MediaWiki REL1_34
SessionProvider.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
26use Psr\Log\LoggerAwareInterface;
27use Psr\Log\LoggerInterface;
28use Config;
29use Language;
30use User;
31use WebRequest;
32
78abstract class SessionProvider implements SessionProviderInterface, LoggerAwareInterface {
79
81 protected $logger;
82
84 protected $config;
85
87 protected $manager;
88
92 protected $priority;
93
100 public function __construct() {
101 $this->priority = SessionInfo::MIN_PRIORITY + 10;
102 }
103
104 public function setLogger( LoggerInterface $logger ) {
105 $this->logger = $logger;
106 }
107
112 public function setConfig( Config $config ) {
113 $this->config = $config;
114 }
115
120 public function setManager( SessionManager $manager ) {
121 $this->manager = $manager;
122 }
123
128 public function getManager() {
129 return $this->manager;
130 }
131
154 abstract public function provideSessionInfo( WebRequest $request );
155
169 public function newSessionInfo( $id = null ) {
170 if ( $this->canChangeUser() && $this->persistsSessionId() ) {
171 return new SessionInfo( $this->priority, [
172 'id' => $id,
173 'provider' => $this,
174 'persisted' => false,
175 'idIsSafe' => true,
176 ] );
177 }
178 return null;
179 }
180
202 public function mergeMetadata( array $savedMetadata, array $providedMetadata ) {
203 foreach ( $providedMetadata as $k => $v ) {
204 if ( array_key_exists( $k, $savedMetadata ) && $savedMetadata[$k] !== $v ) {
205 $e = new MetadataMergeException( "Key \"$k\" changed" );
206 $e->setContext( [
207 'old_value' => $savedMetadata[$k],
208 'new_value' => $v,
209 ] );
210 throw $e;
211 }
212 }
213 return $providedMetadata;
214 }
215
229 public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
230 return true;
231 }
232
259 abstract public function persistsSessionId();
260
286 abstract public function canChangeUser();
287
294 public function getRememberUserDuration() {
295 return null;
296 }
297
308 public function sessionIdWasReset( SessionBackend $session, $oldId ) {
309 }
310
338 abstract public function persistSession( SessionBackend $session, WebRequest $request );
339
351 abstract public function unpersistSession( WebRequest $request );
352
374 public function preventSessionsForUser( $username ) {
375 if ( !$this->canChangeUser() ) {
376 throw new \BadMethodCallException(
377 __METHOD__ . ' must be implemented when canChangeUser() is false'
378 );
379 }
380 }
381
392 public function invalidateSessionsForUser( User $user ) {
393 }
394
411 public function getVaryHeaders() {
412 return [];
413 }
414
420 public function getVaryCookies() {
421 return [];
422 }
423
430 public function suggestLoginUsername( WebRequest $request ) {
431 return null;
432 }
433
444 public function getAllowedUserRights( SessionBackend $backend ) {
445 if ( $backend->getProvider() !== $this ) {
446 // Not that this should ever happen...
447 throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
448 }
449
450 return null;
451 }
452
460 public function __toString() {
461 return static::class;
462 }
463
479 protected function describeMessage() {
480 return wfMessage(
481 'sessionprovider-' . str_replace( '\\', '-', strtolower( static::class ) )
482 );
483 }
484
485 public function describe( Language $lang ) {
486 $msg = $this->describeMessage();
487 $msg->inLanguage( $lang );
488 if ( $msg->isDisabled() ) {
489 $msg = wfMessage( 'sessionprovider-generic', (string)$this )->inLanguage( $lang );
490 }
491 return $msg->plain();
492 }
493
494 public function whyNoSession() {
495 return null;
496 }
497
511 final protected function hashToSessionId( $data, $key = null ) {
512 if ( !is_string( $data ) ) {
513 throw new \InvalidArgumentException(
514 '$data must be a string, ' . gettype( $data ) . ' was passed'
515 );
516 }
517 if ( $key !== null && !is_string( $key ) ) {
518 throw new \InvalidArgumentException(
519 '$key must be a string or null, ' . gettype( $key ) . ' was passed'
520 );
521 }
522
523 $hash = \MWCryptHash::hmac( "$this\n$data", $key ?: $this->config->get( 'SecretKey' ), false );
524 if ( strlen( $hash ) < 32 ) {
525 // Should never happen, even md5 is 128 bits
526 // @codeCoverageIgnoreStart
527 throw new \UnexpectedValueException( 'Hash function returned less than 128 bits' );
528 // @codeCoverageIgnoreEnd
529 }
530 if ( strlen( $hash ) >= 40 ) {
531 $hash = \Wikimedia\base_convert( $hash, 16, 32, 32 );
532 }
533 return substr( $hash, -32 );
534 }
535
536}
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Internationalisation code.
Definition Language.php:37
Subclass of UnexpectedValueException that can be annotated with additional data for debug logging.
This is the actual workhorse for Session.
getProvider()
Fetch the SessionProvider for this session.
Value object returned by SessionProvider.
const MIN_PRIORITY
Minimum allowed priority.
This serves as the entry point to the MediaWiki session handling system.
A SessionProvider provides SessionInfo and support for Session.
setLogger(LoggerInterface $logger)
provideSessionInfo(WebRequest $request)
Provide session info for a request.
unpersistSession(WebRequest $request)
Remove any persisted session from a request/response.
canChangeUser()
Indicate whether the user associated with the request can be changed.
mergeMetadata(array $savedMetadata, array $providedMetadata)
Merge saved session provider metadata.
setConfig(Config $config)
Set configuration.
persistsSessionId()
Indicate whether self::persistSession() can save arbitrary session IDs.
suggestLoginUsername(WebRequest $request)
Get a suggested username for the login form.
describe(Language $lang)
Return an identifier for this session type.
getVaryHeaders()
Return the HTTP headers that need varying on.
refreshSessionInfo(SessionInfo $info, WebRequest $request, &$metadata)
Validate a loaded SessionInfo and refresh provider metadata.
getAllowedUserRights(SessionBackend $backend)
Fetch the rights allowed the user when the specified session is active.
getRememberUserDuration()
Returns the duration (in seconds) for which users will be remembered when Session::setRememberUser() ...
getManager()
Get the session manager.
setManager(SessionManager $manager)
Set the session manager.
persistSession(SessionBackend $session, WebRequest $request)
Persist a session into a request/response.
invalidateSessionsForUser(User $user)
Invalidate existing sessions for a user.
getVaryCookies()
Return the list of cookies that need varying on.
describeMessage()
Return a Message identifying this session type.
whyNoSession()
Return a Message for why sessions might not be being persisted.
sessionIdWasReset(SessionBackend $session, $oldId)
Notification that the session ID was reset.
hashToSessionId( $data, $key=null)
Hash data as a session ID.
preventSessionsForUser( $username)
Prevent future sessions for the user.
newSessionInfo( $id=null)
Provide session info for a new, empty session.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Interface for configuration instances.
Definition Config.php:28
This exists to make IDEs happy, so they don't see the internal-but-required-to-be-public methods on S...
if(!isset( $args[0])) $lang