62 parent::__construct();
65 'cookieOptions' => [],
70 if ( !isset(
$params[
'priority'] ) ) {
71 throw new \InvalidArgumentException( __METHOD__ .
': priority must be specified' );
76 throw new \InvalidArgumentException( __METHOD__ .
': Invalid priority' );
79 if ( !is_array(
$params[
'cookieOptions'] ) ) {
80 throw new \InvalidArgumentException( __METHOD__ .
': cookieOptions must be an array' );
83 $this->priority =
$params[
'priority'];
84 $this->cookieOptions =
$params[
'cookieOptions'];
86 unset( $this->params[
'priority'] );
87 unset( $this->params[
'cookieOptions'] );
96 'callUserSetCookiesHook' =>
false,
102 $this->useCrossSiteCookies = $sameSite !==
null && strcasecmp( $sameSite,
'none' ) === 0;
105 $this->cookieOptions += [
110 'secure' =>
$config->
get(
'CookieSecure' ) || $this->config->get(
'ForceHTTPS' ),
111 'httpOnly' =>
$config->
get(
'CookieHttpOnly' ),
112 'sameSite' => $sameSite
117 $sessionId = $this->
getCookie( $request, $this->params[
'sessionName'],
'' );
120 'forceHTTPS' => $this->
getCookie( $request,
'forceHTTPS',
'',
false )
123 $info[
'id'] = $sessionId;
124 $info[
'persisted'] =
true;
128 if ( $userId !==
null ) {
131 }
catch ( \InvalidArgumentException $ex ) {
136 if ( $userName !==
null && $userInfo->getName() !== $userName ) {
137 $this->logger->warning(
138 'Session "{session}" requested with mismatched UserID and UserName cookies.',
140 'session' => $sessionId,
143 'cookie_username' => $userName,
144 'username' => $userInfo->getName(),
150 if ( $token !==
null ) {
151 if ( !hash_equals( $userInfo->getToken(), $token ) ) {
152 $this->logger->warning(
153 'Session "{session}" requested with invalid Token cookie.',
155 'session' => $sessionId,
157 'username' => $userInfo->getName(),
161 $info[
'userInfo'] = $userInfo->verified();
162 $info[
'persisted'] =
true;
163 } elseif ( isset( $info[
'id'] ) ) {
164 $info[
'userInfo'] = $userInfo;
170 } elseif ( isset( $info[
'id'] ) ) {
176 $this->logger->debug(
177 'Session "{session}" requested without UserID cookie',
179 'session' => $info[
'id'],
201 if ( $response->headersSent() ) {
203 $this->logger->debug( __METHOD__ .
': Headers already sent' );
213 if ( $this->params[
'callUserSetCookiesHook'] && !$user->isAnon() ) {
214 $this->
getHookRunner()->onUserSetCookies( $user, $sessionData, $cookies );
221 $options[
'secure'] = $this->config->get(
'CookieSecure' )
222 || $this->config->get(
'ForceHTTPS' );
225 $response->setCookie( $this->params[
'sessionName'], $session->
getId(),
null,
226 [
'prefix' =>
'' ] + $options
229 foreach ( $cookies as $key => $value ) {
230 if ( $value ===
false ) {
231 $response->clearCookie( $key, $options );
234 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
235 $response->setCookie( $key, (
string)$value, $expiration, $options );
242 if ( $sessionData ) {
243 $session->
addData( $sessionData );
249 if ( $response->headersSent() ) {
251 $this->logger->debug( __METHOD__ .
': Headers already sent' );
260 $response->clearCookie(
261 $this->params[
'sessionName'], [
'prefix' =>
'' ] + $this->cookieOptions
264 foreach ( $cookies as $key => $value ) {
265 $response->clearCookie( $key, $this->cookieOptions );
279 if ( $this->config->get(
'ForceHTTPS' ) ) {
290 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
294 $response->setCookie(
'forceHTTPS',
'true', $expiration,
295 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
297 $response->clearCookie(
'forceHTTPS',
298 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
308 if ( $loggedOut + 86400 > time() &&
309 $loggedOut !== (
int)$this->
getCookie( $request,
'LoggedOut', $this->cookieOptions[
'prefix'] )
311 $request->
response()->setCookie(
'LoggedOut', $loggedOut, $loggedOut + 86400,
312 $this->cookieOptions );
320 $this->cookieOptions[
'prefix'] .
'Token',
321 $this->cookieOptions[
'prefix'] .
'LoggedOut',
322 $this->params[
'sessionName'],
328 $name = $this->
getCookie( $request,
'UserName', $this->cookieOptions[
'prefix'] );
329 if ( $name !==
null ) {
332 return $name ===
false ? null : $name;
341 $prefix = $this->cookieOptions[
'prefix'];
343 $this->
getCookie( $request,
'UserID', $prefix ),
344 $this->
getCookie( $request,
'UserName', $prefix ),
345 $this->
getCookie( $request,
'Token', $prefix ),
357 protected function getCookie( $request, $key, $prefix, $default =
null ) {
358 if ( $this->useCrossSiteCookies ) {
359 $value = $request->getCrossSiteCookie( $key, $prefix, $default );
361 $value = $request->getCookie( $key, $prefix, $default );
363 if ( $value ===
'deleted' ) {
381 if ( $user->isAnon() ) {
388 'UserID' => $user->getId(),
389 'UserName' => $user->getName(),
390 'Token' => $remember ? (string)$user->getToken() :
false,
403 if ( !$user->isAnon() && $this->params[
'callUserSetCookiesHook'] ) {
405 'wsUserID' => $user->getId(),
406 'wsToken' => $user->getToken(),
407 'wsUserName' => $user->getName(),
415 return wfMessage(
'sessionprovider-nocookies' );
430 return [
'UserID',
'UserName',
'Token' ];
445 $normalExpiration = $this->config->get(
'CookieExpiration' );
447 if ( $shouldRememberUser && in_array( $cookieName, $extendedCookies,
true ) ) {
448 $extendedExpiration = $this->config->get(
'ExtendedLoginCookieExpiration' );
450 return ( $extendedExpiration !==
null ) ? (int)$extendedExpiration : (int)$normalExpiration;
452 return (
int)$normalExpiration;
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid.
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff,...
Interface for configuration instances.
get( $name)
Get a configuration variable such as "Sitename" or "UploadMaintenance.".