63 parent::__construct();
66 'cookieOptions' => [],
71 if ( !isset(
$params[
'priority'] ) ) {
72 throw new \InvalidArgumentException( __METHOD__ .
': priority must be specified' );
77 throw new \InvalidArgumentException( __METHOD__ .
': Invalid priority' );
80 if ( !is_array(
$params[
'cookieOptions'] ) ) {
81 throw new \InvalidArgumentException( __METHOD__ .
': cookieOptions must be an array' );
84 $this->priority =
$params[
'priority'];
85 $this->cookieOptions =
$params[
'cookieOptions'];
87 unset( $this->params[
'priority'] );
88 unset( $this->params[
'cookieOptions'] );
95 'callUserSetCookiesHook' =>
false,
102 $this->useCrossSiteCookies = $sameSite !==
null && strcasecmp( $sameSite,
'none' ) === 0;
105 $this->cookieOptions += [
113 'sameSite' => $sameSite,
118 $sessionId = $this->
getCookie( $request, $this->params[
'sessionName'],
'' );
121 'forceHTTPS' => $this->
getCookie( $request,
'forceHTTPS',
'',
false )
124 $info[
'id'] = $sessionId;
125 $info[
'persisted'] =
true;
129 if ( $userId !==
null ) {
132 }
catch ( \InvalidArgumentException $ex ) {
136 if ( $userName !==
null && $userInfo->getName() !== $userName ) {
137 $this->logger->warning(
138 'Session "{session}" requested with mismatched UserID and UserName cookies.',
140 'session' => $sessionId,
143 'cookie_username' => $userName,
144 'username' => $userInfo->getName(),
150 if ( $token !==
null ) {
151 if ( !hash_equals( $userInfo->getToken(), $token ) ) {
152 $this->logger->warning(
153 'Session "{session}" requested with invalid Token cookie.',
155 'session' => $sessionId,
157 'username' => $userInfo->getName(),
161 $info[
'userInfo'] = $userInfo->verified();
162 $info[
'persisted'] =
true;
163 } elseif ( isset( $info[
'id'] ) ) {
164 $info[
'userInfo'] = $userInfo;
170 } elseif ( isset( $info[
'id'] ) ) {
176 $this->logger->debug(
177 'Session "{session}" requested without UserID cookie',
179 'session' => $info[
'id'],
201 if ( $response->headersSent() ) {
203 $this->logger->debug( __METHOD__ .
': Headers already sent' );
213 if ( $this->params[
'callUserSetCookiesHook'] && !$user->isAnon() ) {
214 $this->
getHookRunner()->onUserSetCookies( $user, $sessionData, $cookies );
225 $response->setCookie( $this->params[
'sessionName'], $session->
getId(),
null,
226 [
'prefix' =>
'' ] + $options
229 foreach ( $cookies as $key => $value ) {
230 if ( $value ===
false ) {
231 $response->clearCookie( $key, $options );
234 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
235 $response->setCookie( $key, (
string)$value, $expiration, $options );
242 if ( $sessionData ) {
243 $session->
addData( $sessionData );
249 if ( $response->headersSent() ) {
251 $this->logger->debug( __METHOD__ .
': Headers already sent' );
260 $response->clearCookie(
261 $this->params[
'sessionName'], [
'prefix' =>
'' ] + $this->cookieOptions
264 foreach ( $cookies as $key => $value ) {
265 $response->clearCookie( $key, $this->cookieOptions );
290 $expiration = $expirationDuration ? $expirationDuration + time() :
null;
294 $response->setCookie(
'forceHTTPS',
'true', $expiration,
295 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
297 $response->clearCookie(
'forceHTTPS',
298 [
'prefix' =>
'',
'secure' =>
false ] + $this->cookieOptions );
307 if ( $loggedOut + 86400 > time() &&
308 $loggedOut !== (
int)$this->
getCookie( $request,
'LoggedOut', $this->cookieOptions[
'prefix'] )
310 $request->
response()->setCookie(
'LoggedOut', (
string)$loggedOut, $loggedOut + 86400,
311 $this->cookieOptions );
319 $this->cookieOptions[
'prefix'] .
'Token',
320 $this->cookieOptions[
'prefix'] .
'LoggedOut',
321 $this->params[
'sessionName'],
327 $name = $this->
getCookie( $request,
'UserName', $this->cookieOptions[
'prefix'] );
328 if ( $name !==
null ) {
329 if ( $this->userNameUtils->isTemp( $name ) ) {
332 $name = $this->userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_USABLE );
335 return $name ===
false ? null : $name;
344 $prefix = $this->cookieOptions[
'prefix'];
346 $this->
getCookie( $request,
'UserID', $prefix ),
347 $this->
getCookie( $request,
'UserName', $prefix ),
348 $this->
getCookie( $request,
'Token', $prefix ),
360 protected function getCookie( $request, $key, $prefix, $default =
null ) {
361 if ( $this->useCrossSiteCookies ) {
362 $value = $request->getCrossSiteCookie( $key, $prefix, $default );
364 $value = $request->getCookie( $key, $prefix, $default );
366 if ( $value ===
'deleted' ) {
384 if ( $user->isAnon() ) {
391 'UserID' => $user->getId(),
392 'UserName' => $user->getName(),
393 'Token' => $remember ? (string)$user->getToken() :
false,
406 if ( !$user->isAnon() && $this->params[
'callUserSetCookiesHook'] ) {
408 'wsUserID' => $user->getId(),
409 'wsToken' => $user->getToken(),
410 'wsUserName' => $user->getName(),
418 return wfMessage(
'sessionprovider-nocookies' );
433 return [
'UserID',
'UserName',
'Token' ];
450 if ( $shouldRememberUser && in_array( $cookieName, $extendedCookies,
true ) ) {
453 return ( $extendedExpiration !==
null ) ? (int)$extendedExpiration : (int)$normalExpiration;
455 return (
int)$normalExpiration;
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
A class containing constants representing the names of configuration variables.
const ForceHTTPS
Name constant for the ForceHTTPS setting, for use with Config::get()
const CookieExpiration
Name constant for the CookieExpiration setting, for use with Config::get()
const CookieDomain
Name constant for the CookieDomain setting, for use with Config::get()
const CookiePath
Name constant for the CookiePath setting, for use with Config::get()
const CookieSameSite
Name constant for the CookieSameSite setting, for use with Config::get()
const CookieSecure
Name constant for the CookieSecure setting, for use with Config::get()
const SessionName
Name constant for the SessionName setting, for use with Config::get()
const ExtendedLoginCookieExpiration
Name constant for the ExtendedLoginCookieExpiration setting, for use with Config::get()
const CookiePrefix
Name constant for the CookiePrefix setting, for use with Config::get()
const CookieHttpOnly
Name constant for the CookieHttpOnly setting, for use with Config::get()
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff,...