use MediaWikiTestCase;
use User;
+use Psr\Log\LogLevel;
/**
* @group Session
'cookieOptions' => array( 'prefix' => 'x' ),
);
$provider = new CookieSessionProvider( $params );
- $provider->setLogger( new \TestLogger() );
+ $logger = new \TestLogger( true );
+ $provider->setLogger( $logger );
$provider->setConfig( $this->getConfig() );
$provider->setManager( new SessionManager() );
$request = new \FauxRequest();
$info = $provider->provideSessionInfo( $request );
$this->assertNull( $info );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// Session key only
$request = new \FauxRequest();
$this->assertNotNull( $info );
$this->assertSame( $params['priority'], $info->getPriority() );
$this->assertSame( $sessionId, $info->getId() );
- $this->assertNull( $info->getUserInfo() );
+ $this->assertNotNull( $info->getUserInfo() );
+ $this->assertSame( 0, $info->getUserInfo()->getId() );
+ $this->assertNull( $info->getUserInfo()->getName() );
$this->assertFalse( $info->forceHTTPS() );
+ $this->assertSame( array(
+ array(
+ LogLevel::DEBUG,
+ 'Session "{session}" requested without UserID cookie',
+ ),
+ ), $logger->getBuffer() );
+ $logger->clearBuffer();
// User, no session key
$request = new \FauxRequest();
$this->assertSame( $id, $info->getUserInfo()->getId() );
$this->assertSame( $name, $info->getUserInfo()->getName() );
$this->assertFalse( $info->forceHTTPS() );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// User and session key
$request = new \FauxRequest();
$this->assertSame( $id, $info->getUserInfo()->getId() );
$this->assertSame( $name, $info->getUserInfo()->getName() );
$this->assertFalse( $info->forceHTTPS() );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// User with bad token
$request = new \FauxRequest();
), '' );
$info = $provider->provideSessionInfo( $request );
$this->assertNull( $info );
+ $this->assertSame( array(
+ array(
+ LogLevel::WARNING,
+ 'Session "{session}" requested with invalid Token cookie.'
+ ),
+ ), $logger->getBuffer() );
+ $logger->clearBuffer();
// User id with no token
$request = new \FauxRequest();
$this->assertSame( $id, $info->getUserInfo()->getId() );
$this->assertSame( $name, $info->getUserInfo()->getName() );
$this->assertFalse( $info->forceHTTPS() );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
$request = new \FauxRequest();
$request->setCookies( array(
), '' );
$info = $provider->provideSessionInfo( $request );
$this->assertNull( $info );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// User and session key, with forceHTTPS flag
$request = new \FauxRequest();
$this->assertSame( $id, $info->getUserInfo()->getId() );
$this->assertSame( $name, $info->getUserInfo()->getName() );
$this->assertTrue( $info->forceHTTPS() );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// Invalid user id
$request = new \FauxRequest();
), '' );
$info = $provider->provideSessionInfo( $request );
$this->assertNull( $info );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// User id with matching name
$request = new \FauxRequest();
$this->assertSame( $id, $info->getUserInfo()->getId() );
$this->assertSame( $name, $info->getUserInfo()->getName() );
$this->assertFalse( $info->forceHTTPS() );
+ $this->assertSame( array(), $logger->getBuffer() );
+ $logger->clearBuffer();
// User id with wrong name
$request = new \FauxRequest();
), '' );
$info = $provider->provideSessionInfo( $request );
$this->assertNull( $info );
+ $this->assertSame( array(
+ array(
+ LogLevel::WARNING,
+ 'Session "{session}" requested with mismatched UserID and UserName cookies.',
+ ),
+ ), $logger->getBuffer() );
+ $logger->clearBuffer();
}
public function testGetVaryCookies() {
$provider->setManager( SessionManager::singleton() );
$sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
- $store = new \HashBagOStuff();
+ $store = new TestBagOStuff();
$user = User::newFromName( 'UTSysop' );
$anon = new User;
$request = new \FauxRequest();
$provider->persistSession( $backend, $request );
$this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
- $this->assertNull( $request->response()->getCookie( 'xUserID' ) );
- $this->assertNull( $request->response()->getCookie( 'xUserName' ) );
- $this->assertNull( $request->response()->getCookie( 'xToken' ) );
- $this->assertNull( $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
+ $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( array(), $backend->getData() );
// Logged-in user, no remember
$this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
$this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
$this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
- $this->assertNull( $request->response()->getCookie( 'xToken' ) );
- $this->assertNull( $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( array(), $backend->getData() );
// Logged-in user, remember
'cookieOptions' => array( 'prefix' => 'x' ),
) );
$config = $this->getConfig();
- $config->set( 'CookieSecure', false );
+ $config->set( 'CookieSecure', $secure );
$provider->setLogger( new \TestLogger() );
$provider->setConfig( $config );
$provider->setManager( SessionManager::singleton() );
'persisted' => true,
'idIsSafe' => true,
) ),
- new \EmptyBagOStuff(),
+ new TestBagOStuff(),
new \Psr\Log\NullLogger(),
10
);
'xUserName' => array(
'value' => $user->getName(),
) + $defaults,
- 'xToken' => !$remember ? null : array(
- 'value' => $user->getToken(),
- 'expire' => $extendedExpiry,
+ 'xToken' => array(
+ 'value' => $remember ? $user->getToken() : '',
+ 'expire' => $remember ? $extendedExpiry : -31536000,
) + $defaults,
- 'forceHTTPS' => !$secure ? null : array(
- 'value' => 'true',
+ 'forceHTTPS' => array(
+ 'value' => $secure ? 'true' : '',
'secure' => false,
- 'expire' => $remember ? $defaults['expire'] : null,
+ 'expire' => $secure ? $remember ? $defaults['expire'] : 0 : -31536000,
) + $defaults,
);
foreach ( $expect as $key => $value ) {
}
public function testPersistSessionWithHook() {
- $that = $this;
-
$provider = new CookieSessionProvider( array(
'priority' => 1,
'sessionName' => 'MySessionName',
$provider->setManager( SessionManager::singleton() );
$sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
- $store = new \HashBagOStuff();
+ $store = new TestBagOStuff();
$user = User::newFromName( 'UTSysop' );
$anon = new User;
$request = new \FauxRequest();
$provider->persistSession( $backend, $request );
$this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
- $this->assertNull( $request->response()->getCookie( 'xUserID' ) );
- $this->assertNull( $request->response()->getCookie( 'xUserName' ) );
- $this->assertNull( $request->response()->getCookie( 'xToken' ) );
- $this->assertNull( $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
+ $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( array(), $backend->getData() );
$provider->persistSession( $backend, $this->getSentRequest() );
// Logged-in user, no remember
$mock = $this->getMock( __CLASS__, array( 'onUserSetCookies' ) );
$mock->expects( $this->once() )->method( 'onUserSetCookies' )
- ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $that, $user ) {
- $that->assertSame( $user, $u );
- $that->assertEquals( array(
+ ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {
+ $this->assertSame( $user, $u );
+ $this->assertEquals( array(
'wsUserID' => $user->getId(),
'wsUserName' => $user->getName(),
'wsToken' => $user->getToken(),
), $sessionData );
- $that->assertEquals( array(
+ $this->assertEquals( array(
'UserID' => $user->getId(),
'UserName' => $user->getName(),
'Token' => false,
$this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
$this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
$this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
- $this->assertNull( $request->response()->getCookie( 'xToken' ) );
- $this->assertNull( $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( 'bar!', $request->response()->getCookie( 'xbar' ) );
$this->assertSame( (string)$loggedOut, $request->response()->getCookie( 'xLoggedOut' ) );
$this->assertEquals( array(
// Logged-in user, remember
$mock = $this->getMock( __CLASS__, array( 'onUserSetCookies' ) );
$mock->expects( $this->once() )->method( 'onUserSetCookies' )
- ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $that, $user ) {
- $that->assertSame( $user, $u );
- $that->assertEquals( array(
+ ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $user ) {
+ $this->assertSame( $user, $u );
+ $this->assertEquals( array(
'wsUserID' => $user->getId(),
'wsUserName' => $user->getName(),
'wsToken' => $user->getToken(),
), $sessionData );
- $that->assertEquals( array(
+ $this->assertEquals( array(
'UserID' => $user->getId(),
'UserName' => $user->getName(),
'Token' => $user->getToken(),
$request = new \FauxRequest();
$provider->unpersistSession( $request );
- $this->assertNull( $request->response()->getCookie( 'MySessionName' ) );
- $this->assertNull( $request->response()->getCookie( 'xUserID' ) );
- $this->assertNull( $request->response()->getCookie( 'xUserName' ) );
- $this->assertNull( $request->response()->getCookie( 'xToken' ) );
- $this->assertNull( $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'MySessionName' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
+ $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$provider->unpersistSession( $this->getSentRequest() );
}