dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
UserrightsPage::makeGroupNameListForLog() was removed
[lhc/web/wiklou.git] / tests / phpunit / includes / session / ImmutableSessionProviderWithCookieTest.php
1 <?php
2
3 namespace MediaWiki\Session;
4
5 use MediaWikiTestCase;
6 use User;
7
8 /**
9 * @group Session
10 * @group Database
11 * @covers MediaWiki\Session\ImmutableSessionProviderWithCookie
12 */
13 class ImmutableSessionProviderWithCookieTest extends MediaWikiTestCase {
14
15 private function getProvider( $name, $prefix = null ) {
16 $config = new \HashConfig();
17 $config->set( 'CookiePrefix', 'wgCookiePrefix' );
18
19 $params = [
20 'sessionCookieName' => $name,
21 'sessionCookieOptions' => [],
22 ];
23 if ( $prefix !== null ) {
24 $params['sessionCookieOptions']['prefix'] = $prefix;
25 }
26
27 $provider = $this->getMockBuilder( 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie' )
28 ->setConstructorArgs( [ $params ] )
29 ->getMockForAbstractClass();
30 $provider->setLogger( new \TestLogger() );
31 $provider->setConfig( $config );
32 $provider->setManager( new SessionManager() );
33
34 return $provider;
35 }
36
37 public function testConstructor() {
38 $provider = $this->getMockBuilder( 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie' )
39 ->getMockForAbstractClass();
40 $priv = \TestingAccessWrapper::newFromObject( $provider );
41 $this->assertNull( $priv->sessionCookieName );
42 $this->assertSame( [], $priv->sessionCookieOptions );
43
44 $provider = $this->getMockBuilder( 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie' )
45 ->setConstructorArgs( [ [
46 'sessionCookieName' => 'Foo',
47 'sessionCookieOptions' => [ 'Bar' ],
48 ] ] )
49 ->getMockForAbstractClass();
50 $priv = \TestingAccessWrapper::newFromObject( $provider );
51 $this->assertSame( 'Foo', $priv->sessionCookieName );
52 $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions );
53
54 try {
55 $provider = $this->getMockBuilder( 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie' )
56 ->setConstructorArgs( [ [
57 'sessionCookieName' => false,
58 ] ] )
59 ->getMockForAbstractClass();
60 $this->fail( 'Expected exception not thrown' );
61 } catch ( \InvalidArgumentException $ex ) {
62 $this->assertSame(
63 'sessionCookieName must be a string',
64 $ex->getMessage()
65 );
66 }
67
68 try {
69 $provider = $this->getMockBuilder( 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie' )
70 ->setConstructorArgs( [ [
71 'sessionCookieOptions' => 'x',
72 ] ] )
73 ->getMockForAbstractClass();
74 $this->fail( 'Expected exception not thrown' );
75 } catch ( \InvalidArgumentException $ex ) {
76 $this->assertSame(
77 'sessionCookieOptions must be an array',
78 $ex->getMessage()
79 );
80 }
81 }
82
83 public function testBasics() {
84 $provider = $this->getProvider( null );
85 $this->assertFalse( $provider->persistsSessionID() );
86 $this->assertFalse( $provider->canChangeUser() );
87
88 $provider = $this->getProvider( 'Foo' );
89 $this->assertTrue( $provider->persistsSessionID() );
90 $this->assertFalse( $provider->canChangeUser() );
91
92 $msg = $provider->whyNoSession();
93 $this->assertInstanceOf( 'Message', $msg );
94 $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
95 }
96
97 public function testGetVaryCookies() {
98 $provider = $this->getProvider( null );
99 $this->assertSame( [], $provider->getVaryCookies() );
100
101 $provider = $this->getProvider( 'Foo' );
102 $this->assertSame( [ 'wgCookiePrefixFoo' ], $provider->getVaryCookies() );
103
104 $provider = $this->getProvider( 'Foo', 'Bar' );
105 $this->assertSame( [ 'BarFoo' ], $provider->getVaryCookies() );
106
107 $provider = $this->getProvider( 'Foo', '' );
108 $this->assertSame( [ 'Foo' ], $provider->getVaryCookies() );
109 }
110
111 public function testGetSessionIdFromCookie() {
112 $this->setMwGlobals( 'wgCookiePrefix', 'wgCookiePrefix' );
113 $request = new \FauxRequest();
114 $request->setCookies( [
115 '' => 'empty---------------------------',
116 'Foo' => 'foo-----------------------------',
117 'wgCookiePrefixFoo' => 'wgfoo---------------------------',
118 'BarFoo' => 'foobar--------------------------',
119 'bad' => 'bad',
120 ], '' );
121
122 $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( null ) );
123 try {
124 $provider->getSessionIdFromCookie( $request );
125 $this->fail( 'Expected exception not thrown' );
126 } catch ( \BadMethodCallException $ex ) {
127 $this->assertSame(
128 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie::getSessionIdFromCookie ' .
129 'may not be called when $this->sessionCookieName === null',
130 $ex->getMessage()
131 );
132 }
133
134 $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'Foo' ) );
135 $this->assertSame(
136 'wgfoo---------------------------',
137 $provider->getSessionIdFromCookie( $request )
138 );
139
140 $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'Foo', 'Bar' ) );
141 $this->assertSame(
142 'foobar--------------------------',
143 $provider->getSessionIdFromCookie( $request )
144 );
145
146 $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'Foo', '' ) );
147 $this->assertSame(
148 'foo-----------------------------',
149 $provider->getSessionIdFromCookie( $request )
150 );
151
152 $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'bad', '' ) );
153 $this->assertSame( null, $provider->getSessionIdFromCookie( $request ) );
154
155 $provider = \TestingAccessWrapper::newFromObject( $this->getProvider( 'none', '' ) );
156 $this->assertSame( null, $provider->getSessionIdFromCookie( $request ) );
157 }
158
159 protected function getSentRequest() {
160 $sentResponse = $this->getMock( 'FauxResponse', [ 'headersSent', 'setCookie', 'header' ] );
161 $sentResponse->expects( $this->any() )->method( 'headersSent' )
162 ->will( $this->returnValue( true ) );
163 $sentResponse->expects( $this->never() )->method( 'setCookie' );
164 $sentResponse->expects( $this->never() )->method( 'header' );
165
166 $sentRequest = $this->getMock( 'FauxRequest', [ 'response' ] );
167 $sentRequest->expects( $this->any() )->method( 'response' )
168 ->will( $this->returnValue( $sentResponse ) );
169 return $sentRequest;
170 }
171
172 /**
173 * @dataProvider providePersistSession
174 * @param bool $secure
175 * @param bool $remember
176 */
177 public function testPersistSession( $secure, $remember ) {
178 $this->setMwGlobals( [
179 'wgCookieExpiration' => 100,
180 'wgSecureLogin' => false,
181 ] );
182
183 $provider = $this->getProvider( 'session' );
184 $provider->setLogger( new \Psr\Log\NullLogger() );
185 $priv = \TestingAccessWrapper::newFromObject( $provider );
186 $priv->sessionCookieOptions = [
187 'prefix' => 'x',
188 'path' => 'CookiePath',
189 'domain' => 'CookieDomain',
190 'secure' => false,
191 'httpOnly' => true,
192 ];
193
194 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
195 $user = User::newFromName( 'UTSysop' );
196 $this->assertFalse( $user->requiresHTTPS(), 'sanity check' );
197
198 $backend = new SessionBackend(
199 new SessionId( $sessionId ),
200 new SessionInfo( SessionInfo::MIN_PRIORITY, [
201 'provider' => $provider,
202 'id' => $sessionId,
203 'persisted' => true,
204 'userInfo' => UserInfo::newFromUser( $user, true ),
205 'idIsSafe' => true,
206 ] ),
207 new TestBagOStuff(),
208 new \Psr\Log\NullLogger(),
209 10
210 );
211 \TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling = false;
212 $backend->setRememberUser( $remember );
213 $backend->setForceHTTPS( $secure );
214
215 // No cookie
216 $priv->sessionCookieName = null;
217 $request = new \FauxRequest();
218 $provider->persistSession( $backend, $request );
219 $this->assertSame( [], $request->response()->getCookies() );
220
221 // Cookie
222 $priv->sessionCookieName = 'session';
223 $request = new \FauxRequest();
224 $time = time();
225 $provider->persistSession( $backend, $request );
226
227 $cookie = $request->response()->getCookieData( 'xsession' );
228 $this->assertInternalType( 'array', $cookie );
229 if ( isset( $cookie['expire'] ) && $cookie['expire'] > 0 ) {
230 // Round expiry so we don't randomly fail if the seconds ticked during the test.
231 $cookie['expire'] = round( $cookie['expire'] - $time, -2 );
232 }
233 $this->assertEquals( [
234 'value' => $sessionId,
235 'expire' => null,
236 'path' => 'CookiePath',
237 'domain' => 'CookieDomain',
238 'secure' => $secure,
239 'httpOnly' => true,
240 'raw' => false,
241 ], $cookie );
242
243 $cookie = $request->response()->getCookieData( 'forceHTTPS' );
244 if ( $secure ) {
245 $this->assertInternalType( 'array', $cookie );
246 if ( isset( $cookie['expire'] ) && $cookie['expire'] > 0 ) {
247 // Round expiry so we don't randomly fail if the seconds ticked during the test.
248 $cookie['expire'] = round( $cookie['expire'] - $time, -2 );
249 }
250 $this->assertEquals( [
251 'value' => 'true',
252 'expire' => $remember ? 100 : null,
253 'path' => 'CookiePath',
254 'domain' => 'CookieDomain',
255 'secure' => false,
256 'httpOnly' => true,
257 'raw' => false,
258 ], $cookie );
259 } else {
260 $this->assertNull( $cookie );
261 }
262
263 // Headers sent
264 $request = $this->getSentRequest();
265 $provider->persistSession( $backend, $request );
266 $this->assertSame( [], $request->response()->getCookies() );
267 }
268
269 public static function providePersistSession() {
270 return [
271 [ false, false ],
272 [ false, true ],
273 [ true, false ],
274 [ true, true ],
275 ];
276 }
277
278 public function testUnpersistSession() {
279 $provider = $this->getProvider( 'session', '' );
280 $provider->setLogger( new \Psr\Log\NullLogger() );
281 $priv = \TestingAccessWrapper::newFromObject( $provider );
282
283 // No cookie
284 $priv->sessionCookieName = null;
285 $request = new \FauxRequest();
286 $provider->unpersistSession( $request );
287 $this->assertSame( null, $request->response()->getCookie( 'session', '' ) );
288
289 // Cookie
290 $priv->sessionCookieName = 'session';
291 $request = new \FauxRequest();
292 $provider->unpersistSession( $request );
293 $this->assertSame( '', $request->response()->getCookie( 'session', '' ) );
294
295 // Headers sent
296 $request = $this->getSentRequest();
297 $provider->unpersistSession( $request );
298 $this->assertSame( null, $request->response()->getCookie( 'session', '' ) );
299 }
300
301 }
Wiklou, le Wiki du Wiklou