MediaWiki  master
BotPasswordSessionProvider.php
Go to the documentation of this file.
1 <?php
25 
26 use BotPassword;
27 use User;
28 use WebRequest;
29 
35 
42  public function __construct( array $params = [] ) {
43  if ( !isset( $params['sessionCookieName'] ) ) {
44  $params['sessionCookieName'] = '_BPsession';
45  }
46  parent::__construct( $params );
47 
48  if ( !isset( $params['priority'] ) ) {
49  throw new \InvalidArgumentException( __METHOD__ . ': priority must be specified' );
50  }
51  if ( $params['priority'] < SessionInfo::MIN_PRIORITY ||
52  $params['priority'] > SessionInfo::MAX_PRIORITY
53  ) {
54  throw new \InvalidArgumentException( __METHOD__ . ': Invalid priority' );
55  }
56 
57  $this->priority = $params['priority'];
58  }
59 
60  public function provideSessionInfo( WebRequest $request ) {
61  // Only relevant for the API
62  if ( !defined( 'MW_API' ) ) {
63  return null;
64  }
65 
66  // Enabled?
67  if ( !$this->config->get( 'EnableBotPasswords' ) ) {
68  return null;
69  }
70 
71  // Have a session ID?
72  $id = $this->getSessionIdFromCookie( $request );
73  if ( $id === null ) {
74  return null;
75  }
76 
77  return new SessionInfo( $this->priority, [
78  'provider' => $this,
79  'id' => $id,
80  'persisted' => true
81  ] );
82  }
83 
84  public function newSessionInfo( $id = null ) {
85  // We don't activate by default
86  return null;
87  }
88 
96  public function newSessionForRequest( User $user, BotPassword $bp, WebRequest $request ) {
97  $id = $this->getSessionIdFromCookie( $request );
99  'provider' => $this,
100  'id' => $id,
101  'userInfo' => UserInfo::newFromUser( $user, true ),
102  'persisted' => $id !== null,
103  'metadata' => [
104  'centralId' => $bp->getUserCentralId(),
105  'appId' => $bp->getAppId(),
106  'token' => $bp->getToken(),
107  'rights' => \MWGrants::getGrantRights( $bp->getGrants() ),
108  ],
109  ] );
110  $session = $this->getManager()->getSessionFromInfo( $info, $request );
111  $session->persist();
112  return $session;
113  }
114 
119  public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
120  $missingKeys = array_diff(
121  [ 'centralId', 'appId', 'token' ],
122  array_keys( $metadata )
123  );
124  if ( $missingKeys ) {
125  $this->logger->info( 'Session "{session}": Missing metadata: {missing}', [
126  'session' => $info,
127  'missing' => implode( ', ', $missingKeys ),
128  ] );
129  return false;
130  }
131 
132  $bp = BotPassword::newFromCentralId( $metadata['centralId'], $metadata['appId'] );
133  if ( !$bp ) {
134  $this->logger->info(
135  'Session "{session}": No BotPassword for {centralId} {appId}',
136  [
137  'session' => $info,
138  'centralId' => $metadata['centralId'],
139  'appId' => $metadata['appId'],
140  ] );
141  return false;
142  }
143 
144  if ( !hash_equals( $metadata['token'], $bp->getToken() ) ) {
145  $this->logger->info( 'Session "{session}": BotPassword token check failed', [
146  'session' => $info,
147  'centralId' => $metadata['centralId'],
148  'appId' => $metadata['appId'],
149  ] );
150  return false;
151  }
152 
153  $status = $bp->getRestrictions()->check( $request );
154  if ( !$status->isOK() ) {
155  $this->logger->info(
156  'Session "{session}": Restrictions check failed',
157  [
158  'session' => $info,
159  'restrictions' => $status->getValue(),
160  'centralId' => $metadata['centralId'],
161  'appId' => $metadata['appId'],
162  ] );
163  return false;
164  }
165 
166  // Update saved rights
167  $metadata['rights'] = \MWGrants::getGrantRights( $bp->getGrants() );
168 
169  return true;
170  }
171 
176  public function preventSessionsForUser( $username ) {
178  }
179 
180  public function getAllowedUserRights( SessionBackend $backend ) {
181  if ( $backend->getProvider() !== $this ) {
182  throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
183  }
184  $data = $backend->getProviderMetadata();
185  if ( $data && isset( $data['rights'] ) && is_array( $data['rights'] ) ) {
186  return $data['rights'];
187  }
188 
189  // Should never happen
190  $this->logger->debug( __METHOD__ . ': No provider metadata, returning no rights allowed' );
191  return [];
192  }
193 }
MediaWiki\Session\Session\BotPasswordSessionProvider\provideSessionInfo
provideSessionInfo(WebRequest $request)
Provide session info for a request.
Definition: BotPasswordSessionProvider.php:60
MediaWiki\Session\SessionProvider\getManager
getManager()
Get the session manager.
Definition: SessionProvider.php:136
BotPassword\getUserCentralId
getUserCentralId()
Get the central user ID.
Definition: BotPassword.php:191
MediaWiki\Session\ImmutableSessionProviderWithCookie\getSessionIdFromCookie
getSessionIdFromCookie(WebRequest $request)
Get the session ID from the cookie, if any.
Definition: ImmutableSessionProviderWithCookie.php:81
MediaWiki\Session\Session\BotPasswordSessionProvider\getAllowedUserRights
getAllowedUserRights(SessionBackend $backend)
Fetch the rights allowed the user when the specified session is active.
Definition: BotPasswordSessionProvider.php:180
MediaWiki\Session\Session\BotPasswordSessionProvider
Session provider for bot passwords.
Definition: BotPasswordSessionProvider.php:34
MediaWiki\Session\SessionBackend\getProviderMetadata
getProviderMetadata()
Fetch provider metadata.
Definition: SessionBackend.php:511
MWGrants\getGrantRights
static getGrantRights( $grants)
Fetch the rights allowed by a set of grants.
Definition: MWGrants.php:106
BotPassword
Utility class for bot passwords.
Definition: BotPassword.php:30
MediaWiki\Session\Session\BotPasswordSessionProvider\refreshSessionInfo
refreshSessionInfo(SessionInfo $info, WebRequest $request, &$metadata)
Validate a loaded SessionInfo and refresh provider metadata.This is similar in purpose to the 'Sessio...
Definition: BotPasswordSessionProvider.php:119
MediaWiki\Session\SessionBackend\getProvider
getProvider()
Fetch the SessionProvider for this session.
Definition: SessionBackend.php:290
BotPassword\getAppId
getAppId()
Get the app ID.
Definition: BotPassword.php:199
BotPassword\getToken
getToken()
Get the token.
Definition: BotPassword.php:207
MediaWiki\Session\UserInfo\newFromUser
static newFromUser(User $user, $verified=false)
Create an instance from an existing User object.
Definition: UserInfo.php:117
MediaWiki\Session\Session\BotPasswordSessionProvider\newSessionForRequest
newSessionForRequest(User $user, BotPassword $bp, WebRequest $request)
Create a new session for a request.
Definition: BotPasswordSessionProvider.php:96
MediaWiki\Session\Session\BotPasswordSessionProvider\preventSessionsForUser
preventSessionsForUser( $username)
Prevent future sessions for the user.If the provider is capable of returning a SessionInfo with a ver...
Definition: BotPasswordSessionProvider.php:176
MediaWiki\Session\ImmutableSessionProviderWithCookie
An ImmutableSessionProviderWithCookie doesn't persist the user, but optionally can use a cookie to su...
Definition: ImmutableSessionProviderWithCookie.php:40
MediaWiki\Session\Session\BotPasswordSessionProvider\__construct
__construct(array $params=[])
Definition: BotPasswordSessionProvider.php:42
MediaWiki\Session
Definition: BotPasswordSessionProvider.php:24
MediaWiki\Session\SessionInfo\MAX_PRIORITY
const MAX_PRIORITY
Maximum allowed priority.
Definition: SessionInfo.php:39
MediaWiki\Session\Session\BotPasswordSessionProvider\newSessionInfo
newSessionInfo( $id=null)
Provide session info for a new, empty session.
Definition: BotPasswordSessionProvider.php:84
BotPassword\newFromCentralId
static newFromCentralId( $centralId, $appId, $flags=self::READ_NORMAL)
Load a BotPassword from the database.
Definition: BotPassword.php:107
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:43
MediaWiki\Session\SessionInfo
Value object returned by SessionProvider.
Definition: SessionInfo.php:34
BotPassword\getGrants
getGrants()
Get the grants.
Definition: BotPassword.php:223
BotPassword\removeAllPasswordsForUser
static removeAllPasswordsForUser( $username)
Remove all passwords for a user, by name.
Definition: BotPassword.php:373
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:54
MediaWiki\Session\SessionInfo\MIN_PRIORITY
const MIN_PRIORITY
Minimum allowed priority.
Definition: SessionInfo.php:36
MediaWiki\Session\SessionBackend
This is the actual workhorse for Session.
Definition: SessionBackend.php:52