search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "Special:Upload should not crash on failing previews"
[mediawiki.git] / includes / session / BotPasswordSessionProvider.php
blob5831b098faf0e7e7dd5b3212901a773d9c14495e
1 <?php
2 /**
3 * Session provider for bot passwords
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Session
22 */
23
24 namespace MediaWiki\Session;
25
26 use BotPassword;
27 use User;
28 use WebRequest;
29
30 /**
31 * Session provider for bot passwords
32 * @since 1.27
33 */
34 class BotPasswordSessionProvider extends ImmutableSessionProviderWithCookie {
35
36 /**
37 * @param array $params Keys include:
38 * - priority: (required) Set the priority
39 * - sessionCookieName: Session cookie name. Default is '_BPsession'.
40 * - sessionCookieOptions: Options to pass to WebResponse::setCookie().
41 */
42 public function __construct( array $params = [] ) {
43 if ( !isset( $params['sessionCookieName'] ) ) {
44 $params['sessionCookieName'] = '_BPsession';
45 }
46 parent::__construct( $params );
47
48 if ( !isset( $params['priority'] ) ) {
49 throw new \InvalidArgumentException( __METHOD__ . ': priority must be specified' );
50 }
51 if ( $params['priority'] < SessionInfo::MIN_PRIORITY ||
52 $params['priority'] > SessionInfo::MAX_PRIORITY
53 ) {
54 throw new \InvalidArgumentException( __METHOD__ . ': Invalid priority' );
55 }
56
57 $this->priority = $params['priority'];
58 }
59
60 public function provideSessionInfo( WebRequest $request ) {
61 // Only relevant for the API
62 if ( !defined( 'MW_API' ) ) {
63 return null;
64 }
65
66 // Enabled?
67 if ( !$this->config->get( 'EnableBotPasswords' ) ) {
68 return null;
69 }
70
71 // Have a session ID?
72 $id = $this->getSessionIdFromCookie( $request );
73 if ( $id === null ) {
74 return null;
75 }
76
77 return new SessionInfo( $this->priority, [
78 'provider' => $this,
79 'id' => $id,
80 'persisted' => true
81 ] );
82 }
83
84 public function newSessionInfo( $id = null ) {
85 // We don't activate by default
86 return null;
87 }
88
89 /**
90 * Create a new session for a request
91 * @param User $user
92 * @param BotPassword $bp
93 * @param WebRequest $request
94 * @return Session
95 */
96 public function newSessionForRequest( User $user, BotPassword $bp, WebRequest $request ) {
97 $id = $this->getSessionIdFromCookie( $request );
98 $info = new SessionInfo( SessionInfo::MAX_PRIORITY, [
99 'provider' => $this,
100 'id' => $id,
101 'userInfo' => UserInfo::newFromUser( $user, true ),
102 'persisted' => $id !== null,
103 'metadata' => [
104 'centralId' => $bp->getUserCentralId(),
105 'appId' => $bp->getAppId(),
106 'token' => $bp->getToken(),
107 'rights' => \MWGrants::getGrantRights( $bp->getGrants() ),
108 ],
109 ] );
110 $session = $this->getManager()->getSessionFromInfo( $info, $request );
111 $session->persist();
112 return $session;
113 }
114
115 public function refreshSessionInfo( SessionInfo $info, WebRequest $request, &$metadata ) {
116 $missingKeys = array_diff(
117 [ 'centralId', 'appId', 'token' ],
118 array_keys( $metadata )
119 );
120 if ( $missingKeys ) {
121 $this->logger->info( 'Session "{session}": Missing metadata: {missing}', [
122 'session' => $info,
123 'missing' => implode( ', ', $missingKeys ),
124 ] );
125 return false;
126 }
127
128 $bp = BotPassword::newFromCentralId( $metadata['centralId'], $metadata['appId'] );
129 if ( !$bp ) {
130 $this->logger->info(
131 'Session "{session}": No BotPassword for {centralId} {appId}',
132 [
133 'session' => $info,
134 'centralId' => $metadata['centralId'],
135 'appId' => $metadata['appId'],
136 ] );
137 return false;
138 }
139
140 if ( !hash_equals( $metadata['token'], $bp->getToken() ) ) {
141 $this->logger->info( 'Session "{session}": BotPassword token check failed', [
142 'session' => $info,
143 'centralId' => $metadata['centralId'],
144 'appId' => $metadata['appId'],
145 ] );
146 return false;
147 }
148
149 $status = $bp->getRestrictions()->check( $request );
150 if ( !$status->isOK() ) {
151 $this->logger->info(
152 'Session "{session}": Restrictions check failed',
153 [
154 'session' => $info,
155 'restrictions' => $status->getValue(),
156 'centralId' => $metadata['centralId'],
157 'appId' => $metadata['appId'],
158 ] );
159 return false;
160 }
161
162 // Update saved rights
163 $metadata['rights'] = \MWGrants::getGrantRights( $bp->getGrants() );
164
165 return true;
166 }
167
168 /**
169 * @codeCoverageIgnore
170 */
171 public function preventSessionsForUser( $username ) {
172 BotPassword::removeAllPasswordsForUser( $username );
173 }
174
175 public function getAllowedUserRights( SessionBackend $backend ) {
176 if ( $backend->getProvider() !== $this ) {
177 throw new \InvalidArgumentException( 'Backend\'s provider isn\'t $this' );
178 }
179 $data = $backend->getProviderMetadata();
180 if ( $data && isset( $data['rights'] ) && is_array( $data['rights'] ) ) {
181 return $data['rights'];
182 }
183
184 // Should never happen
185 $this->logger->debug( __METHOD__ . ': No provider metadata, returning no rights allowed' );
186 return [];
187 }
188 }
MediaWiki Core