search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SessionManager: Change behavior of getSessionById()
[mediawiki.git] / includes / context / RequestContext.php
blobafb5704074e5d6032557d39091a60ed8393c9db3
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @since 1.18
19 *
20 * @author Alexandre Emsenhuber
21 * @author Daniel Friesen
22 * @file
23 */
24
25 use MediaWiki\Logger\LoggerFactory;
26
27 /**
28 * Group all the pieces relevant to the context of a request into one instance
29 */
30 class RequestContext implements IContextSource, MutableContext {
31 /**
32 * @var WebRequest
33 */
34 private $request;
35
36 /**
37 * @var Title
38 */
39 private $title;
40
41 /**
42 * @var WikiPage
43 */
44 private $wikipage;
45
46 /**
47 * @var OutputPage
48 */
49 private $output;
50
51 /**
52 * @var User
53 */
54 private $user;
55
56 /**
57 * @var Language
58 */
59 private $lang;
60
61 /**
62 * @var Skin
63 */
64 private $skin;
65
66 /**
67 * @var \Liuggio\StatsdClient\Factory\StatsdDataFactory
68 */
69 private $stats;
70
71 /**
72 * @var Timing
73 */
74 private $timing;
75
76 /**
77 * @var Config
78 */
79 private $config;
80
81 /**
82 * @var RequestContext
83 */
84 private static $instance = null;
85
86 /**
87 * Set the Config object
88 *
89 * @param Config $c
90 */
91 public function setConfig( Config $c ) {
92 $this->config = $c;
93 }
94
95 /**
96 * Get the Config object
97 *
98 * @return Config
99 */
100 public function getConfig() {
101 if ( $this->config === null ) {
102 // @todo In the future, we could move this to WebStart.php so
103 // the Config object is ready for when initialization happens
104 $this->config = ConfigFactory::getDefaultInstance()->makeConfig( 'main' );
105 }
106
107 return $this->config;
108 }
109
110 /**
111 * Set the WebRequest object
112 *
113 * @param WebRequest $r
114 */
115 public function setRequest( WebRequest $r ) {
116 $this->request = $r;
117 }
118
119 /**
120 * Get the WebRequest object
121 *
122 * @return WebRequest
123 */
124 public function getRequest() {
125 if ( $this->request === null ) {
126 global $wgCommandLineMode;
127 // create the WebRequest object on the fly
128 if ( $wgCommandLineMode ) {
129 $this->request = new FauxRequest( array() );
130 } else {
131 $this->request = new WebRequest();
132 }
133 }
134
135 return $this->request;
136 }
137
138 /**
139 * Get the Stats object
140 *
141 * @return BufferingStatsdDataFactory
142 */
143 public function getStats() {
144 if ( $this->stats === null ) {
145 $prefix = rtrim( $this->getConfig()->get( 'StatsdMetricPrefix' ), '.' );
146 $this->stats = new BufferingStatsdDataFactory( $prefix );
147 }
148 return $this->stats;
149 }
150
151 /**
152 * Get the timing object
153 *
154 * @return Timing
155 */
156 public function getTiming() {
157 if ( $this->timing === null ) {
158 $this->timing = new Timing( array(
159 'logger' => LoggerFactory::getInstance( 'Timing' )
160 ) );
161 }
162 return $this->timing;
163 }
164
165 /**
166 * Set the Title object
167 *
168 * @param Title $title
169 */
170 public function setTitle( Title $title ) {
171 $this->title = $title;
172 // Erase the WikiPage so a new one with the new title gets created.
173 $this->wikipage = null;
174 }
175
176 /**
177 * Get the Title object
178 *
179 * @return Title|null
180 */
181 public function getTitle() {
182 if ( $this->title === null ) {
183 global $wgTitle; # fallback to $wg till we can improve this
184 $this->title = $wgTitle;
185 wfDebugLog(
186 'GlobalTitleFail',
187 __METHOD__ . ' called by ' . wfGetAllCallers( 5 ) . ' with no title set.'
188 );
189 }
190
191 return $this->title;
192 }
193
194 /**
195 * Check, if a Title object is set
196 *
197 * @since 1.25
198 * @return bool
199 */
200 public function hasTitle() {
201 return $this->title !== null;
202 }
203
204 /**
205 * Check whether a WikiPage object can be get with getWikiPage().
206 * Callers should expect that an exception is thrown from getWikiPage()
207 * if this method returns false.
208 *
209 * @since 1.19
210 * @return bool
211 */
212 public function canUseWikiPage() {
213 if ( $this->wikipage ) {
214 // If there's a WikiPage object set, we can for sure get it
215 return true;
216 }
217 // Only pages with legitimate titles can have WikiPages.
218 // That usually means pages in non-virtual namespaces.
219 $title = $this->getTitle();
220 return $title ? $title->canExist() : false;
221 }
222
223 /**
224 * Set the WikiPage object
225 *
226 * @since 1.19
227 * @param WikiPage $p
228 */
229 public function setWikiPage( WikiPage $p ) {
230 $pageTitle = $p->getTitle();
231 if ( !$this->hasTitle() || !$pageTitle->equals( $this->getTitle() ) ) {
232 $this->setTitle( $pageTitle );
233 }
234 // Defer this to the end since setTitle sets it to null.
235 $this->wikipage = $p;
236 }
237
238 /**
239 * Get the WikiPage object.
240 * May throw an exception if there's no Title object set or the Title object
241 * belongs to a special namespace that doesn't have WikiPage, so use first
242 * canUseWikiPage() to check whether this method can be called safely.
243 *
244 * @since 1.19
245 * @throws MWException
246 * @return WikiPage
247 */
248 public function getWikiPage() {
249 if ( $this->wikipage === null ) {
250 $title = $this->getTitle();
251 if ( $title === null ) {
252 throw new MWException( __METHOD__ . ' called without Title object set' );
253 }
254 $this->wikipage = WikiPage::factory( $title );
255 }
256
257 return $this->wikipage;
258 }
259
260 /**
261 * @param OutputPage $o
262 */
263 public function setOutput( OutputPage $o ) {
264 $this->output = $o;
265 }
266
267 /**
268 * Get the OutputPage object
269 *
270 * @return OutputPage
271 */
272 public function getOutput() {
273 if ( $this->output === null ) {
274 $this->output = new OutputPage( $this );
275 }
276
277 return $this->output;
278 }
279
280 /**
281 * Set the User object
282 *
283 * @param User $u
284 */
285 public function setUser( User $u ) {
286 $this->user = $u;
287 }
288
289 /**
290 * Get the User object
291 *
292 * @return User
293 */
294 public function getUser() {
295 if ( $this->user === null ) {
296 $this->user = User::newFromSession( $this->getRequest() );
297 }
298
299 return $this->user;
300 }
301
302 /**
303 * Accepts a language code and ensures it's sane. Outputs a cleaned up language
304 * code and replaces with $wgLanguageCode if not sane.
305 * @param string $code Language code
306 * @return string
307 */
308 public static function sanitizeLangCode( $code ) {
309 global $wgLanguageCode;
310
311 // BCP 47 - letter case MUST NOT carry meaning
312 $code = strtolower( $code );
313
314 # Validate $code
315 if ( !$code || !Language::isValidCode( $code ) || $code === 'qqq' ) {
316 wfDebug( "Invalid user language code\n" );
317 $code = $wgLanguageCode;
318 }
319
320 return $code;
321 }
322
323 /**
324 * Set the Language object
325 *
326 * @param Language|string $l Language instance or language code
327 * @throws MWException
328 * @since 1.19
329 */
330 public function setLanguage( $l ) {
331 if ( $l instanceof Language ) {
332 $this->lang = $l;
333 } elseif ( is_string( $l ) ) {
334 $l = self::sanitizeLangCode( $l );
335 $obj = Language::factory( $l );
336 $this->lang = $obj;
337 } else {
338 throw new MWException( __METHOD__ . " was passed an invalid type of data." );
339 }
340 }
341
342 /**
343 * Get the Language object.
344 * Initialization of user or request objects can depend on this.
345 * @return Language
346 * @throws Exception
347 * @since 1.19
348 */
349 public function getLanguage() {
350 if ( isset( $this->recursion ) ) {
351 trigger_error( "Recursion detected in " . __METHOD__, E_USER_WARNING );
352 $e = new Exception;
353 wfDebugLog( 'recursion-guard', "Recursion detected:\n" . $e->getTraceAsString() );
354
355 $code = $this->getConfig()->get( 'LanguageCode' ) ?: 'en';
356 $this->lang = Language::factory( $code );
357 } elseif ( $this->lang === null ) {
358 $this->recursion = true;
359
360 global $wgContLang;
361
362 try {
363 $request = $this->getRequest();
364 $user = $this->getUser();
365
366 $code = $request->getVal( 'uselang', 'user' );
367 if ( $code === 'user' ) {
368 $code = $user->getOption( 'language' );
369 }
370 $code = self::sanitizeLangCode( $code );
371
372 Hooks::run( 'UserGetLanguageObject', array( $user, &$code, $this ) );
373
374 if ( $code === $this->getConfig()->get( 'LanguageCode' ) ) {
375 $this->lang = $wgContLang;
376 } else {
377 $obj = Language::factory( $code );
378 $this->lang = $obj;
379 }
380
381 unset( $this->recursion );
382 }
383 catch ( Exception $ex ) {
384 unset( $this->recursion );
385 throw $ex;
386 }
387 }
388
389 return $this->lang;
390 }
391
392 /**
393 * Set the Skin object
394 *
395 * @param Skin $s
396 */
397 public function setSkin( Skin $s ) {
398 $this->skin = clone $s;
399 $this->skin->setContext( $this );
400 }
401
402 /**
403 * Get the Skin object
404 *
405 * @return Skin
406 */
407 public function getSkin() {
408 if ( $this->skin === null ) {
409 $skin = null;
410 Hooks::run( 'RequestContextCreateSkin', array( $this, &$skin ) );
411 $factory = SkinFactory::getDefaultInstance();
412
413 // If the hook worked try to set a skin from it
414 if ( $skin instanceof Skin ) {
415 $this->skin = $skin;
416 } elseif ( is_string( $skin ) ) {
417 // Normalize the key, just in case the hook did something weird.
418 $normalized = Skin::normalizeKey( $skin );
419 $this->skin = $factory->makeSkin( $normalized );
420 }
421
422 // If this is still null (the hook didn't run or didn't work)
423 // then go through the normal processing to load a skin
424 if ( $this->skin === null ) {
425 if ( !in_array( 'skin', $this->getConfig()->get( 'HiddenPrefs' ) ) ) {
426 # get the user skin
427 $userSkin = $this->getUser()->getOption( 'skin' );
428 $userSkin = $this->getRequest()->getVal( 'useskin', $userSkin );
429 } else {
430 # if we're not allowing users to override, then use the default
431 $userSkin = $this->getConfig()->get( 'DefaultSkin' );
432 }
433
434 // Normalize the key in case the user is passing gibberish
435 // or has old preferences (bug 69566).
436 $normalized = Skin::normalizeKey( $userSkin );
437
438 // Skin::normalizeKey will also validate it, so
439 // this won't throw an exception
440 $this->skin = $factory->makeSkin( $normalized );
441 }
442
443 // After all that set a context on whatever skin got created
444 $this->skin->setContext( $this );
445 }
446
447 return $this->skin;
448 }
449
450 /** Helpful methods **/
451
452 /**
453 * Get a Message object with context set
454 * Parameters are the same as wfMessage()
455 *
456 * @param mixed ...
457 * @return Message
458 */
459 public function msg() {
460 $args = func_get_args();
461
462 return call_user_func_array( 'wfMessage', $args )->setContext( $this );
463 }
464
465 /** Static methods **/
466
467 /**
468 * Get the RequestContext object associated with the main request
469 *
470 * @return RequestContext
471 */
472 public static function getMain() {
473 if ( self::$instance === null ) {
474 self::$instance = new self;
475 }
476
477 return self::$instance;
478 }
479
480 /**
481 * Get the RequestContext object associated with the main request
482 * and gives a warning to the log, to find places, where a context maybe is missing.
483 *
484 * @param string $func
485 * @return RequestContext
486 * @since 1.24
487 */
488 public static function getMainAndWarn( $func = __METHOD__ ) {
489 wfDebug( $func . ' called without context. ' .
490 "Using RequestContext::getMain() for sanity\n" );
491
492 return self::getMain();
493 }
494
495 /**
496 * Resets singleton returned by getMain(). Should be called only from unit tests.
497 */
498 public static function resetMain() {
499 if ( !defined( 'MW_PHPUNIT_TEST' ) ) {
500 throw new MWException( __METHOD__ . '() should be called only from unit tests!' );
501 }
502 self::$instance = null;
503 }
504
505 /**
506 * Export the resolved user IP, HTTP headers, user ID, and session ID.
507 * The result will be reasonably sized to allow for serialization.
508 *
509 * @return array
510 * @since 1.21
511 */
512 public function exportSession() {
513 return array(
514 'ip' => $this->getRequest()->getIP(),
515 'headers' => $this->getRequest()->getAllHeaders(),
516 'sessionId' => MediaWiki\Session\SessionManager::getGlobalSession()->getId(),
517 'userId' => $this->getUser()->getId()
518 );
519 }
520
521 /**
522 * Import an client IP address, HTTP headers, user ID, and session ID
523 *
524 * This sets the current session, $wgUser, and $wgRequest from $params.
525 * Once the return value falls out of scope, the old context is restored.
526 * This method should only be called in contexts where there is no session
527 * ID or end user receiving the response (CLI or HTTP job runners). This
528 * is partly enforced, and is done so to avoid leaking cookies if certain
529 * error conditions arise.
530 *
531 * This is useful when background scripts inherit context when acting on
532 * behalf of a user. In general the 'sessionId' parameter should be set
533 * to an empty string unless session importing is *truly* needed. This
534 * feature is somewhat deprecated.
535 *
536 * @note suhosin.session.encrypt may interfere with this method.
537 *
538 * @param array $params Result of RequestContext::exportSession()
539 * @return ScopedCallback
540 * @throws MWException
541 * @since 1.21
542 */
543 public static function importScopedSession( array $params ) {
544 if ( strlen( $params['sessionId'] ) &&
545 MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent()
546 ) {
547 // Sanity check to avoid sending random cookies for the wrong users.
548 // This method should only called by CLI scripts or by HTTP job runners.
549 throw new MWException( "Sessions can only be imported when none is active." );
550 } elseif ( !IP::isValid( $params['ip'] ) ) {
551 throw new MWException( "Invalid client IP address '{$params['ip']}'." );
552 }
553
554 if ( $params['userId'] ) { // logged-in user
555 $user = User::newFromId( $params['userId'] );
556 $user->load();
557 if ( !$user->getId() ) {
558 throw new MWException( "No user with ID '{$params['userId']}'." );
559 }
560 } else { // anon user
561 $user = User::newFromName( $params['ip'], false );
562 }
563
564 $importSessionFunc = function ( User $user, array $params ) {
565 global $wgRequest, $wgUser;
566
567 $context = RequestContext::getMain();
568
569 // Commit and close any current session
570 if ( MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
571 session_write_close(); // persist
572 session_id( '' ); // detach
573 $_SESSION = array(); // clear in-memory array
574 }
575
576 // Get new session, if applicable
577 $session = null;
578 if ( strlen( $params['sessionId'] ) ) { // don't make a new random ID
579 $manager = MediaWiki\Session\SessionManager::singleton();
580 $session = $manager->getSessionById( $params['sessionId'], true )
581 ?: $manager->getEmptySession();
582 }
583
584 // Remove any user IP or agent information, and attach the request
585 // with the new session.
586 $context->setRequest( new FauxRequest( array(), false, $session ) );
587 $wgRequest = $context->getRequest(); // b/c
588
589 // Now that all private information is detached from the user, it should
590 // be safe to load the new user. If errors occur or an exception is thrown
591 // and caught (leaving the main context in a mixed state), there is no risk
592 // of the User object being attached to the wrong IP, headers, or session.
593 $context->setUser( $user );
594 $wgUser = $context->getUser(); // b/c
595 if ( $session && MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
596 session_id( $session->getId() );
597 MediaWiki\quietCall( 'session_start' );
598 }
599 $request = new FauxRequest( array(), false, $session );
600 $request->setIP( $params['ip'] );
601 foreach ( $params['headers'] as $name => $value ) {
602 $request->setHeader( $name, $value );
603 }
604 // Set the current context to use the new WebRequest
605 $context->setRequest( $request );
606 $wgRequest = $context->getRequest(); // b/c
607 };
608
609 // Stash the old session and load in the new one
610 $oUser = self::getMain()->getUser();
611 $oParams = self::getMain()->exportSession();
612 $oRequest = self::getMain()->getRequest();
613 $importSessionFunc( $user, $params );
614
615 // Set callback to save and close the new session and reload the old one
616 return new ScopedCallback(
617 function () use ( $importSessionFunc, $oUser, $oParams, $oRequest ) {
618 global $wgRequest;
619 $importSessionFunc( $oUser, $oParams );
620 // Restore the exact previous Request object (instead of leaving FauxRequest)
621 RequestContext::getMain()->setRequest( $oRequest );
622 $wgRequest = RequestContext::getMain()->getRequest(); // b/c
623 }
624 );
625 }
626
627 /**
628 * Create a new extraneous context. The context is filled with information
629 * external to the current session.
630 * - Title is specified by argument
631 * - Request is a FauxRequest, or a FauxRequest can be specified by argument
632 * - User is an anonymous user, for separation IPv4 localhost is used
633 * - Language will be based on the anonymous user and request, may be content
634 * language or a uselang param in the fauxrequest data may change the lang
635 * - Skin will be based on the anonymous user, should be the wiki's default skin
636 *
637 * @param Title $title Title to use for the extraneous request
638 * @param WebRequest|array $request A WebRequest or data to use for a FauxRequest
639 * @return RequestContext
640 */
641 public static function newExtraneousContext( Title $title, $request = array() ) {
642 $context = new self;
643 $context->setTitle( $title );
644 if ( $request instanceof WebRequest ) {
645 $context->setRequest( $request );
646 } else {
647 $context->setRequest( new FauxRequest( $request ) );
648 }
649 $context->user = User::newFromName( '127.0.0.1', false );
650
651 return $context;
652 }
653 }
MediaWiki Core