search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Localisation updates from https://translatewiki.net.
[mediawiki.git] / tests / phpunit / includes / session / CookieSessionProviderTest.php
blob6490dda48a8e2db20293924191616f5c7bf3e500
1 <?php
2
3 namespace MediaWiki\Tests\Session;
4
5 use ArrayUtils;
6 use InvalidArgumentException;
7 use MediaWiki\Config\HashConfig;
8 use MediaWiki\MainConfigNames;
9 use MediaWiki\Message\Message;
10 use MediaWiki\Request\FauxRequest;
11 use MediaWiki\Request\FauxResponse;
12 use MediaWiki\Session\CookieSessionProvider;
13 use MediaWiki\Session\SessionBackend;
14 use MediaWiki\Session\SessionId;
15 use MediaWiki\Session\SessionInfo;
16 use MediaWiki\Session\SessionManager;
17 use MediaWiki\User\User;
18 use MediaWikiIntegrationTestCase;
19 use Psr\Log\LogLevel;
20 use Psr\Log\NullLogger;
21 use TestLogger;
22 use Wikimedia\TestingAccessWrapper;
23
24 /**
25 * @group Session
26 * @group Database
27 * @covers \MediaWiki\Session\CookieSessionProvider
28 */
29 class CookieSessionProviderTest extends MediaWikiIntegrationTestCase {
30 use SessionProviderTestTrait;
31
32 private function getConfig() {
33 return new HashConfig( [
34 MainConfigNames::CookiePrefix => 'CookiePrefix',
35 MainConfigNames::CookiePath => 'CookiePath',
36 MainConfigNames::CookieDomain => 'CookieDomain',
37 MainConfigNames::CookieSecure => true,
38 MainConfigNames::CookieHttpOnly => true,
39 MainConfigNames::CookieSameSite => '',
40 MainConfigNames::SessionName => false,
41 MainConfigNames::CookieExpiration => 100,
42 MainConfigNames::ExtendedLoginCookieExpiration => 200,
43 MainConfigNames::ForceHTTPS => false,
44 ] );
45 }
46
47 /**
48 * Provider for testing both values of $wgForceHTTPS
49 */
50 public static function provideForceHTTPS() {
51 return [
52 [ false ],
53 [ true ]
54 ];
55 }
56
57 public function testConstructor() {
58 try {
59 new CookieSessionProvider();
60 $this->fail( 'Expected exception not thrown' );
61 } catch ( InvalidArgumentException $ex ) {
62 $this->assertSame(
63 'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',
64 $ex->getMessage()
65 );
66 }
67
68 try {
69 new CookieSessionProvider( [ 'priority' => 'foo' ] );
70 $this->fail( 'Expected exception not thrown' );
71 } catch ( InvalidArgumentException $ex ) {
72 $this->assertSame(
73 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
74 $ex->getMessage()
75 );
76 }
77 try {
78 new CookieSessionProvider( [ 'priority' => SessionInfo::MIN_PRIORITY - 1 ] );
79 $this->fail( 'Expected exception not thrown' );
80 } catch ( InvalidArgumentException $ex ) {
81 $this->assertSame(
82 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
83 $ex->getMessage()
84 );
85 }
86 try {
87 new CookieSessionProvider( [ 'priority' => SessionInfo::MAX_PRIORITY + 1 ] );
88 $this->fail( 'Expected exception not thrown' );
89 } catch ( InvalidArgumentException $ex ) {
90 $this->assertSame(
91 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
92 $ex->getMessage()
93 );
94 }
95
96 try {
97 new CookieSessionProvider( [ 'priority' => 1, 'cookieOptions' => null ] );
98 $this->fail( 'Expected exception not thrown' );
99 } catch ( InvalidArgumentException $ex ) {
100 $this->assertSame(
101 'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',
102 $ex->getMessage()
103 );
104 }
105
106 $config = $this->getConfig();
107 $provider = new CookieSessionProvider( [ 'priority' => 1 ] );
108 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
109 $this->initProvider( $provider, new TestLogger(), $config );
110 $this->assertSame( 1, $providerPriv->priority );
111 $this->assertEquals( [
112 'sessionName' => 'CookiePrefix_session',
113 ], $providerPriv->params );
114 $this->assertEquals( [
115 'prefix' => 'CookiePrefix',
116 'path' => 'CookiePath',
117 'domain' => 'CookieDomain',
118 'secure' => true,
119 'httpOnly' => true,
120 'sameSite' => '',
121 ], $providerPriv->cookieOptions );
122
123 $config->set( MainConfigNames::SessionName, 'SessionName' );
124 $provider = new CookieSessionProvider( [ 'priority' => 3 ] );
125 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
126 $this->initProvider( $provider, new TestLogger(), $config );
127 $this->assertEquals( 3, $providerPriv->priority );
128 $this->assertEquals( [
129 'sessionName' => 'SessionName',
130 ], $providerPriv->params );
131 $this->assertEquals( [
132 'prefix' => 'CookiePrefix',
133 'path' => 'CookiePath',
134 'domain' => 'CookieDomain',
135 'secure' => true,
136 'httpOnly' => true,
137 'sameSite' => '',
138 ], $providerPriv->cookieOptions );
139
140 $provider = new CookieSessionProvider( [
141 'priority' => 10,
142 'cookieOptions' => [
143 'prefix' => 'XPrefix',
144 'path' => 'XPath',
145 'domain' => 'XDomain',
146 'secure' => 'XSecure',
147 'httpOnly' => 'XHttpOnly',
148 'sameSite' => 'XSameSite',
149 ],
150 'sessionName' => 'XSession',
151 ] );
152 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
153 $this->initProvider( $provider, new TestLogger(), $config );
154 $this->assertEquals( 10, $providerPriv->priority );
155 $this->assertEquals( [
156 'sessionName' => 'XSession',
157 ], $providerPriv->params );
158 $this->assertEquals( [
159 'prefix' => 'XPrefix',
160 'path' => 'XPath',
161 'domain' => 'XDomain',
162 'secure' => 'XSecure',
163 'httpOnly' => 'XHttpOnly',
164 'sameSite' => 'XSameSite',
165 ], $providerPriv->cookieOptions );
166 }
167
168 public function testBasics() {
169 $provider = new CookieSessionProvider( [ 'priority' => 10 ] );
170
171 $this->assertTrue( $provider->persistsSessionId() );
172 $this->assertTrue( $provider->canChangeUser() );
173
174 $extendedCookies = [ 'UserID', 'UserName', 'Token' ];
175
176 $this->assertEquals(
177 $extendedCookies,
178 TestingAccessWrapper::newFromObject( $provider )->getExtendedLoginCookies(),
179 'List of extended cookies (subclasses can add values, but we\'re calling the core one here)'
180 );
181
182 $msg = $provider->whyNoSession();
183 $this->assertInstanceOf( Message::class, $msg );
184 $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
185 }
186
187 public function testProvideSessionInfo() {
188 $params = [
189 'priority' => 20,
190 'sessionName' => 'session',
191 'cookieOptions' => [ 'prefix' => 'x' ],
192 ];
193 $provider = new CookieSessionProvider( $params );
194 $logger = new TestLogger( true );
195 $this->initProvider( $provider, $logger, $this->getConfig(), new SessionManager() );
196
197 $user = static::getTestSysop()->getUser();
198 $id = $user->getId();
199 $name = $user->getName();
200 $token = $user->getToken( true );
201 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
202
203 // No data
204 $request = new FauxRequest();
205 $info = $provider->provideSessionInfo( $request );
206 $this->assertNull( $info );
207 $this->assertSame( [], $logger->getBuffer() );
208 $logger->clearBuffer();
209
210 // Session key only
211 $request = new FauxRequest();
212 $request->setCookies( [
213 'session' => $sessionId,
214 ], '' );
215 $info = $provider->provideSessionInfo( $request );
216 $this->assertNotNull( $info );
217 $this->assertSame( $params['priority'], $info->getPriority() );
218 $this->assertSame( $sessionId, $info->getId() );
219 $this->assertNotNull( $info->getUserInfo() );
220 $this->assertSame( 0, $info->getUserInfo()->getId() );
221 $this->assertNull( $info->getUserInfo()->getName() );
222 $this->assertFalse( $info->forceHTTPS() );
223 $this->assertSame( [
224 [
225 LogLevel::DEBUG,
226 'Session "{session}" requested without UserID cookie',
227 ],
228 ], $logger->getBuffer() );
229 $logger->clearBuffer();
230
231 // User, no session key
232 $request = new FauxRequest();
233 $request->setCookies( [
234 'xUserID' => $id,
235 'xToken' => $token,
236 ], '' );
237 $info = $provider->provideSessionInfo( $request );
238 $this->assertNotNull( $info );
239 $this->assertSame( $params['priority'], $info->getPriority() );
240 $this->assertNotSame( $sessionId, $info->getId() );
241 $this->assertNotNull( $info->getUserInfo() );
242 $this->assertSame( $id, $info->getUserInfo()->getId() );
243 $this->assertSame( $name, $info->getUserInfo()->getName() );
244 $this->assertFalse( $info->forceHTTPS() );
245 $this->assertSame( [], $logger->getBuffer() );
246 $logger->clearBuffer();
247
248 // User and session key
249 $request = new FauxRequest();
250 $request->setCookies( [
251 'session' => $sessionId,
252 'xUserID' => $id,
253 'xToken' => $token,
254 ], '' );
255 $info = $provider->provideSessionInfo( $request );
256 $this->assertNotNull( $info );
257 $this->assertSame( $params['priority'], $info->getPriority() );
258 $this->assertSame( $sessionId, $info->getId() );
259 $this->assertNotNull( $info->getUserInfo() );
260 $this->assertSame( $id, $info->getUserInfo()->getId() );
261 $this->assertSame( $name, $info->getUserInfo()->getName() );
262 $this->assertFalse( $info->forceHTTPS() );
263 $this->assertSame( [], $logger->getBuffer() );
264 $logger->clearBuffer();
265
266 // User with bad token
267 $request = new FauxRequest();
268 $request->setCookies( [
269 'session' => $sessionId,
270 'xUserID' => $id,
271 'xToken' => 'BADTOKEN',
272 ], '' );
273 $info = $provider->provideSessionInfo( $request );
274 $this->assertNull( $info );
275 $this->assertSame( [
276 [
277 LogLevel::WARNING,
278 'Session "{session}" requested with invalid Token cookie.'
279 ],
280 ], $logger->getBuffer() );
281 $logger->clearBuffer();
282
283 // User id with no token
284 $request = new FauxRequest();
285 $request->setCookies( [
286 'session' => $sessionId,
287 'xUserID' => $id,
288 ], '' );
289 $info = $provider->provideSessionInfo( $request );
290 $this->assertNotNull( $info );
291 $this->assertSame( $params['priority'], $info->getPriority() );
292 $this->assertSame( $sessionId, $info->getId() );
293 $this->assertNotNull( $info->getUserInfo() );
294 $this->assertFalse( $info->getUserInfo()->isVerified() );
295 $this->assertSame( $id, $info->getUserInfo()->getId() );
296 $this->assertSame( $name, $info->getUserInfo()->getName() );
297 $this->assertFalse( $info->forceHTTPS() );
298 $this->assertSame( [], $logger->getBuffer() );
299 $logger->clearBuffer();
300
301 $request = new FauxRequest();
302 $request->setCookies( [
303 'xUserID' => $id,
304 ], '' );
305 $info = $provider->provideSessionInfo( $request );
306 $this->assertNull( $info );
307 $this->assertSame( [], $logger->getBuffer() );
308 $logger->clearBuffer();
309
310 // User and session key, with forceHTTPS flag
311 $request = new FauxRequest();
312 $request->setCookies( [
313 'session' => $sessionId,
314 'xUserID' => $id,
315 'xToken' => $token,
316 'forceHTTPS' => true,
317 ], '' );
318 $info = $provider->provideSessionInfo( $request );
319 $this->assertNotNull( $info );
320 $this->assertSame( $params['priority'], $info->getPriority() );
321 $this->assertSame( $sessionId, $info->getId() );
322 $this->assertNotNull( $info->getUserInfo() );
323 $this->assertSame( $id, $info->getUserInfo()->getId() );
324 $this->assertSame( $name, $info->getUserInfo()->getName() );
325 $this->assertTrue( $info->forceHTTPS() );
326 $this->assertSame( [], $logger->getBuffer() );
327 $logger->clearBuffer();
328
329 // Invalid user id
330 $request = new FauxRequest();
331 $request->setCookies( [
332 'session' => $sessionId,
333 'xUserID' => '-1',
334 ], '' );
335 $info = $provider->provideSessionInfo( $request );
336 $this->assertNull( $info );
337 $this->assertSame( [], $logger->getBuffer() );
338 $logger->clearBuffer();
339
340 // User id with matching name
341 $request = new FauxRequest();
342 $request->setCookies( [
343 'session' => $sessionId,
344 'xUserID' => $id,
345 'xUserName' => $name,
346 ], '' );
347 $info = $provider->provideSessionInfo( $request );
348 $this->assertNotNull( $info );
349 $this->assertSame( $params['priority'], $info->getPriority() );
350 $this->assertSame( $sessionId, $info->getId() );
351 $this->assertNotNull( $info->getUserInfo() );
352 $this->assertFalse( $info->getUserInfo()->isVerified() );
353 $this->assertSame( $id, $info->getUserInfo()->getId() );
354 $this->assertSame( $name, $info->getUserInfo()->getName() );
355 $this->assertFalse( $info->forceHTTPS() );
356 $this->assertSame( [], $logger->getBuffer() );
357 $logger->clearBuffer();
358
359 // User id with wrong name
360 $request = new FauxRequest();
361 $request->setCookies( [
362 'session' => $sessionId,
363 'xUserID' => $id,
364 'xUserName' => 'Wrong',
365 ], '' );
366 $info = $provider->provideSessionInfo( $request );
367 $this->assertNull( $info );
368 $this->assertSame( [
369 [
370 LogLevel::WARNING,
371 'Session "{session}" requested with mismatched UserID and UserName cookies.',
372 ],
373 ], $logger->getBuffer() );
374 $logger->clearBuffer();
375 }
376
377 public function testGetVaryCookies() {
378 $provider = new CookieSessionProvider( [
379 'priority' => 1,
380 'sessionName' => 'MySessionName',
381 'cookieOptions' => [ 'prefix' => 'MyCookiePrefix' ],
382 ] );
383 $this->assertArrayEquals( [
384 'MyCookiePrefixToken',
385 'MyCookiePrefixLoggedOut',
386 'MySessionName',
387 'forceHTTPS',
388 ], $provider->getVaryCookies() );
389 }
390
391 public function testSuggestLoginUsername() {
392 $provider = new CookieSessionProvider( [
393 'priority' => 1,
394 'sessionName' => 'MySessionName',
395 'cookieOptions' => [ 'prefix' => 'x' ],
396 ] );
397 $this->initProvider(
398 $provider, null, $this->getConfig(), null, null, $this->getServiceContainer()->getUserNameUtils()
399 );
400
401 $request = new FauxRequest();
402 $this->assertNull( $provider->suggestLoginUsername( $request ) );
403
404 $request->setCookies( [
405 'xUserName' => 'Example',
406 ], '' );
407 $this->assertEquals( 'Example', $provider->suggestLoginUsername( $request ) );
408 }
409
410 /** @dataProvider provideForceHTTPS */
411 public function testPersistSession( $forceHTTPS ) {
412 $provider = new CookieSessionProvider( [
413 'priority' => 1,
414 'sessionName' => 'MySessionName',
415 'cookieOptions' => [ 'prefix' => 'x' ],
416 ] );
417 $config = $this->getConfig();
418 $config->set( MainConfigNames::ForceHTTPS, $forceHTTPS );
419 $hookContainer = $this->createHookContainer();
420 $this->initProvider( $provider, new TestLogger(), $config, SessionManager::singleton(), $hookContainer );
421
422 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
423 $store = new TestBagOStuff();
424
425 // For User::requiresHTTPS
426 $this->overrideConfigValue( MainConfigNames::ForceHTTPS, $forceHTTPS );
427
428 $user = static::getTestSysop()->getUser();
429 $anon = new User;
430
431 $backend = new SessionBackend(
432 new SessionId( $sessionId ),
433 new SessionInfo( SessionInfo::MIN_PRIORITY, [
434 'provider' => $provider,
435 'id' => $sessionId,
436 'persisted' => true,
437 'idIsSafe' => true,
438 ] ),
439 $store,
440 new NullLogger(),
441 $hookContainer,
442 10
443 );
444 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;
445
446 // Anonymous user
447 $backend->setUser( $anon );
448 $backend->setRememberUser( true );
449 $backend->setForceHTTPS( false );
450 $request = new FauxRequest();
451 $provider->persistSession( $backend, $request );
452 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
453 $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
454 $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
455 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
456 if ( $forceHTTPS ) {
457 $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
458 } else {
459 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
460 }
461 $this->assertSame( [], $backend->getData() );
462
463 // Logged-in user, no remember
464 $backend->setUser( $user );
465 $backend->setRememberUser( false );
466 $backend->setForceHTTPS( false );
467 $request = new FauxRequest();
468 $provider->persistSession( $backend, $request );
469 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
470 $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
471 $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
472 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
473 if ( $forceHTTPS ) {
474 $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
475 } else {
476 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
477 }
478 $this->assertSame( [], $backend->getData() );
479
480 // Logged-in user, remember
481 $backend->setUser( $user );
482 $backend->setRememberUser( true );
483 $backend->setForceHTTPS( true );
484 $request = new FauxRequest();
485 $provider->persistSession( $backend, $request );
486 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
487 $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
488 $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
489 $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );
490 if ( $forceHTTPS ) {
491 $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
492 } else {
493 $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
494 }
495 $this->assertSame( [], $backend->getData() );
496 }
497
498 /**
499 * @dataProvider provideCookieData
500 * @param bool $secure
501 * @param bool $remember
502 * @param bool $forceHTTPS
503 */
504 public function testCookieData( $secure, $remember, $forceHTTPS ) {
505 $this->overrideConfigValues( [
506 MainConfigNames::SecureLogin => false,
507 MainConfigNames::ForceHTTPS => $forceHTTPS,
508 ] );
509
510 $provider = new CookieSessionProvider( [
511 'priority' => 1,
512 'sessionName' => 'MySessionName',
513 'cookieOptions' => [ 'prefix' => 'x' ],
514 ] );
515 $config = $this->getConfig();
516 $config->set( MainConfigNames::CookieSecure, $secure );
517 $config->set( MainConfigNames::ForceHTTPS, $forceHTTPS );
518 $hookContainer = $this->createHookContainer();
519 $this->initProvider( $provider, new TestLogger(), $config, SessionManager::singleton(), $hookContainer );
520
521 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
522 $user = static::getTestSysop()->getUser();
523 $this->assertSame( $user->requiresHTTPS(), $forceHTTPS );
524
525 $backend = new SessionBackend(
526 new SessionId( $sessionId ),
527 new SessionInfo( SessionInfo::MIN_PRIORITY, [
528 'provider' => $provider,
529 'id' => $sessionId,
530 'persisted' => true,
531 'idIsSafe' => true,
532 ] ),
533 new TestBagOStuff(),
534 new NullLogger(),
535 $hookContainer,
536 10
537 );
538 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;
539 $backend->setUser( $user );
540 $backend->setRememberUser( $remember );
541 $backend->setForceHTTPS( $secure );
542 $request = new FauxRequest();
543 $time = time();
544 $provider->persistSession( $backend, $request );
545
546 $defaults = [
547 'expire' => (int)100,
548 'path' => $config->get( MainConfigNames::CookiePath ),
549 'domain' => $config->get( MainConfigNames::CookieDomain ),
550 'secure' => $secure || $forceHTTPS,
551 'httpOnly' => $config->get( MainConfigNames::CookieHttpOnly ),
552 'raw' => false,
553 ];
554
555 $normalExpiry = $config->get( MainConfigNames::CookieExpiration );
556 $extendedExpiry = $config->get( MainConfigNames::ExtendedLoginCookieExpiration );
557 $extendedExpiry = (int)( $extendedExpiry ?? 0 );
558 $expect = [
559 'MySessionName' => [
560 'value' => (string)$sessionId,
561 'expire' => 0,
562 ] + $defaults,
563 'xUserID' => [
564 'value' => (string)$user->getId(),
565 'expire' => $remember ? $extendedExpiry : $normalExpiry,
566 ] + $defaults,
567 'xUserName' => [
568 'value' => $user->getName(),
569 'expire' => $remember ? $extendedExpiry : $normalExpiry
570 ] + $defaults,
571 'xToken' => [
572 'value' => $remember ? $user->getToken() : '',
573 'expire' => $remember ? $extendedExpiry : -31536000,
574 ] + $defaults
575 ];
576 if ( !$forceHTTPS ) {
577 $expect['forceHTTPS'] = [
578 'value' => $secure ? 'true' : '',
579 'secure' => false,
580 'expire' => $secure ? ( $remember ? $defaults['expire'] : 0 ) : -31536000,
581 ] + $defaults;
582 }
583 foreach ( $expect as $key => $value ) {
584 $actual = $request->response()->getCookieData( $key );
585 if ( $actual && $actual['expire'] > 0 ) {
586 // Round expiry so we don't randomly fail if the seconds ticked during the test.
587 $actual['expire'] = round( $actual['expire'] - $time, -2 );
588 }
589 $this->assertEquals( $value, $actual, "Cookie $key" );
590 }
591 }
592
593 public static function provideCookieData() {
594 return ArrayUtils::cartesianProduct(
595 [ false, true ], // $secure
596 [ false, true ], // $remember
597 [ false, true ] // $forceHTTPS
598 );
599 }
600
601 protected function getSentRequest() {
602 $sentResponse = $this->getMockBuilder( FauxResponse::class )
603 ->onlyMethods( [ 'headersSent', 'setCookie', 'header' ] )->getMock();
604 $sentResponse->method( 'headersSent' )
605 ->willReturn( true );
606 $sentResponse->expects( $this->never() )->method( 'setCookie' );
607 $sentResponse->expects( $this->never() )->method( 'header' );
608
609 $sentRequest = $this->getMockBuilder( FauxRequest::class )
610 ->onlyMethods( [ 'response' ] )->getMock();
611 $sentRequest->method( 'response' )
612 ->willReturn( $sentResponse );
613 return $sentRequest;
614 }
615
616 public function testUnpersistSession() {
617 $provider = new CookieSessionProvider( [
618 'priority' => 1,
619 'sessionName' => 'MySessionName',
620 'cookieOptions' => [ 'prefix' => 'x' ],
621 ] );
622 $this->initProvider(
623 $provider, null, $this->getConfig(), SessionManager::singleton(), $this->createHookContainer()
624 );
625
626 $request = new FauxRequest();
627 $provider->unpersistSession( $request );
628 $this->assertSame( '', $request->response()->getCookie( 'MySessionName' ) );
629 $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
630 $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
631 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
632 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
633
634 $provider->unpersistSession( $this->getSentRequest() );
635 }
636
637 public function testSetLoggedOutCookie() {
638 $provider = new CookieSessionProvider( [
639 'priority' => 1,
640 'sessionName' => 'MySessionName',
641 'cookieOptions' => [ 'prefix' => 'x' ],
642 ] );
643 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
644 $this->initProvider(
645 $provider, null, $this->getConfig(), SessionManager::singleton(), $this->createHookContainer()
646 );
647
648 $t1 = time();
649 $t2 = time() - 86400 * 2;
650
651 // Set it
652 $request = new FauxRequest();
653 $providerPriv->setLoggedOutCookie( $t1, $request );
654 $this->assertSame( (string)$t1, $request->response()->getCookie( 'xLoggedOut' ) );
655
656 // Too old
657 $request = new FauxRequest();
658 $providerPriv->setLoggedOutCookie( $t2, $request );
659 $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
660
661 // Don't reset if it's already set
662 $request = new FauxRequest();
663 $request->setCookies( [
664 'xLoggedOut' => $t1,
665 ], '' );
666 $providerPriv->setLoggedOutCookie( $t1, $request );
667 $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
668 }
669
670 public function testGetCookie() {
671 $provider = new CookieSessionProvider( [
672 'priority' => 1,
673 'sessionName' => 'MySessionName',
674 'cookieOptions' => [ 'prefix' => 'x' ],
675 ] );
676 $this->initProvider(
677 $provider, null, $this->getConfig(), SessionManager::singleton(), $this->createHookContainer()
678 );
679 $provider = TestingAccessWrapper::newFromObject( $provider );
680
681 $request = new FauxRequest();
682 $request->setCookies( [
683 'xFoo' => 'foo!',
684 'xBar' => 'deleted',
685 ], '' );
686 $this->assertSame( 'foo!', $provider->getCookie( $request, 'Foo', 'x' ) );
687 $this->assertNull( $provider->getCookie( $request, 'Bar', 'x' ) );
688 $this->assertNull( $provider->getCookie( $request, 'Baz', 'x' ) );
689 }
690
691 public function testGetRememberUserDuration() {
692 $config = $this->getConfig();
693 $provider = new CookieSessionProvider( [ 'priority' => 10 ] );
694 $this->initProvider( $provider, null, $config, SessionManager::singleton(), $this->createHookContainer() );
695
696 $this->assertSame( 200, $provider->getRememberUserDuration() );
697
698 $config->set( MainConfigNames::ExtendedLoginCookieExpiration, null );
699
700 $this->assertSame( 100, $provider->getRememberUserDuration() );
701
702 $config->set( MainConfigNames::ExtendedLoginCookieExpiration, 0 );
703
704 $this->assertSame( null, $provider->getRememberUserDuration() );
705 }
706
707 public function testGetLoginCookieExpiration() {
708 $config = $this->getConfig();
709 $provider = new CookieSessionProvider( [
710 'priority' => 10
711 ] );
712 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
713 $this->initProvider( $provider, null, $config, SessionManager::singleton(), $this->createHookContainer() );
714
715 // First cookie is an extended cookie, remember me true
716 $this->assertSame( 200, $providerPriv->getLoginCookieExpiration( 'Token', true ) );
717 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'User', true ) );
718
719 // First cookie is an extended cookie, remember me false
720 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'UserID', false ) );
721 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'User', false ) );
722
723 $config->set( MainConfigNames::ExtendedLoginCookieExpiration, null );
724
725 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'Token', true ) );
726 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'User', true ) );
727
728 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'Token', false ) );
729 $this->assertSame( 100, $providerPriv->getLoginCookieExpiration( 'User', false ) );
730 }
731 }
MediaWiki Core