3 * Session provider for bot passwords
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
24 namespace MediaWiki\Session
;
31 * Session provider for bot passwords
34 class BotPasswordSessionProvider
extends ImmutableSessionProviderWithCookie
{
37 * @param array $params Keys include:
38 * - priority: (required) Set the priority
39 * - sessionCookieName: Session cookie name. Default is '_BPsession'.
40 * - sessionCookieOptions: Options to pass to WebResponse::setCookie().
42 public function __construct( array $params = array() ) {
43 if ( !isset( $params['sessionCookieName'] ) ) {
44 $params['sessionCookieName'] = '_BPsession';
46 parent
::__construct( $params );
48 if ( !isset( $params['priority'] ) ) {
49 throw new \
InvalidArgumentException( __METHOD__
. ': priority must be specified' );
51 if ( $params['priority'] < SessionInfo
::MIN_PRIORITY ||
52 $params['priority'] > SessionInfo
::MAX_PRIORITY
54 throw new \
InvalidArgumentException( __METHOD__
. ': Invalid priority' );
57 $this->priority
= $params['priority'];
60 public function provideSessionInfo( WebRequest
$request ) {
61 // Only relevant for the API
62 if ( !defined( 'MW_API' ) ) {
67 if ( !$this->config
->get( 'EnableBotPasswords' ) ) {
72 $id = $this->getSessionIdFromCookie( $request );
77 return new SessionInfo( $this->priority
, array(
84 public function newSessionInfo( $id = null ) {
85 // We don't activate by default
90 * Create a new session for a request
92 * @param BotPassword $bp
93 * @param WebRequest $request
96 public function newSessionForRequest( User
$user, BotPassword
$bp, WebRequest
$request ) {
97 $id = $this->getSessionIdFromCookie( $request );
98 $info = new SessionInfo( SessionInfo
::MAX_PRIORITY
, array(
101 'userInfo' => UserInfo
::newFromUser( $user, true ),
102 'persisted' => $id !== null,
104 'centralId' => $bp->getUserCentralId(),
105 'appId' => $bp->getAppId(),
106 'token' => $bp->getToken(),
107 'rights' => \MWGrants
::getGrantRights( $bp->getGrants() ),
110 $session = $this->getManager()->getSessionFromInfo( $info, $request );
115 public function refreshSessionInfo( SessionInfo
$info, WebRequest
$request, &$metadata ) {
116 $missingKeys = array_diff(
117 array( 'centralId', 'appId', 'token' ),
118 array_keys( $metadata )
120 if ( $missingKeys ) {
121 $this->logger
->info( 'Session "{session}": Missing metadata: {missing}', array(
123 'missing' => join( ', ', $missingKeys ),
128 $bp = BotPassword
::newFromCentralId( $metadata['centralId'], $metadata['appId'] );
131 'Session "{session}": No BotPassword for {centralId} {appId}',
134 'centralId' => $metadata['centralId'],
135 'appId' => $metadata['appId'],
140 if ( !hash_equals( $metadata['token'], $bp->getToken() ) ) {
141 $this->logger
->info( 'Session "{session}": BotPassword token check failed', array(
143 'centralId' => $metadata['centralId'],
144 'appId' => $metadata['appId'],
149 $status = $bp->getRestrictions()->check( $request );
150 if ( !$status->isOk() ) {
152 'Session "{session}": Restrictions check failed',
155 'restrictions' => $status->getValue(),
156 'centralId' => $metadata['centralId'],
157 'appId' => $metadata['appId'],
162 // Update saved rights
163 $metadata['rights'] = \MWGrants
::getGrantRights( $bp->getGrants() );
168 public function preventSessionsForUser( $username ) {
169 BotPassword
::removeAllPasswordsForUser( $username );
172 public function getAllowedUserRights( SessionBackend
$backend ) {
173 if ( $backend->getProvider() !== $this ) {
174 throw new InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
176 $data = $backend->getProviderMetadata();
178 return $data['rights'];
181 // Should never happen
182 $this->logger
->debug( __METHOD__
. ': No provider metadata, returning no rights allowed' );