MediaWiki REL1_35
BotPasswordSessionProvider.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Session;
25
26use BotPassword;
27use User;
28use WebRequest;
29
34class BotPasswordSessionProvider extends ImmutableSessionProviderWithCookie {
35
42 public function __construct( array $params = [] ) {
43 if ( !isset( $params['sessionCookieName'] ) ) {
44 $params['sessionCookieName'] = '_BPsession';
45 }
46 parent::__construct( $params );
47
48 if ( !isset( $params['priority'] ) ) {
49 throw new \InvalidArgumentException( __METHOD__ . ': priority must be specified' );
50 }
51 if ( $params['priority'] < SessionInfo::MIN_PRIORITY ||
52 $params['priority'] > SessionInfo::MAX_PRIORITY
53 ) {
54 throw new \InvalidArgumentException( __METHOD__ . ': Invalid priority' );
55 }
56
57 $this->priority = $params['priority'];
58 }
59
60 public function provideSessionInfo( WebRequest $request ) {
61 // Only relevant for the API
62 if ( !defined( 'MW_API' ) ) {
63 return null;
64 }
65
66 // Enabled?
67 if ( !$this->config->get( 'EnableBotPasswords' ) ) {
68 return null;
69 }
70
71 // Have a session ID?
72 $id = $this->getSessionIdFromCookie( $request );
73 if ( $id === null ) {
74 return null;
75 }
76
77 return new SessionInfo( $this->priority, [
78 'provider' => $this,
79 'id' => $id,
80 'persisted' => true
81 ] );
82 }
83
84 public function newSessionInfo( $id = null ) {
85 // We don't activate by default
86 return null;
87 }
88
96 public function newSessionForRequest( User $user, BotPassword $bp, WebRequest $request ) {
97 $id = $this->getSessionIdFromCookie( $request );
98 $info = new SessionInfo( SessionInfo::MAX_PRIORITY, [
99 'provider' => $this,
100 'id' => $id,
101 'userInfo' => UserInfo::newFromUser( $user, true ),
102 'persisted' => $id !== null,
103 'metadata' => [
104 'centralId' => $bp->getUserCentralId(),
105 'appId' => $bp->getAppId(),
106 'token' => $bp->getToken(),
107 'rights' => \MWGrants::getGrantRights( $bp->getGrants() ),
108 ],
109 ] );
110 $session = $this->getManager()->getSessionFromInfo( $info, $request );
111 $session->persist();
112 return $session;
113 }
114
119 public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
120 $missingKeys = array_diff(
121 [ 'centralId', 'appId', 'token' ],
122 array_keys( $metadata )
123 );
124 if ( $missingKeys ) {
125 $this->logger->info( 'Session "{session}": Missing metadata: {missing}', [
126 'session' => $info->__toString(),
127 'missing' => implode( ', ', $missingKeys ),
128 ] );
129 return false;
130 }
131
132 $bp = BotPassword::newFromCentralId( $metadata['centralId'], $metadata['appId'] );
133 if ( !$bp ) {
134 $this->logger->info(
135 'Session "{session}": No BotPassword for {centralId} {appId}',
136 [
137 'session' => $info->__toString(),
138 'centralId' => $metadata['centralId'],
139 'appId' => $metadata['appId'],
140 ] );
141 return false;
142 }
143
144 if ( !hash_equals( $metadata['token'], $bp->getToken() ) ) {
145 $this->logger->info( 'Session "{session}": BotPassword token check failed', [
146 'session' => $info->__toString(),
147 'centralId' => $metadata['centralId'],
148 'appId' => $metadata['appId'],
149 ] );
150 return false;
151 }
152
153 $status = $bp->getRestrictions()->check( $request );
154 if ( !$status->isOK() ) {
155 $this->logger->info(
156 'Session "{session}": Restrictions check failed',
157 [
158 'session' => $info->__toString(),
159 'restrictions' => $status->getValue(),
160 'centralId' => $metadata['centralId'],
161 'appId' => $metadata['appId'],
162 ] );
163 return false;
164 }
165
166 // Update saved rights
167 $metadata['rights'] = \MWGrants::getGrantRights( $bp->getGrants() );
168
169 return true;
170 }
171
176 public function preventSessionsForUser( $username ) {
177 BotPassword::removeAllPasswordsForUser( $username );
178 }
179
180 public function getAllowedUserRights( SessionBackend $backend ) {
181 if ( $backend->getProvider() !== $this ) {
182 throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
183 }
184 $data = $backend->getProviderMetadata();
185 if ( $data && isset( $data['rights'] ) && is_array( $data['rights'] ) ) {
186 return $data['rights'];
187 }
188
189 // Should never happen
190 $this->logger->debug( __METHOD__ . ': No provider metadata, returning no rights allowed' );
191 return [];
192 }
193}
BotPassword
Utility class for bot passwords.
Definition BotPassword.php:30
BotPassword\getUserCentralId
getUserCentralId()
Get the central user ID.
Definition BotPassword.php:208
BotPassword\getGrants
getGrants()
Get the grants.
Definition BotPassword.php:240
BotPassword\getAppId
getAppId()
Get the app ID.
Definition BotPassword.php:216
BotPassword\newFromCentralId
static newFromCentralId( $centralId, $appId, $flags=self::READ_NORMAL)
Load a BotPassword from the database.
Definition BotPassword.php:124
BotPassword\removeAllPasswordsForUser
static removeAllPasswordsForUser( $username)
Remove all passwords for a user, by name.
Definition BotPassword.php:416
BotPassword\getToken
getToken()
Get the token.
Definition BotPassword.php:224
MWGrants\getGrantRights
static getGrantRights( $grants)
Fetch the rights allowed by a set of grants.
Definition MWGrants.php:106
MediaWiki\Session\BotPasswordSessionProvider\newSessionForRequest
newSessionForRequest(User $user, BotPassword $bp, WebRequest $request)
Create a new session for a request.
Definition BotPasswordSessionProvider.php:96
MediaWiki\Session\BotPasswordSessionProvider\provideSessionInfo
provideSessionInfo(WebRequest $request)
Provide session info for a request.
Definition BotPasswordSessionProvider.php:60
MediaWiki\Session\BotPasswordSessionProvider\preventSessionsForUser
preventSessionsForUser( $username)
Prevent future sessions for the user.If the provider is capable of returning a SessionInfo with a ver...
Definition BotPasswordSessionProvider.php:176
MediaWiki\Session\BotPasswordSessionProvider\getAllowedUserRights
getAllowedUserRights(SessionBackend $backend)
Fetch the rights allowed the user when the specified session is active.
Definition BotPasswordSessionProvider.php:180
MediaWiki\Session\BotPasswordSessionProvider\newSessionInfo
newSessionInfo( $id=null)
Provide session info for a new, empty session.
Definition BotPasswordSessionProvider.php:84
MediaWiki\Session\BotPasswordSessionProvider\refreshSessionInfo
refreshSessionInfo(SessionInfo $info, WebRequest $request, &$metadata)
Validate a loaded SessionInfo and refresh provider metadata.This is similar in purpose to the 'Sessio...
Definition BotPasswordSessionProvider.php:119
MediaWiki\Session\ImmutableSessionProviderWithCookie
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
Definition ImmutableSessionProviderWithCookie.php:41
MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
Definition ImmutableSessionProviderWithCookie.php:83
MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition SessionBackend.php:52
MediaWiki\Session\SessionBackend\getProviderMetadata
getProviderMetadata()
Fetch provider metadata.
Definition SessionBackend.php:511
MediaWiki\Session\SessionBackend\getProvider
getProvider()
Fetch the SessionProvider for this session.
Definition SessionBackend.php:290
MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition SessionInfo.php:37
MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition SessionInfo.php:39
MediaWiki\Session\SessionInfo\MAX_PRIORITY
const MAX_PRIORITY
Maximum allowed priority.
Definition SessionInfo.php:42
MediaWiki\Session\SessionProvider\getManager
getManager()
Get the session manager.
Definition SessionProvider.php:138
MediaWiki\Session\UserInfo\newFromUser
static newFromUser(User $user, $verified=false)
Create an instance from an existing User object.
Definition UserInfo.php:117
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:60
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition WebRequest.php:42