dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "SECURITY: Do not allow users to undelete a page they can't edit or create"
[lhc/web/wiklou.git] / tests / phpunit / includes / session / SessionManagerTest.php
1 <?php
2
3 namespace MediaWiki\Session;
4
5 use MediaWikiTestCase;
6 use Psr\Log\LogLevel;
7 use User;
8
9 /**
10 * @group Session
11 * @group Database
12 * @covers MediaWiki\Session\SessionManager
13 */
14 class SessionManagerTest extends MediaWikiTestCase {
15
16 protected $config, $logger, $store;
17
18 protected function getManager() {
19 \ObjectCache::$instances['testSessionStore'] = new TestBagOStuff();
20 $this->config = new \HashConfig( [
21 'LanguageCode' => 'en',
22 'SessionCacheType' => 'testSessionStore',
23 'ObjectCacheSessionExpiry' => 100,
24 'SessionProviders' => [
25 [ 'class' => 'DummySessionProvider' ],
26 ]
27 ] );
28 $this->logger = new \TestLogger( false, function ( $m ) {
29 return substr( $m, 0, 15 ) === 'SessionBackend ' ? null : $m;
30 } );
31 $this->store = new TestBagOStuff();
32
33 return new SessionManager( [
34 'config' => $this->config,
35 'logger' => $this->logger,
36 'store' => $this->store,
37 ] );
38 }
39
40 protected function objectCacheDef( $object ) {
41 return [ 'factory' => function () use ( $object ) {
42 return $object;
43 } ];
44 }
45
46 public function testSingleton() {
47 $reset = TestUtils::setSessionManagerSingleton( null );
48
49 $singleton = SessionManager::singleton();
50 $this->assertInstanceOf( SessionManager::class, $singleton );
51 $this->assertSame( $singleton, SessionManager::singleton() );
52 }
53
54 public function testGetGlobalSession() {
55 $context = \RequestContext::getMain();
56
57 if ( !PHPSessionHandler::isInstalled() ) {
58 PHPSessionHandler::install( SessionManager::singleton() );
59 }
60 $rProp = new \ReflectionProperty( PHPSessionHandler::class, 'instance' );
61 $rProp->setAccessible( true );
62 $handler = \TestingAccessWrapper::newFromObject( $rProp->getValue() );
63 $oldEnable = $handler->enable;
64 $reset[] = new \Wikimedia\ScopedCallback( function () use ( $handler, $oldEnable ) {
65 if ( $handler->enable ) {
66 session_write_close();
67 }
68 $handler->enable = $oldEnable;
69 } );
70 $reset[] = TestUtils::setSessionManagerSingleton( $this->getManager() );
71
72 $handler->enable = true;
73 $request = new \FauxRequest();
74 $context->setRequest( $request );
75 $id = $request->getSession()->getId();
76
77 session_id( '' );
78 $session = SessionManager::getGlobalSession();
79 $this->assertSame( $id, $session->getId() );
80
81 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
82 $session = SessionManager::getGlobalSession();
83 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $session->getId() );
84 $this->assertSame( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', $request->getSession()->getId() );
85
86 session_write_close();
87 $handler->enable = false;
88 $request = new \FauxRequest();
89 $context->setRequest( $request );
90 $id = $request->getSession()->getId();
91
92 session_id( '' );
93 $session = SessionManager::getGlobalSession();
94 $this->assertSame( $id, $session->getId() );
95
96 session_id( 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
97 $session = SessionManager::getGlobalSession();
98 $this->assertSame( $id, $session->getId() );
99 $this->assertSame( $id, $request->getSession()->getId() );
100 }
101
102 public function testConstructor() {
103 $manager = \TestingAccessWrapper::newFromObject( $this->getManager() );
104 $this->assertSame( $this->config, $manager->config );
105 $this->assertSame( $this->logger, $manager->logger );
106 $this->assertSame( $this->store, $manager->store );
107
108 $manager = \TestingAccessWrapper::newFromObject( new SessionManager() );
109 $this->assertSame( \RequestContext::getMain()->getConfig(), $manager->config );
110
111 $manager = \TestingAccessWrapper::newFromObject( new SessionManager( [
112 'config' => $this->config,
113 ] ) );
114 $this->assertSame( \ObjectCache::$instances['testSessionStore'], $manager->store );
115
116 foreach ( [
117 'config' => '$options[\'config\'] must be an instance of Config',
118 'logger' => '$options[\'logger\'] must be an instance of LoggerInterface',
119 'store' => '$options[\'store\'] must be an instance of BagOStuff',
120 ] as $key => $error ) {
121 try {
122 new SessionManager( [ $key => new \stdClass ] );
123 $this->fail( 'Expected exception not thrown' );
124 } catch ( \InvalidArgumentException $ex ) {
125 $this->assertSame( $error, $ex->getMessage() );
126 }
127 }
128 }
129
130 public function testGetSessionForRequest() {
131 $manager = $this->getManager();
132 $request = new \FauxRequest();
133 $request->unpersist1 = false;
134 $request->unpersist2 = false;
135
136 $id1 = '';
137 $id2 = '';
138 $idEmpty = 'empty-session-------------------';
139
140 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
141 ->setMethods(
142 [ 'provideSessionInfo', 'newSessionInfo', '__toString', 'describe', 'unpersistSession' ]
143 );
144
145 $provider1 = $providerBuilder->getMock();
146 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
147 ->with( $this->identicalTo( $request ) )
148 ->will( $this->returnCallback( function ( $request ) {
149 return $request->info1;
150 } ) );
151 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
152 ->will( $this->returnCallback( function () use ( $idEmpty, $provider1 ) {
153 return new SessionInfo( SessionInfo::MIN_PRIORITY, [
154 'provider' => $provider1,
155 'id' => $idEmpty,
156 'persisted' => true,
157 'idIsSafe' => true,
158 ] );
159 } ) );
160 $provider1->expects( $this->any() )->method( '__toString' )
161 ->will( $this->returnValue( 'Provider1' ) );
162 $provider1->expects( $this->any() )->method( 'describe' )
163 ->will( $this->returnValue( '#1 sessions' ) );
164 $provider1->expects( $this->any() )->method( 'unpersistSession' )
165 ->will( $this->returnCallback( function ( $request ) {
166 $request->unpersist1 = true;
167 } ) );
168
169 $provider2 = $providerBuilder->getMock();
170 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
171 ->with( $this->identicalTo( $request ) )
172 ->will( $this->returnCallback( function ( $request ) {
173 return $request->info2;
174 } ) );
175 $provider2->expects( $this->any() )->method( '__toString' )
176 ->will( $this->returnValue( 'Provider2' ) );
177 $provider2->expects( $this->any() )->method( 'describe' )
178 ->will( $this->returnValue( '#2 sessions' ) );
179 $provider2->expects( $this->any() )->method( 'unpersistSession' )
180 ->will( $this->returnCallback( function ( $request ) {
181 $request->unpersist2 = true;
182 } ) );
183
184 $this->config->set( 'SessionProviders', [
185 $this->objectCacheDef( $provider1 ),
186 $this->objectCacheDef( $provider2 ),
187 ] );
188
189 // No provider returns info
190 $request->info1 = null;
191 $request->info2 = null;
192 $session = $manager->getSessionForRequest( $request );
193 $this->assertInstanceOf( Session::class, $session );
194 $this->assertSame( $idEmpty, $session->getId() );
195 $this->assertFalse( $request->unpersist1 );
196 $this->assertFalse( $request->unpersist2 );
197
198 // Both providers return info, picks best one
199 $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
200 'provider' => $provider1,
201 'id' => ( $id1 = $manager->generateSessionId() ),
202 'persisted' => true,
203 'idIsSafe' => true,
204 ] );
205 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
206 'provider' => $provider2,
207 'id' => ( $id2 = $manager->generateSessionId() ),
208 'persisted' => true,
209 'idIsSafe' => true,
210 ] );
211 $session = $manager->getSessionForRequest( $request );
212 $this->assertInstanceOf( Session::class, $session );
213 $this->assertSame( $id2, $session->getId() );
214 $this->assertFalse( $request->unpersist1 );
215 $this->assertFalse( $request->unpersist2 );
216
217 $request->info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
218 'provider' => $provider1,
219 'id' => ( $id1 = $manager->generateSessionId() ),
220 'persisted' => true,
221 'idIsSafe' => true,
222 ] );
223 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
224 'provider' => $provider2,
225 'id' => ( $id2 = $manager->generateSessionId() ),
226 'persisted' => true,
227 'idIsSafe' => true,
228 ] );
229 $session = $manager->getSessionForRequest( $request );
230 $this->assertInstanceOf( Session::class, $session );
231 $this->assertSame( $id1, $session->getId() );
232 $this->assertFalse( $request->unpersist1 );
233 $this->assertFalse( $request->unpersist2 );
234
235 // Tied priorities
236 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
237 'provider' => $provider1,
238 'id' => ( $id1 = $manager->generateSessionId() ),
239 'persisted' => true,
240 'userInfo' => UserInfo::newAnonymous(),
241 'idIsSafe' => true,
242 ] );
243 $request->info2 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
244 'provider' => $provider2,
245 'id' => ( $id2 = $manager->generateSessionId() ),
246 'persisted' => true,
247 'userInfo' => UserInfo::newAnonymous(),
248 'idIsSafe' => true,
249 ] );
250 try {
251 $manager->getSessionForRequest( $request );
252 $this->fail( 'Expcected exception not thrown' );
253 } catch ( \OverflowException $ex ) {
254 $this->assertStringStartsWith(
255 'Multiple sessions for this request tied for top priority: ',
256 $ex->getMessage()
257 );
258 $this->assertCount( 2, $ex->sessionInfos );
259 $this->assertContains( $request->info1, $ex->sessionInfos );
260 $this->assertContains( $request->info2, $ex->sessionInfos );
261 }
262 $this->assertFalse( $request->unpersist1 );
263 $this->assertFalse( $request->unpersist2 );
264
265 // Bad provider
266 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
267 'provider' => $provider2,
268 'id' => ( $id1 = $manager->generateSessionId() ),
269 'persisted' => true,
270 'idIsSafe' => true,
271 ] );
272 $request->info2 = null;
273 try {
274 $manager->getSessionForRequest( $request );
275 $this->fail( 'Expcected exception not thrown' );
276 } catch ( \UnexpectedValueException $ex ) {
277 $this->assertSame(
278 'Provider1 returned session info for a different provider: ' . $request->info1,
279 $ex->getMessage()
280 );
281 }
282 $this->assertFalse( $request->unpersist1 );
283 $this->assertFalse( $request->unpersist2 );
284
285 // Unusable session info
286 $this->logger->setCollect( true );
287 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
288 'provider' => $provider1,
289 'id' => ( $id1 = $manager->generateSessionId() ),
290 'persisted' => true,
291 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
292 'idIsSafe' => true,
293 ] );
294 $request->info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
295 'provider' => $provider2,
296 'id' => ( $id2 = $manager->generateSessionId() ),
297 'persisted' => true,
298 'idIsSafe' => true,
299 ] );
300 $session = $manager->getSessionForRequest( $request );
301 $this->assertInstanceOf( Session::class, $session );
302 $this->assertSame( $id2, $session->getId() );
303 $this->logger->setCollect( false );
304 $this->assertTrue( $request->unpersist1 );
305 $this->assertFalse( $request->unpersist2 );
306 $request->unpersist1 = false;
307
308 $this->logger->setCollect( true );
309 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
310 'provider' => $provider1,
311 'id' => ( $id1 = $manager->generateSessionId() ),
312 'persisted' => true,
313 'idIsSafe' => true,
314 ] );
315 $request->info2 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
316 'provider' => $provider2,
317 'id' => ( $id2 = $manager->generateSessionId() ),
318 'persisted' => true,
319 'userInfo' => UserInfo::newFromName( 'UTSysop', false ),
320 'idIsSafe' => true,
321 ] );
322 $session = $manager->getSessionForRequest( $request );
323 $this->assertInstanceOf( Session::class, $session );
324 $this->assertSame( $id1, $session->getId() );
325 $this->logger->setCollect( false );
326 $this->assertFalse( $request->unpersist1 );
327 $this->assertTrue( $request->unpersist2 );
328 $request->unpersist2 = false;
329
330 // Unpersisted session ID
331 $request->info1 = new SessionInfo( SessionInfo::MAX_PRIORITY, [
332 'provider' => $provider1,
333 'id' => ( $id1 = $manager->generateSessionId() ),
334 'persisted' => false,
335 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
336 'idIsSafe' => true,
337 ] );
338 $request->info2 = null;
339 $session = $manager->getSessionForRequest( $request );
340 $this->assertInstanceOf( Session::class, $session );
341 $this->assertSame( $id1, $session->getId() );
342 $this->assertTrue( $request->unpersist1 ); // The saving of the session does it
343 $this->assertFalse( $request->unpersist2 );
344 $session->persist();
345 $this->assertTrue( $session->isPersistent(), 'sanity check' );
346 }
347
348 public function testGetSessionById() {
349 $manager = $this->getManager();
350 try {
351 $manager->getSessionById( 'bad' );
352 $this->fail( 'Expected exception not thrown' );
353 } catch ( \InvalidArgumentException $ex ) {
354 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
355 }
356
357 // Unknown session ID
358 $id = $manager->generateSessionId();
359 $session = $manager->getSessionById( $id, true );
360 $this->assertInstanceOf( Session::class, $session );
361 $this->assertSame( $id, $session->getId() );
362
363 $id = $manager->generateSessionId();
364 $this->assertNull( $manager->getSessionById( $id, false ) );
365
366 // Known but unloadable session ID
367 $this->logger->setCollect( true );
368 $id = $manager->generateSessionId();
369 $this->store->setSession( $id, [ 'metadata' => [
370 'userId' => User::idFromName( 'UTSysop' ),
371 'userToken' => 'bad',
372 ] ] );
373
374 $this->assertNull( $manager->getSessionById( $id, true ) );
375 $this->assertNull( $manager->getSessionById( $id, false ) );
376 $this->logger->setCollect( false );
377
378 // Known session ID
379 $this->store->setSession( $id, [] );
380 $session = $manager->getSessionById( $id, false );
381 $this->assertInstanceOf( Session::class, $session );
382 $this->assertSame( $id, $session->getId() );
383
384 // Store isn't checked if the session is already loaded
385 $this->store->setSession( $id, [ 'metadata' => [
386 'userId' => User::idFromName( 'UTSysop' ),
387 'userToken' => 'bad',
388 ] ] );
389 $session2 = $manager->getSessionById( $id, false );
390 $this->assertInstanceOf( Session::class, $session2 );
391 $this->assertSame( $id, $session2->getId() );
392 unset( $session, $session2 );
393 $this->logger->setCollect( true );
394 $this->assertNull( $manager->getSessionById( $id, true ) );
395 $this->logger->setCollect( false );
396
397 // Failure to create an empty session
398 $manager = $this->getManager();
399 $provider = $this->getMockBuilder( 'DummySessionProvider' )
400 ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] )
401 ->getMock();
402 $provider->expects( $this->any() )->method( 'provideSessionInfo' )
403 ->will( $this->returnValue( null ) );
404 $provider->expects( $this->any() )->method( 'newSessionInfo' )
405 ->will( $this->returnValue( null ) );
406 $provider->expects( $this->any() )->method( '__toString' )
407 ->will( $this->returnValue( 'MockProvider' ) );
408 $this->config->set( 'SessionProviders', [
409 $this->objectCacheDef( $provider ),
410 ] );
411 $this->logger->setCollect( true );
412 $this->assertNull( $manager->getSessionById( $id, true ) );
413 $this->logger->setCollect( false );
414 $this->assertSame( [
415 [ LogLevel::ERROR, 'Failed to create empty session: {exception}' ]
416 ], $this->logger->getBuffer() );
417 }
418
419 public function testGetEmptySession() {
420 $manager = $this->getManager();
421 $pmanager = \TestingAccessWrapper::newFromObject( $manager );
422 $request = new \FauxRequest();
423
424 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
425 ->setMethods( [ 'provideSessionInfo', 'newSessionInfo', '__toString' ] );
426
427 $expectId = null;
428 $info1 = null;
429 $info2 = null;
430
431 $provider1 = $providerBuilder->getMock();
432 $provider1->expects( $this->any() )->method( 'provideSessionInfo' )
433 ->will( $this->returnValue( null ) );
434 $provider1->expects( $this->any() )->method( 'newSessionInfo' )
435 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
436 return $id === $expectId;
437 } ) )
438 ->will( $this->returnCallback( function () use ( &$info1 ) {
439 return $info1;
440 } ) );
441 $provider1->expects( $this->any() )->method( '__toString' )
442 ->will( $this->returnValue( 'MockProvider1' ) );
443
444 $provider2 = $providerBuilder->getMock();
445 $provider2->expects( $this->any() )->method( 'provideSessionInfo' )
446 ->will( $this->returnValue( null ) );
447 $provider2->expects( $this->any() )->method( 'newSessionInfo' )
448 ->with( $this->callback( function ( $id ) use ( &$expectId ) {
449 return $id === $expectId;
450 } ) )
451 ->will( $this->returnCallback( function () use ( &$info2 ) {
452 return $info2;
453 } ) );
454 $provider1->expects( $this->any() )->method( '__toString' )
455 ->will( $this->returnValue( 'MockProvider2' ) );
456
457 $this->config->set( 'SessionProviders', [
458 $this->objectCacheDef( $provider1 ),
459 $this->objectCacheDef( $provider2 ),
460 ] );
461
462 // No info
463 $expectId = null;
464 $info1 = null;
465 $info2 = null;
466 try {
467 $manager->getEmptySession();
468 $this->fail( 'Expected exception not thrown' );
469 } catch ( \UnexpectedValueException $ex ) {
470 $this->assertSame(
471 'No provider could provide an empty session!',
472 $ex->getMessage()
473 );
474 }
475
476 // Info
477 $expectId = null;
478 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
479 'provider' => $provider1,
480 'id' => 'empty---------------------------',
481 'persisted' => true,
482 'idIsSafe' => true,
483 ] );
484 $info2 = null;
485 $session = $manager->getEmptySession();
486 $this->assertInstanceOf( Session::class, $session );
487 $this->assertSame( 'empty---------------------------', $session->getId() );
488
489 // Info, explicitly
490 $expectId = 'expected------------------------';
491 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
492 'provider' => $provider1,
493 'id' => $expectId,
494 'persisted' => true,
495 'idIsSafe' => true,
496 ] );
497 $info2 = null;
498 $session = $pmanager->getEmptySessionInternal( null, $expectId );
499 $this->assertInstanceOf( Session::class, $session );
500 $this->assertSame( $expectId, $session->getId() );
501
502 // Wrong ID
503 $expectId = 'expected-----------------------2';
504 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
505 'provider' => $provider1,
506 'id' => "un$expectId",
507 'persisted' => true,
508 'idIsSafe' => true,
509 ] );
510 $info2 = null;
511 try {
512 $pmanager->getEmptySessionInternal( null, $expectId );
513 $this->fail( 'Expected exception not thrown' );
514 } catch ( \UnexpectedValueException $ex ) {
515 $this->assertSame(
516 'MockProvider1 returned empty session info with a wrong id: ' .
517 "un$expectId != $expectId",
518 $ex->getMessage()
519 );
520 }
521
522 // Unsafe ID
523 $expectId = 'expected-----------------------2';
524 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
525 'provider' => $provider1,
526 'id' => $expectId,
527 'persisted' => true,
528 ] );
529 $info2 = null;
530 try {
531 $pmanager->getEmptySessionInternal( null, $expectId );
532 $this->fail( 'Expected exception not thrown' );
533 } catch ( \UnexpectedValueException $ex ) {
534 $this->assertSame(
535 'MockProvider1 returned empty session info with id flagged unsafe',
536 $ex->getMessage()
537 );
538 }
539
540 // Wrong provider
541 $expectId = null;
542 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
543 'provider' => $provider2,
544 'id' => 'empty---------------------------',
545 'persisted' => true,
546 'idIsSafe' => true,
547 ] );
548 $info2 = null;
549 try {
550 $manager->getEmptySession();
551 $this->fail( 'Expected exception not thrown' );
552 } catch ( \UnexpectedValueException $ex ) {
553 $this->assertSame(
554 'MockProvider1 returned an empty session info for a different provider: ' . $info1,
555 $ex->getMessage()
556 );
557 }
558
559 // Highest priority wins
560 $expectId = null;
561 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
562 'provider' => $provider1,
563 'id' => 'empty1--------------------------',
564 'persisted' => true,
565 'idIsSafe' => true,
566 ] );
567 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
568 'provider' => $provider2,
569 'id' => 'empty2--------------------------',
570 'persisted' => true,
571 'idIsSafe' => true,
572 ] );
573 $session = $manager->getEmptySession();
574 $this->assertInstanceOf( Session::class, $session );
575 $this->assertSame( 'empty1--------------------------', $session->getId() );
576
577 $expectId = null;
578 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY + 1, [
579 'provider' => $provider1,
580 'id' => 'empty1--------------------------',
581 'persisted' => true,
582 'idIsSafe' => true,
583 ] );
584 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY + 2, [
585 'provider' => $provider2,
586 'id' => 'empty2--------------------------',
587 'persisted' => true,
588 'idIsSafe' => true,
589 ] );
590 $session = $manager->getEmptySession();
591 $this->assertInstanceOf( Session::class, $session );
592 $this->assertSame( 'empty2--------------------------', $session->getId() );
593
594 // Tied priorities throw an exception
595 $expectId = null;
596 $info1 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
597 'provider' => $provider1,
598 'id' => 'empty1--------------------------',
599 'persisted' => true,
600 'userInfo' => UserInfo::newAnonymous(),
601 'idIsSafe' => true,
602 ] );
603 $info2 = new SessionInfo( SessionInfo::MIN_PRIORITY, [
604 'provider' => $provider2,
605 'id' => 'empty2--------------------------',
606 'persisted' => true,
607 'userInfo' => UserInfo::newAnonymous(),
608 'idIsSafe' => true,
609 ] );
610 try {
611 $manager->getEmptySession();
612 $this->fail( 'Expected exception not thrown' );
613 } catch ( \UnexpectedValueException $ex ) {
614 $this->assertStringStartsWith(
615 'Multiple empty sessions tied for top priority: ',
616 $ex->getMessage()
617 );
618 }
619
620 // Bad id
621 try {
622 $pmanager->getEmptySessionInternal( null, 'bad' );
623 $this->fail( 'Expected exception not thrown' );
624 } catch ( \InvalidArgumentException $ex ) {
625 $this->assertSame( 'Invalid session ID', $ex->getMessage() );
626 }
627
628 // Session already exists
629 $expectId = 'expected-----------------------3';
630 $this->store->setSessionMeta( $expectId, [
631 'provider' => 'MockProvider2',
632 'userId' => 0,
633 'userName' => null,
634 'userToken' => null,
635 ] );
636 try {
637 $pmanager->getEmptySessionInternal( null, $expectId );
638 $this->fail( 'Expected exception not thrown' );
639 } catch ( \InvalidArgumentException $ex ) {
640 $this->assertSame( 'Session ID already exists', $ex->getMessage() );
641 }
642 }
643
644 public function testInvalidateSessionsForUser() {
645 $user = User::newFromName( 'UTSysop' );
646 $manager = $this->getManager();
647
648 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
649 ->setMethods( [ 'invalidateSessionsForUser', '__toString' ] );
650
651 $provider1 = $providerBuilder->getMock();
652 $provider1->expects( $this->once() )->method( 'invalidateSessionsForUser' )
653 ->with( $this->identicalTo( $user ) );
654 $provider1->expects( $this->any() )->method( '__toString' )
655 ->will( $this->returnValue( 'MockProvider1' ) );
656
657 $provider2 = $providerBuilder->getMock();
658 $provider2->expects( $this->once() )->method( 'invalidateSessionsForUser' )
659 ->with( $this->identicalTo( $user ) );
660 $provider2->expects( $this->any() )->method( '__toString' )
661 ->will( $this->returnValue( 'MockProvider2' ) );
662
663 $this->config->set( 'SessionProviders', [
664 $this->objectCacheDef( $provider1 ),
665 $this->objectCacheDef( $provider2 ),
666 ] );
667
668 $oldToken = $user->getToken( true );
669 $manager->invalidateSessionsForUser( $user );
670 $this->assertNotEquals( $oldToken, $user->getToken() );
671 }
672
673 public function testGetVaryHeaders() {
674 $manager = $this->getManager();
675
676 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
677 ->setMethods( [ 'getVaryHeaders', '__toString' ] );
678
679 $provider1 = $providerBuilder->getMock();
680 $provider1->expects( $this->once() )->method( 'getVaryHeaders' )
681 ->will( $this->returnValue( [
682 'Foo' => null,
683 'Bar' => [ 'X', 'Bar1' ],
684 'Quux' => null,
685 ] ) );
686 $provider1->expects( $this->any() )->method( '__toString' )
687 ->will( $this->returnValue( 'MockProvider1' ) );
688
689 $provider2 = $providerBuilder->getMock();
690 $provider2->expects( $this->once() )->method( 'getVaryHeaders' )
691 ->will( $this->returnValue( [
692 'Baz' => null,
693 'Bar' => [ 'X', 'Bar2' ],
694 'Quux' => [ 'Quux' ],
695 ] ) );
696 $provider2->expects( $this->any() )->method( '__toString' )
697 ->will( $this->returnValue( 'MockProvider2' ) );
698
699 $this->config->set( 'SessionProviders', [
700 $this->objectCacheDef( $provider1 ),
701 $this->objectCacheDef( $provider2 ),
702 ] );
703
704 $expect = [
705 'Foo' => [],
706 'Bar' => [ 'X', 'Bar1', 3 => 'Bar2' ],
707 'Quux' => [ 'Quux' ],
708 'Baz' => [],
709 ];
710
711 $this->assertEquals( $expect, $manager->getVaryHeaders() );
712
713 // Again, to ensure it's cached
714 $this->assertEquals( $expect, $manager->getVaryHeaders() );
715 }
716
717 public function testGetVaryCookies() {
718 $manager = $this->getManager();
719
720 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
721 ->setMethods( [ 'getVaryCookies', '__toString' ] );
722
723 $provider1 = $providerBuilder->getMock();
724 $provider1->expects( $this->once() )->method( 'getVaryCookies' )
725 ->will( $this->returnValue( [ 'Foo', 'Bar' ] ) );
726 $provider1->expects( $this->any() )->method( '__toString' )
727 ->will( $this->returnValue( 'MockProvider1' ) );
728
729 $provider2 = $providerBuilder->getMock();
730 $provider2->expects( $this->once() )->method( 'getVaryCookies' )
731 ->will( $this->returnValue( [ 'Foo', 'Baz' ] ) );
732 $provider2->expects( $this->any() )->method( '__toString' )
733 ->will( $this->returnValue( 'MockProvider2' ) );
734
735 $this->config->set( 'SessionProviders', [
736 $this->objectCacheDef( $provider1 ),
737 $this->objectCacheDef( $provider2 ),
738 ] );
739
740 $expect = [ 'Foo', 'Bar', 'Baz' ];
741
742 $this->assertEquals( $expect, $manager->getVaryCookies() );
743
744 // Again, to ensure it's cached
745 $this->assertEquals( $expect, $manager->getVaryCookies() );
746 }
747
748 public function testGetProviders() {
749 $realManager = $this->getManager();
750 $manager = \TestingAccessWrapper::newFromObject( $realManager );
751
752 $this->config->set( 'SessionProviders', [
753 [ 'class' => 'DummySessionProvider' ],
754 ] );
755 $providers = $manager->getProviders();
756 $this->assertArrayHasKey( 'DummySessionProvider', $providers );
757 $provider = \TestingAccessWrapper::newFromObject( $providers['DummySessionProvider'] );
758 $this->assertSame( $manager->logger, $provider->logger );
759 $this->assertSame( $manager->config, $provider->config );
760 $this->assertSame( $realManager, $provider->getManager() );
761
762 $this->config->set( 'SessionProviders', [
763 [ 'class' => 'DummySessionProvider' ],
764 [ 'class' => 'DummySessionProvider' ],
765 ] );
766 $manager->sessionProviders = null;
767 try {
768 $manager->getProviders();
769 $this->fail( 'Expected exception not thrown' );
770 } catch ( \UnexpectedValueException $ex ) {
771 $this->assertSame(
772 'Duplicate provider name "DummySessionProvider"',
773 $ex->getMessage()
774 );
775 }
776 }
777
778 public function testShutdown() {
779 $manager = \TestingAccessWrapper::newFromObject( $this->getManager() );
780 $manager->setLogger( new \Psr\Log\NullLogger() );
781
782 $mock = $this->getMock( 'stdClass', [ 'shutdown' ] );
783 $mock->expects( $this->once() )->method( 'shutdown' );
784
785 $manager->allSessionBackends = [ $mock ];
786 $manager->shutdown();
787 }
788
789 public function testGetSessionFromInfo() {
790 $manager = \TestingAccessWrapper::newFromObject( $this->getManager() );
791 $request = new \FauxRequest();
792
793 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
794
795 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
796 'provider' => $manager->getProvider( 'DummySessionProvider' ),
797 'id' => $id,
798 'persisted' => true,
799 'userInfo' => UserInfo::newFromName( 'UTSysop', true ),
800 'idIsSafe' => true,
801 ] );
802 \TestingAccessWrapper::newFromObject( $info )->idIsSafe = true;
803 $session1 = \TestingAccessWrapper::newFromObject(
804 $manager->getSessionFromInfo( $info, $request )
805 );
806 $session2 = \TestingAccessWrapper::newFromObject(
807 $manager->getSessionFromInfo( $info, $request )
808 );
809
810 $this->assertSame( $session1->backend, $session2->backend );
811 $this->assertNotEquals( $session1->index, $session2->index );
812 $this->assertSame( $session1->getSessionId(), $session2->getSessionId() );
813 $this->assertSame( $id, $session1->getId() );
814
815 \TestingAccessWrapper::newFromObject( $info )->idIsSafe = false;
816 $session3 = $manager->getSessionFromInfo( $info, $request );
817 $this->assertNotSame( $id, $session3->getId() );
818 }
819
820 public function testBackendRegistration() {
821 $manager = $this->getManager();
822
823 $session = $manager->getSessionForRequest( new \FauxRequest );
824 $backend = \TestingAccessWrapper::newFromObject( $session )->backend;
825 $sessionId = $session->getSessionId();
826 $id = (string)$sessionId;
827
828 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
829
830 $manager->changeBackendId( $backend );
831 $this->assertSame( $sessionId, $session->getSessionId() );
832 $this->assertNotEquals( $id, (string)$sessionId );
833 $id = (string)$sessionId;
834
835 $this->assertSame( $sessionId, $manager->getSessionById( $id, true )->getSessionId() );
836
837 // Destruction of the session here causes the backend to be deregistered
838 $session = null;
839
840 try {
841 $manager->changeBackendId( $backend );
842 $this->fail( 'Expected exception not thrown' );
843 } catch ( \InvalidArgumentException $ex ) {
844 $this->assertSame(
845 'Backend was not registered with this SessionManager', $ex->getMessage()
846 );
847 }
848
849 try {
850 $manager->deregisterSessionBackend( $backend );
851 $this->fail( 'Expected exception not thrown' );
852 } catch ( \InvalidArgumentException $ex ) {
853 $this->assertSame(
854 'Backend was not registered with this SessionManager', $ex->getMessage()
855 );
856 }
857
858 $session = $manager->getSessionById( $id, true );
859 $this->assertSame( $sessionId, $session->getSessionId() );
860 }
861
862 public function testGenerateSessionId() {
863 $manager = $this->getManager();
864
865 $id = $manager->generateSessionId();
866 $this->assertTrue( SessionManager::validateSessionId( $id ), "Generated ID: $id" );
867 }
868
869 public function testPreventSessionsForUser() {
870 $manager = $this->getManager();
871
872 $providerBuilder = $this->getMockBuilder( 'DummySessionProvider' )
873 ->setMethods( [ 'preventSessionsForUser', '__toString' ] );
874
875 $provider1 = $providerBuilder->getMock();
876 $provider1->expects( $this->once() )->method( 'preventSessionsForUser' )
877 ->with( $this->equalTo( 'UTSysop' ) );
878 $provider1->expects( $this->any() )->method( '__toString' )
879 ->will( $this->returnValue( 'MockProvider1' ) );
880
881 $this->config->set( 'SessionProviders', [
882 $this->objectCacheDef( $provider1 ),
883 ] );
884
885 $this->assertFalse( $manager->isUserSessionPrevented( 'UTSysop' ) );
886 $manager->preventSessionsForUser( 'UTSysop' );
887 $this->assertTrue( $manager->isUserSessionPrevented( 'UTSysop' ) );
888 }
889
890 public function testLoadSessionInfoFromStore() {
891 $manager = $this->getManager();
892 $logger = new \TestLogger( true );
893 $manager->setLogger( $logger );
894 $request = new \FauxRequest();
895
896 // TestingAccessWrapper can't handle methods with reference arguments, sigh.
897 $rClass = new \ReflectionClass( $manager );
898 $rMethod = $rClass->getMethod( 'loadSessionInfoFromStore' );
899 $rMethod->setAccessible( true );
900 $loadSessionInfoFromStore = function ( &$info ) use ( $rMethod, $manager, $request ) {
901 return $rMethod->invokeArgs( $manager, [ &$info, $request ] );
902 };
903
904 $userInfo = UserInfo::newFromName( 'UTSysop', true );
905 $unverifiedUserInfo = UserInfo::newFromName( 'UTSysop', false );
906
907 $id = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
908 $metadata = [
909 'userId' => $userInfo->getId(),
910 'userName' => $userInfo->getName(),
911 'userToken' => $userInfo->getToken( true ),
912 'provider' => 'Mock',
913 ];
914
915 $builder = $this->getMockBuilder( SessionProvider::class )
916 ->setMethods( [ '__toString', 'mergeMetadata', 'refreshSessionInfo' ] );
917
918 $provider = $builder->getMockForAbstractClass();
919 $provider->setManager( $manager );
920 $provider->expects( $this->any() )->method( 'persistsSessionId' )
921 ->will( $this->returnValue( true ) );
922 $provider->expects( $this->any() )->method( 'canChangeUser' )
923 ->will( $this->returnValue( true ) );
924 $provider->expects( $this->any() )->method( 'refreshSessionInfo' )
925 ->will( $this->returnValue( true ) );
926 $provider->expects( $this->any() )->method( '__toString' )
927 ->will( $this->returnValue( 'Mock' ) );
928 $provider->expects( $this->any() )->method( 'mergeMetadata' )
929 ->will( $this->returnCallback( function ( $a, $b ) {
930 if ( $b === [ 'Throw' ] ) {
931 throw new MetadataMergeException( 'no merge!' );
932 }
933 return [ 'Merged' ];
934 } ) );
935
936 $provider2 = $builder->getMockForAbstractClass();
937 $provider2->setManager( $manager );
938 $provider2->expects( $this->any() )->method( 'persistsSessionId' )
939 ->will( $this->returnValue( false ) );
940 $provider2->expects( $this->any() )->method( 'canChangeUser' )
941 ->will( $this->returnValue( false ) );
942 $provider2->expects( $this->any() )->method( '__toString' )
943 ->will( $this->returnValue( 'Mock2' ) );
944 $provider2->expects( $this->any() )->method( 'refreshSessionInfo' )
945 ->will( $this->returnCallback( function ( $info, $request, &$metadata ) {
946 $metadata['changed'] = true;
947 return true;
948 } ) );
949
950 $provider3 = $builder->getMockForAbstractClass();
951 $provider3->setManager( $manager );
952 $provider3->expects( $this->any() )->method( 'persistsSessionId' )
953 ->will( $this->returnValue( true ) );
954 $provider3->expects( $this->any() )->method( 'canChangeUser' )
955 ->will( $this->returnValue( true ) );
956 $provider3->expects( $this->once() )->method( 'refreshSessionInfo' )
957 ->will( $this->returnValue( false ) );
958 $provider3->expects( $this->any() )->method( '__toString' )
959 ->will( $this->returnValue( 'Mock3' ) );
960
961 \TestingAccessWrapper::newFromObject( $manager )->sessionProviders = [
962 (string)$provider => $provider,
963 (string)$provider2 => $provider2,
964 (string)$provider3 => $provider3,
965 ];
966
967 // No metadata, basic usage
968 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
969 'provider' => $provider,
970 'id' => $id,
971 'userInfo' => $userInfo
972 ] );
973 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
974 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
975 $this->assertFalse( $info->isIdSafe() );
976 $this->assertSame( [], $logger->getBuffer() );
977
978 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
979 'provider' => $provider,
980 'userInfo' => $userInfo
981 ] );
982 $this->assertTrue( $info->isIdSafe(), 'sanity check' );
983 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
984 $this->assertTrue( $info->isIdSafe() );
985 $this->assertSame( [], $logger->getBuffer() );
986
987 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
988 'provider' => $provider2,
989 'id' => $id,
990 'userInfo' => $userInfo
991 ] );
992 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
993 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
994 $this->assertTrue( $info->isIdSafe() );
995 $this->assertSame( [], $logger->getBuffer() );
996
997 // Unverified user, no metadata
998 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
999 'provider' => $provider,
1000 'id' => $id,
1001 'userInfo' => $unverifiedUserInfo
1002 ] );
1003 $this->assertSame( $unverifiedUserInfo, $info->getUserInfo() );
1004 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1005 $this->assertSame( [
1006 [
1007 LogLevel::INFO,
1008 'Session "{session}": Unverified user provided and no metadata to auth it',
1009 ]
1010 ], $logger->getBuffer() );
1011 $logger->clearBuffer();
1012
1013 // No metadata, missing data
1014 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1015 'id' => $id,
1016 'userInfo' => $userInfo
1017 ] );
1018 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1019 $this->assertSame( [
1020 [ LogLevel::WARNING, 'Session "{session}": Null provider and no metadata' ],
1021 ], $logger->getBuffer() );
1022 $logger->clearBuffer();
1023
1024 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1025 'provider' => $provider,
1026 'id' => $id,
1027 ] );
1028 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1029 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1030 $this->assertInstanceOf( UserInfo::class, $info->getUserInfo() );
1031 $this->assertTrue( $info->getUserInfo()->isVerified() );
1032 $this->assertTrue( $info->getUserInfo()->isAnon() );
1033 $this->assertFalse( $info->isIdSafe() );
1034 $this->assertSame( [], $logger->getBuffer() );
1035
1036 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1037 'provider' => $provider2,
1038 'id' => $id,
1039 ] );
1040 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1041 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1042 $this->assertSame( [
1043 [ LogLevel::INFO, 'Session "{session}": No user provided and provider cannot set user' ]
1044 ], $logger->getBuffer() );
1045 $logger->clearBuffer();
1046
1047 // Incomplete/bad metadata
1048 $this->store->setRawSession( $id, true );
1049 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1050 $this->assertSame( [
1051 [ LogLevel::WARNING, 'Session "{session}": Bad data' ],
1052 ], $logger->getBuffer() );
1053 $logger->clearBuffer();
1054
1055 $this->store->setRawSession( $id, [ 'data' => [] ] );
1056 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1057 $this->assertSame( [
1058 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1059 ], $logger->getBuffer() );
1060 $logger->clearBuffer();
1061
1062 $this->store->deleteSession( $id );
1063 $this->store->setRawSession( $id, [ 'metadata' => $metadata ] );
1064 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1065 $this->assertSame( [
1066 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1067 ], $logger->getBuffer() );
1068 $logger->clearBuffer();
1069
1070 $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => true ] );
1071 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1072 $this->assertSame( [
1073 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1074 ], $logger->getBuffer() );
1075 $logger->clearBuffer();
1076
1077 $this->store->setRawSession( $id, [ 'metadata' => true, 'data' => [] ] );
1078 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1079 $this->assertSame( [
1080 [ LogLevel::WARNING, 'Session "{session}": Bad data structure' ],
1081 ], $logger->getBuffer() );
1082 $logger->clearBuffer();
1083
1084 foreach ( $metadata as $key => $dummy ) {
1085 $tmp = $metadata;
1086 unset( $tmp[$key] );
1087 $this->store->setRawSession( $id, [ 'metadata' => $tmp, 'data' => [] ] );
1088 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1089 $this->assertSame( [
1090 [ LogLevel::WARNING, 'Session "{session}": Bad metadata' ],
1091 ], $logger->getBuffer() );
1092 $logger->clearBuffer();
1093 }
1094
1095 // Basic usage with metadata
1096 $this->store->setRawSession( $id, [ 'metadata' => $metadata, 'data' => [] ] );
1097 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1098 'provider' => $provider,
1099 'id' => $id,
1100 'userInfo' => $userInfo
1101 ] );
1102 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1103 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1104 $this->assertTrue( $info->isIdSafe() );
1105 $this->assertSame( [], $logger->getBuffer() );
1106
1107 // Mismatched provider
1108 $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1109 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1110 'provider' => $provider,
1111 'id' => $id,
1112 'userInfo' => $userInfo
1113 ] );
1114 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1115 $this->assertSame( [
1116 [ LogLevel::WARNING, 'Session "{session}": Wrong provider Bad !== Mock' ],
1117 ], $logger->getBuffer() );
1118 $logger->clearBuffer();
1119
1120 // Unknown provider
1121 $this->store->setSessionMeta( $id, [ 'provider' => 'Bad' ] + $metadata );
1122 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1123 'id' => $id,
1124 'userInfo' => $userInfo
1125 ] );
1126 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1127 $this->assertSame( [
1128 [ LogLevel::WARNING, 'Session "{session}": Unknown provider Bad' ],
1129 ], $logger->getBuffer() );
1130 $logger->clearBuffer();
1131
1132 // Fill in provider
1133 $this->store->setSessionMeta( $id, $metadata );
1134 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1135 'id' => $id,
1136 'userInfo' => $userInfo
1137 ] );
1138 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1139 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1140 $this->assertTrue( $info->isIdSafe() );
1141 $this->assertSame( [], $logger->getBuffer() );
1142
1143 // Bad user metadata
1144 $this->store->setSessionMeta( $id, [ 'userId' => -1, 'userToken' => null ] + $metadata );
1145 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1146 'provider' => $provider,
1147 'id' => $id,
1148 ] );
1149 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1150 $this->assertSame( [
1151 [ LogLevel::ERROR, 'Session "{session}": {exception}' ],
1152 ], $logger->getBuffer() );
1153 $logger->clearBuffer();
1154
1155 $this->store->setSessionMeta(
1156 $id, [ 'userId' => 0, 'userName' => '<X>', 'userToken' => null ] + $metadata
1157 );
1158 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1159 'provider' => $provider,
1160 'id' => $id,
1161 ] );
1162 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1163 $this->assertSame( [
1164 [ LogLevel::ERROR, 'Session "{session}": {exception}', ],
1165 ], $logger->getBuffer() );
1166 $logger->clearBuffer();
1167
1168 // Mismatched user by ID
1169 $this->store->setSessionMeta(
1170 $id, [ 'userId' => $userInfo->getId() + 1, 'userToken' => null ] + $metadata
1171 );
1172 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1173 'provider' => $provider,
1174 'id' => $id,
1175 'userInfo' => $userInfo
1176 ] );
1177 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1178 $this->assertSame( [
1179 [ LogLevel::WARNING, 'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}' ],
1180 ], $logger->getBuffer() );
1181 $logger->clearBuffer();
1182
1183 // Mismatched user by name
1184 $this->store->setSessionMeta(
1185 $id, [ 'userId' => 0, 'userName' => 'X', 'userToken' => null ] + $metadata
1186 );
1187 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1188 'provider' => $provider,
1189 'id' => $id,
1190 'userInfo' => $userInfo
1191 ] );
1192 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1193 $this->assertSame( [
1194 [ LogLevel::WARNING, 'Session "{session}": User name mismatch, {uname_a} !== {uname_b}' ],
1195 ], $logger->getBuffer() );
1196 $logger->clearBuffer();
1197
1198 // ID matches, name doesn't
1199 $this->store->setSessionMeta(
1200 $id, [ 'userId' => $userInfo->getId(), 'userName' => 'X', 'userToken' => null ] + $metadata
1201 );
1202 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1203 'provider' => $provider,
1204 'id' => $id,
1205 'userInfo' => $userInfo
1206 ] );
1207 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1208 $this->assertSame( [
1209 [
1210 LogLevel::WARNING,
1211 'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}'
1212 ],
1213 ], $logger->getBuffer() );
1214 $logger->clearBuffer();
1215
1216 // Mismatched anon user
1217 $this->store->setSessionMeta(
1218 $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1219 );
1220 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1221 'provider' => $provider,
1222 'id' => $id,
1223 'userInfo' => $userInfo
1224 ] );
1225 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1226 $this->assertSame( [
1227 [
1228 LogLevel::WARNING,
1229 'Session "{session}": Metadata has an anonymous user, ' .
1230 'but a non-anon user was provided',
1231 ],
1232 ], $logger->getBuffer() );
1233 $logger->clearBuffer();
1234
1235 // Lookup user by ID
1236 $this->store->setSessionMeta( $id, [ 'userToken' => null ] + $metadata );
1237 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1238 'provider' => $provider,
1239 'id' => $id,
1240 ] );
1241 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1242 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1243 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1244 $this->assertTrue( $info->isIdSafe() );
1245 $this->assertSame( [], $logger->getBuffer() );
1246
1247 // Lookup user by name
1248 $this->store->setSessionMeta(
1249 $id, [ 'userId' => 0, 'userName' => 'UTSysop', 'userToken' => null ] + $metadata
1250 );
1251 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1252 'provider' => $provider,
1253 'id' => $id,
1254 ] );
1255 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1256 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1257 $this->assertSame( $userInfo->getId(), $info->getUserInfo()->getId() );
1258 $this->assertTrue( $info->isIdSafe() );
1259 $this->assertSame( [], $logger->getBuffer() );
1260
1261 // Lookup anonymous user
1262 $this->store->setSessionMeta(
1263 $id, [ 'userId' => 0, 'userName' => null, 'userToken' => null ] + $metadata
1264 );
1265 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1266 'provider' => $provider,
1267 'id' => $id,
1268 ] );
1269 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1270 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1271 $this->assertTrue( $info->getUserInfo()->isAnon() );
1272 $this->assertTrue( $info->isIdSafe() );
1273 $this->assertSame( [], $logger->getBuffer() );
1274
1275 // Unverified user with metadata
1276 $this->store->setSessionMeta( $id, $metadata );
1277 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1278 'provider' => $provider,
1279 'id' => $id,
1280 'userInfo' => $unverifiedUserInfo
1281 ] );
1282 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1283 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1284 $this->assertTrue( $info->getUserInfo()->isVerified() );
1285 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1286 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1287 $this->assertTrue( $info->isIdSafe() );
1288 $this->assertSame( [], $logger->getBuffer() );
1289
1290 // Unverified user with metadata
1291 $this->store->setSessionMeta( $id, $metadata );
1292 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1293 'provider' => $provider,
1294 'id' => $id,
1295 'userInfo' => $unverifiedUserInfo
1296 ] );
1297 $this->assertFalse( $info->isIdSafe(), 'sanity check' );
1298 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1299 $this->assertTrue( $info->getUserInfo()->isVerified() );
1300 $this->assertSame( $unverifiedUserInfo->getId(), $info->getUserInfo()->getId() );
1301 $this->assertSame( $unverifiedUserInfo->getName(), $info->getUserInfo()->getName() );
1302 $this->assertTrue( $info->isIdSafe() );
1303 $this->assertSame( [], $logger->getBuffer() );
1304
1305 // Wrong token
1306 $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1307 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1308 'provider' => $provider,
1309 'id' => $id,
1310 'userInfo' => $userInfo
1311 ] );
1312 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1313 $this->assertSame( [
1314 [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1315 ], $logger->getBuffer() );
1316 $logger->clearBuffer();
1317
1318 // Provider metadata
1319 $this->store->setSessionMeta( $id, [ 'provider' => 'Mock2' ] + $metadata );
1320 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1321 'provider' => $provider2,
1322 'id' => $id,
1323 'userInfo' => $userInfo,
1324 'metadata' => [ 'Info' ],
1325 ] );
1326 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1327 $this->assertSame( [ 'Info', 'changed' => true ], $info->getProviderMetadata() );
1328 $this->assertSame( [], $logger->getBuffer() );
1329
1330 $this->store->setSessionMeta( $id, [ 'providerMetadata' => [ 'Saved' ] ] + $metadata );
1331 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1332 'provider' => $provider,
1333 'id' => $id,
1334 'userInfo' => $userInfo,
1335 ] );
1336 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1337 $this->assertSame( [ 'Saved' ], $info->getProviderMetadata() );
1338 $this->assertSame( [], $logger->getBuffer() );
1339
1340 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1341 'provider' => $provider,
1342 'id' => $id,
1343 'userInfo' => $userInfo,
1344 'metadata' => [ 'Info' ],
1345 ] );
1346 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1347 $this->assertSame( [ 'Merged' ], $info->getProviderMetadata() );
1348 $this->assertSame( [], $logger->getBuffer() );
1349
1350 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1351 'provider' => $provider,
1352 'id' => $id,
1353 'userInfo' => $userInfo,
1354 'metadata' => [ 'Throw' ],
1355 ] );
1356 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1357 $this->assertSame( [
1358 [
1359 LogLevel::WARNING,
1360 'Session "{session}": Metadata merge failed: {exception}',
1361 ],
1362 ], $logger->getBuffer() );
1363 $logger->clearBuffer();
1364
1365 // Remember from session
1366 $this->store->setSessionMeta( $id, $metadata );
1367 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1368 'provider' => $provider,
1369 'id' => $id,
1370 ] );
1371 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1372 $this->assertFalse( $info->wasRemembered() );
1373 $this->assertSame( [], $logger->getBuffer() );
1374
1375 $this->store->setSessionMeta( $id, [ 'remember' => true ] + $metadata );
1376 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1377 'provider' => $provider,
1378 'id' => $id,
1379 ] );
1380 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1381 $this->assertTrue( $info->wasRemembered() );
1382 $this->assertSame( [], $logger->getBuffer() );
1383
1384 $this->store->setSessionMeta( $id, [ 'remember' => false ] + $metadata );
1385 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1386 'provider' => $provider,
1387 'id' => $id,
1388 'userInfo' => $userInfo
1389 ] );
1390 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1391 $this->assertTrue( $info->wasRemembered() );
1392 $this->assertSame( [], $logger->getBuffer() );
1393
1394 // forceHTTPS from session
1395 $this->store->setSessionMeta( $id, $metadata );
1396 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1397 'provider' => $provider,
1398 'id' => $id,
1399 'userInfo' => $userInfo
1400 ] );
1401 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1402 $this->assertFalse( $info->forceHTTPS() );
1403 $this->assertSame( [], $logger->getBuffer() );
1404
1405 $this->store->setSessionMeta( $id, [ 'forceHTTPS' => true ] + $metadata );
1406 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1407 'provider' => $provider,
1408 'id' => $id,
1409 'userInfo' => $userInfo
1410 ] );
1411 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1412 $this->assertTrue( $info->forceHTTPS() );
1413 $this->assertSame( [], $logger->getBuffer() );
1414
1415 $this->store->setSessionMeta( $id, [ 'forceHTTPS' => false ] + $metadata );
1416 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1417 'provider' => $provider,
1418 'id' => $id,
1419 'userInfo' => $userInfo,
1420 'forceHTTPS' => true
1421 ] );
1422 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1423 $this->assertTrue( $info->forceHTTPS() );
1424 $this->assertSame( [], $logger->getBuffer() );
1425
1426 // "Persist" flag from session
1427 $this->store->setSessionMeta( $id, $metadata );
1428 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1429 'provider' => $provider,
1430 'id' => $id,
1431 'userInfo' => $userInfo
1432 ] );
1433 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1434 $this->assertFalse( $info->wasPersisted() );
1435 $this->assertSame( [], $logger->getBuffer() );
1436
1437 $this->store->setSessionMeta( $id, [ 'persisted' => true ] + $metadata );
1438 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1439 'provider' => $provider,
1440 'id' => $id,
1441 'userInfo' => $userInfo
1442 ] );
1443 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1444 $this->assertTrue( $info->wasPersisted() );
1445 $this->assertSame( [], $logger->getBuffer() );
1446
1447 $this->store->setSessionMeta( $id, [ 'persisted' => false ] + $metadata );
1448 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1449 'provider' => $provider,
1450 'id' => $id,
1451 'userInfo' => $userInfo,
1452 'persisted' => true
1453 ] );
1454 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1455 $this->assertTrue( $info->wasPersisted() );
1456 $this->assertSame( [], $logger->getBuffer() );
1457
1458 // Provider refreshSessionInfo() returning false
1459 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1460 'provider' => $provider3,
1461 ] );
1462 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1463 $this->assertSame( [], $logger->getBuffer() );
1464
1465 // Hook
1466 $called = false;
1467 $data = [ 'foo' => 1 ];
1468 $this->store->setSession( $id, [ 'metadata' => $metadata, 'data' => $data ] );
1469 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1470 'provider' => $provider,
1471 'id' => $id,
1472 'userInfo' => $userInfo
1473 ] );
1474 $this->mergeMwGlobalArrayValue( 'wgHooks', [
1475 'SessionCheckInfo' => [ function ( &$reason, $i, $r, $m, $d ) use (
1476 $info, $metadata, $data, $request, &$called
1477 ) {
1478 $this->assertSame( $info->getId(), $i->getId() );
1479 $this->assertSame( $info->getProvider(), $i->getProvider() );
1480 $this->assertSame( $info->getUserInfo(), $i->getUserInfo() );
1481 $this->assertSame( $request, $r );
1482 $this->assertEquals( $metadata, $m );
1483 $this->assertEquals( $data, $d );
1484 $called = true;
1485 return false;
1486 } ]
1487 ] );
1488 $this->assertFalse( $loadSessionInfoFromStore( $info ) );
1489 $this->assertTrue( $called );
1490 $this->assertSame( [
1491 [ LogLevel::WARNING, 'Session "{session}": Hook aborted' ],
1492 ], $logger->getBuffer() );
1493 $logger->clearBuffer();
1494 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'SessionCheckInfo' => [] ] );
1495
1496 // forceUse deletes bad backend data
1497 $this->store->setSessionMeta( $id, [ 'userToken' => 'Bad' ] + $metadata );
1498 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [
1499 'provider' => $provider,
1500 'id' => $id,
1501 'userInfo' => $userInfo,
1502 'forceUse' => true,
1503 ] );
1504 $this->assertTrue( $loadSessionInfoFromStore( $info ) );
1505 $this->assertFalse( $this->store->getSession( $id ) );
1506 $this->assertSame( [
1507 [ LogLevel::WARNING, 'Session "{session}": User token mismatch' ],
1508 ], $logger->getBuffer() );
1509 $logger->clearBuffer();
1510 }
1511 }
Wiklou, le Wiki du Wiklou