namespace MediaWiki\Session;
-use Psr\Log\LogLevel;
+use AuthPlugin;
+use MediaWiki\Logger\LoggerFactory;
use MediaWikiTestCase;
+use Psr\Log\LogLevel;
use User;
/**
public function testGetSessionById() {
$manager = $this->getManager();
-
try {
$manager->getSessionById( 'bad' );
$this->fail( 'Expected exception not thrown' );
'Bar' => array( 'X', 'Bar1', 3 => 'Bar2' ),
'Quux' => array( 'Quux' ),
'Baz' => array(),
- 'Quux' => array( 'Quux' ),
);
$this->assertEquals( $expect, $manager->getVaryHeaders() );
public function testAutoCreateUser() {
global $wgGroupPermissions;
- $that = $this;
-
- \ObjectCache::$instances[__METHOD__] = new \HashBagOStuff();
+ \ObjectCache::$instances[__METHOD__] = new TestBagOStuff();
$this->setMwGlobals( array( 'wgMainCacheType' => __METHOD__ ) );
+ $this->setMWGlobals( array(
+ 'wgAuth' => new AuthPlugin,
+ ) );
$this->stashMwGlobals( array( 'wgGroupPermissions' ) );
$wgGroupPermissions['*']['createaccount'] = true;
return null;
}
$m = str_replace( 'MediaWiki\Session\SessionManager::autoCreateUser: ', '', $m );
- $m = preg_replace( '/ - from: .*$/', ' - from: XXX', $m );
return $m;
} );
$manager->setLogger( $logger );
$user->getId(), User::idFromName( 'UTSessionAutoCreate1', User::READ_LATEST )
);
$this->assertSame( array(
- array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate1) - from: XXX' ),
+ array( LogLevel::INFO, 'creating new user ({username}) - from: {url}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->assertEquals( 0, User::idFromName( 'UTDoesNotExist', User::READ_LATEST ) );
$session->clear();
$this->assertSame( array(
- array( LogLevel::DEBUG, 'user is blocked from this wiki, blacklisting' ),
+ array(
+ LogLevel::DEBUG,
+ 'user is blocked from this wiki, blacklisting',
+ ),
), $logger->getBuffer() );
$logger->clearBuffer();
$user->getId(), User::idFromName( 'UTSessionAutoCreate2', User::READ_LATEST )
);
$this->assertSame( array(
- array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate2) - from: XXX' ),
+ array( LogLevel::INFO, 'creating new user ({username}) - from: {url}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$user->getId(), User::idFromName( 'UTSessionAutoCreate3', User::READ_LATEST )
);
$this->assertSame( array(
- array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate3) - from: XXX' ),
+ array( LogLevel::INFO, 'creating new user ({username}) - from: {url}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$logger->clearBuffer();
// Sanity check that creation still works, and test completion hook
- $cb = $this->callback( function ( User $user ) use ( $that ) {
- $that->assertNotEquals( 0, $user->getId() );
- $that->assertSame( 'UTSessionAutoCreate4', $user->getName() );
- $that->assertEquals(
+ $cb = $this->callback( function ( User $user ) {
+ $this->assertNotEquals( 0, $user->getId() );
+ $this->assertSame( 'UTSessionAutoCreate4', $user->getName() );
+ $this->assertEquals(
$user->getId(), User::idFromName( 'UTSessionAutoCreate4', User::READ_LATEST )
);
return true;
'LocalUserCreated' => array(),
) );
$this->assertSame( array(
- array( LogLevel::INFO, 'creating new user (UTSessionAutoCreate4) - from: XXX' ),
+ array( LogLevel::INFO, 'creating new user ({username}) - from: {url}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
}
$this->objectCacheDef( $provider1 ),
) );
- $user = User::newFromName( 'UTSysop' );
- $token = $user->getToken( true );
-
$this->assertFalse( $manager->isUserSessionPrevented( 'UTSysop' ) );
$manager->preventSessionsForUser( 'UTSysop' );
- $this->assertNotEquals( $token, User::newFromName( 'UTSysop' )->getToken() );
$this->assertTrue( $manager->isUserSessionPrevented( 'UTSysop' ) );
}
public function testLoadSessionInfoFromStore() {
$manager = $this->getManager();
- $logger = new \TestLogger( true, function ( $m ) {
- return preg_replace(
- '/^Session \[\d+\]\w+<(?:null|anon|[+-]:\d+:\w+)>\w+: /', 'Session X: ', $m
- );
- } );
+ $logger = new \TestLogger( true );
$manager->setLogger( $logger );
$request = new \FauxRequest();
$this->assertSame( $unverifiedUserInfo, $info->getUserInfo() );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Unverified user provided and no metadata to auth it' )
+ array(
+ LogLevel::WARNING,
+ 'Session "{session}": Unverified user provided and no metadata to auth it',
+ )
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Null provider and no metadata' ),
+ array( LogLevel::WARNING, 'Session "{session}": Null provider and no metadata' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->assertFalse( $info->isIdSafe(), 'sanity check' );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::INFO, 'Session X: No user provided and provider cannot set user' )
+ array( LogLevel::INFO, 'Session "{session}": No user provided and provider cannot set user' )
), $logger->getBuffer() );
$logger->clearBuffer();
$this->store->setRawSession( $id, true );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Bad data' ),
+ array( LogLevel::WARNING, 'Session "{session}": Bad data' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->store->setRawSession( $id, array( 'data' => array() ) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Bad data structure' ),
+ array( LogLevel::WARNING, 'Session "{session}": Bad data structure' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->store->setRawSession( $id, array( 'metadata' => $metadata ) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Bad data structure' ),
+ array( LogLevel::WARNING, 'Session "{session}": Bad data structure' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->store->setRawSession( $id, array( 'metadata' => $metadata, 'data' => true ) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Bad data structure' ),
+ array( LogLevel::WARNING, 'Session "{session}": Bad data structure' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->store->setRawSession( $id, array( 'metadata' => true, 'data' => array() ) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Bad data structure' ),
+ array( LogLevel::WARNING, 'Session "{session}": Bad data structure' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->store->setRawSession( $id, array( 'metadata' => $tmp, 'data' => array() ) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Bad metadata' ),
+ array( LogLevel::WARNING, 'Session "{session}": Bad metadata' ),
), $logger->getBuffer() );
$logger->clearBuffer();
}
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Wrong provider, Bad !== Mock' ),
+ array( LogLevel::WARNING, 'Session "{session}": Wrong provider Bad !== Mock' ),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Unknown provider, Bad' ),
+ array( LogLevel::WARNING, 'Session "{session}": Unknown provider Bad' ),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::ERROR, 'Session X: Invalid ID' ),
+ array( LogLevel::ERROR, 'Session "{session}": {exception}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::ERROR, 'Session X: Invalid user name' ),
+ array( LogLevel::ERROR, 'Session "{session}": {exception}', ),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: User ID mismatch, 2 !== 1' ),
+ array( LogLevel::WARNING, 'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: User name mismatch, X !== UTSysop' ),
+ array( LogLevel::WARNING, 'Session "{session}": User name mismatch, {uname_a} !== {uname_b}' ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
array(
- LogLevel::WARNING, 'Session X: User ID matched but name didn\'t (rename?), X !== UTSysop'
+ LogLevel::WARNING,
+ 'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}'
),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
array(
- LogLevel::WARNING, 'Session X: Metadata has an anonymous user, but a non-anon user was provided'
+ LogLevel::WARNING,
+ 'Session "{session}": Metadata has an anonymous user, ' .
+ 'but a non-anon user was provided',
),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: User token mismatch' ),
+ array( LogLevel::WARNING, 'Session "{session}": User token mismatch' ),
), $logger->getBuffer() );
$logger->clearBuffer();
) );
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Metadata merge failed: no merge!' ),
+ array(
+ LogLevel::WARNING,
+ 'Session "{session}": Metadata merge failed: {exception}',
+ ),
), $logger->getBuffer() );
$logger->clearBuffer();
$this->assertSame( array(), $logger->getBuffer() );
// Hook
- $that = $this;
$called = false;
$data = array( 'foo' => 1 );
$this->store->setSession( $id, array( 'metadata' => $metadata, 'data' => $data ) );
) );
$this->mergeMwGlobalArrayValue( 'wgHooks', array(
'SessionCheckInfo' => array( function ( &$reason, $i, $r, $m, $d ) use (
- $that, $info, $metadata, $data, $request, &$called
+ $info, $metadata, $data, $request, &$called
) {
- $that->assertSame( $info->getId(), $i->getId() );
- $that->assertSame( $info->getProvider(), $i->getProvider() );
- $that->assertSame( $info->getUserInfo(), $i->getUserInfo() );
- $that->assertSame( $request, $r );
- $that->assertEquals( $metadata, $m );
- $that->assertEquals( $data, $d );
+ $this->assertSame( $info->getId(), $i->getId() );
+ $this->assertSame( $info->getProvider(), $i->getProvider() );
+ $this->assertSame( $info->getUserInfo(), $i->getUserInfo() );
+ $this->assertSame( $request, $r );
+ $this->assertEquals( $metadata, $m );
+ $this->assertEquals( $data, $d );
$called = true;
return false;
} )
$this->assertFalse( $loadSessionInfoFromStore( $info ) );
$this->assertTrue( $called );
$this->assertSame( array(
- array( LogLevel::WARNING, 'Session X: Hook aborted' ),
+ array( LogLevel::WARNING, 'Session "{session}": Hook aborted' ),
), $logger->getBuffer() );
$logger->clearBuffer();
}
+ /**
+ * @dataProvider provideCheckIpLimits
+ */
+ public function testCheckIpLimits( $ip, $sessionData, $userData, $logLevel1, $logLevel2 ) {
+ $this->setMwGlobals( array(
+ 'wgSuspiciousIpPerSessionLimit' => 5,
+ 'wgSuspiciousIpPerUserLimit' => 10,
+ 'wgSuspiciousIpExpiry' => 600,
+ 'wgSquidServers' => array( '11.22.33.44' ),
+ ) );
+ $manager = new SessionManager();
+ $logger = $this->getMock( '\Psr\Log\LoggerInterface' );
+ $this->setLogger( 'session-ip', $logger );
+ $request = new \FauxRequest();
+ $request->setIP( $ip );
+
+ $session = $manager->getSessionForRequest( $request );
+ /** @var SessionBackend $backend */
+ $backend = \TestingAccessWrapper::newFromObject( $session )->backend;
+ $data = &$backend->getData();
+ $data = array( 'SessionManager-ip' => $sessionData );
+ $backend->setUser( User::newFromName( 'UTSysop' ) );
+ $manager = \TestingAccessWrapper::newFromObject( $manager );
+ $manager->store->set( 'SessionManager-ip:' . md5( 'UTSysop' ), $userData );
+
+ $logger->expects( $this->exactly( isset( $logLevel1 ) + isset( $logLevel2 ) ) )->method( 'log' );
+ if ( $logLevel1 ) {
+ $logger->expects( $this->at( 0 ) )->method( 'log' )->with( $logLevel1,
+ 'Same session used from {count} IPs', $this->isType( 'array' ) );
+ }
+ if ( $logLevel2 ) {
+ $logger->expects( $this->at( isset( $logLevel1 ) ) )->method( 'log' )->with( $logLevel2,
+ 'Same user had sessions from {count} IPs', $this->isType( 'array' ) );
+ }
+
+ $manager->checkIpLimits( $session );
+ }
+
+ public function provideCheckIpLimits() {
+ $future = time() + 1000;
+ $past = time() - 1000;
+ return array(
+ // DEBUG log for first new IP
+ array( '1.2.3.4', array(), array(), LogLevel::DEBUG, LogLevel::DEBUG ),
+ // no log for same IP
+ array( '1.2.3.4', array( '1.2.3.4' => $future ), array( '1.2.3.4' => $future ),
+ null, null ),
+ array( '1.2.3.4', array(), array( '1.2.3.4' => $future ),
+ LogLevel::DEBUG, null ),
+ // INFO log for second new IP
+ array( '1.2.3.4', array( '10.20.30.40' => $future ), array( '10.20.30.40' => $future ),
+ LogLevel::INFO, LogLevel::INFO ),
+ // WARNING above $wgSuspiciousIpPerSessionLimit
+ array( '1.2.3.4', array_fill_keys( range( 1, 5 ), $future ),
+ array_fill_keys( range( 1, 5 ), $future ), LogLevel::WARNING, LogLevel::INFO ),
+ // WARNING above $wgSuspiciousIpPerUserLimit
+
+ array( '1.2.3.4', array_fill_keys( range( 1, 2 ), $future ),
+ array_fill_keys( range( 1, 12 ), $future ), LogLevel::INFO, LogLevel::WARNING ),
+ // expired keys ignored
+ array( '1.2.3.4', array( '1.2.3.4' => $past ), array( '1.2.3.4' => $past ),
+ LogLevel::DEBUG, LogLevel::DEBUG ),
+ array( '1.2.3.4', array_fill_keys( range( 1, 5 ), $past ),
+ array_fill_keys( range( 1, 5 ), $past ), LogLevel::DEBUG, LogLevel::DEBUG ),
+ // special IPs are ignored
+ array( '127.0.0.1', array(), array(), null, null ),
+ array( '11.22.33.44', array(), array(), null, null ),
+ );
+ }
}