MediaWiki REL1_34
SessionProvider.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
26use Psr\Log\LoggerAwareInterface;
27use Psr\Log\LoggerInterface;
28use Config;
29use Language;
30use User;
31use WebRequest;
32
78abstract class SessionProvider implements SessionProviderInterface, LoggerAwareInterface {
79
81 protected $logger;
82
84 protected $config;
85
87 protected $manager;
88
92 protected $priority;
93
100 public function __construct() {
101 $this->priority = SessionInfo::MIN_PRIORITY + 10;
102 }
103
104 public function setLogger( LoggerInterface $logger ) {
105 $this->logger = $logger;
106 }
107
112 public function setConfig( Config $config ) {
113 $this->config = $config;
114 }
115
120 public function setManager( SessionManager $manager ) {
121 $this->manager = $manager;
122 }
123
128 public function getManager() {
129 return $this->manager;
130 }
131
154 abstract public function provideSessionInfo( WebRequest $request );
155
169 public function newSessionInfo( $id = null ) {
170 if ( $this->canChangeUser() && $this->persistsSessionId() ) {
171 return new SessionInfo( $this->priority, [
172 'id' => $id,
173 'provider' => $this,
174 'persisted' => false,
175 'idIsSafe' => true,
176 ] );
177 }
178 return null;
179 }
180
202 public function mergeMetadata( array $savedMetadata, array $providedMetadata ) {
203 foreach ( $providedMetadata as $k => $v ) {
204 if ( array_key_exists( $k, $savedMetadata ) && $savedMetadata[$k] !== $v ) {
205 $e = new MetadataMergeException( "Key \"$k\" changed" );
206 $e->setContext( [
207 'old_value' => $savedMetadata[$k],
208 'new_value' => $v,
209 ] );
210 throw $e;
211 }
212 }
213 return $providedMetadata;
214 }
215
229 public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
230 return true;
231 }
232
259 abstract public function persistsSessionId();
260
286 abstract public function canChangeUser();
287
294 public function getRememberUserDuration() {
295 return null;
296 }
297
308 public function sessionIdWasReset( SessionBackend $session, $oldId ) {
309 }
310
338 abstract public function persistSession( SessionBackend $session, WebRequest $request );
339
351 abstract public function unpersistSession( WebRequest $request );
352
374 public function preventSessionsForUser( $username ) {
375 if ( !$this->canChangeUser() ) {
376 throw new \BadMethodCallException(
377 __METHOD__ . ' must be implemented when canChangeUser() is false'
378 );
379 }
380 }
381
392 public function invalidateSessionsForUser( User $user ) {
393 }
394
411 public function getVaryHeaders() {
412 return [];
413 }
414
420 public function getVaryCookies() {
421 return [];
422 }
423
430 public function suggestLoginUsername( WebRequest $request ) {
431 return null;
432 }
433
444 public function getAllowedUserRights( SessionBackend $backend ) {
445 if ( $backend->getProvider() !== $this ) {
446 // Not that this should ever happen...
447 throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
448 }
449
450 return null;
451 }
452
460 public function __toString() {
461 return static::class;
462 }
463
479 protected function describeMessage() {
480 return wfMessage(
481 'sessionprovider-' . str_replace( '\\', '-', strtolower( static::class ) )
482 );
483 }
484
485 public function describe( Language $lang ) {
486 $msg = $this->describeMessage();
487 $msg->inLanguage( $lang );
488 if ( $msg->isDisabled() ) {
489 $msg = wfMessage( 'sessionprovider-generic', (string)$this )->inLanguage( $lang );
490 }
491 return $msg->plain();
492 }
493
494 public function whyNoSession() {
495 return null;
496 }
497
511 final protected function hashToSessionId( $data, $key = null ) {
512 if ( !is_string( $data ) ) {
513 throw new \InvalidArgumentException(
514 '$data must be a string, ' . gettype( $data ) . ' was passed'
515 );
516 }
517 if ( $key !== null && !is_string( $key ) ) {
518 throw new \InvalidArgumentException(
519 '$key must be a string or null, ' . gettype( $key ) . ' was passed'
520 );
521 }
522
523 $hash = \MWCryptHash::hmac( "$this\n$data", $key ?: $this->config->get( 'SecretKey' ), false );
524 if ( strlen( $hash ) < 32 ) {
525 // Should never happen, even md5 is 128 bits
526 // @codeCoverageIgnoreStart
527 throw new \UnexpectedValueException( 'Hash function returned less than 128 bits' );
528 // @codeCoverageIgnoreEnd
529 }
530 if ( strlen( $hash ) >= 40 ) {
531 $hash = \Wikimedia\base_convert( $hash, 16, 32, 32 );
532 }
533 return substr( $hash, -32 );
534 }
535
536}
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:1263
Language
Internationalisation code.
Definition Language.php:37
MediaWiki\Session\MetadataMergeException
Subclass of UnexpectedValueException that can be annotated with additional data for debug logging.
Definition MetadataMergeException.php:35
MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition SessionBackend.php:50
MediaWiki\Session\SessionBackend\getProvider
getProvider()
Fetch the SessionProvider for this session.
Definition SessionBackend.php:282
MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition SessionInfo.php:34
MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition SessionInfo.php:36
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition SessionManager.php:50
MediaWiki\Session\SessionProvider
A SessionProvider provides SessionInfo and support for Session.
Definition SessionProvider.php:78
MediaWiki\Session\SessionProvider\setLogger
setLogger(LoggerInterface $logger)
Definition SessionProvider.php:104
MediaWiki\Session\SessionProvider\provideSessionInfo
provideSessionInfo(WebRequest $request)
Provide session info for a request.
MediaWiki\Session\SessionProvider\unpersistSession
unpersistSession(WebRequest $request)
Remove any persisted session from a request/response.
MediaWiki\Session\SessionProvider\canChangeUser
canChangeUser()
Indicate whether the user associated with the request can be changed.
MediaWiki\Session\SessionProvider\mergeMetadata
mergeMetadata(array $savedMetadata, array $providedMetadata)
Merge saved session provider metadata.
Definition SessionProvider.php:202
MediaWiki\Session\SessionProvider\setConfig
setConfig(Config $config)
Set configuration.
Definition SessionProvider.php:112
MediaWiki\Session\SessionProvider\persistsSessionId
persistsSessionId()
Indicate whether self::persistSession() can save arbitrary session IDs.
MediaWiki\Session\SessionProvider\suggestLoginUsername
suggestLoginUsername(WebRequest $request)
Get a suggested username for the login form.
Definition SessionProvider.php:430
MediaWiki\Session\SessionProvider\describe
describe(Language $lang)
Return an identifier for this session type.
Definition SessionProvider.php:485
MediaWiki\Session\SessionProvider\getVaryHeaders
getVaryHeaders()
Return the HTTP headers that need varying on.
Definition SessionProvider.php:411
MediaWiki\Session\SessionProvider\refreshSessionInfo
refreshSessionInfo(SessionInfo $info, WebRequest $request, &$metadata)
Validate a loaded SessionInfo and refresh provider metadata.
Definition SessionProvider.php:229
MediaWiki\Session\SessionProvider\getAllowedUserRights
getAllowedUserRights(SessionBackend $backend)
Fetch the rights allowed the user when the specified session is active.
Definition SessionProvider.php:444
MediaWiki\Session\SessionProvider\getRememberUserDuration
getRememberUserDuration()
Returns the duration (in seconds) for which users will be remembered when Session::setRememberUser() ...
Definition SessionProvider.php:294
MediaWiki\Session\SessionProvider\getManager
getManager()
Get the session manager.
Definition SessionProvider.php:128
MediaWiki\Session\SessionProvider\setManager
setManager(SessionManager $manager)
Set the session manager.
Definition SessionProvider.php:120
MediaWiki\Session\SessionProvider\persistSession
persistSession(SessionBackend $session, WebRequest $request)
Persist a session into a request/response.
MediaWiki\Session\SessionProvider\invalidateSessionsForUser
invalidateSessionsForUser(User $user)
Invalidate existing sessions for a user.
Definition SessionProvider.php:392
MediaWiki\Session\SessionProvider\getVaryCookies
getVaryCookies()
Return the list of cookies that need varying on.
Definition SessionProvider.php:420
MediaWiki\Session\SessionProvider\describeMessage
describeMessage()
Return a Message identifying this session type.
Definition SessionProvider.php:479
MediaWiki\Session\SessionProvider\whyNoSession
whyNoSession()
Return a Message for why sessions might not be being persisted.
Definition SessionProvider.php:494
MediaWiki\Session\SessionProvider\sessionIdWasReset
sessionIdWasReset(SessionBackend $session, $oldId)
Notification that the session ID was reset.
Definition SessionProvider.php:308
MediaWiki\Session\SessionProvider\hashToSessionId
hashToSessionId( $data, $key=null)
Hash data as a session ID.
Definition SessionProvider.php:511
MediaWiki\Session\SessionProvider\preventSessionsForUser
preventSessionsForUser( $username)
Prevent future sessions for the user.
Definition SessionProvider.php:374
MediaWiki\Session\SessionProvider\newSessionInfo
newSessionInfo( $id=null)
Provide session info for a new, empty session.
Definition SessionProvider.php:169
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition WebRequest.php:42
Config
Interface for configuration instances.
Definition Config.php:28
MediaWiki\Session\SessionProviderInterface
This exists to make IDEs happy, so they don't see the internal-but-required-to-be-public methods on S...
Definition SessionProviderInterface.php:36
$lang
if(!isset( $args[0])) $lang
Definition testCompression.php:33