MediaWiki REL1_35
BotPasswordSessionProvider.php
Go to the documentation of this file.
1<?php
25
26use BotPassword;
27use User;
28use WebRequest;
29
35
42 public function __construct( array $params = [] ) {
43 if ( !isset( $params['sessionCookieName'] ) ) {
44 $params['sessionCookieName'] = '_BPsession';
45 }
46 parent::__construct( $params );
47
48 if ( !isset( $params['priority'] ) ) {
49 throw new \InvalidArgumentException( __METHOD__ . ': priority must be specified' );
50 }
51 if ( $params['priority'] < SessionInfo::MIN_PRIORITY ||
52 $params['priority'] > SessionInfo::MAX_PRIORITY
53 ) {
54 throw new \InvalidArgumentException( __METHOD__ . ': Invalid priority' );
55 }
56
57 $this->priority = $params['priority'];
58 }
59
60 public function provideSessionInfo( WebRequest $request ) {
61 // Only relevant for the API
62 if ( !defined( 'MW_API' ) ) {
63 return null;
64 }
65
66 // Enabled?
67 if ( !$this->config->get( 'EnableBotPasswords' ) ) {
68 return null;
69 }
70
71 // Have a session ID?
72 $id = $this->getSessionIdFromCookie( $request );
73 if ( $id === null ) {
74 return null;
75 }
76
77 return new SessionInfo( $this->priority, [
78 'provider' => $this,
79 'id' => $id,
80 'persisted' => true
81 ] );
82 }
83
84 public function newSessionInfo( $id = null ) {
85 // We don't activate by default
86 return null;
87 }
88
96 public function newSessionForRequest( User $user, BotPassword $bp, WebRequest $request ) {
97 $id = $this->getSessionIdFromCookie( $request );
99 'provider' => $this,
100 'id' => $id,
101 'userInfo' => UserInfo::newFromUser( $user, true ),
102 'persisted' => $id !== null,
103 'metadata' => [
104 'centralId' => $bp->getUserCentralId(),
105 'appId' => $bp->getAppId(),
106 'token' => $bp->getToken(),
107 'rights' => \MWGrants::getGrantRights( $bp->getGrants() ),
108 ],
109 ] );
110 $session = $this->getManager()->getSessionFromInfo( $info, $request );
111 $session->persist();
112 return $session;
113 }
114
119 public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
120 $missingKeys = array_diff(
121 [ 'centralId', 'appId', 'token' ],
122 array_keys( $metadata )
123 );
124 if ( $missingKeys ) {
125 $this->logger->info( 'Session "{session}": Missing metadata: {missing}', [
126 'session' => $info->__toString(),
127 'missing' => implode( ', ', $missingKeys ),
128 ] );
129 return false;
130 }
131
132 $bp = BotPassword::newFromCentralId( $metadata['centralId'], $metadata['appId'] );
133 if ( !$bp ) {
134 $this->logger->info(
135 'Session "{session}": No BotPassword for {centralId} {appId}',
136 [
137 'session' => $info->__toString(),
138 'centralId' => $metadata['centralId'],
139 'appId' => $metadata['appId'],
140 ] );
141 return false;
142 }
143
144 if ( !hash_equals( $metadata['token'], $bp->getToken() ) ) {
145 $this->logger->info( 'Session "{session}": BotPassword token check failed', [
146 'session' => $info->__toString(),
147 'centralId' => $metadata['centralId'],
148 'appId' => $metadata['appId'],
149 ] );
150 return false;
151 }
152
153 $status = $bp->getRestrictions()->check( $request );
154 if ( !$status->isOK() ) {
155 $this->logger->info(
156 'Session "{session}": Restrictions check failed',
157 [
158 'session' => $info->__toString(),
159 'restrictions' => $status->getValue(),
160 'centralId' => $metadata['centralId'],
161 'appId' => $metadata['appId'],
162 ] );
163 return false;
164 }
165
166 // Update saved rights
167 $metadata['rights'] = \MWGrants::getGrantRights( $bp->getGrants() );
168
169 return true;
170 }
171
176 public function preventSessionsForUser( $username ) {
178 }
179
180 public function getAllowedUserRights( SessionBackend $backend ) {
181 if ( $backend->getProvider() !== $this ) {
182 throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
183 }
184 $data = $backend->getProviderMetadata();
185 if ( $data && isset( $data['rights'] ) && is_array( $data['rights'] ) ) {
186 return $data['rights'];
187 }
188
189 // Should never happen
190 $this->logger->debug( __METHOD__ . ': No provider metadata, returning no rights allowed' );
191 return [];
192 }
193}
Utility class for bot passwords.
getUserCentralId()
Get the central user ID.
getGrants()
Get the grants.
getAppId()
Get the app ID.
static newFromCentralId( $centralId, $appId, $flags=self::READ_NORMAL)
Load a BotPassword from the database.
static removeAllPasswordsForUser( $username)
Remove all passwords for a user, by name.
getToken()
Get the token.
static getGrantRights( $grants)
Fetch the rights allowed by a set of grants.
Definition MWGrants.php:106
newSessionForRequest(User $user, BotPassword $bp, WebRequest $request)
Create a new session for a request.
provideSessionInfo(WebRequest $request)
Provide session info for a request.
preventSessionsForUser( $username)
Prevent future sessions for the user.If the provider is capable of returning a SessionInfo with a ver...
getAllowedUserRights(SessionBackend $backend)
Fetch the rights allowed the user when the specified session is active.
newSessionInfo( $id=null)
Provide session info for a new, empty session.
refreshSessionInfo(SessionInfo $info, WebRequest $request, &$metadata)
Validate a loaded SessionInfo and refresh provider metadata.This is similar in purpose to the 'Sessio...
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
This is the actual workhorse for Session.
getProviderMetadata()
Fetch provider metadata.
getProvider()
Fetch the SessionProvider for this session.
Value object returned by SessionProvider.
const MIN_PRIORITY
Minimum allowed priority.
const MAX_PRIORITY
Maximum allowed priority.
getManager()
Get the session manager.
static newFromUser(User $user, $verified=false)
Create an instance from an existing User object.
Definition UserInfo.php:117
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:60
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...