search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
EditPage: Style anonymous editor warning as a warningbox for consistency
[mediawiki.git] / includes / session / SessionInfo.php
blob1b5a834c9460ddd8bb35cc1627e5683449946cc2
1 <?php
2 /**
3 * MediaWiki session info
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Session
22 */
23
24 namespace MediaWiki\Session;
25
26 /**
27 * Value object returned by SessionProvider
28 *
29 * This holds the data necessary to construct a Session.
30 *
31 * @ingroup Session
32 * @since 1.27
33 */
34 class SessionInfo {
35 /** Minimum allowed priority */
36 const MIN_PRIORITY = 1;
37
38 /** Maximum allowed priority */
39 const MAX_PRIORITY = 100;
40
41 /** @var SessionProvider|null */
42 private $provider;
43
44 /** @var string */
45 private $id;
46
47 /** @var int */
48 private $priority;
49
50 /** @var UserInfo|null */
51 private $userInfo = null;
52
53 private $persisted = false;
54 private $remembered = false;
55 private $forceHTTPS = false;
56 private $idIsSafe = false;
57
58 /** @var array|null */
59 private $providerMetadata = null;
60
61 /**
62 * @param int $priority Session priority
63 * @param array $data
64 * - provider: (SessionProvider|null) If not given, the provider will be
65 * determined from the saved session data.
66 * - id: (string|null) Session ID
67 * - userInfo: (UserInfo|null) User known from the request. If
68 * $provider->canChangeUser() is false, a verified user
69 * must be provided.
70 * - persisted: (bool) Whether this session was persisted
71 * - remembered: (bool) Whether the verified user was remembered.
72 * Defaults to true.
73 * - forceHTTPS: (bool) Whether to force HTTPS for this session
74 * - metadata: (array) Provider metadata, to be returned by
75 * Session::getProviderMetadata().
76 * - idIsSafe: (bool) Set true if the 'id' did not come from the user.
77 * Generally you'll use this from SessionProvider::newEmptySession(),
78 * and not from any other method.
79 * - copyFrom: (SessionInfo) SessionInfo to copy other data items from.
80 */
81 public function __construct( $priority, array $data ) {
82 if ( $priority < self::MIN_PRIORITY || $priority > self::MAX_PRIORITY ) {
83 throw new \InvalidArgumentException( 'Invalid priority' );
84 }
85
86 if ( isset( $data['copyFrom'] ) ) {
87 $from = $data['copyFrom'];
88 if ( !$from instanceof SessionInfo ) {
89 throw new \InvalidArgumentException( 'Invalid copyFrom' );
90 }
91 $data += [
92 'provider' => $from->provider,
93 'id' => $from->id,
94 'userInfo' => $from->userInfo,
95 'persisted' => $from->persisted,
96 'remembered' => $from->remembered,
97 'forceHTTPS' => $from->forceHTTPS,
98 'metadata' => $from->providerMetadata,
99 'idIsSafe' => $from->idIsSafe,
100 // @codeCoverageIgnoreStart
101 ];
102 // @codeCoverageIgnoreEnd
103 } else {
104 $data += [
105 'provider' => null,
106 'id' => null,
107 'userInfo' => null,
108 'persisted' => false,
109 'remembered' => true,
110 'forceHTTPS' => false,
111 'metadata' => null,
112 'idIsSafe' => false,
113 // @codeCoverageIgnoreStart
114 ];
115 // @codeCoverageIgnoreEnd
116 }
117
118 if ( $data['id'] !== null && !SessionManager::validateSessionId( $data['id'] ) ) {
119 throw new \InvalidArgumentException( 'Invalid session ID' );
120 }
121
122 if ( $data['userInfo'] !== null && !$data['userInfo'] instanceof UserInfo ) {
123 throw new \InvalidArgumentException( 'Invalid userInfo' );
124 }
125
126 if ( !$data['provider'] && $data['id'] === null ) {
127 throw new \InvalidArgumentException(
128 'Must supply an ID when no provider is given'
129 );
130 }
131
132 if ( $data['metadata'] !== null && !is_array( $data['metadata'] ) ) {
133 throw new \InvalidArgumentException( 'Invalid metadata' );
134 }
135
136 $this->provider = $data['provider'];
137 if ( $data['id'] !== null ) {
138 $this->id = $data['id'];
139 $this->idIsSafe = $data['idIsSafe'];
140 } else {
141 $this->id = $this->provider->getManager()->generateSessionId();
142 $this->idIsSafe = true;
143 }
144 $this->priority = (int)$priority;
145 $this->userInfo = $data['userInfo'];
146 $this->persisted = (bool)$data['persisted'];
147 if ( $data['provider'] !== null ) {
148 if ( $this->userInfo !== null && !$this->userInfo->isAnon() && $this->userInfo->isVerified() ) {
149 $this->remembered = (bool)$data['remembered'];
150 }
151 $this->providerMetadata = $data['metadata'];
152 }
153 $this->forceHTTPS = (bool)$data['forceHTTPS'];
154 }
155
156 /**
157 * Return the provider
158 * @return SessionProvider|null
159 */
160 final public function getProvider() {
161 return $this->provider;
162 }
163
164 /**
165 * Return the session ID
166 * @return string
167 */
168 final public function getId() {
169 return $this->id;
170 }
171
172 /**
173 * Indicate whether the ID is "safe"
174 *
175 * The ID is safe in the following cases:
176 * - The ID was randomly generated by the constructor.
177 * - The ID was found in the backend data store.
178 * - $this->getProvider()->persistsSessionId() is false.
179 * - The constructor was explicitly told it's safe using the 'idIsSafe'
180 * parameter.
181 *
182 * @return bool
183 */
184 final public function isIdSafe() {
185 return $this->idIsSafe;
186 }
187
188 /**
189 * Return the priority
190 * @return int
191 */
192 final public function getPriority() {
193 return $this->priority;
194 }
195
196 /**
197 * Return the user
198 * @return UserInfo|null
199 */
200 final public function getUserInfo() {
201 return $this->userInfo;
202 }
203
204 /**
205 * Return whether the session is persisted
206 * @return bool
207 */
208 final public function wasPersisted() {
209 return $this->persisted;
210 }
211
212 /**
213 * Return provider metadata
214 * @return array|null
215 */
216 final public function getProviderMetadata() {
217 return $this->providerMetadata;
218 }
219
220 /**
221 * Return whether the user was remembered
222 *
223 * For providers that can persist the user separately from the session,
224 * the human using it may not actually *want* that to be done. For example,
225 * a cookie-based provider can set cookies that are longer-lived than the
226 * backend session data, but on a public terminal the human likely doesn't
227 * want those cookies set.
228 *
229 * This is false unless a non-anonymous verified user was passed to
230 * the SessionInfo constructor by the provider, and the provider didn't
231 * pass false for the 'remembered' data item.
232 *
233 * @return bool
234 */
235 final public function wasRemembered() {
236 return $this->remembered;
237 }
238
239 /**
240 * Whether this session should only be used over HTTPS
241 * @return bool
242 */
243 final public function forceHTTPS() {
244 return $this->forceHTTPS;
245 }
246
247 public function __toString() {
248 return '[' . $this->getPriority() . ']' .
249 ( $this->getProvider() ?: 'null' ) .
250 ( $this->userInfo ?: '<null>' ) . $this->getId();
251 }
252
253 /**
254 * Compare two SessionInfo objects by priority
255 * @param SessionInfo $a
256 * @param SessionInfo $b
257 * @return int Negative if $a < $b, positive if $a > $b, zero if equal
258 */
259 public static function compare( $a, $b ) {
260 return $a->getPriority() - $b->getPriority();
261 }
262
263 }
MediaWiki Core