dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Improve docs for Title::getInternalURL/getCanonicalURL"
[lhc/web/wiklou.git] / includes / session / ImmutableSessionProviderWithCookie.php
1 <?php
2 /**
3 * MediaWiki session provider base class
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Session
22 */
23
24 namespace MediaWiki\Session;
25
26 use WebRequest;
27
28 /**
29 * An ImmutableSessionProviderWithCookie doesn't persist the user, but
30 * optionally can use a cookie to support multiple IDs per session.
31 *
32 * As mentioned in the documentation for SessionProvider, many methods that are
33 * technically "cannot persist ID" could be turned into "can persist ID but
34 * not changing User" using a session cookie. This class implements such an
35 * optional session cookie.
36 *
37 * @ingroup Session
38 * @since 1.27
39 */
40 abstract class ImmutableSessionProviderWithCookie extends SessionProvider {
41
42 /** @var string|null */
43 protected $sessionCookieName = null;
44 /** @var mixed[] */
45 protected $sessionCookieOptions = [];
46
47 /**
48 * @param array $params Keys include:
49 * - sessionCookieName: Session cookie name, if multiple sessions per
50 * client are to be supported.
51 * - sessionCookieOptions: Options to pass to WebResponse::setCookie().
52 */
53 public function __construct( $params = [] ) {
54 parent::__construct();
55
56 if ( isset( $params['sessionCookieName'] ) ) {
57 if ( !is_string( $params['sessionCookieName'] ) ) {
58 throw new \InvalidArgumentException( 'sessionCookieName must be a string' );
59 }
60 $this->sessionCookieName = $params['sessionCookieName'];
61 }
62 if ( isset( $params['sessionCookieOptions'] ) ) {
63 if ( !is_array( $params['sessionCookieOptions'] ) ) {
64 throw new \InvalidArgumentException( 'sessionCookieOptions must be an array' );
65 }
66 $this->sessionCookieOptions = $params['sessionCookieOptions'];
67 }
68 }
69
70 /**
71 * Get the session ID from the cookie, if any.
72 *
73 * Only call this if $this->sessionCookieName !== null. If
74 * sessionCookieName is null, do some logic (probably involving a call to
75 * $this->hashToSessionId()) to create the single session ID corresponding
76 * to this WebRequest instead of calling this method.
77 *
78 * @param WebRequest $request
79 * @return string|null
80 */
81 protected function getSessionIdFromCookie( WebRequest $request ) {
82 if ( $this->sessionCookieName === null ) {
83 throw new \BadMethodCallException(
84 __METHOD__ . ' may not be called when $this->sessionCookieName === null'
85 );
86 }
87
88 $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
89 $id = $request->getCookie( $this->sessionCookieName, $prefix );
90 return SessionManager::validateSessionId( $id ) ? $id : null;
91 }
92
93 public function persistsSessionId() {
94 return $this->sessionCookieName !== null;
95 }
96
97 public function canChangeUser() {
98 return false;
99 }
100
101 public function persistSession( SessionBackend $session, WebRequest $request ) {
102 if ( $this->sessionCookieName === null ) {
103 return;
104 }
105
106 $response = $request->response();
107 if ( $response->headersSent() ) {
108 // Can't do anything now
109 $this->logger->debug( __METHOD__ . ': Headers already sent' );
110 return;
111 }
112
113 $options = $this->sessionCookieOptions;
114 if ( $session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS() ) {
115 $response->setCookie( 'forceHTTPS', 'true', null,
116 [ 'prefix' => '', 'secure' => false ] + $options );
117 $options['secure'] = true;
118 }
119
120 $response->setCookie( $this->sessionCookieName, $session->getId(), null, $options );
121 }
122
123 public function unpersistSession( WebRequest $request ) {
124 if ( $this->sessionCookieName === null ) {
125 return;
126 }
127
128 $response = $request->response();
129 if ( $response->headersSent() ) {
130 // Can't do anything now
131 $this->logger->debug( __METHOD__ . ': Headers already sent' );
132 return;
133 }
134
135 $response->clearCookie( $this->sessionCookieName, $this->sessionCookieOptions );
136 }
137
138 public function getVaryCookies() {
139 if ( $this->sessionCookieName === null ) {
140 return [];
141 }
142
143 $prefix = $this->sessionCookieOptions['prefix'] ?? $this->config->get( 'CookiePrefix' );
144 return [ $prefix . $this->sessionCookieName ];
145 }
146
147 public function whyNoSession() {
148 return wfMessage( 'sessionprovider-nocookies' );
149 }
150 }
Wiklou, le Wiki du Wiklou