSessionId( $id)
Validate a session ID.
Definition SessionManager.php:366
MediaWiki\Session\SessionManager\singleton
static singleton()
Get the global SessionManager.
Definition SessionManager.php:92
MediaWiki\Session\TestBagOStuff
BagOStuff with utility functions for MediaWiki\\Session\\* testing.
Definition TestBagOStuff.php:8
MediaWiki\Session\TestUtils\setSessionManagerSingleton
static setSessionManagerSingleton(SessionManager $manager=null)
Override the singleton for unit testing.
Definition TestUtils.php:18
MediaWiki\Session\UserInfo\newFromName
static newFromName( $name, $verified=false)
Create an instance for a logged-in user by name.
Definition UserInfo.php:103
MediaWiki\Session\UserInfo\newAnonymous
static newAnonymous()
Create an instance for an anonymous (i.e.
Definition UserInfo.php:75
ObjectCache\$instances
static BagOStuff[] $instances
Map of (id => BagOStuff)
Definition ObjectCache.php:82
TestLogger
A logger that may be configured to either buffer logs or to print them to the output where PHPUnit wi...
Definition TestLogger.php:33
TestLogger\clearBuffer
clearBuffer()
Clear the collected log buffer.
Definition TestLogger.php:86
TestLogger\getBuffer
getBuffer()
Return the collected logs.
Definition TestLogger.php:79
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:48
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:585
User\idFromName
static idFromName( $name, $flags=self::READ_NORMAL)
Get database id given a user name.
Definition User.php:905
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition distributors.txt:22
$data
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
Definition generatePhpCharToUpperMappings.php:13
$request
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2843
string
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181
$handler
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not it can be in the form of< username >< more info > e g for bot passwords intended to be added to log contexts Fields it might only if the login was with a bot password it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable modifiable after all normalizations have been except for the $wgMaxImageArea check set to true or false to override the $wgMaxImageArea check result gives extension the possibility to transform it themselves $handler
Definition hooks.txt:894
$context
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on and they can depend only on the ResourceLoaderContext $context
Definition hooks.txt:2848
null
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition hooks.txt:783
$user
return true to allow those checks to and false if checking is done & $user
Definition hooks.txt:1510
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37