search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SessionManager: Kill getPersistedSessionId()
[mediawiki.git] / tests / phpunit / includes / session / SessionManagerTest.php
blob083223ebed1f6dbde87a3b120aa2db523ebcb0d4
1 <?php
2
3 namespace MediaWiki\Session;
4
5 use Psr\Log\LogLevel;
6 use MediaWikiTestCase;
7 use User;
8
9 /**
10 * @group Session
11 * @group Database
12 * @covers MediaWiki\Session\SessionManager
13 */
14 class SessionManagerTest extends MediaWikiTestCase {
15
16 protected $config, $logger, $store;
17
18 protected function getManager() {
19 \ObjectCache::$instances['testSessionStore'] = new TestBagOStuff();
20 $this->config = new \HashConfig( array(
21 'LanguageCode' => 'en',
22 'SessionCacheType' => 'testSessionStore',
23 'ObjectCacheSessionExpiry' => 100,
24 'SessionProviders' => array(
25 array( 'class' => 'DummySessionProvider' ),
26 )
27 ) );
28 $this->logger = new \TestLogger( false, function ( $m ) {
29 return substr( $m, 0, 15 ) === 'SessionBackend ' ? null : $m;
30 } );
31 $this->store = new TestBagOStuff();
32
33 return new SessionManager( array(
34 'config' => $this->config,
35 'logger' => $this->logger,
36 'store' => $this->store,
37 ) );
38 }
39
40 protected function objectCacheDef( $object ) {
41 return array( 'factory' => function () use ( $object ) {
42 return $object;
43 } );
44 }
45
46 public function testSingleton() {
47 $reset = TestUtils::setSessionManagerSingleton( null );
48
49 $singleton = SessionManager::singleton();
50 $this->assertInstanceOf( 'MediaWiki\\Session\\SessionManager', $singleton );
51 $this->assertSame( $singleton, SessionManager::singleton() );
52 }
53
54 public function testGetGlobalSession() {
55 $context = \RequestContext::getMain();
56
57 if ( !PHPSessionHandler::isInstalled() ) {
58 PHPSessionHandler::install( SessionManager::singleton() );
59 }
60 $rProp = new \ReflectionProperty( 'MediaWiki\\Session\\PHPSessionHandler', 'instance' );
61 $rProp->setAccessible( true );
62 $handler = \TestingAccessWrapper::newFromObject( $rProp->getValue() );
63 $oldEnable = $handler->enable;
64 $reset[] = new \ScopedCallback( function () use ( $handler, $oldEnable ) {
65 if ( $handler->enable ) {
66 session_write_close();
67 }
68 $handler->enable = $oldEnable;
69 } );
70 $reset[] = TestUtils::setSessionManagerSingleton( $this->getManager() );
71
72 $handler->enable = true;
73 $request = new \FauxRequest();
74 $context->setRequest( $request );
75 $id = $request->getSession()->getId();
76
77 session_id( '' );
78 $session = SessionManager::getGlobalSession();
79 $this->assertSame( $id, $session->getId() );
80
81 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
82 $session = SessionManager::getGlobalSession();
83 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $session->getId() );
84 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $request->getSession()->getId() );
85
86 session_write_close();
87 $handler->enable = false;
88 $request = new \FauxRequest();
89 $context->setRequest( $request );
90 $id = $request->getSession()->getId();
91
92 session_id( '' );
93 $session = SessionManager::getGlobalSession();
94 $this->assertSame( $id, $session->getId() );
95
96 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
97 $session = SessionManager::getGlobalSession();
98 $this->assertSame( $id, $session->getId() );
99 $this->assertSame( $id, $request->getSession()->getId() );
100 }
101
102 public function testConstructor() {
103 $manager = \TestingAccessWrapper::newFromObject( $this->getManager() );
104 $this->assertSame( $this->config, $manager->config );
105 $this->assertSame( $this->logger, $manager->logger );
106 $this->assertSame( $this->store, $manager->store );
107
108 $manager = \TestingAccessWrapper::newFromObject( new SessionManager() );
109 $this->assertSame( \RequestContext::getMain()->getConfig(), $manager->config );
110
111 $manager = \TestingAccessWrapper::newFromObject( new SessionManager( array(
112 'config' => $this->config,
113 ) ) );
114 $this->assertSame( \ObjectCache::$instances['testSessionStore'], $manager->store );
115
116 foreach ( array(
117 'config' => '$options[\'config\'] must be an instance of Config',
118 'logger' => '$options[\'logger\'] must be an instance of LoggerInterface',
119 'store' => '$options[\'store\'] must be an instance of BagOStuff',
120 ) as $key => $error ) {
121 try {
122 new SessionManager( array( $key => new \stdClass ) );
123 $this->fail( 'Expected exception not thrown' );
124 } catch ( \InvalidArgumentException $ex ) {
125 $this->assertSame( $error, $ex->getMessage() );
126 }
127 }
128 }
129
130 public function testGetSessionForRequest() {
131 $manager = $this->getManager();
132 $request = new \FauxRequest();
133
134 $id1 = '';
135 $id2 = '';
136 $idEmpty = 'empty-session-------------------';
137
138 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
139 ->setMethods(
140 array( 'provideSessionInfo', 'newSessionInfo', '__toString', 'describe' )
141 );
142
143 $provider1 = $providerBuilder->getMock();
144 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
145 ->with( $this->identicalTo( $request ) )
146 ->will( $this->returnCallback( function ( $request ) {
147 return $request->info1;
148 } ) );
149 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
150 ->will( $this->returnCallback( function () use ( $idEmpty, $provider1 ) {
151 return new SessionInfo( SessionInfo::MIN_PRIORITY, array(
152 'provider' => $provider1,
153 'id' => $idEmpty,
154 'persisted' => true,
155 'idIsSafe' => true,
156 ) );
157 } ) );
158 $provider1->expects( $this->any() )->method( '__toString' )
159 ->will( $this->returnValue( 'Provider1' ) );
160 $provider1->expects( $this->any() )->method( 'describe' )
161 ->will( $this->returnValue( '#1 sessions' ) );
162
163 $provider2 = $providerBuilder->getMock();
164 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
165 ->with( $this->identicalTo( $request ) )
166 ->will( $this->returnCallback( function ( $request ) {
167 return $request->info2;
168 } ) );
169 $provider2->expects( $this->any() )->method( '__toString' )
170 ->will( $this->returnValue( 'Provider2' ) );
171 $provider2->expects( $this->any() )->method( 'describe' )
172 ->will( $this->returnValue( '#2 sessions' ) );
173
174 $this->config->set( 'SessionProviders', array(
175 $this->objectCacheDef( $provider1 ),
176 $this->objectCacheDef( $provider2 ),
177 ) );
178
179 // No provider returns info
180 $request->info1 = null;
181 $request->info2 = null;
182 $session = $manager->getSessionForRequest( $request );
183 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
184 $this->assertSame( $idEmpty, $session->getId() );
185
186 // Both providers return info, picks best one
187 $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, array(
188 'provider' => $provider1,
189 'id' => ( $id1 = $manager->generateSessionId() ),
190 'persisted' => true,
191 'idIsSafe' => true,
192 ) );
193 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, array(
194 'provider' => $provider2,
195 'id' => ( $id2 = $manager->generateSessionId() ),
196 'persisted' => true,
197 'idIsSafe' => true,
198 ) );
199 $session = $manager->getSessionForRequest( $request );
200 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
201 $this->assertSame( $id2, $session->getId() );
202
203 $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, array(
204 'provider' => $provider1,
205 'id' => ( $id1 = $manager->generateSessionId() ),
206 'persisted' => true,
207 'idIsSafe' => true,
208 ) );
209 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, array(
210 'provider' => $provider2,
211 'id' => ( $id2 = $manager->generateSessionId() ),
212 'persisted' => true,
213 'idIsSafe' => true,
214 ) );
215 $session = $manager->getSessionForRequest( $request );
216 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
217 $this->assertSame( $id1, $session->getId() );
218
219 // Tied priorities
220 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, array(
221 'provider' => $provider1,
222 'id' => ( $id1 = $manager->generateSessionId() ),
223 'persisted' => true,
224 'userInfo' => UserInfo::newAnonymous(),
225 'idIsSafe' => true,
226 ) );
227 $request->info2 = new SessionInfo( SessionInfo::MAX_PRIORITY, array(
228 'provider' => $provider2,
229 'id' => ( $id2 = $manager->generateSessionId() ),
230 'persisted' => true,
231 'userInfo' => UserInfo::newAnonymous(),
232 'idIsSafe' => true,
233 ) );
234 try {
235 $manager->getSessionForRequest( $request );
236 $this->fail( 'Expcected exception not thrown' );
237 } catch ( \OverFlowException $ex ) {
238 $this->assertStringStartsWith(
239 'Multiple sessions for this request tied for top priority: ',
240 $ex->getMessage()
241 );
242 $this->assertCount( 2, $ex->sessionInfos );
243 $this->assertContains( $request->info1, $ex->sessionInfos );
244 $this->assertContains( $request->info2, $ex->sessionInfos );
245 }
246
247 // Bad provider
248 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, array(
249 'provider' => $provider2,
250 'id' => ( $id1 = $manager->generateSessionId() ),
251 'persisted' => true,
252 'idIsSafe' => true,
253 ) );
254 $request->info2 = null;
255 try {
256 $manager->getSessionForRequest( $request );
257 $this->fail( 'Expcected exception not thrown' );
258 } catch ( \UnexpectedValueException $ex ) {
259 $this->assertSame(
260 'Provider1 returned session info for a different provider: ' . $request->info1,
261 $ex->getMessage()
262 );
263 }
264
265 // Unusable session info
266 $this->logger->setCollect( true );
267 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, array(
268 'provider' => $provider1,
269 'id' => ( $id1 = $manager->generateSessionId() ),
270 'persisted' => true,
271 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
272 'idIsSafe' => true,
273 ) );
274 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
275 'provider' => $provider2,
276 'id' => ( $id2 = $manager->generateSessionId() ),
277 'persisted' => true,
278 'idIsSafe' => true,
279 ) );
280 $session = $manager->getSessionForRequest( $request );
281 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
282 $this->assertSame( $id2, $session->getId() );
283 $this->logger->setCollect( false );
284
285 // Unpersisted session ID
286 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, array(
287 'provider' => $provider1,
288 'id' => ( $id1 = $manager->generateSessionId() ),
289 'persisted' => false,
290 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
291 'idIsSafe' => true,
292 ) );
293 $request->info2 = null;
294 $session = $manager->getSessionForRequest( $request );
295 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
296 $this->assertSame( $id1, $session->getId() );
297 $session->persist();
298 $this->assertTrue( $session->isPersistent(), 'sanity check' );
299 }
300
301 public function testGetSessionById() {
302 $manager = $this->getManager();
303
304 try {
305 $manager->getSessionById( 'bad' );
306 $this->fail( 'Expected exception not thrown' );
307 } catch ( \InvalidArgumentException $ex ) {
308 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
309 }
310
311 // Unknown session ID
312 $id = $manager->generateSessionId();
313 $session = $manager->getSessionById( $id, true );
314 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
315 $this->assertSame( $id, $session->getId() );
316
317 $id = $manager->generateSessionId();
318 $this->assertNull( $manager->getSessionById( $id, false ) );
319
320 // Known but unloadable session ID
321 $this->logger->setCollect( true );
322 $id = $manager->generateSessionId();
323 $this->store->setSession( $id, array( 'metadata' => array(
324 'userId' => User::idFromName( 'UTSysop' ),
325 'userToken' => 'bad',
326 ) ) );
327
328 $this->assertNull( $manager->getSessionById( $id, true ) );
329 $this->assertNull( $manager->getSessionById( $id, false ) );
330 $this->logger->setCollect( false );
331
332 // Known session ID
333 $this->store->setSession( $id, array() );
334 $session = $manager->getSessionById( $id, false );
335 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
336 $this->assertSame( $id, $session->getId() );
337 }
338
339 public function testGetEmptySession() {
340 $manager = $this->getManager();
341 $pmanager = \TestingAccessWrapper::newFromObject( $manager );
342 $request = new \FauxRequest();
343
344 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
345 ->setMethods( array( 'provideSessionInfo', 'newSessionInfo', '__toString' ) );
346
347 $expectId = null;
348 $info1 = null;
349 $info2 = null;
350
351 $provider1 = $providerBuilder->getMock();
352 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
353 ->will( $this->returnValue( null ) );
354 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
355 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
356 return $id === $expectId;
357 } ) )
358 ->will( $this->returnCallback( function () use ( &$info1 ) {
359 return $info1;
360 } ) );
361 $provider1->expects( $this->any() )->method( '__toString' )
362 ->will( $this->returnValue( 'MockProvider1' ) );
363
364 $provider2 = $providerBuilder->getMock();
365 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
366 ->will( $this->returnValue( null ) );
367 $provider2->expects( $this->any() )->method( 'newSessionInfo' )
368 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
369 return $id === $expectId;
370 } ) )
371 ->will( $this->returnCallback( function () use ( &$info2 ) {
372 return $info2;
373 } ) );
374 $provider1->expects( $this->any() )->method( '__toString' )
375 ->will( $this->returnValue( 'MockProvider2' ) );
376
377 $this->config->set( 'SessionProviders', array(
378 $this->objectCacheDef( $provider1 ),
379 $this->objectCacheDef( $provider2 ),
380 ) );
381
382 // No info
383 $expectId = null;
384 $info1 = null;
385 $info2 = null;
386 try {
387 $manager->getEmptySession();
388 $this->fail( 'Expected exception not thrown' );
389 } catch ( \UnexpectedValueException $ex ) {
390 $this->assertSame(
391 'No provider could provide an empty session!',
392 $ex->getMessage()
393 );
394 }
395
396 // Info
397 $expectId = null;
398 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
399 'provider' => $provider1,
400 'id' => 'empty---------------------------',
401 'persisted' => true,
402 'idIsSafe' => true,
403 ) );
404 $info2 = null;
405 $session = $manager->getEmptySession();
406 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
407 $this->assertSame( 'empty---------------------------', $session->getId() );
408
409 // Info, explicitly
410 $expectId = 'expected------------------------';
411 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
412 'provider' => $provider1,
413 'id' => $expectId,
414 'persisted' => true,
415 'idIsSafe' => true,
416 ) );
417 $info2 = null;
418 $session = $pmanager->getEmptySessionInternal( null, $expectId );
419 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
420 $this->assertSame( $expectId, $session->getId() );
421
422 // Wrong ID
423 $expectId = 'expected-----------------------2';
424 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
425 'provider' => $provider1,
426 'id' => "un$expectId",
427 'persisted' => true,
428 'idIsSafe' => true,
429 ) );
430 $info2 = null;
431 try {
432 $pmanager->getEmptySessionInternal( null, $expectId );
433 $this->fail( 'Expected exception not thrown' );
434 } catch ( \UnexpectedValueException $ex ) {
435 $this->assertSame(
436 'MockProvider1 returned empty session info with a wrong id: ' .
437 "un$expectId != $expectId",
438 $ex->getMessage()
439 );
440 }
441
442 // Unsafe ID
443 $expectId = 'expected-----------------------2';
444 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
445 'provider' => $provider1,
446 'id' => $expectId,
447 'persisted' => true,
448 ) );
449 $info2 = null;
450 try {
451 $pmanager->getEmptySessionInternal( null, $expectId );
452 $this->fail( 'Expected exception not thrown' );
453 } catch ( \UnexpectedValueException $ex ) {
454 $this->assertSame(
455 'MockProvider1 returned empty session info with id flagged unsafe',
456 $ex->getMessage()
457 );
458 }
459
460 // Wrong provider
461 $expectId = null;
462 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
463 'provider' => $provider2,
464 'id' => 'empty---------------------------',
465 'persisted' => true,
466 'idIsSafe' => true,
467 ) );
468 $info2 = null;
469 try {
470 $manager->getEmptySession();
471 $this->fail( 'Expected exception not thrown' );
472 } catch ( \UnexpectedValueException $ex ) {
473 $this->assertSame(
474 'MockProvider1 returned an empty session info for a different provider: ' . $info1,
475 $ex->getMessage()
476 );
477 }
478
479 // Highest priority wins
480 $expectId = null;
481 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, array(
482 'provider' => $provider1,
483 'id' => 'empty1--------------------------',
484 'persisted' => true,
485 'idIsSafe' => true,
486 ) );
487 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
488 'provider' => $provider2,
489 'id' => 'empty2--------------------------',
490 'persisted' => true,
491 'idIsSafe' => true,
492 ) );
493 $session = $manager->getEmptySession();
494 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
495 $this->assertSame( 'empty1--------------------------', $session->getId() );
496
497 $expectId = null;
498 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, array(
499 'provider' => $provider1,
500 'id' => 'empty1--------------------------',
501 'persisted' => true,
502 'idIsSafe' => true,
503 ) );
504 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, array(
505 'provider' => $provider2,
506 'id' => 'empty2--------------------------',
507 'persisted' => true,
508 'idIsSafe' => true,
509 ) );
510 $session = $manager->getEmptySession();
511 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
512 $this->assertSame( 'empty2--------------------------', $session->getId() );
513
514 // Tied priorities throw an exception
515 $expectId = null;
516 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
517 'provider' => $provider1,
518 'id' => 'empty1--------------------------',
519 'persisted' => true,
520 'userInfo' => UserInfo::newAnonymous(),
521 'idIsSafe' => true,
522 ) );
523 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
524 'provider' => $provider2,
525 'id' => 'empty2--------------------------',
526 'persisted' => true,
527 'userInfo' => UserInfo::newAnonymous(),
528 'idIsSafe' => true,
529 ) );
530 try {
531 $manager->getEmptySession();
532 $this->fail( 'Expected exception not thrown' );
533 } catch ( \UnexpectedValueException $ex ) {
534 $this->assertStringStartsWith(
535 'Multiple empty sessions tied for top priority: ',
536 $ex->getMessage()
537 );
538 }
539
540 // Bad id
541 try {
542 $pmanager->getEmptySessionInternal( null, 'bad' );
543 $this->fail( 'Expected exception not thrown' );
544 } catch ( \InvalidArgumentException $ex ) {
545 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
546 }
547
548 // Session already exists
549 $expectId = 'expected-----------------------3';
550 $this->store->setSessionMeta( $expectId, array(
551 'provider' => 'MockProvider2',
552 'userId' => 0,
553 'userName' => null,
554 'userToken' => null,
555 ) );
556 try {
557 $pmanager->getEmptySessionInternal( null, $expectId );
558 $this->fail( 'Expected exception not thrown' );
559 } catch ( \InvalidArgumentException $ex ) {
560 $this->assertSame( 'Session ID already exists', $ex->getMessage() );
561 }
562 }
563
564 public function testGetVaryHeaders() {
565 $manager = $this->getManager();
566
567 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
568 ->setMethods( array( 'getVaryHeaders', '__toString' ) );
569
570 $provider1 = $providerBuilder->getMock();
571 $provider1->expects( $this->once() )->method( 'getVaryHeaders' )
572 ->will( $this->returnValue( array(
573 'Foo' => null,
574 'Bar' => array( 'X', 'Bar1' ),
575 'Quux' => null,
576 ) ) );
577 $provider1->expects( $this->any() )->method( '__toString' )
578 ->will( $this->returnValue( 'MockProvider1' ) );
579
580 $provider2 = $providerBuilder->getMock();
581 $provider2->expects( $this->once() )->method( 'getVaryHeaders' )
582 ->will( $this->returnValue( array(
583 'Baz' => null,
584 'Bar' => array( 'X', 'Bar2' ),
585 'Quux' => array( 'Quux' ),
586 ) ) );
587 $provider2->expects( $this->any() )->method( '__toString' )
588 ->will( $this->returnValue( 'MockProvider2' ) );
589
590 $this->config->set( 'SessionProviders', array(
591 $this->objectCacheDef( $provider1 ),
592 $this->objectCacheDef( $provider2 ),
593 ) );
594
595 $expect = array(
596 'Foo' => array(),
597 'Bar' => array( 'X', 'Bar1', 3 => 'Bar2' ),
598 'Quux' => array( 'Quux' ),
599 'Baz' => array(),
600 'Quux' => array( 'Quux' ),
601 );
602
603 $this->assertEquals( $expect, $manager->getVaryHeaders() );
604
605 // Again, to ensure it's cached
606 $this->assertEquals( $expect, $manager->getVaryHeaders() );
607 }
608
609 public function testGetVaryCookies() {
610 $manager = $this->getManager();
611
612 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
613 ->setMethods( array( 'getVaryCookies', '__toString' ) );
614
615 $provider1 = $providerBuilder->getMock();
616 $provider1->expects( $this->once() )->method( 'getVaryCookies' )
617 ->will( $this->returnValue( array( 'Foo', 'Bar' ) ) );
618 $provider1->expects( $this->any() )->method( '__toString' )
619 ->will( $this->returnValue( 'MockProvider1' ) );
620
621 $provider2 = $providerBuilder->getMock();
622 $provider2->expects( $this->once() )->method( 'getVaryCookies' )
623 ->will( $this->returnValue( array( 'Foo', 'Baz' ) ) );
624 $provider2->expects( $this->any() )->method( '__toString' )
625 ->will( $this->returnValue( 'MockProvider2' ) );
626
627 $this->config->set( 'SessionProviders', array(
628 $this->objectCacheDef( $provider1 ),
629 $this->objectCacheDef( $provider2 ),
630 ) );
631
632 $expect = array( 'Foo', 'Bar', 'Baz' );
633
634 $this->assertEquals( $expect, $manager->getVaryCookies() );
635
636 // Again, to ensure it's cached
637 $this->assertEquals( $expect, $manager->getVaryCookies() );
638 }
639
640 public function testGetProviders() {
641 $realManager = $this->getManager();
642 $manager = \TestingAccessWrapper::newFromObject( $realManager );
643
644 $this->config->set( 'SessionProviders', array(
645 array( 'class' => 'DummySessionProvider' ),
646 ) );
647 $providers = $manager->getProviders();
648 $this->assertArrayHasKey( 'DummySessionProvider', $providers );
649 $provider = \TestingAccessWrapper::newFromObject( $providers['DummySessionProvider'] );
650 $this->assertSame( $manager->logger, $provider->logger );
651 $this->assertSame( $manager->config, $provider->config );
652 $this->assertSame( $realManager, $provider->getManager() );
653
654 $this->config->set( 'SessionProviders', array(
655 array( 'class' => 'DummySessionProvider' ),
656 array( 'class' => 'DummySessionProvider' ),
657 ) );
658 $manager->sessionProviders = null;
659 try {
660 $manager->getProviders();
661 $this->fail( 'Expected exception not thrown' );
662 } catch ( \UnexpectedValueException $ex ) {
663 $this->assertSame(
664 'Duplicate provider name "DummySessionProvider"',
665 $ex->getMessage()
666 );
667 }
668 }
669
670 public function testShutdown() {
671 $manager = \TestingAccessWrapper::newFromObject( $this->getManager() );
672 $manager->setLogger( new \Psr\Log\NullLogger() );
673
674 $mock = $this->getMock( 'stdClass', array( 'save' ) );
675 $mock->expects( $this->once() )->method( 'save' );
676
677 $manager->allSessionBackends = array( $mock );
678 $manager->shutdown();
679 }
680
681 public function testGetSessionFromInfo() {
682 $manager = \TestingAccessWrapper::newFromObject( $this->getManager() );
683 $request = new \FauxRequest();
684
685 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
686
687 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
688 'provider' => $manager->getProvider( 'DummySessionProvider' ),
689 'id' => $id,
690 'persisted' => true,
691 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
692 'idIsSafe' => true,
693 ) );
694 \TestingAccessWrapper::newFromObject( $info )->idIsSafe = true;
695 $session1 = \TestingAccessWrapper::newFromObject(
696 $manager->getSessionFromInfo( $info, $request )
697 );
698 $session2 = \TestingAccessWrapper::newFromObject(
699 $manager->getSessionFromInfo( $info, $request )
700 );
701
702 $this->assertSame( $session1->backend, $session2->backend );
703 $this->assertNotEquals( $session1->index, $session2->index );
704 $this->assertSame( $session1->getSessionId(), $session2->getSessionId() );
705 $this->assertSame( $id, $session1->getId() );
706
707 \TestingAccessWrapper::newFromObject( $info )->idIsSafe = false;
708 $session3 = $manager->getSessionFromInfo( $info, $request );
709 $this->assertNotSame( $id, $session3->getId() );
710 }
711
712 public function testBackendRegistration() {
713 $manager = $this->getManager();
714
715 $session = $manager->getSessionForRequest( new \FauxRequest );
716 $backend = \TestingAccessWrapper::newFromObject( $session )->backend;
717 $sessionId = $session->getSessionId();
718 $id = (string)$sessionId;
719
720 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
721
722 $manager->changeBackendId( $backend );
723 $this->assertSame( $sessionId, $session->getSessionId() );
724 $this->assertNotEquals( $id, (string)$sessionId );
725 $id = (string)$sessionId;
726
727 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
728
729 // Destruction of the session here causes the backend to be deregistered
730 $session = null;
731
732 try {
733 $manager->changeBackendId( $backend );
734 $this->fail( 'Expected exception not thrown' );
735 } catch ( \InvalidArgumentException $ex ) {
736 $this->assertSame(
737 'Backend was not registered with this SessionManager', $ex->getMessage()
738 );
739 }
740
741 try {
742 $manager->deregisterSessionBackend( $backend );
743 $this->fail( 'Expected exception not thrown' );
744 } catch ( \InvalidArgumentException $ex ) {
745 $this->assertSame(
746 'Backend was not registered with this SessionManager', $ex->getMessage()
747 );
748 }
749
750 $session = $manager->getSessionById( $id, true );
751 $this->assertSame( $sessionId, $session->getSessionId() );
752 }
753
754 public function testGenerateSessionId() {
755 $manager = $this->getManager();
756
757 $id = $manager->generateSessionId();
758 $this->assertTrue( SessionManager::validateSessionId( $id ), "Generated ID: $id" );
759 }
760
761 public function testAutoCreateUser() {
762 global $wgGroupPermissions;
763
764 $that = $this;
765
766 \ObjectCache::$instances[__METHOD__] = new \HashBagOStuff();
767 $this->setMwGlobals( array( 'wgMainCacheType' => __METHOD__ ) );
768
769 $this->stashMwGlobals( array( 'wgGroupPermissions' ) );
770 $wgGroupPermissions['*']['createaccount'] = true;
771 $wgGroupPermissions['*']['autocreateaccount'] = false;
772
773 // Replace the global singleton with one configured for testing
774 $manager = $this->getManager();
775 $reset = TestUtils::setSessionManagerSingleton( $manager );
776
777 $logger = new \TestLogger( true, function ( $m ) {
778 if ( substr( $m, 0, 15 ) === 'SessionBackend ' ) {
779 // Don't care.
780 return null;
781 }
782 $m = str_replace( 'MediaWiki\Session\SessionManager::autoCreateUser: ', '', $m );
783 $m = preg_replace( '/ - from: .*$/', ' - from: XXX', $m );
784 return $m;
785 } );
786 $manager->setLogger( $logger );
787
788 $session = SessionManager::getGlobalSession();
789
790 // Can't create an already-existing user
791 $user = User::newFromName( 'UTSysop' );
792 $id = $user->getId();
793 $this->assertFalse( $manager->autoCreateUser( $user ) );
794 $this->assertSame( $id, $user->getId() );
795 $this->assertSame( 'UTSysop', $user->getName() );
796 $this->assertSame( array(), $logger->getBuffer() );
797 $logger->clearBuffer();
798
799 // Sanity check that creation works at all
800 $user = User::newFromName( 'UTSessionAutoCreate1' );
801 $this->assertSame( 0, $user->getId(), 'sanity check' );
802 $this->assertTrue( $manager->autoCreateUser( $user ) );
803 $this->assertNotEquals( 0, $user->getId() );
804 $this->assertSame( 'UTSessionAutoCreate1', $user->getName() );
805 $this->assertEquals(
806 $user->getId(), User::idFromName( 'UTSessionAutoCreate1', User::READ_LATEST )
807 );
808 $this->assertSame( array(
809 array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate1) - from: XXX' ),
810 ), $logger->getBuffer() );
811 $logger->clearBuffer();
812
813 // Check lack of permissions
814 $wgGroupPermissions['*']['createaccount'] = false;
815 $wgGroupPermissions['*']['autocreateaccount'] = false;
816 $user = User::newFromName( 'UTDoesNotExist' );
817 $this->assertFalse( $manager->autoCreateUser( $user ) );
818 $this->assertSame( 0, $user->getId() );
819 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
820 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
821 $session->clear();
822 $this->assertSame( array(
823 array( LogLevel::DEBUG, 'user is blocked from this wiki, blacklisting' ),
824 ), $logger->getBuffer() );
825 $logger->clearBuffer();
826
827 // Check other permission
828 $wgGroupPermissions['*']['createaccount'] = false;
829 $wgGroupPermissions['*']['autocreateaccount'] = true;
830 $user = User::newFromName( 'UTSessionAutoCreate2' );
831 $this->assertSame( 0, $user->getId(), 'sanity check' );
832 $this->assertTrue( $manager->autoCreateUser( $user ) );
833 $this->assertNotEquals( 0, $user->getId() );
834 $this->assertSame( 'UTSessionAutoCreate2', $user->getName() );
835 $this->assertEquals(
836 $user->getId(), User::idFromName( 'UTSessionAutoCreate2', User::READ_LATEST )
837 );
838 $this->assertSame( array(
839 array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate2) - from: XXX' ),
840 ), $logger->getBuffer() );
841 $logger->clearBuffer();
842
843 // Test account-creation block
844 $anon = new User;
845 $block = new \Block( array(
846 'address' => $anon->getName(),
847 'user' => $id,
848 'reason' => __METHOD__,
849 'expiry' => time() + 100500,
850 'createAccount' => true,
851 ) );
852 $block->insert();
853 $this->assertInstanceOf( 'Block', $anon->isBlockedFromCreateAccount(), 'sanity check' );
854 $reset2 = new \ScopedCallback( array( $block, 'delete' ) );
855 $user = User::newFromName( 'UTDoesNotExist' );
856 $this->assertFalse( $manager->autoCreateUser( $user ) );
857 $this->assertSame( 0, $user->getId() );
858 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
859 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
860 \ScopedCallback::consume( $reset2 );
861 $session->clear();
862 $this->assertSame( array(
863 array( LogLevel::DEBUG, 'user is blocked from this wiki, blacklisting' ),
864 ), $logger->getBuffer() );
865 $logger->clearBuffer();
866
867 // Sanity check that creation still works
868 $user = User::newFromName( 'UTSessionAutoCreate3' );
869 $this->assertSame( 0, $user->getId(), 'sanity check' );
870 $this->assertTrue( $manager->autoCreateUser( $user ) );
871 $this->assertNotEquals( 0, $user->getId() );
872 $this->assertSame( 'UTSessionAutoCreate3', $user->getName() );
873 $this->assertEquals(
874 $user->getId(), User::idFromName( 'UTSessionAutoCreate3', User::READ_LATEST )
875 );
876 $this->assertSame( array(
877 array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate3) - from: XXX' ),
878 ), $logger->getBuffer() );
879 $logger->clearBuffer();
880
881 // Test prevention by AuthPlugin
882 global $wgAuth;
883 $oldWgAuth = $wgAuth;
884 $mockWgAuth = $this->getMock( 'AuthPlugin', array( 'autoCreate' ) );
885 $mockWgAuth->expects( $this->once() )->method( 'autoCreate' )
886 ->will( $this->returnValue( false ) );
887 $this->setMwGlobals( array(
888 'wgAuth' => $mockWgAuth,
889 ) );
890 $user = User::newFromName( 'UTDoesNotExist' );
891 $this->assertFalse( $manager->autoCreateUser( $user ) );
892 $this->assertSame( 0, $user->getId() );
893 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
894 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
895 $this->setMwGlobals( array(
896 'wgAuth' => $oldWgAuth,
897 ) );
898 $session->clear();
899 $this->assertSame( array(
900 array( LogLevel::DEBUG, 'denied by AuthPlugin' ),
901 ), $logger->getBuffer() );
902 $logger->clearBuffer();
903
904 // Test prevention by wfReadOnly()
905 $this->setMwGlobals( array(
906 'wgReadOnly' => 'Because',
907 ) );
908 $user = User::newFromName( 'UTDoesNotExist' );
909 $this->assertFalse( $manager->autoCreateUser( $user ) );
910 $this->assertSame( 0, $user->getId() );
911 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
912 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
913 $this->setMwGlobals( array(
914 'wgReadOnly' => false,
915 ) );
916 $session->clear();
917 $this->assertSame( array(
918 array( LogLevel::DEBUG, 'denied by wfReadOnly()' ),
919 ), $logger->getBuffer() );
920 $logger->clearBuffer();
921
922 // Test prevention by a previous session
923 $session->set( 'MWSession::AutoCreateBlacklist', 'test' );
924 $user = User::newFromName( 'UTDoesNotExist' );
925 $this->assertFalse( $manager->autoCreateUser( $user ) );
926 $this->assertSame( 0, $user->getId() );
927 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
928 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
929 $session->clear();
930 $this->assertSame( array(
931 array( LogLevel::DEBUG, 'blacklisted in session (test)' ),
932 ), $logger->getBuffer() );
933 $logger->clearBuffer();
934
935 // Test uncreatable name
936 $user = User::newFromName( 'UTDoesNotExist@' );
937 $this->assertFalse( $manager->autoCreateUser( $user ) );
938 $this->assertSame( 0, $user->getId() );
939 $this->assertNotSame( 'UTDoesNotExist@', $user->getName() );
940 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
941 $session->clear();
942 $this->assertSame( array(
943 array( LogLevel::DEBUG, 'Invalid username, blacklisting' ),
944 ), $logger->getBuffer() );
945 $logger->clearBuffer();
946
947 // Test AbortAutoAccount hook
948 $mock = $this->getMock( __CLASS__, array( 'onAbortAutoAccount' ) );
949 $mock->expects( $this->once() )->method( 'onAbortAutoAccount' )
950 ->will( $this->returnCallback( function ( User $user, &$msg ) {
951 $msg = 'No way!';
952 return false;
953 } ) );
954 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'AbortAutoAccount' => array( $mock ) ) );
955 $user = User::newFromName( 'UTDoesNotExist' );
956 $this->assertFalse( $manager->autoCreateUser( $user ) );
957 $this->assertSame( 0, $user->getId() );
958 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
959 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
960 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'AbortAutoAccount' => array() ) );
961 $session->clear();
962 $this->assertSame( array(
963 array( LogLevel::DEBUG, 'denied by hook: No way!' ),
964 ), $logger->getBuffer() );
965 $logger->clearBuffer();
966
967 // Test AbortAutoAccount hook screwing up the name
968 $mock = $this->getMock( 'stdClass', array( 'onAbortAutoAccount' ) );
969 $mock->expects( $this->once() )->method( 'onAbortAutoAccount' )
970 ->will( $this->returnCallback( function ( User $user ) {
971 $user->setName( 'UTDoesNotExistEither' );
972 } ) );
973 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'AbortAutoAccount' => array( $mock ) ) );
974 try {
975 $user = User::newFromName( 'UTDoesNotExist' );
976 $manager->autoCreateUser( $user );
977 $this->fail( 'Expected exception not thrown' );
978 } catch ( \UnexpectedValueException $ex ) {
979 $this->assertSame(
980 'AbortAutoAccount hook tried to change the user name',
981 $ex->getMessage()
982 );
983 }
984 $this->assertSame( 0, $user->getId() );
985 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
986 $this->assertNotSame( 'UTDoesNotExistEither', $user->getName() );
987 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
988 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExistEither', User::READ_LATEST ) );
989 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'AbortAutoAccount' => array() ) );
990 $session->clear();
991 $this->assertSame( array(), $logger->getBuffer() );
992 $logger->clearBuffer();
993
994 // Test for "exception backoff"
995 $user = User::newFromName( 'UTDoesNotExist' );
996 $cache = \ObjectCache::getLocalClusterInstance();
997 $backoffKey = wfMemcKey( 'MWSession', 'autocreate-failed', md5( $user->getName() ) );
998 $cache->set( $backoffKey, 1, 60 * 10 );
999 $this->assertFalse( $manager->autoCreateUser( $user ) );
1000 $this->assertSame( 0, $user->getId() );
1001 $this->assertNotSame( 'UTDoesNotExist', $user->getName() );
1002 $this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
1003 $cache->delete( $backoffKey );
1004 $session->clear();
1005 $this->assertSame( array(
1006 array( LogLevel::DEBUG, 'denied by prior creation attempt failures' ),
1007 ), $logger->getBuffer() );
1008 $logger->clearBuffer();
1009
1010 // Sanity check that creation still works, and test completion hook
1011 $cb = $this->callback( function ( User $user ) use ( $that ) {
1012 $that->assertNotEquals( 0, $user->getId() );
1013 $that->assertSame( 'UTSessionAutoCreate4', $user->getName() );
1014 $that->assertEquals(
1015 $user->getId(), User::idFromName( 'UTSessionAutoCreate4', User::READ_LATEST )
1016 );
1017 return true;
1018 } );
1019 $mock = $this->getMock( 'stdClass',
1020 array( 'onAuthPluginAutoCreate', 'onLocalUserCreated' ) );
1021 $mock->expects( $this->once() )->method( 'onAuthPluginAutoCreate' )
1022 ->with( $cb );
1023 $mock->expects( $this->once() )->method( 'onLocalUserCreated' )
1024 ->with( $cb, $this->identicalTo( true ) );
1025 $this->mergeMwGlobalArrayValue( 'wgHooks', array(
1026 'AuthPluginAutoCreate' => array( $mock ),
1027 'LocalUserCreated' => array( $mock ),
1028 ) );
1029 $user = User::newFromName( 'UTSessionAutoCreate4' );
1030 $this->assertSame( 0, $user->getId(), 'sanity check' );
1031 $this->assertTrue( $manager->autoCreateUser( $user ) );
1032 $this->assertNotEquals( 0, $user->getId() );
1033 $this->assertSame( 'UTSessionAutoCreate4', $user->getName() );
1034 $this->assertEquals(
1035 $user->getId(),
1036 User::idFromName( 'UTSessionAutoCreate4', User::READ_LATEST )
1037 );
1038 $this->mergeMwGlobalArrayValue( 'wgHooks', array(
1039 'AuthPluginAutoCreate' => array(),
1040 'LocalUserCreated' => array(),
1041 ) );
1042 $this->assertSame( array(
1043 array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate4) - from: XXX' ),
1044 ), $logger->getBuffer() );
1045 $logger->clearBuffer();
1046 }
1047
1048 public function onAbortAutoAccount( User $user, &$msg ) {
1049 }
1050
1051 public function testPreventSessionsForUser() {
1052 $manager = $this->getManager();
1053
1054 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
1055 ->setMethods( array( 'preventSessionsForUser', '__toString' ) );
1056
1057 $provider1 = $providerBuilder->getMock();
1058 $provider1->expects( $this->once() )->method( 'preventSessionsForUser' )
1059 ->with( $this->equalTo( 'UTSysop' ) );
1060 $provider1->expects( $this->any() )->method( '__toString' )
1061 ->will( $this->returnValue( 'MockProvider1' ) );
1062
1063 $this->config->set( 'SessionProviders', array(
1064 $this->objectCacheDef( $provider1 ),
1065 ) );
1066
1067 $user = User::newFromName( 'UTSysop' );
1068 $token = $user->getToken( true );
1069
1070 $this->assertFalse( $manager->isUserSessionPrevented( 'UTSysop' ) );
1071 $manager->preventSessionsForUser( 'UTSysop' );
1072 $this->assertNotEquals( $token, User::newFromName( 'UTSysop' )->getToken() );
1073 $this->assertTrue( $manager->isUserSessionPrevented( 'UTSysop' ) );
1074 }
1075
1076 public function testLoadSessionInfoFromStore() {
1077 $manager = $this->getManager();
1078 $logger = new \TestLogger( true, function ( $m ) {
1079 return preg_replace(
1080 '/^Session \[\d+\]\w+<(?:null|anon|[+-]:\d+:\w+)>\w+: /', 'Session X: ', $m
1081 );
1082 } );
1083 $manager->setLogger( $logger );
1084 $request = new \FauxRequest();
1085
1086 // TestingAccessWrapper can't handle methods with reference arguments, sigh.
1087 $rClass = new \ReflectionClass( $manager );
1088 $rMethod = $rClass->getMethod( 'loadSessionInfoFromStore' );
1089 $rMethod->setAccessible( true );
1090 $loadSessionInfoFromStore = function ( &$info ) use ( $rMethod, $manager, $request ) {
1091 return $rMethod->invokeArgs( $manager, array( &$info, $request ) );
1092 };
1093
1094 $userInfo = UserInfo::newFromName( 'UTSysop', true );
1095 $unverifiedUserInfo = UserInfo::newFromName( 'UTSysop', false );
1096
1097 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
1098 $metadata = array(
1099 'userId' => $userInfo->getId(),
1100 'userName' => $userInfo->getName(),
1101 'userToken' => $userInfo->getToken( true ),
1102 'provider' => 'Mock',
1103 );
1104
1105 $builder = $this->getMockBuilder( 'MediaWiki\\Session\\SessionProvider' )
1106 ->setMethods( array( '__toString', 'mergeMetadata', 'refreshSessionInfo' ) );
1107
1108 $provider = $builder->getMockForAbstractClass();
1109 $provider->setManager( $manager );
1110 $provider->expects( $this->any() )->method( 'persistsSessionId' )
1111 ->will( $this->returnValue( true ) );
1112 $provider->expects( $this->any() )->method( 'canChangeUser' )
1113 ->will( $this->returnValue( true ) );
1114 $provider->expects( $this->any() )->method( 'refreshSessionInfo' )
1115 ->will( $this->returnValue( true ) );
1116 $provider->expects( $this->any() )->method( '__toString' )
1117 ->will( $this->returnValue( 'Mock' ) );
1118 $provider->expects( $this->any() )->method( 'mergeMetadata' )
1119 ->will( $this->returnCallback( function ( $a, $b ) {
1120 if ( $b === array( 'Throw' ) ) {
1121 throw new \UnexpectedValueException( 'no merge!' );
1122 }
1123 return array( 'Merged' );
1124 } ) );
1125
1126 $provider2 = $builder->getMockForAbstractClass();
1127 $provider2->setManager( $manager );
1128 $provider2->expects( $this->any() )->method( 'persistsSessionId' )
1129 ->will( $this->returnValue( false ) );
1130 $provider2->expects( $this->any() )->method( 'canChangeUser' )
1131 ->will( $this->returnValue( false ) );
1132 $provider2->expects( $this->any() )->method( '__toString' )
1133 ->will( $this->returnValue( 'Mock2' ) );
1134 $provider2->expects( $this->any() )->method( 'refreshSessionInfo' )
1135 ->will( $this->returnCallback( function ( $info, $request, &$metadata ) {
1136 $metadata['changed'] = true;
1137 return true;
1138 } ) );
1139
1140 $provider3 = $builder->getMockForAbstractClass();
1141 $provider3->setManager( $manager );
1142 $provider3->expects( $this->any() )->method( 'persistsSessionId' )
1143 ->will( $this->returnValue( true ) );
1144 $provider3->expects( $this->any() )->method( 'canChangeUser' )
1145 ->will( $this->returnValue( true ) );
1146 $provider3->expects( $this->once() )->method( 'refreshSessionInfo' )
1147 ->will( $this->returnValue( false ) );
1148 $provider3->expects( $this->any() )->method( '__toString' )
1149 ->will( $this->returnValue( 'Mock3' ) );
1150
1151 \TestingAccessWrapper::newFromObject( $manager )->sessionProviders = array(
1152 (string)$provider => $provider,
1153 (string)$provider2 => $provider2,
1154 (string)$provider3 => $provider3,
1155 );
1156
1157 // No metadata, basic usage
1158 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1159 'provider' => $provider,
1160 'id' => $id,
1161 'userInfo' => $userInfo
1162 ) );
1163 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1164 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1165 $this->assertFalse( $info->isIdSafe() );
1166 $this->assertSame( array(), $logger->getBuffer() );
1167
1168 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1169 'provider' => $provider,
1170 'userInfo' => $userInfo
1171 ) );
1172 $this->assertTrue( $info->isIdSafe(), 'sanity check' );
1173 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1174 $this->assertTrue( $info->isIdSafe() );
1175 $this->assertSame( array(), $logger->getBuffer() );
1176
1177 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1178 'provider' => $provider2,
1179 'id' => $id,
1180 'userInfo' => $userInfo
1181 ) );
1182 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1183 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1184 $this->assertTrue( $info->isIdSafe() );
1185 $this->assertSame( array(), $logger->getBuffer() );
1186
1187 // Unverified user, no metadata
1188 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1189 'provider' => $provider,
1190 'id' => $id,
1191 'userInfo' => $unverifiedUserInfo
1192 ) );
1193 $this->assertSame( $unverifiedUserInfo, $info->getUserInfo() );
1194 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1195 $this->assertSame( array(
1196 array( LogLevel::WARNING, 'Session X: Unverified user provided and no metadata to auth it' )
1197 ), $logger->getBuffer() );
1198 $logger->clearBuffer();
1199
1200 // No metadata, missing data
1201 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1202 'id' => $id,
1203 'userInfo' => $userInfo
1204 ) );
1205 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1206 $this->assertSame( array(
1207 array( LogLevel::WARNING, 'Session X: Null provider and no metadata' ),
1208 ), $logger->getBuffer() );
1209 $logger->clearBuffer();
1210
1211 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1212 'provider' => $provider,
1213 'id' => $id,
1214 ) );
1215 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1216 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1217 $this->assertInstanceOf( 'MediaWiki\\Session\\UserInfo', $info->getUserInfo() );
1218 $this->assertTrue( $info->getUserInfo()->isVerified() );
1219 $this->assertTrue( $info->getUserInfo()->isAnon() );
1220 $this->assertFalse( $info->isIdSafe() );
1221 $this->assertSame( array(), $logger->getBuffer() );
1222
1223 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1224 'provider' => $provider2,
1225 'id' => $id,
1226 ) );
1227 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1228 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1229 $this->assertSame( array(
1230 array( LogLevel::INFO, 'Session X: No user provided and provider cannot set user' )
1231 ), $logger->getBuffer() );
1232 $logger->clearBuffer();
1233
1234 // Incomplete/bad metadata
1235 $this->store->setRawSession( $id, true );
1236 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1237 $this->assertSame( array(
1238 array( LogLevel::WARNING, 'Session X: Bad data' ),
1239 ), $logger->getBuffer() );
1240 $logger->clearBuffer();
1241
1242 $this->store->setRawSession( $id, array( 'data' => array() ) );
1243 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1244 $this->assertSame( array(
1245 array( LogLevel::WARNING, 'Session X: Bad data structure' ),
1246 ), $logger->getBuffer() );
1247 $logger->clearBuffer();
1248
1249 $this->store->deleteSession( $id );
1250 $this->store->setRawSession( $id, array( 'metadata' => $metadata ) );
1251 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1252 $this->assertSame( array(
1253 array( LogLevel::WARNING, 'Session X: Bad data structure' ),
1254 ), $logger->getBuffer() );
1255 $logger->clearBuffer();
1256
1257 $this->store->setRawSession( $id, array( 'metadata' => $metadata, 'data' => true ) );
1258 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1259 $this->assertSame( array(
1260 array( LogLevel::WARNING, 'Session X: Bad data structure' ),
1261 ), $logger->getBuffer() );
1262 $logger->clearBuffer();
1263
1264 $this->store->setRawSession( $id, array( 'metadata' => true, 'data' => array() ) );
1265 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1266 $this->assertSame( array(
1267 array( LogLevel::WARNING, 'Session X: Bad data structure' ),
1268 ), $logger->getBuffer() );
1269 $logger->clearBuffer();
1270
1271 foreach ( $metadata as $key => $dummy ) {
1272 $tmp = $metadata;
1273 unset( $tmp[$key] );
1274 $this->store->setRawSession( $id, array( 'metadata' => $tmp, 'data' => array() ) );
1275 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1276 $this->assertSame( array(
1277 array( LogLevel::WARNING, 'Session X: Bad metadata' ),
1278 ), $logger->getBuffer() );
1279 $logger->clearBuffer();
1280 }
1281
1282 // Basic usage with metadata
1283 $this->store->setRawSession( $id, array( 'metadata' => $metadata, 'data' => array() ) );
1284 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1285 'provider' => $provider,
1286 'id' => $id,
1287 'userInfo' => $userInfo
1288 ) );
1289 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1290 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1291 $this->assertTrue( $info->isIdSafe() );
1292 $this->assertSame( array(), $logger->getBuffer() );
1293
1294 // Mismatched provider
1295 $this->store->setSessionMeta( $id, array( 'provider' => 'Bad' ) + $metadata );
1296 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1297 'provider' => $provider,
1298 'id' => $id,
1299 'userInfo' => $userInfo
1300 ) );
1301 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1302 $this->assertSame( array(
1303 array( LogLevel::WARNING, 'Session X: Wrong provider, Bad !== Mock' ),
1304 ), $logger->getBuffer() );
1305 $logger->clearBuffer();
1306
1307 // Unknown provider
1308 $this->store->setSessionMeta( $id, array( 'provider' => 'Bad' ) + $metadata );
1309 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1310 'id' => $id,
1311 'userInfo' => $userInfo
1312 ) );
1313 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1314 $this->assertSame( array(
1315 array( LogLevel::WARNING, 'Session X: Unknown provider, Bad' ),
1316 ), $logger->getBuffer() );
1317 $logger->clearBuffer();
1318
1319 // Fill in provider
1320 $this->store->setSessionMeta( $id, $metadata );
1321 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1322 'id' => $id,
1323 'userInfo' => $userInfo
1324 ) );
1325 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1326 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1327 $this->assertTrue( $info->isIdSafe() );
1328 $this->assertSame( array(), $logger->getBuffer() );
1329
1330 // Bad user metadata
1331 $this->store->setSessionMeta( $id, array( 'userId' => -1, 'userToken' => null ) + $metadata );
1332 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1333 'provider' => $provider,
1334 'id' => $id,
1335 ) );
1336 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1337 $this->assertSame( array(
1338 array( LogLevel::ERROR, 'Session X: Invalid ID' ),
1339 ), $logger->getBuffer() );
1340 $logger->clearBuffer();
1341
1342 $this->store->setSessionMeta(
1343 $id, array( 'userId' => 0, 'userName' => '<X>', 'userToken' => null ) + $metadata
1344 );
1345 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1346 'provider' => $provider,
1347 'id' => $id,
1348 ) );
1349 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1350 $this->assertSame( array(
1351 array( LogLevel::ERROR, 'Session X: Invalid user name' ),
1352 ), $logger->getBuffer() );
1353 $logger->clearBuffer();
1354
1355 // Mismatched user by ID
1356 $this->store->setSessionMeta(
1357 $id, array( 'userId' => $userInfo->getId() + 1, 'userToken' => null ) + $metadata
1358 );
1359 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1360 'provider' => $provider,
1361 'id' => $id,
1362 'userInfo' => $userInfo
1363 ) );
1364 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1365 $this->assertSame( array(
1366 array( LogLevel::WARNING, 'Session X: User ID mismatch, 2 !== 1' ),
1367 ), $logger->getBuffer() );
1368 $logger->clearBuffer();
1369
1370 // Mismatched user by name
1371 $this->store->setSessionMeta(
1372 $id, array( 'userId' => 0, 'userName' => 'X', 'userToken' => null ) + $metadata
1373 );
1374 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1375 'provider' => $provider,
1376 'id' => $id,
1377 'userInfo' => $userInfo
1378 ) );
1379 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1380 $this->assertSame( array(
1381 array( LogLevel::WARNING, 'Session X: User name mismatch, X !== UTSysop' ),
1382 ), $logger->getBuffer() );
1383 $logger->clearBuffer();
1384
1385 // ID matches, name doesn't
1386 $this->store->setSessionMeta(
1387 $id, array( 'userId' => $userInfo->getId(), 'userName' => 'X', 'userToken' => null ) + $metadata
1388 );
1389 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1390 'provider' => $provider,
1391 'id' => $id,
1392 'userInfo' => $userInfo
1393 ) );
1394 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1395 $this->assertSame( array(
1396 array(
1397 LogLevel::WARNING, 'Session X: User ID matched but name didn\'t (rename?), X !== UTSysop'
1398 ),
1399 ), $logger->getBuffer() );
1400 $logger->clearBuffer();
1401
1402 // Mismatched anon user
1403 $this->store->setSessionMeta(
1404 $id, array( 'userId' => 0, 'userName' => null, 'userToken' => null ) + $metadata
1405 );
1406 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1407 'provider' => $provider,
1408 'id' => $id,
1409 'userInfo' => $userInfo
1410 ) );
1411 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1412 $this->assertSame( array(
1413 array(
1414 LogLevel::WARNING, 'Session X: Metadata has an anonymous user, but a non-anon user was provided'
1415 ),
1416 ), $logger->getBuffer() );
1417 $logger->clearBuffer();
1418
1419 // Lookup user by ID
1420 $this->store->setSessionMeta( $id, array( 'userToken' => null ) + $metadata );
1421 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1422 'provider' => $provider,
1423 'id' => $id,
1424 ) );
1425 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1426 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1427 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1428 $this->assertTrue( $info->isIdSafe() );
1429 $this->assertSame( array(), $logger->getBuffer() );
1430
1431 // Lookup user by name
1432 $this->store->setSessionMeta(
1433 $id, array( 'userId' => 0, 'userName' => 'UTSysop', 'userToken' => null ) + $metadata
1434 );
1435 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1436 'provider' => $provider,
1437 'id' => $id,
1438 ) );
1439 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1440 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1441 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1442 $this->assertTrue( $info->isIdSafe() );
1443 $this->assertSame( array(), $logger->getBuffer() );
1444
1445 // Lookup anonymous user
1446 $this->store->setSessionMeta(
1447 $id, array( 'userId' => 0, 'userName' => null, 'userToken' => null ) + $metadata
1448 );
1449 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1450 'provider' => $provider,
1451 'id' => $id,
1452 ) );
1453 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1454 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1455 $this->assertTrue( $info->getUserInfo()->isAnon() );
1456 $this->assertTrue( $info->isIdSafe() );
1457 $this->assertSame( array(), $logger->getBuffer() );
1458
1459 // Unverified user with metadata
1460 $this->store->setSessionMeta( $id, $metadata );
1461 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1462 'provider' => $provider,
1463 'id' => $id,
1464 'userInfo' => $unverifiedUserInfo
1465 ) );
1466 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1467 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1468 $this->assertTrue( $info->getUserInfo()->isVerified() );
1469 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1470 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1471 $this->assertTrue( $info->isIdSafe() );
1472 $this->assertSame( array(), $logger->getBuffer() );
1473
1474 // Unverified user with metadata
1475 $this->store->setSessionMeta( $id, $metadata );
1476 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1477 'provider' => $provider,
1478 'id' => $id,
1479 'userInfo' => $unverifiedUserInfo
1480 ) );
1481 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1482 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1483 $this->assertTrue( $info->getUserInfo()->isVerified() );
1484 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1485 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1486 $this->assertTrue( $info->isIdSafe() );
1487 $this->assertSame( array(), $logger->getBuffer() );
1488
1489 // Wrong token
1490 $this->store->setSessionMeta( $id, array( 'userToken' => 'Bad' ) + $metadata );
1491 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1492 'provider' => $provider,
1493 'id' => $id,
1494 'userInfo' => $userInfo
1495 ) );
1496 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1497 $this->assertSame( array(
1498 array( LogLevel::WARNING, 'Session X: User token mismatch' ),
1499 ), $logger->getBuffer() );
1500 $logger->clearBuffer();
1501
1502 // Provider metadata
1503 $this->store->setSessionMeta( $id, array( 'provider' => 'Mock2' ) + $metadata );
1504 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1505 'provider' => $provider2,
1506 'id' => $id,
1507 'userInfo' => $userInfo,
1508 'metadata' => array( 'Info' ),
1509 ) );
1510 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1511 $this->assertSame( array( 'Info', 'changed' => true ), $info->getProviderMetadata() );
1512 $this->assertSame( array(), $logger->getBuffer() );
1513
1514 $this->store->setSessionMeta( $id, array( 'providerMetadata' => array( 'Saved' ) ) + $metadata );
1515 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1516 'provider' => $provider,
1517 'id' => $id,
1518 'userInfo' => $userInfo,
1519 ) );
1520 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1521 $this->assertSame( array( 'Saved' ), $info->getProviderMetadata() );
1522 $this->assertSame( array(), $logger->getBuffer() );
1523
1524 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1525 'provider' => $provider,
1526 'id' => $id,
1527 'userInfo' => $userInfo,
1528 'metadata' => array( 'Info' ),
1529 ) );
1530 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1531 $this->assertSame( array( 'Merged' ), $info->getProviderMetadata() );
1532 $this->assertSame( array(), $logger->getBuffer() );
1533
1534 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1535 'provider' => $provider,
1536 'id' => $id,
1537 'userInfo' => $userInfo,
1538 'metadata' => array( 'Throw' ),
1539 ) );
1540 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1541 $this->assertSame( array(
1542 array( LogLevel::WARNING, 'Session X: Metadata merge failed: no merge!' ),
1543 ), $logger->getBuffer() );
1544 $logger->clearBuffer();
1545
1546 // Remember from session
1547 $this->store->setSessionMeta( $id, $metadata );
1548 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1549 'provider' => $provider,
1550 'id' => $id,
1551 ) );
1552 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1553 $this->assertFalse( $info->wasRemembered() );
1554 $this->assertSame( array(), $logger->getBuffer() );
1555
1556 $this->store->setSessionMeta( $id, array( 'remember' => true ) + $metadata );
1557 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1558 'provider' => $provider,
1559 'id' => $id,
1560 ) );
1561 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1562 $this->assertTrue( $info->wasRemembered() );
1563 $this->assertSame( array(), $logger->getBuffer() );
1564
1565 $this->store->setSessionMeta( $id, array( 'remember' => false ) + $metadata );
1566 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1567 'provider' => $provider,
1568 'id' => $id,
1569 'userInfo' => $userInfo
1570 ) );
1571 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1572 $this->assertTrue( $info->wasRemembered() );
1573 $this->assertSame( array(), $logger->getBuffer() );
1574
1575 // forceHTTPS from session
1576 $this->store->setSessionMeta( $id, $metadata );
1577 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1578 'provider' => $provider,
1579 'id' => $id,
1580 'userInfo' => $userInfo
1581 ) );
1582 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1583 $this->assertFalse( $info->forceHTTPS() );
1584 $this->assertSame( array(), $logger->getBuffer() );
1585
1586 $this->store->setSessionMeta( $id, array( 'forceHTTPS' => true ) + $metadata );
1587 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1588 'provider' => $provider,
1589 'id' => $id,
1590 'userInfo' => $userInfo
1591 ) );
1592 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1593 $this->assertTrue( $info->forceHTTPS() );
1594 $this->assertSame( array(), $logger->getBuffer() );
1595
1596 $this->store->setSessionMeta( $id, array( 'forceHTTPS' => false ) + $metadata );
1597 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1598 'provider' => $provider,
1599 'id' => $id,
1600 'userInfo' => $userInfo,
1601 'forceHTTPS' => true
1602 ) );
1603 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1604 $this->assertTrue( $info->forceHTTPS() );
1605 $this->assertSame( array(), $logger->getBuffer() );
1606
1607 // Provider refreshSessionInfo() returning false
1608 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1609 'provider' => $provider3,
1610 ) );
1611 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1612 $this->assertSame( array(), $logger->getBuffer() );
1613
1614 // Hook
1615 $that = $this;
1616 $called = false;
1617 $data = array( 'foo' => 1 );
1618 $this->store->setSession( $id, array( 'metadata' => $metadata, 'data' => $data ) );
1619 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array(
1620 'provider' => $provider,
1621 'id' => $id,
1622 'userInfo' => $userInfo
1623 ) );
1624 $this->mergeMwGlobalArrayValue( 'wgHooks', array(
1625 'SessionCheckInfo' => array( function ( &$reason, $i, $r, $m, $d ) use (
1626 $that, $info, $metadata, $data, $request, &$called
1627 ) {
1628 $that->assertSame( $info->getId(), $i->getId() );
1629 $that->assertSame( $info->getProvider(), $i->getProvider() );
1630 $that->assertSame( $info->getUserInfo(), $i->getUserInfo() );
1631 $that->assertSame( $request, $r );
1632 $that->assertEquals( $metadata, $m );
1633 $that->assertEquals( $data, $d );
1634 $called = true;
1635 return false;
1636 } )
1637 ) );
1638 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1639 $this->assertTrue( $called );
1640 $this->assertSame( array(
1641 array( LogLevel::WARNING, 'Session X: Hook aborted' ),
1642 ), $logger->getBuffer() );
1643 $logger->clearBuffer();
1644 }
1645
1646 }
MediaWiki Core