2016-02-01 20:44:03 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* MediaWiki session
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* @file
|
|
|
|
|
* @ingroup Session
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Session;
|
|
|
|
|
|
2016-02-10 16:43:23 +00:00
|
|
|
use Psr\Log\LoggerInterface;
|
2016-02-01 20:44:03 +00:00
|
|
|
use User;
|
|
|
|
|
use WebRequest;
|
|
|
|
|
|
|
|
|
|
/**
|
2020-09-27 08:09:09 +00:00
|
|
|
* Manages data for an authenticated session
|
2016-02-01 20:44:03 +00:00
|
|
|
*
|
|
|
|
|
* A Session represents the fact that the current HTTP request is part of a
|
|
|
|
|
* session. There are two broad types of Sessions, based on whether they
|
|
|
|
|
* return true or false from self::canSetUser():
|
|
|
|
|
* * When true (mutable), the Session identifies multiple requests as part of
|
|
|
|
|
* a session generically, with no tie to a particular user.
|
|
|
|
|
* * When false (immutable), the Session identifies multiple requests as part
|
|
|
|
|
* of a session by identifying and authenticating the request itself as
|
|
|
|
|
* belonging to a particular user.
|
|
|
|
|
*
|
|
|
|
|
* The Session object also serves as a replacement for PHP's $_SESSION,
|
|
|
|
|
* managing access to per-session data.
|
|
|
|
|
*
|
|
|
|
|
* @ingroup Session
|
|
|
|
|
* @since 1.27
|
|
|
|
|
*/
|
2020-03-12 12:54:51 +00:00
|
|
|
class Session implements \Countable, \Iterator, \ArrayAccess {
|
2016-07-01 14:44:47 +00:00
|
|
|
/** @var null|string[] Encryption algorithm to use */
|
|
|
|
|
private static $encryptionAlgorithm = null;
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
/** @var SessionBackend Session backend */
|
|
|
|
|
private $backend;
|
|
|
|
|
|
|
|
|
|
/** @var int Session index */
|
|
|
|
|
private $index;
|
|
|
|
|
|
2016-02-10 16:43:23 +00:00
|
|
|
/** @var LoggerInterface */
|
|
|
|
|
private $logger;
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
/**
|
|
|
|
|
* @param SessionBackend $backend
|
|
|
|
|
* @param int $index
|
2016-02-10 16:43:23 +00:00
|
|
|
* @param LoggerInterface $logger
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
2016-02-10 16:43:23 +00:00
|
|
|
public function __construct( SessionBackend $backend, $index, LoggerInterface $logger ) {
|
2016-02-01 20:44:03 +00:00
|
|
|
$this->backend = $backend;
|
|
|
|
|
$this->index = $index;
|
2016-02-10 16:43:23 +00:00
|
|
|
$this->logger = $logger;
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function __destruct() {
|
|
|
|
|
$this->backend->deregisterSession( $this->index );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the session ID
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function getId() {
|
|
|
|
|
return $this->backend->getId();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the SessionId object
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For internal use by WebRequest
|
2016-02-01 20:44:03 +00:00
|
|
|
* @return SessionId
|
|
|
|
|
*/
|
|
|
|
|
public function getSessionId() {
|
|
|
|
|
return $this->backend->getSessionId();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Changes the session ID
|
|
|
|
|
* @return string New ID (might be the same as the old)
|
|
|
|
|
*/
|
|
|
|
|
public function resetId() {
|
|
|
|
|
return $this->backend->resetId();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch the SessionProvider for this session
|
|
|
|
|
* @return SessionProviderInterface
|
|
|
|
|
*/
|
|
|
|
|
public function getProvider() {
|
|
|
|
|
return $this->backend->getProvider();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Indicate whether this session is persisted across requests
|
|
|
|
|
*
|
|
|
|
|
* For example, if cookies are set.
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function isPersistent() {
|
|
|
|
|
return $this->backend->isPersistent();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Make this session persisted across requests
|
|
|
|
|
*
|
|
|
|
|
* If the session is already persistent, equivalent to calling
|
|
|
|
|
* $this->renew().
|
|
|
|
|
*/
|
|
|
|
|
public function persist() {
|
|
|
|
|
$this->backend->persist();
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-26 21:17:37 +00:00
|
|
|
/**
|
|
|
|
|
* Make this session not be persisted across requests
|
2016-08-27 05:40:37 +00:00
|
|
|
*
|
|
|
|
|
* This will remove persistence information (e.g. delete cookies)
|
|
|
|
|
* from the associated WebRequest(s), and delete session data in the
|
|
|
|
|
* backend. The session data will still be available via get() until
|
|
|
|
|
* the end of the request.
|
2016-02-26 21:17:37 +00:00
|
|
|
*/
|
|
|
|
|
public function unpersist() {
|
|
|
|
|
$this->backend->unpersist();
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
/**
|
|
|
|
|
* Indicate whether the user should be remembered independently of the
|
|
|
|
|
* session ID.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function shouldRememberUser() {
|
|
|
|
|
return $this->backend->shouldRememberUser();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set whether the user should be remembered independently of the session
|
|
|
|
|
* ID.
|
|
|
|
|
* @param bool $remember
|
|
|
|
|
*/
|
|
|
|
|
public function setRememberUser( $remember ) {
|
|
|
|
|
$this->backend->setRememberUser( $remember );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the request associated with this session
|
|
|
|
|
* @return WebRequest
|
|
|
|
|
*/
|
|
|
|
|
public function getRequest() {
|
|
|
|
|
return $this->backend->getRequest( $this->index );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the authenticated user for this session
|
|
|
|
|
* @return User
|
|
|
|
|
*/
|
|
|
|
|
public function getUser() {
|
|
|
|
|
return $this->backend->getUser();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch the rights allowed the user when this session is active.
|
|
|
|
|
* @return null|string[] Allowed user rights, or null to allow all.
|
|
|
|
|
*/
|
|
|
|
|
public function getAllowedUserRights() {
|
|
|
|
|
return $this->backend->getAllowedUserRights();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Indicate whether the session user info can be changed
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function canSetUser() {
|
|
|
|
|
return $this->backend->canSetUser();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set a new user for this session
|
|
|
|
|
* @note This should only be called when the user has been authenticated
|
|
|
|
|
* @param User $user User to set on the session.
|
|
|
|
|
* This may become a "UserValue" in the future, or User may be refactored
|
|
|
|
|
* into such.
|
|
|
|
|
*/
|
|
|
|
|
public function setUser( $user ) {
|
|
|
|
|
$this->backend->setUser( $user );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a suggested username for the login form
|
|
|
|
|
* @return string|null
|
|
|
|
|
*/
|
|
|
|
|
public function suggestLoginUsername() {
|
|
|
|
|
return $this->backend->suggestLoginUsername( $this->index );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
Introduce $wgForceHTTPS
Add $wgForceHTTPS. When set to true:
* It makes the HTTP to HTTPS redirect unconditional and suppresses the
forceHTTPS cookie.
* It makes session cookies be secure.
* In the Action API, it triggers the existing deprecation warning and
avoids more expensive user/session checks.
* In login and signup, it suppresses the old hidden form fields for
protocol switching.
* It hides the prefershttps user preference.
Other changes:
* Factor out the HTTPS redirect in MediaWiki::main() into
maybeDoHttpsRedirect() and shouldDoHttpRedirect(). Improve
documentation.
* User::requiresHTTPS() reflects $wgForceHTTPS whereas the Session
concept of "force HTTPS" does not. The documentation of
User::requiresHTTPS() says that it includes configuration, and
retaining this definition was beneficial for some callers. Whereas
Session::shouldForceHTTPS() was used fairly narrowly as the value
of the forceHTTPS cookie, and injecting configuration into it is not
so easy or beneficial, so I left it as it was, except for clarifying
the documentation.
* Deprecate the following hooks: BeforeHttpsRedirect, UserRequiresHTTPS,
CanIPUseHTTPS. No known extension uses them, and they're not compatible
with the long-term goal of ending support for mixed-protocol wikis.
BeforeHttpsRedirect was documented as unstable from its inception.
CanIPUseHTTPS was a WMF config hack now superseded by GFOC's SNI
sniffing.
* For tests which failed with $wgForceHTTPS=true, I mostly split the
tests, testing each configuration value separately.
* Add ArrayUtils::cartesianProduct() as a helper for generating
combinations of boolean options in the session tests.
Bug: T256095
Change-Id: Iefb5ba55af35350dfc7c050f9fb8f4e8a79751cb
2020-06-24 00:56:46 +00:00
|
|
|
* Get the expected value of the forceHTTPS cookie. This reflects whether
|
|
|
|
|
* session cookies were sent with the Secure attribute. If $wgForceHTTPS
|
|
|
|
|
* is true, the forceHTTPS cookie is not sent and this value is ignored.
|
|
|
|
|
*
|
2016-02-01 20:44:03 +00:00
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function shouldForceHTTPS() {
|
|
|
|
|
return $this->backend->shouldForceHTTPS();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
Introduce $wgForceHTTPS
Add $wgForceHTTPS. When set to true:
* It makes the HTTP to HTTPS redirect unconditional and suppresses the
forceHTTPS cookie.
* It makes session cookies be secure.
* In the Action API, it triggers the existing deprecation warning and
avoids more expensive user/session checks.
* In login and signup, it suppresses the old hidden form fields for
protocol switching.
* It hides the prefershttps user preference.
Other changes:
* Factor out the HTTPS redirect in MediaWiki::main() into
maybeDoHttpsRedirect() and shouldDoHttpRedirect(). Improve
documentation.
* User::requiresHTTPS() reflects $wgForceHTTPS whereas the Session
concept of "force HTTPS" does not. The documentation of
User::requiresHTTPS() says that it includes configuration, and
retaining this definition was beneficial for some callers. Whereas
Session::shouldForceHTTPS() was used fairly narrowly as the value
of the forceHTTPS cookie, and injecting configuration into it is not
so easy or beneficial, so I left it as it was, except for clarifying
the documentation.
* Deprecate the following hooks: BeforeHttpsRedirect, UserRequiresHTTPS,
CanIPUseHTTPS. No known extension uses them, and they're not compatible
with the long-term goal of ending support for mixed-protocol wikis.
BeforeHttpsRedirect was documented as unstable from its inception.
CanIPUseHTTPS was a WMF config hack now superseded by GFOC's SNI
sniffing.
* For tests which failed with $wgForceHTTPS=true, I mostly split the
tests, testing each configuration value separately.
* Add ArrayUtils::cartesianProduct() as a helper for generating
combinations of boolean options in the session tests.
Bug: T256095
Change-Id: Iefb5ba55af35350dfc7c050f9fb8f4e8a79751cb
2020-06-24 00:56:46 +00:00
|
|
|
* Set the value of the forceHTTPS cookie. This reflects whether session
|
|
|
|
|
* cookies were sent with the Secure attribute. If $wgForceHTTPS is true,
|
|
|
|
|
* the forceHTTPS cookie is not sent, and this value is ignored.
|
|
|
|
|
*
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param bool $force
|
|
|
|
|
*/
|
|
|
|
|
public function setForceHTTPS( $force ) {
|
|
|
|
|
$this->backend->setForceHTTPS( $force );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch the "logged out" timestamp
|
|
|
|
|
* @return int
|
|
|
|
|
*/
|
|
|
|
|
public function getLoggedOutTimestamp() {
|
|
|
|
|
return $this->backend->getLoggedOutTimestamp();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param int $ts
|
|
|
|
|
*/
|
|
|
|
|
public function setLoggedOutTimestamp( $ts ) {
|
|
|
|
|
$this->backend->setLoggedOutTimestamp( $ts );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch provider metadata
|
2020-06-26 12:31:16 +00:00
|
|
|
* @note For use by SessionProvider subclasses only
|
2016-02-01 20:44:03 +00:00
|
|
|
* @return mixed
|
|
|
|
|
*/
|
|
|
|
|
public function getProviderMetadata() {
|
|
|
|
|
return $this->backend->getProviderMetadata();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete all session data and clear the user (if possible)
|
|
|
|
|
*/
|
|
|
|
|
public function clear() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
if ( $data ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$data = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
$this->backend->dirty();
|
|
|
|
|
}
|
|
|
|
|
if ( $this->backend->canSetUser() ) {
|
|
|
|
|
$this->backend->setUser( new User );
|
|
|
|
|
}
|
|
|
|
|
$this->backend->save();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Resets the TTL in the backend store if the session is near expiring, and
|
|
|
|
|
* re-persists the session to any active WebRequests if persistent.
|
|
|
|
|
*/
|
|
|
|
|
public function renew() {
|
|
|
|
|
$this->backend->renew();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch a copy of this session attached to an alternative WebRequest
|
|
|
|
|
*
|
|
|
|
|
* Actions on the copy will affect this session too, and vice versa.
|
|
|
|
|
*
|
|
|
|
|
* @param WebRequest $request Any existing session associated with this
|
|
|
|
|
* WebRequest object will be overwritten.
|
|
|
|
|
* @return Session
|
|
|
|
|
*/
|
|
|
|
|
public function sessionWithRequest( WebRequest $request ) {
|
|
|
|
|
$request->setSessionId( $this->backend->getSessionId() );
|
|
|
|
|
return $this->backend->getSession( $request );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch a value from the session
|
|
|
|
|
* @param string|int $key
|
2018-06-26 21:14:43 +00:00
|
|
|
* @param mixed|null $default Returned if $this->exists( $key ) would be false
|
2016-02-01 20:44:03 +00:00
|
|
|
* @return mixed
|
|
|
|
|
*/
|
|
|
|
|
public function get( $key, $default = null ) {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return array_key_exists( $key, $data ) ? $data[$key] : $default;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Test if a value exists in the session
|
2016-02-10 16:43:23 +00:00
|
|
|
* @note Unlike isset(), null values are considered to exist.
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param string|int $key
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function exists( $key ) {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return array_key_exists( $key, $data );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set a value in the session
|
|
|
|
|
* @param string|int $key
|
|
|
|
|
* @param mixed $value
|
|
|
|
|
*/
|
|
|
|
|
public function set( $key, $value ) {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
if ( !array_key_exists( $key, $data ) || $data[$key] !== $value ) {
|
|
|
|
|
$data[$key] = $value;
|
|
|
|
|
$this->backend->dirty();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Remove a value from the session
|
|
|
|
|
* @param string|int $key
|
|
|
|
|
*/
|
|
|
|
|
public function remove( $key ) {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
if ( array_key_exists( $key, $data ) ) {
|
|
|
|
|
unset( $data[$key] );
|
|
|
|
|
$this->backend->dirty();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-02 22:13:53 +00:00
|
|
|
/**
|
|
|
|
|
* Check if a CSRF token is set for the session
|
|
|
|
|
*
|
|
|
|
|
* @since 1.37
|
|
|
|
|
* @param string $key Token key
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function hasToken( string $key = 'default' ): bool {
|
|
|
|
|
$secrets = $this->get( 'wsTokenSecrets' );
|
|
|
|
|
if ( !is_array( $secrets ) ) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return isset( $secrets[$key] ) && is_string( $secrets[$key] );
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
/**
|
|
|
|
|
* Fetch a CSRF token from the session
|
|
|
|
|
*
|
|
|
|
|
* Note that this does not persist the session, which you'll probably want
|
|
|
|
|
* to do if you want the token to actually be useful.
|
|
|
|
|
*
|
|
|
|
|
* @param string|string[] $salt Token salt
|
|
|
|
|
* @param string $key Token key
|
2016-04-06 22:22:33 +00:00
|
|
|
* @return Token
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
|
|
|
|
public function getToken( $salt = '', $key = 'default' ) {
|
|
|
|
|
$new = false;
|
|
|
|
|
$secrets = $this->get( 'wsTokenSecrets' );
|
|
|
|
|
if ( !is_array( $secrets ) ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$secrets = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
if ( isset( $secrets[$key] ) && is_string( $secrets[$key] ) ) {
|
|
|
|
|
$secret = $secrets[$key];
|
|
|
|
|
} else {
|
|
|
|
|
$secret = \MWCryptRand::generateHex( 32 );
|
|
|
|
|
$secrets[$key] = $secret;
|
|
|
|
|
$this->set( 'wsTokenSecrets', $secrets );
|
|
|
|
|
$new = true;
|
|
|
|
|
}
|
|
|
|
|
if ( is_array( $salt ) ) {
|
2016-03-08 08:13:12 +00:00
|
|
|
$salt = implode( '|', $salt );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
return new Token( $secret, (string)$salt, $new );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Remove a CSRF token from the session
|
|
|
|
|
*
|
|
|
|
|
* The next call to self::getToken() with $key will generate a new secret.
|
|
|
|
|
*
|
|
|
|
|
* @param string $key Token key
|
|
|
|
|
*/
|
|
|
|
|
public function resetToken( $key = 'default' ) {
|
|
|
|
|
$secrets = $this->get( 'wsTokenSecrets' );
|
|
|
|
|
if ( is_array( $secrets ) && isset( $secrets[$key] ) ) {
|
|
|
|
|
unset( $secrets[$key] );
|
|
|
|
|
$this->set( 'wsTokenSecrets', $secrets );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Remove all CSRF tokens from the session
|
|
|
|
|
*/
|
|
|
|
|
public function resetAllTokens() {
|
|
|
|
|
$this->remove( 'wsTokenSecrets' );
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 17:56:35 +00:00
|
|
|
/**
|
|
|
|
|
* Fetch the secret keys for self::setSecret() and self::getSecret().
|
|
|
|
|
* @return string[] Encryption key, HMAC key
|
|
|
|
|
*/
|
|
|
|
|
private function getSecretKeys() {
|
2016-05-28 13:25:48 +00:00
|
|
|
global $wgSessionSecret, $wgSecretKey, $wgSessionPbkdf2Iterations;
|
2016-04-26 17:56:35 +00:00
|
|
|
|
|
|
|
|
$wikiSecret = $wgSessionSecret ?: $wgSecretKey;
|
|
|
|
|
$userSecret = $this->get( 'wsSessionSecret', null );
|
|
|
|
|
if ( $userSecret === null ) {
|
|
|
|
|
$userSecret = \MWCryptRand::generateHex( 32 );
|
|
|
|
|
$this->set( 'wsSessionSecret', $userSecret );
|
|
|
|
|
}
|
2016-05-28 13:25:48 +00:00
|
|
|
$iterations = $this->get( 'wsSessionPbkdf2Iterations', null );
|
|
|
|
|
if ( $iterations === null ) {
|
|
|
|
|
$iterations = $wgSessionPbkdf2Iterations;
|
|
|
|
|
$this->set( 'wsSessionPbkdf2Iterations', $iterations );
|
|
|
|
|
}
|
2016-04-26 17:56:35 +00:00
|
|
|
|
2016-05-28 13:25:48 +00:00
|
|
|
$keymats = hash_pbkdf2( 'sha256', $wikiSecret, $userSecret, $iterations, 64, true );
|
2016-04-26 17:56:35 +00:00
|
|
|
return [
|
|
|
|
|
substr( $keymats, 0, 32 ),
|
|
|
|
|
substr( $keymats, 32, 32 ),
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-30 22:05:14 +00:00
|
|
|
/**
|
|
|
|
|
* Decide what type of encryption to use, based on system capabilities.
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
2016-07-01 14:44:47 +00:00
|
|
|
private static function getEncryptionAlgorithm() {
|
2016-05-30 22:05:14 +00:00
|
|
|
global $wgSessionInsecureSecrets;
|
|
|
|
|
|
2016-07-01 14:44:47 +00:00
|
|
|
if ( self::$encryptionAlgorithm === null ) {
|
|
|
|
|
if ( function_exists( 'openssl_encrypt' ) ) {
|
|
|
|
|
$methods = openssl_get_cipher_methods();
|
|
|
|
|
if ( in_array( 'aes-256-ctr', $methods, true ) ) {
|
|
|
|
|
self::$encryptionAlgorithm = [ 'openssl', 'aes-256-ctr' ];
|
|
|
|
|
return self::$encryptionAlgorithm;
|
|
|
|
|
}
|
|
|
|
|
if ( in_array( 'aes-256-cbc', $methods, true ) ) {
|
|
|
|
|
self::$encryptionAlgorithm = [ 'openssl', 'aes-256-cbc' ];
|
|
|
|
|
return self::$encryptionAlgorithm;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $wgSessionInsecureSecrets ) {
|
|
|
|
|
// @todo: import a pure-PHP library for AES instead of this
|
|
|
|
|
self::$encryptionAlgorithm = [ 'insecure' ];
|
|
|
|
|
return self::$encryptionAlgorithm;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-30 22:05:14 +00:00
|
|
|
throw new \BadMethodCallException(
|
2019-10-07 23:15:15 +00:00
|
|
|
'Encryption is not available. You really should install the PHP OpenSSL extension. ' .
|
|
|
|
|
'But if you really can\'t and you\'re willing ' .
|
2016-05-30 22:05:14 +00:00
|
|
|
'to accept insecure storage of sensitive session data, set ' .
|
|
|
|
|
'$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.'
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-01 14:44:47 +00:00
|
|
|
return self::$encryptionAlgorithm;
|
2016-05-30 22:05:14 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-26 17:56:35 +00:00
|
|
|
/**
|
|
|
|
|
* Set a value in the session, encrypted
|
|
|
|
|
*
|
|
|
|
|
* This relies on the secrecy of $wgSecretKey (by default), or $wgSessionSecret.
|
|
|
|
|
*
|
|
|
|
|
* @param string|int $key
|
|
|
|
|
* @param mixed $value
|
|
|
|
|
*/
|
|
|
|
|
public function setSecret( $key, $value ) {
|
|
|
|
|
list( $encKey, $hmacKey ) = $this->getSecretKeys();
|
|
|
|
|
$serialized = serialize( $value );
|
|
|
|
|
|
|
|
|
|
// The code for encryption (with OpenSSL) and sealing is taken from
|
|
|
|
|
// Chris Steipp's OATHAuthUtils class in Extension::OATHAuth.
|
|
|
|
|
|
|
|
|
|
// Encrypt
|
|
|
|
|
// @todo: import a pure-PHP library for AES instead of doing $wgSessionInsecureSecrets
|
2018-01-19 22:42:56 +00:00
|
|
|
$iv = random_bytes( 16 );
|
2016-07-01 14:44:47 +00:00
|
|
|
$algorithm = self::getEncryptionAlgorithm();
|
2016-05-30 22:05:14 +00:00
|
|
|
switch ( $algorithm[0] ) {
|
|
|
|
|
case 'openssl':
|
|
|
|
|
$ciphertext = openssl_encrypt( $serialized, $algorithm[1], $encKey, OPENSSL_RAW_DATA, $iv );
|
|
|
|
|
if ( $ciphertext === false ) {
|
|
|
|
|
throw new \UnexpectedValueException( 'Encryption failed: ' . openssl_error_string() );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 'insecure':
|
|
|
|
|
$ex = new \Exception( 'No encryption is available, storing data as plain text' );
|
|
|
|
|
$this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );
|
|
|
|
|
$ciphertext = $serialized;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
throw new \LogicException( 'invalid algorithm' );
|
2016-04-26 17:56:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Seal
|
|
|
|
|
$sealed = base64_encode( $iv ) . '.' . base64_encode( $ciphertext );
|
|
|
|
|
$hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true );
|
|
|
|
|
$encrypted = base64_encode( $hmac ) . '.' . $sealed;
|
|
|
|
|
|
|
|
|
|
// Store
|
|
|
|
|
$this->set( $key, $encrypted );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch a value from the session that was set with self::setSecret()
|
|
|
|
|
* @param string|int $key
|
2018-06-26 21:14:43 +00:00
|
|
|
* @param mixed|null $default Returned if $this->exists( $key ) would be false or decryption fails
|
2016-04-26 17:56:35 +00:00
|
|
|
* @return mixed
|
|
|
|
|
*/
|
|
|
|
|
public function getSecret( $key, $default = null ) {
|
|
|
|
|
// Fetch
|
|
|
|
|
$encrypted = $this->get( $key, null );
|
|
|
|
|
if ( $encrypted === null ) {
|
|
|
|
|
return $default;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The code for unsealing, checking, and decrypting (with OpenSSL) is
|
|
|
|
|
// taken from Chris Steipp's OATHAuthUtils class in
|
|
|
|
|
// Extension::OATHAuth.
|
|
|
|
|
|
|
|
|
|
// Unseal and check
|
2019-03-26 10:50:17 +00:00
|
|
|
$pieces = explode( '.', $encrypted, 4 );
|
2016-04-26 17:56:35 +00:00
|
|
|
if ( count( $pieces ) !== 3 ) {
|
|
|
|
|
$ex = new \Exception( 'Invalid sealed-secret format' );
|
|
|
|
|
$this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );
|
|
|
|
|
return $default;
|
|
|
|
|
}
|
|
|
|
|
list( $hmac, $iv, $ciphertext ) = $pieces;
|
|
|
|
|
list( $encKey, $hmacKey ) = $this->getSecretKeys();
|
|
|
|
|
$integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, $hmacKey, true );
|
|
|
|
|
if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {
|
|
|
|
|
$ex = new \Exception( 'Sealed secret has been tampered with, aborting.' );
|
|
|
|
|
$this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );
|
|
|
|
|
return $default;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Decrypt
|
2016-07-01 14:44:47 +00:00
|
|
|
$algorithm = self::getEncryptionAlgorithm();
|
2016-05-30 22:05:14 +00:00
|
|
|
switch ( $algorithm[0] ) {
|
|
|
|
|
case 'openssl':
|
|
|
|
|
$serialized = openssl_decrypt( base64_decode( $ciphertext ), $algorithm[1], $encKey,
|
|
|
|
|
OPENSSL_RAW_DATA, base64_decode( $iv ) );
|
|
|
|
|
if ( $serialized === false ) {
|
|
|
|
|
$ex = new \Exception( 'Decyption failed: ' . openssl_error_string() );
|
|
|
|
|
$this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] );
|
|
|
|
|
return $default;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 'insecure':
|
|
|
|
|
$ex = new \Exception(
|
|
|
|
|
'No encryption is available, retrieving data that was stored as plain text'
|
|
|
|
|
);
|
|
|
|
|
$this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );
|
|
|
|
|
$serialized = base64_decode( $ciphertext );
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
throw new \LogicException( 'invalid algorithm' );
|
2016-04-26 17:56:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$value = unserialize( $serialized );
|
|
|
|
|
if ( $value === false && $serialized !== serialize( false ) ) {
|
|
|
|
|
$value = $default;
|
|
|
|
|
}
|
|
|
|
|
return $value;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
/**
|
|
|
|
|
* Delay automatic saving while multiple updates are being made
|
|
|
|
|
*
|
|
|
|
|
* Calls to save() or clear() will not be delayed.
|
|
|
|
|
*
|
2016-10-12 05:36:03 +00:00
|
|
|
* @return \Wikimedia\ScopedCallback When this goes out of scope, a save will be triggered
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
|
|
|
|
public function delaySave() {
|
|
|
|
|
return $this->backend->delaySave();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-08-27 05:40:37 +00:00
|
|
|
* This will update the backend data and might re-persist the session
|
|
|
|
|
* if needed.
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
|
|
|
|
public function save() {
|
|
|
|
|
$this->backend->save();
|
|
|
|
|
}
|
|
|
|
|
|
Improve custom folding and grouping
PHPStorm can use custom folding regions defined in either the
VisualStudio style or the NetBeans style. The VisualStudio style is more
pleasing to the eye and also works as a vim foldmarker. So get rid of
the previous vim foldmarkers, and use region/endregion.
region/endregion need to be in a single-line comment which is not a doc
comment, and the rest of the comment is used as a region heading (by
both PHPStorm and vim). So to retain Doxygen @name tags, it is
necessary to repeat the section heading, once in a @name and once in a
region. Establish a standard style for this, with a divider and three
spaces before the heading, to better set off the heading name in plain
text.
Besides being the previous vim foldmarker, @{ is also a Doxygen
grouping command. However, almost all prior usages of @{ ... @} in this
sense were broken for one reason or another. It's necessary for the @{
to be in a doc comment, and DISTRIBUTE_GROUP_DOC doesn't work if any of
the individual members in the group are separately documented.
@name alone is sufficient to create a Doxygen section when the sections
are adjacent, but if there is ungrouped content after the section, it
is necessary to use @{ ... @} to avoid having the Doxygen group run on.
So I retained, fixed or added @{ ... @} in certain cases.
I wasn't able to test the changes to the trait documentation in Doxygen
since trait syntax is not recognised and the output is badly broken.
Change-Id: I7d819fdb376c861f40bfc01aed74cd3706141b20
2020-12-22 23:52:00 +00:00
|
|
|
// region Interface methods
|
|
|
|
|
/** @name Interface methods
|
2016-02-01 20:44:03 +00:00
|
|
|
* @{
|
|
|
|
|
*/
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-01 20:44:03 +00:00
|
|
|
public function count() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return count( $data );
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-01 20:44:03 +00:00
|
|
|
public function current() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return current( $data );
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-01 20:44:03 +00:00
|
|
|
public function key() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return key( $data );
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-01 20:44:03 +00:00
|
|
|
public function next() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
next( $data );
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-01 20:44:03 +00:00
|
|
|
public function rewind() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
reset( $data );
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-01 20:44:03 +00:00
|
|
|
public function valid() {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return key( $data ) !== null;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-10 16:43:23 +00:00
|
|
|
/**
|
|
|
|
|
* @note Despite the name, this seems to be intended to implement isset()
|
|
|
|
|
* rather than array_key_exists(). So do that.
|
2017-09-09 20:47:04 +00:00
|
|
|
* @inheritDoc
|
2016-02-10 16:43:23 +00:00
|
|
|
*/
|
|
|
|
|
public function offsetExists( $offset ) {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
return isset( $data[$offset] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @note This supports indirect modifications but can't mark the session
|
|
|
|
|
* dirty when those happen. SessionBackend::save() checks the hash of the
|
|
|
|
|
* data to detect such changes.
|
|
|
|
|
* @note Accessing a nonexistent key via this mechanism causes that key to
|
|
|
|
|
* be created with a null value, and does not raise a PHP warning.
|
2017-09-09 20:47:04 +00:00
|
|
|
* @inheritDoc
|
2016-02-10 16:43:23 +00:00
|
|
|
*/
|
|
|
|
|
public function &offsetGet( $offset ) {
|
|
|
|
|
$data = &$this->backend->getData();
|
|
|
|
|
if ( !array_key_exists( $offset, $data ) ) {
|
|
|
|
|
$ex = new \Exception( "Undefined index (auto-adds to session with a null value): $offset" );
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->debug( $ex->getMessage(), [ 'exception' => $ex ] );
|
2016-02-10 16:43:23 +00:00
|
|
|
}
|
|
|
|
|
return $data[$offset];
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-10 16:43:23 +00:00
|
|
|
public function offsetSet( $offset, $value ) {
|
|
|
|
|
$this->set( $offset, $value );
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-24 16:13:53 +00:00
|
|
|
/** @inheritDoc */
|
2016-02-10 16:43:23 +00:00
|
|
|
public function offsetUnset( $offset ) {
|
|
|
|
|
$this->remove( $offset );
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-05 17:00:00 +00:00
|
|
|
/** @} */
|
Improve custom folding and grouping
PHPStorm can use custom folding regions defined in either the
VisualStudio style or the NetBeans style. The VisualStudio style is more
pleasing to the eye and also works as a vim foldmarker. So get rid of
the previous vim foldmarkers, and use region/endregion.
region/endregion need to be in a single-line comment which is not a doc
comment, and the rest of the comment is used as a region heading (by
both PHPStorm and vim). So to retain Doxygen @name tags, it is
necessary to repeat the section heading, once in a @name and once in a
region. Establish a standard style for this, with a divider and three
spaces before the heading, to better set off the heading name in plain
text.
Besides being the previous vim foldmarker, @{ is also a Doxygen
grouping command. However, almost all prior usages of @{ ... @} in this
sense were broken for one reason or another. It's necessary for the @{
to be in a doc comment, and DISTRIBUTE_GROUP_DOC doesn't work if any of
the individual members in the group are separately documented.
@name alone is sufficient to create a Doxygen section when the sections
are adjacent, but if there is ungrouped content after the section, it
is necessary to use @{ ... @} to avoid having the Doxygen group run on.
So I retained, fixed or added @{ ... @} in certain cases.
I wasn't able to test the changes to the trait documentation in Doxygen
since trait syntax is not recognised and the output is badly broken.
Change-Id: I7d819fdb376c861f40bfc01aed74cd3706141b20
2020-12-22 23:52:00 +00:00
|
|
|
// endregion -- end of Interface methods
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
