REL1_34/php/Session_8php_source.html

<?php

namespace MediaWiki\Session;


use Psr\Log\LoggerInterface;

use User;

use WebRequest;


final class Session implements \Countable, \Iterator, \ArrayAccess {

    private static $encryptionAlgorithm = null;


    private $backend;


    private $index;


    private $logger;


    public function __construct( SessionBackend $backend, $index, LoggerInterface $logger ) {

        $this->backend = $backend;

        $this->index = $index;

        $this->logger = $logger;

    }


    public function __destruct() {

        $this->backend->deregisterSession( $this->index );

    }


    public function getId() {

        return $this->backend->getId();

    }


    public function getSessionId() {

        return $this->backend->getSessionId();

    }


    public function resetId() {

        return $this->backend->resetId();

    }


    public function getProvider() {

        return $this->backend->getProvider();

    }


    public function isPersistent() {

        return $this->backend->isPersistent();

    }


    public function persist() {

        $this->backend->persist();

    }


    public function unpersist() {

        $this->backend->unpersist();

    }


    public function shouldRememberUser() {

        return $this->backend->shouldRememberUser();

    }


    public function setRememberUser( $remember ) {

        $this->backend->setRememberUser( $remember );

    }


    public function getRequest() {

        return $this->backend->getRequest( $this->index );

    }


    public function getUser() {

        return $this->backend->getUser();

    }


    public function getAllowedUserRights() {

        return $this->backend->getAllowedUserRights();

    }


    public function canSetUser() {

        return $this->backend->canSetUser();

    }


    public function setUser( $user ) {

        $this->backend->setUser( $user );

    }


    public function suggestLoginUsername() {

        return $this->backend->suggestLoginUsername( $this->index );

    }


    public function shouldForceHTTPS() {

        return $this->backend->shouldForceHTTPS();

    }


    public function setForceHTTPS( $force ) {

        $this->backend->setForceHTTPS( $force );

    }


    public function getLoggedOutTimestamp() {

        return $this->backend->getLoggedOutTimestamp();

    }


    public function setLoggedOutTimestamp( $ts ) {

        $this->backend->setLoggedOutTimestamp( $ts );

    }


    public function getProviderMetadata() {

        return $this->backend->getProviderMetadata();

    }


    public function clear() {

        $data = &$this->backend->getData();

        if ( $data ) {

            $data = [];

            $this->backend->dirty();

        }

        if ( $this->backend->canSetUser() ) {

            $this->backend->setUser( new User );

        }

        $this->backend->save();

    }


    public function renew() {

        $this->backend->renew();

    }


    public function sessionWithRequest( WebRequest $request ) {

        $request->setSessionId( $this->backend->getSessionId() );

        return $this->backend->getSession( $request );

    }


    public function get( $key, $default = null ) {

        $data = &$this->backend->getData();

        return array_key_exists( $key, $data ) ? $data[$key] : $default;

    }


    public function exists( $key ) {

        $data = &$this->backend->getData();

        return array_key_exists( $key, $data );

    }


    public function set( $key, $value ) {

        $data = &$this->backend->getData();

        if ( !array_key_exists( $key, $data ) || $data[$key] !== $value ) {

            $data[$key] = $value;

            $this->backend->dirty();

        }

    }


    public function remove( $key ) {

        $data = &$this->backend->getData();

        if ( array_key_exists( $key, $data ) ) {

            unset( $data[$key] );

            $this->backend->dirty();

        }

    }


    public function getToken( $salt = '', $key = 'default' ) {

        $new = false;

        $secrets = $this->get( 'wsTokenSecrets' );

        if ( !is_array( $secrets ) ) {

            $secrets = [];

        }

        if ( isset( $secrets[$key] ) && is_string( $secrets[$key] ) ) {

            $secret = $secrets[$key];

        } else {

            $secret = \MWCryptRand::generateHex( 32 );

            $secrets[$key] = $secret;

            $this->set( 'wsTokenSecrets', $secrets );

            $new = true;

        }

        if ( is_array( $salt ) ) {

            $salt = implode( '|', $salt );

        }

        return new Token( $secret, (string)$salt, $new );

    }


    public function resetToken( $key = 'default' ) {

        $secrets = $this->get( 'wsTokenSecrets' );

        if ( is_array( $secrets ) && isset( $secrets[$key] ) ) {

            unset( $secrets[$key] );

            $this->set( 'wsTokenSecrets', $secrets );

        }

    }


    public function resetAllTokens() {

        $this->remove( 'wsTokenSecrets' );

    }


    private function getSecretKeys() {

        global $wgSessionSecret, $wgSecretKey, $wgSessionPbkdf2Iterations;


        $wikiSecret = $wgSessionSecret ?: $wgSecretKey;

        $userSecret = $this->get( 'wsSessionSecret', null );

        if ( $userSecret === null ) {

            $userSecret = \MWCryptRand::generateHex( 32 );

            $this->set( 'wsSessionSecret', $userSecret );

        }

        $iterations = $this->get( 'wsSessionPbkdf2Iterations', null );

        if ( $iterations === null ) {

            $iterations = $wgSessionPbkdf2Iterations;

            $this->set( 'wsSessionPbkdf2Iterations', $iterations );

        }


        $keymats = hash_pbkdf2( 'sha256', $wikiSecret, $userSecret, $iterations, 64, true );

        return [

            substr( $keymats, 0, 32 ),

            substr( $keymats, 32, 32 ),

        ];

    }


    private static function getEncryptionAlgorithm() {

        global $wgSessionInsecureSecrets;


        if ( self::$encryptionAlgorithm === null ) {

            if ( function_exists( 'openssl_encrypt' ) ) {

                $methods = openssl_get_cipher_methods();

                if ( in_array( 'aes-256-ctr', $methods, true ) ) {

                    self::$encryptionAlgorithm = [ 'openssl', 'aes-256-ctr' ];

                    return self::$encryptionAlgorithm;

                }

                if ( in_array( 'aes-256-cbc', $methods, true ) ) {

                    self::$encryptionAlgorithm = [ 'openssl', 'aes-256-cbc' ];

                    return self::$encryptionAlgorithm;

                }

            }


            if ( $wgSessionInsecureSecrets ) {

                // @todo: import a pure-PHP library for AES instead of this

                self::$encryptionAlgorithm = [ 'insecure' ];

                return self::$encryptionAlgorithm;

            }


            throw new \BadMethodCallException(

                'Encryption is not available. You really should install the PHP OpenSSL extension. ' .

                'But if you really can\'t and you\'re willing ' .

                'to accept insecure storage of sensitive session data, set ' .

                '$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.'

            );

        }


        return self::$encryptionAlgorithm;

    }


    public function setSecret( $key, $value ) {

        list( $encKey, $hmacKey ) = $this->getSecretKeys();

        $serialized = serialize( $value );


        // The code for encryption (with OpenSSL) and sealing is taken from

        // Chris Steipp's OATHAuthUtils class in Extension::OATHAuth.


        // Encrypt

        // @todo: import a pure-PHP library for AES instead of doing $wgSessionInsecureSecrets

        $iv = random_bytes( 16 );

        $algorithm = self::getEncryptionAlgorithm();

        switch ( $algorithm[0] ) {

            case 'openssl':

                $ciphertext = openssl_encrypt( $serialized, $algorithm[1], $encKey, OPENSSL_RAW_DATA, $iv );

                if ( $ciphertext === false ) {

                    throw new \UnexpectedValueException( 'Encryption failed: ' . openssl_error_string() );

                }

                break;

            case 'insecure':

                $ex = new \Exception( 'No encryption is available, storing data as plain text' );

                $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );

                $ciphertext = $serialized;

                break;

            default:

                throw new \LogicException( 'invalid algorithm' );

        }


        // Seal

        $sealed = base64_encode( $iv ) . '.' . base64_encode( $ciphertext );

        $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true );

        $encrypted = base64_encode( $hmac ) . '.' . $sealed;


        // Store

        $this->set( $key, $encrypted );

    }


    public function getSecret( $key, $default = null ) {

        // Fetch

        $encrypted = $this->get( $key, null );

        if ( $encrypted === null ) {

            return $default;

        }


        // The code for unsealing, checking, and decrypting (with OpenSSL) is

        // taken from Chris Steipp's OATHAuthUtils class in

        // Extension::OATHAuth.


        // Unseal and check

        $pieces = explode( '.', $encrypted, 4 );

        if ( count( $pieces ) !== 3 ) {

            $ex = new \Exception( 'Invalid sealed-secret format' );

            $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );

            return $default;

        }

        list( $hmac, $iv, $ciphertext ) = $pieces;

        list( $encKey, $hmacKey ) = $this->getSecretKeys();

        $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, $hmacKey, true );

        if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {

            $ex = new \Exception( 'Sealed secret has been tampered with, aborting.' );

            $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );

            return $default;

        }


        // Decrypt

        $algorithm = self::getEncryptionAlgorithm();

        switch ( $algorithm[0] ) {

            case 'openssl':

                $serialized = openssl_decrypt( base64_decode( $ciphertext ), $algorithm[1], $encKey,

                    OPENSSL_RAW_DATA, base64_decode( $iv ) );

                if ( $serialized === false ) {

                    $ex = new \Exception( 'Decyption failed: ' . openssl_error_string() );

                    $this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] );

                    return $default;

                }

                break;

            case 'insecure':

                $ex = new \Exception(

                    'No encryption is available, retrieving data that was stored as plain text'

                );

                $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );

                $serialized = base64_decode( $ciphertext );

                break;

            default:

                throw new \LogicException( 'invalid algorithm' );

        }


        $value = unserialize( $serialized );

        if ( $value === false && $serialized !== serialize( false ) ) {

            $value = $default;

        }

        return $value;

    }


    public function delaySave() {

        return $this->backend->delaySave();

    }


    public function save() {

        $this->backend->save();

    }


    public function count() {

        $data = &$this->backend->getData();

        return count( $data );

    }


    public function current() {

        $data = &$this->backend->getData();

        return current( $data );

    }


    public function key() {

        $data = &$this->backend->getData();

        return key( $data );

    }


    public function next() {

        $data = &$this->backend->getData();

        next( $data );

    }


    public function rewind() {

        $data = &$this->backend->getData();

        reset( $data );

    }


    public function valid() {

        $data = &$this->backend->getData();

        return key( $data ) !== null;

    }


    public function offsetExists( $offset ) {

        $data = &$this->backend->getData();

        return isset( $data[$offset] );

    }


    public function &offsetGet( $offset ) {

        $data = &$this->backend->getData();

        if ( !array_key_exists( $offset, $data ) ) {

            $ex = new \Exception( "Undefined index (auto-adds to session with a null value): $offset" );

            $this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] );

        }

        return $data[$offset];

    }


    public function offsetSet( $offset, $value ) {

        $this->set( $offset, $value );

    }


    public function offsetUnset( $offset ) {

        $this->remove( $offset );

    }


}


serialize
serialize()
Definition ApiMessageTrait.php:138

unserialize
unserialize( $serialized)
Definition ApiMessageTrait.php:146

$wgSecretKey
$wgSecretKey
This should always be customised in LocalSettings.php.
Definition DefaultSettings.php:6017

$wgSessionPbkdf2Iterations
$wgSessionPbkdf2Iterations
Number of internal PBKDF2 iterations to use when deriving session secrets.
Definition DefaultSettings.php:2575

$wgSessionSecret
$wgSessionSecret
Secret for session storage.
Definition DefaultSettings.php:8749

$wgSessionInsecureSecrets
$wgSessionInsecureSecrets
If for some reason you can't install the PHP OpenSSL extension, you can set this to true to make Medi...
Definition DefaultSettings.php:8758

MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition SessionBackend.php:50

MediaWiki\Session\Session
Manages data for an an authenticated session.
Definition Session.php:48

MediaWiki\Session\Session\offsetSet
offsetSet( $offset, $value)
Definition Session.php:656

MediaWiki\Session\Session\delaySave
delaySave()
Delay automatic saving while multiple updates are being made.
Definition Session.php:573

MediaWiki\Session\Session\$index
int $index
Session index.
Definition Session.php:56

MediaWiki\Session\Session\offsetExists
offsetExists( $offset)
Definition Session.php:633

MediaWiki\Session\Session\offsetUnset
offsetUnset( $offset)
Definition Session.php:661

MediaWiki\Session\Session\suggestLoginUsername
suggestLoginUsername()
Get a suggested username for the login form.
Definition Session.php:207

MediaWiki\Session\Session\offsetGet
& offsetGet( $offset)
Definition Session.php:646

MediaWiki\Session\Session\valid
valid()
Definition Session.php:623

MediaWiki\Session\Session\getEncryptionAlgorithm
static getEncryptionAlgorithm()
Decide what type of encryption to use, based on system capabilities.
Definition Session.php:426

MediaWiki\Session\Session\setForceHTTPS
setForceHTTPS( $force)
Set the value of the forceHTTPS cookie.
Definition Session.php:229

MediaWiki\Session\Session\getToken
getToken( $salt='', $key='default')
Fetch a CSRF token from the session.
Definition Session.php:354

MediaWiki\Session\Session\setSecret
setSecret( $key, $value)
Set a value in the session, encrypted.
Definition Session.php:467

MediaWiki\Session\Session\next
next()
Definition Session.php:611

MediaWiki\Session\Session\persist
persist()
Make this session persisted across requests.
Definition Session.php:126

MediaWiki\Session\Session\shouldForceHTTPS
shouldForceHTTPS()
Get the expected value of the forceHTTPS cookie.
Definition Session.php:218

MediaWiki\Session\Session\renew
renew()
Renew the session.
Definition Session.php:279

MediaWiki\Session\Session\getSecret
getSecret( $key, $default=null)
Fetch a value from the session that was set with self::setSecret()
Definition Session.php:509

MediaWiki\Session\Session\resetId
resetId()
Changes the session ID.
Definition Session.php:97

MediaWiki\Session\Session\getProvider
getProvider()
Fetch the SessionProvider for this session.
Definition Session.php:105

MediaWiki\Session\Session\isPersistent
isPersistent()
Indicate whether this session is persisted across requests.
Definition Session.php:116

MediaWiki\Session\Session\getRequest
getRequest()
Returns the request associated with this session.
Definition Session.php:164

MediaWiki\Session\Session\getProviderMetadata
getProviderMetadata()
Fetch provider metadata.
Definition Session.php:254

MediaWiki\Session\Session\resetToken
resetToken( $key='default')
Remove a CSRF token from the session.
Definition Session.php:381

MediaWiki\Session\Session\__destruct
__destruct()
Definition Session.php:72

MediaWiki\Session\Session\sessionWithRequest
sessionWithRequest(WebRequest $request)
Fetch a copy of this session attached to an alternative WebRequest.
Definition Session.php:292

MediaWiki\Session\Session\save
save()
Save the session.
Definition Session.php:583

MediaWiki\Session\Session\count
count()
Definition Session.php:593

MediaWiki\Session\Session\$encryptionAlgorithm
static null string[] $encryptionAlgorithm
Encryption algorithm to use.
Definition Session.php:50

MediaWiki\Session\Session\unpersist
unpersist()
Make this session not be persisted across requests.
Definition Session.php:138

MediaWiki\Session\Session\canSetUser
canSetUser()
Indicate whether the session user info can be changed.
Definition Session.php:188

MediaWiki\Session\Session\exists
exists( $key)
Test if a value exists in the session.
Definition Session.php:314

MediaWiki\Session\Session\getLoggedOutTimestamp
getLoggedOutTimestamp()
Fetch the "logged out" timestamp.
Definition Session.php:237

MediaWiki\Session\Session\getUser
getUser()
Returns the authenticated user for this session.
Definition Session.php:172

MediaWiki\Session\Session\getId
getId()
Returns the session ID.
Definition Session.php:80

MediaWiki\Session\Session\getSecretKeys
getSecretKeys()
Fetch the secret keys for self::setSecret() and self::getSecret().
Definition Session.php:400

MediaWiki\Session\Session\setRememberUser
setRememberUser( $remember)
Set whether the user should be remembered independently of the session ID.
Definition Session.php:156

MediaWiki\Session\Session\resetAllTokens
resetAllTokens()
Remove all CSRF tokens from the session.
Definition Session.php:392

MediaWiki\Session\Session\key
key()
Definition Session.php:605

MediaWiki\Session\Session\clear
clear()
Delete all session data and clear the user (if possible)
Definition Session.php:261

MediaWiki\Session\Session\shouldRememberUser
shouldRememberUser()
Indicate whether the user should be remembered independently of the session ID.
Definition Session.php:147

MediaWiki\Session\Session\$backend
SessionBackend $backend
Session backend.
Definition Session.php:53

MediaWiki\Session\Session\rewind
rewind()
Definition Session.php:617

MediaWiki\Session\Session\current
current()
Definition Session.php:599

MediaWiki\Session\Session\setLoggedOutTimestamp
setLoggedOutTimestamp( $ts)
Set the "logged out" timestamp.
Definition Session.php:245

MediaWiki\Session\Session\$logger
LoggerInterface $logger
Definition Session.php:59

MediaWiki\Session\Session\setUser
setUser( $user)
Set a new user for this session.
Definition Session.php:199

MediaWiki\Session\Session\getSessionId
getSessionId()
Returns the SessionId object.
Definition Session.php:89

MediaWiki\Session\Session\getAllowedUserRights
getAllowedUserRights()
Fetch the rights allowed the user when this session is active.
Definition Session.php:180

MediaWiki\Session\Session\__construct
__construct(SessionBackend $backend, $index, LoggerInterface $logger)
Definition Session.php:66

MediaWiki\Session\Token
Value object representing a CSRF token.
Definition Token.php:32

User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51

WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition WebRequest.php:42

WebRequest\setSessionId
setSessionId(SessionId $sessionId)
Set the session for this request.
Definition WebRequest.php:817

MediaWiki\Session
Definition BotPasswordSessionProvider.php:24

$serialized
foreach( $res as $row) $serialized
Definition testCompression.php:81