master/php/BotPasswordSessionProvider_8php_source.html

 <?php

 namespace MediaWiki\Session;


 use MediaWiki\MainConfigNames;

 use MediaWiki\Permissions\GrantsInfo;

 use MediaWiki\Request\WebRequest;

 use MediaWiki\User\BotPassword;

 use MediaWiki\User\User;


 class BotPasswordSessionProvider extends ImmutableSessionProviderWithCookie {

     private $grantsInfo;


     private $isApiRequest;


     public function __construct( GrantsInfo $grantsInfo, array $params = [] ) {

         if ( !isset( $params['sessionCookieName'] ) ) {

             $params['sessionCookieName'] = '_BPsession';

         }

         parent::__construct( $params );


         if ( !isset( $params['priority'] ) ) {

             throw new \InvalidArgumentException( __METHOD__ . ': priority must be specified' );

         }

         if ( $params['priority'] < SessionInfo::MIN_PRIORITY ||

             $params['priority'] > SessionInfo::MAX_PRIORITY

         ) {

             throw new \InvalidArgumentException( __METHOD__ . ': Invalid priority' );

         }


         $this->priority = $params['priority'];


         $this->grantsInfo = $grantsInfo;


         $this->isApiRequest = $params['isApiRequest']

             ?? ( defined( 'MW_API' ) || defined( 'MW_REST_API' ) );

     }


     public function provideSessionInfo( WebRequest $request ) {

         // Only relevant for the (Action or REST) API

         if ( !$this->isApiRequest ) {

             return null;

         }


         // Enabled?

         if ( !$this->getConfig()->get( MainConfigNames::EnableBotPasswords ) ) {

             return null;

         }


         // Have a session ID?

         $id = $this->getSessionIdFromCookie( $request );

         if ( $id === null ) {

             return null;

         }


         return new SessionInfo( $this->priority, [

             'provider' => $this,

             'id' => $id,

             'persisted' => true

         ] );

     }


     public function newSessionInfo( $id = null ) {

         // We don't activate by default

         return null;

     }


     public function newSessionForRequest( User $user, BotPassword $bp, WebRequest $request ) {

         $id = $this->getSessionIdFromCookie( $request );

         $info = new SessionInfo( SessionInfo::MAX_PRIORITY, [

             'provider' => $this,

             'id' => $id,

             'userInfo' => UserInfo::newFromUser( $user, true ),

             'persisted' => $id !== null,

             'metadata' => [

                 'centralId' => $bp->getUserCentralId(),

                 'appId' => $bp->getAppId(),

                 'token' => $bp->getToken(),

                 'rights' => $this->grantsInfo->getGrantRights( $bp->getGrants() ),

             ],

         ] );

         $session = $this->getManager()->getSessionFromInfo( $info, $request );

         $session->persist();

         return $session;

     }


     public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {

         $missingKeys = array_diff(

             [ 'centralId', 'appId', 'token' ],

             array_keys( $metadata )

         );

         if ( $missingKeys ) {

             $this->logger->info( 'Session "{session}": Missing metadata: {missing}', [

                 'session' => $info->__toString(),

                 'missing' => implode( ', ', $missingKeys ),

             ] );

             return false;

         }


         $bp = BotPassword::newFromCentralId( $metadata['centralId'], $metadata['appId'] );

         if ( !$bp ) {

             $this->logger->info(

                 'Session "{session}": No BotPassword for {centralId} {appId}',

                 [

                     'session' => $info->__toString(),

                     'centralId' => $metadata['centralId'],

                     'appId' => $metadata['appId'],

             ] );

             return false;

         }


         if ( !hash_equals( $metadata['token'], $bp->getToken() ) ) {

             $this->logger->info( 'Session "{session}": BotPassword token check failed', [

                 'session' => $info->__toString(),

                 'centralId' => $metadata['centralId'],

                 'appId' => $metadata['appId'],

             ] );

             return false;

         }


         $status = $bp->getRestrictions()->check( $request );

         if ( !$status->isOK() ) {

             $this->logger->info(

                 'Session "{session}": Restrictions check failed',

                 [

                     'session' => $info->__toString(),

                     'restrictions' => $status->getValue(),

                     'centralId' => $metadata['centralId'],

                     'appId' => $metadata['appId'],

             ] );

             return false;

         }


         // Update saved rights

         $metadata['rights'] = $this->grantsInfo->getGrantRights( $bp->getGrants() );


         return true;

     }


     public function preventSessionsForUser( $username ) {

         BotPassword::removeAllPasswordsForUser( $username );

     }


     public function getAllowedUserRights( SessionBackend $backend ) {

         if ( $backend->getProvider() !== $this ) {

             throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );

         }

         $data = $backend->getProviderMetadata();

         if ( $data && isset( $data['rights'] ) && is_array( $data['rights'] ) ) {

             return $data['rights'];

         }


         // Should never happen

         $this->logger->debug( __METHOD__ . ': No provider metadata, returning no rights allowed' );

         return [];

     }

 }

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition: MainConfigNames.php:22

MediaWiki\MainConfigNames\EnableBotPasswords
const EnableBotPasswords
Name constant for the EnableBotPasswords setting, for use with Config::get()
Definition: MainConfigNames.php:3005

MediaWiki\Permissions\GrantsInfo
Users can authorize applications to use their account via OAuth.
Definition: GrantsInfo.php:33

GuzzleHttp\Psr7\Request\WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:50

MediaWiki\Session\BotPasswordSessionProvider
Session provider for bot passwords.
Definition: BotPasswordSessionProvider.php:36

MediaWiki\Session\BotPasswordSessionProvider\newSessionForRequest
newSessionForRequest(User $user, BotPassword $bp, WebRequest $request)
Create a new session for a request.
Definition: BotPasswordSessionProvider.php:110

MediaWiki\Session\BotPasswordSessionProvider\provideSessionInfo
provideSessionInfo(WebRequest $request)
Provide session info for a request.
Definition: BotPasswordSessionProvider.php:74

MediaWiki\Session\BotPasswordSessionProvider\__construct
__construct(GrantsInfo $grantsInfo, array $params=[])
Definition: BotPasswordSessionProvider.php:51

MediaWiki\Session\BotPasswordSessionProvider\preventSessionsForUser
preventSessionsForUser( $username)
Prevent future sessions for the user.If the provider is capable of returning a SessionInfo with a ver...
Definition: BotPasswordSessionProvider.php:190

MediaWiki\Session\BotPasswordSessionProvider\getAllowedUserRights
getAllowedUserRights(SessionBackend $backend)
Fetch the rights allowed the user when the specified session is active.
Definition: BotPasswordSessionProvider.php:194

MediaWiki\Session\BotPasswordSessionProvider\newSessionInfo
newSessionInfo( $id=null)
Provide session info for a new, empty session.
Definition: BotPasswordSessionProvider.php:98

MediaWiki\Session\BotPasswordSessionProvider\refreshSessionInfo
refreshSessionInfo(SessionInfo $info, WebRequest $request, &$metadata)
Validate a loaded SessionInfo and refresh provider metadata.This is similar in purpose to the 'Sessio...
Definition: BotPasswordSessionProvider.php:133

MediaWiki\Session\ImmutableSessionProviderWithCookie
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
Definition: ImmutableSessionProviderWithCookie.php:42

MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
Definition: ImmutableSessionProviderWithCookie.php:84

MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition: SessionBackend.php:54

MediaWiki\Session\SessionBackend\getProviderMetadata
getProviderMetadata()
Fetch provider metadata.
Definition: SessionBackend.php:531

MediaWiki\Session\SessionBackend\getProvider
getProvider()
Fetch the SessionProvider for this session.
Definition: SessionBackend.php:311

MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition: SessionInfo.php:37

MediaWiki\Session\SessionInfo\__toString
__toString()
Definition: SessionInfo.php:289

MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition: SessionInfo.php:39

MediaWiki\Session\SessionInfo\MAX_PRIORITY
const MAX_PRIORITY
Maximum allowed priority.
Definition: SessionInfo.php:42

MediaWiki\Session\SessionProvider\getManager
getManager()
Get the session manager.
Definition: SessionProvider.php:215

MediaWiki\Session\SessionProvider\getConfig
getConfig()
Get the config.
Definition: SessionProvider.php:191

MediaWiki\Session\UserInfo\newFromUser
static newFromUser(User $user, $verified=false)
Create an instance from an existing User object.
Definition: UserInfo.php:123

MediaWiki\User\BotPassword
Utility class for bot passwords.
Definition: BotPassword.php:50

MediaWiki\User\BotPassword\removeAllPasswordsForUser
static removeAllPasswordsForUser( $username)
Remove all passwords for a user, by name.
Definition: BotPassword.php:344

MediaWiki\User\BotPassword\getGrants
getGrants()
Definition: BotPassword.php:205

MediaWiki\User\BotPassword\getAppId
getAppId()
Definition: BotPassword.php:184

MediaWiki\User\BotPassword\getToken
getToken()
Definition: BotPassword.php:191

MediaWiki\User\BotPassword\newFromCentralId
static newFromCentralId( $centralId, $appId, $flags=self::READ_NORMAL)
Load a BotPassword from the database.
Definition: BotPassword.php:141

MediaWiki\User\BotPassword\getUserCentralId
getUserCentralId()
Get the central user ID.
Definition: BotPassword.php:177

MediaWiki\User\User
internal since 1.36
Definition: User.php:98

MediaWiki\Session
Definition: BotPasswordSessionProvider.php:24