2016-02-01 20:44:03 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* MediaWiki\Session entry point
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* @file
|
|
|
|
|
* @ingroup Session
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Session;
|
|
|
|
|
|
|
|
|
|
use BagOStuff;
|
2016-01-30 01:09:57 +00:00
|
|
|
use CachedBagOStuff;
|
2016-02-01 20:44:03 +00:00
|
|
|
use Config;
|
|
|
|
|
use FauxRequest;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
use MediaWiki\HookContainer\HookContainer;
|
|
|
|
|
use MediaWiki\HookContainer\HookRunner;
|
2020-01-10 00:00:51 +00:00
|
|
|
use MediaWiki\MediaWikiServices;
|
2021-04-29 20:44:45 +00:00
|
|
|
use MediaWiki\User\UserNameUtils;
|
2020-01-10 00:00:51 +00:00
|
|
|
use MWException;
|
|
|
|
|
use Psr\Log\LoggerInterface;
|
2016-02-07 19:24:05 +00:00
|
|
|
use Psr\Log\LogLevel;
|
2016-02-01 20:44:03 +00:00
|
|
|
use User;
|
|
|
|
|
use WebRequest;
|
2022-03-09 22:16:22 +00:00
|
|
|
use Wikimedia\ObjectFactory\ObjectFactory;
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This serves as the entry point to the MediaWiki session handling system.
|
|
|
|
|
*
|
2016-08-27 05:40:37 +00:00
|
|
|
* Most methods here are for internal use by session handling code. Other callers
|
|
|
|
|
* should only use getGlobalSession and the methods of SessionManagerInterface;
|
|
|
|
|
* the rest of the functionality is exposed via MediaWiki\Session\Session methods.
|
|
|
|
|
*
|
|
|
|
|
* To provide custom session handling, implement a MediaWiki\Session\SessionProvider.
|
|
|
|
|
*
|
2020-12-16 03:24:55 +00:00
|
|
|
* @anchor SessionManager-storage-expectations
|
|
|
|
|
*
|
|
|
|
|
* ## Storage expectations
|
|
|
|
|
*
|
|
|
|
|
* The SessionManager should be configured with a very fast storage system that is
|
|
|
|
|
* optimized for holding key-value pairs. It expects:
|
|
|
|
|
*
|
|
|
|
|
* - Low latencies. Session data is read or written to during nearly all web requests from
|
|
|
|
|
* people that have contributed to or otherwise engaged with the site, including those not
|
|
|
|
|
* logged in with a registered account.
|
|
|
|
|
*
|
|
|
|
|
* - Locally writable data. The data must be writable from both primary and secondary
|
|
|
|
|
* data centres.
|
|
|
|
|
*
|
|
|
|
|
* - Locally latest reads. Writes must by default be immediately consistent within
|
|
|
|
|
* the local data centre, and visible to other reads from web servers in that data centre.
|
|
|
|
|
*
|
|
|
|
|
* - Replication. The data must be eventually consistent across all data centres. Writes
|
|
|
|
|
* are either synced to all remote data centres, or locally overwritten by another write
|
|
|
|
|
* that is.
|
|
|
|
|
*
|
|
|
|
|
* - Support BagOStuff::WRITE_SYNC flag. The data must writable with synchronous replication
|
|
|
|
|
* waited for, across all data centres. This is used when resetting or deleting a session,
|
|
|
|
|
* which must not be lost or overwritten by earlier or overlapping write actions.
|
|
|
|
|
*
|
|
|
|
|
* The SessionManager uses set() and delete() for write operations, which should by default
|
|
|
|
|
* be synchronous in the local data centre, and replicate asynchronously to any others.
|
|
|
|
|
* This behaviour can be overridden by the use of the WRITE_SYNC flag.
|
|
|
|
|
*
|
2016-02-01 20:44:03 +00:00
|
|
|
* @ingroup Session
|
|
|
|
|
* @since 1.27
|
2016-08-27 05:40:37 +00:00
|
|
|
* @see https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
2021-04-29 20:44:45 +00:00
|
|
|
class SessionManager implements SessionManagerInterface {
|
2016-02-01 20:44:03 +00:00
|
|
|
/** @var SessionManager|null */
|
|
|
|
|
private static $instance = null;
|
|
|
|
|
|
|
|
|
|
/** @var Session|null */
|
|
|
|
|
private static $globalSession = null;
|
|
|
|
|
|
|
|
|
|
/** @var WebRequest|null */
|
|
|
|
|
private static $globalSessionRequest = null;
|
|
|
|
|
|
|
|
|
|
/** @var LoggerInterface */
|
|
|
|
|
private $logger;
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
/** @var HookContainer */
|
|
|
|
|
private $hookContainer;
|
|
|
|
|
|
|
|
|
|
/** @var HookRunner */
|
|
|
|
|
private $hookRunner;
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
/** @var Config */
|
|
|
|
|
private $config;
|
|
|
|
|
|
2021-04-29 20:44:45 +00:00
|
|
|
/** @var UserNameUtils */
|
|
|
|
|
private $userNameUtils;
|
|
|
|
|
|
2022-01-21 20:18:45 +00:00
|
|
|
/** @var ObjectFactory */
|
|
|
|
|
private $objectFactory;
|
|
|
|
|
|
2016-01-30 01:09:57 +00:00
|
|
|
/** @var CachedBagOStuff|null */
|
|
|
|
|
private $store;
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
/** @var SessionProvider[] */
|
|
|
|
|
private $sessionProviders = null;
|
|
|
|
|
|
|
|
|
|
/** @var string[] */
|
|
|
|
|
private $varyCookies = null;
|
|
|
|
|
|
|
|
|
|
/** @var array */
|
|
|
|
|
private $varyHeaders = null;
|
|
|
|
|
|
|
|
|
|
/** @var SessionBackend[] */
|
2016-02-17 09:09:32 +00:00
|
|
|
private $allSessionBackends = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
/** @var SessionId[] */
|
2016-02-17 09:09:32 +00:00
|
|
|
private $allSessionIds = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
|
2022-03-08 22:57:00 +00:00
|
|
|
/** @var true[] */
|
2016-02-17 09:09:32 +00:00
|
|
|
private $preventUsers = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the global SessionManager
|
2019-08-31 16:14:38 +00:00
|
|
|
* @return self
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
|
|
|
|
public static function singleton() {
|
|
|
|
|
if ( self::$instance === null ) {
|
|
|
|
|
self::$instance = new self();
|
|
|
|
|
}
|
|
|
|
|
return self::$instance;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* If PHP's session_id() has been set, returns that session. Otherwise
|
|
|
|
|
* returns the session for RequestContext::getMain()->getRequest().
|
|
|
|
|
*
|
|
|
|
|
* @return Session
|
|
|
|
|
*/
|
2021-07-22 03:11:47 +00:00
|
|
|
public static function getGlobalSession(): Session {
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( !PHPSessionHandler::isEnabled() ) {
|
|
|
|
|
$id = '';
|
|
|
|
|
} else {
|
|
|
|
|
$id = session_id();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$request = \RequestContext::getMain()->getRequest();
|
|
|
|
|
if (
|
|
|
|
|
!self::$globalSession // No global session is set up yet
|
|
|
|
|
|| self::$globalSessionRequest !== $request // The global WebRequest changed
|
|
|
|
|
|| $id !== '' && self::$globalSession->getId() !== $id // Someone messed with session_id()
|
|
|
|
|
) {
|
|
|
|
|
self::$globalSessionRequest = $request;
|
|
|
|
|
if ( $id === '' ) {
|
|
|
|
|
// session_id() wasn't used, so fetch the Session from the WebRequest.
|
|
|
|
|
// We use $request->getSession() instead of $singleton->getSessionForRequest()
|
|
|
|
|
// because doing the latter would require a public
|
|
|
|
|
// "$request->getSessionId()" method that would confuse end
|
|
|
|
|
// users by returning SessionId|null where they'd expect it to
|
|
|
|
|
// be short for $request->getSession()->getId(), and would
|
|
|
|
|
// wind up being a duplicate of the code in
|
|
|
|
|
// $request->getSession() anyway.
|
|
|
|
|
self::$globalSession = $request->getSession();
|
|
|
|
|
} else {
|
|
|
|
|
// Someone used session_id(), so we need to follow suit.
|
|
|
|
|
// Note this overwrites whatever session might already be
|
|
|
|
|
// associated with $request with the one for $id.
|
|
|
|
|
self::$globalSession = self::singleton()->getSessionById( $id, true, $request )
|
|
|
|
|
?: $request->getSession();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return self::$globalSession;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param array $options
|
|
|
|
|
* - config: Config to fetch configuration from. Defaults to the default 'main' config.
|
|
|
|
|
* - logger: LoggerInterface to use for logging. Defaults to the 'session' channel.
|
|
|
|
|
* - store: BagOStuff to store session data in.
|
|
|
|
|
*/
|
2016-02-17 09:09:32 +00:00
|
|
|
public function __construct( $options = [] ) {
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( isset( $options['config'] ) ) {
|
|
|
|
|
$this->config = $options['config'];
|
|
|
|
|
if ( !$this->config instanceof Config ) {
|
|
|
|
|
throw new \InvalidArgumentException(
|
|
|
|
|
'$options[\'config\'] must be an instance of Config'
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2016-11-22 23:39:22 +00:00
|
|
|
$this->config = MediaWikiServices::getInstance()->getMainConfig();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( isset( $options['logger'] ) ) {
|
|
|
|
|
if ( !$options['logger'] instanceof LoggerInterface ) {
|
|
|
|
|
throw new \InvalidArgumentException(
|
|
|
|
|
'$options[\'logger\'] must be an instance of LoggerInterface'
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$this->setLogger( $options['logger'] );
|
|
|
|
|
} else {
|
|
|
|
|
$this->setLogger( \MediaWiki\Logger\LoggerFactory::getInstance( 'session' ) );
|
|
|
|
|
}
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
if ( isset( $options['hookContainer'] ) ) {
|
|
|
|
|
$this->setHookContainer( $options['hookContainer'] );
|
|
|
|
|
} else {
|
|
|
|
|
$this->setHookContainer( MediaWikiServices::getInstance()->getHookContainer() );
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( isset( $options['store'] ) ) {
|
|
|
|
|
if ( !$options['store'] instanceof BagOStuff ) {
|
|
|
|
|
throw new \InvalidArgumentException(
|
|
|
|
|
'$options[\'store\'] must be an instance of BagOStuff'
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-01-30 01:09:57 +00:00
|
|
|
$store = $options['store'];
|
2016-02-01 20:44:03 +00:00
|
|
|
} else {
|
2016-01-30 01:09:57 +00:00
|
|
|
$store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
|
2019-10-16 22:41:01 +00:00
|
|
|
$this->logger->debug( 'SessionManager using store ' . get_class( $store ) );
|
2016-01-30 01:09:57 +00:00
|
|
|
$this->store = $store instanceof CachedBagOStuff ? $store : new CachedBagOStuff( $store );
|
2022-01-21 20:18:45 +00:00
|
|
|
$services = MediawikiServices::getInstance();
|
|
|
|
|
$this->userNameUtils = $services->getUserNameUtils();
|
|
|
|
|
$this->objectFactory = $services->getObjectFactory();
|
2016-02-01 20:44:03 +00:00
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
register_shutdown_function( [ $this, 'shutdown' ] );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function setLogger( LoggerInterface $logger ) {
|
|
|
|
|
$this->logger = $logger;
|
|
|
|
|
}
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
* @param HookContainer $hookContainer
|
|
|
|
|
*/
|
|
|
|
|
public function setHookContainer( HookContainer $hookContainer ) {
|
|
|
|
|
$this->hookContainer = $hookContainer;
|
|
|
|
|
$this->hookRunner = new HookRunner( $hookContainer );
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
public function getSessionForRequest( WebRequest $request ) {
|
|
|
|
|
$info = $this->getSessionInfoForRequest( $request );
|
|
|
|
|
|
|
|
|
|
if ( !$info ) {
|
|
|
|
|
$session = $this->getEmptySession( $request );
|
|
|
|
|
} else {
|
|
|
|
|
$session = $this->getSessionFromInfo( $info, $request );
|
|
|
|
|
}
|
|
|
|
|
return $session;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getSessionById( $id, $create = false, WebRequest $request = null ) {
|
|
|
|
|
if ( !self::validateSessionId( $id ) ) {
|
|
|
|
|
throw new \InvalidArgumentException( 'Invalid session ID' );
|
|
|
|
|
}
|
|
|
|
|
if ( !$request ) {
|
|
|
|
|
$request = new FauxRequest;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$session = null;
|
2016-03-22 21:50:32 +00:00
|
|
|
$info = new SessionInfo( SessionInfo::MIN_PRIORITY, [ 'id' => $id, 'idIsSafe' => true ] );
|
2016-02-01 20:44:03 +00:00
|
|
|
|
2016-03-22 21:50:32 +00:00
|
|
|
// If we already have the backend loaded, use it directly
|
|
|
|
|
if ( isset( $this->allSessionBackends[$id] ) ) {
|
|
|
|
|
return $this->getSessionFromInfo( $info, $request );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test if the session is in storage, and if so try to load it.
|
2017-05-24 03:36:28 +00:00
|
|
|
$key = $this->store->makeKey( 'MWSession', $id );
|
2016-01-30 01:09:57 +00:00
|
|
|
if ( is_array( $this->store->get( $key ) ) ) {
|
2016-03-22 21:50:32 +00:00
|
|
|
$create = false; // If loading fails, don't bother creating because it probably will fail too.
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
|
|
|
|
|
$session = $this->getSessionFromInfo( $info, $request );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $create && $session === null ) {
|
|
|
|
|
$ex = null;
|
|
|
|
|
try {
|
|
|
|
|
$session = $this->getEmptySessionInternal( $request, $id );
|
|
|
|
|
} catch ( \Exception $ex ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->error( 'Failed to create empty session: {exception}',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2016-02-02 16:37:27 +00:00
|
|
|
'method' => __METHOD__,
|
|
|
|
|
'exception' => $ex,
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-02-01 20:44:03 +00:00
|
|
|
$session = null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $session;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getEmptySession( WebRequest $request = null ) {
|
|
|
|
|
return $this->getEmptySessionInternal( $request );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @see SessionManagerInterface::getEmptySession
|
|
|
|
|
* @param WebRequest|null $request
|
|
|
|
|
* @param string|null $id ID to force on the new session
|
|
|
|
|
* @return Session
|
|
|
|
|
*/
|
|
|
|
|
private function getEmptySessionInternal( WebRequest $request = null, $id = null ) {
|
|
|
|
|
if ( $id !== null ) {
|
|
|
|
|
if ( !self::validateSessionId( $id ) ) {
|
|
|
|
|
throw new \InvalidArgumentException( 'Invalid session ID' );
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-24 03:36:28 +00:00
|
|
|
$key = $this->store->makeKey( 'MWSession', $id );
|
2016-01-30 01:09:57 +00:00
|
|
|
if ( is_array( $this->store->get( $key ) ) ) {
|
2016-02-01 20:44:03 +00:00
|
|
|
throw new \InvalidArgumentException( 'Session ID already exists' );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ( !$request ) {
|
|
|
|
|
$request = new FauxRequest;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
$infos = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
foreach ( $this->getProviders() as $provider ) {
|
|
|
|
|
$info = $provider->newSessionInfo( $id );
|
|
|
|
|
if ( !$info ) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if ( $info->getProvider() !== $provider ) {
|
|
|
|
|
throw new \UnexpectedValueException(
|
|
|
|
|
"$provider returned an empty session info for a different provider: $info"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
if ( $id !== null && $info->getId() !== $id ) {
|
|
|
|
|
throw new \UnexpectedValueException(
|
|
|
|
|
"$provider returned empty session info with a wrong id: " .
|
|
|
|
|
$info->getId() . ' != ' . $id
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
if ( !$info->isIdSafe() ) {
|
|
|
|
|
throw new \UnexpectedValueException(
|
|
|
|
|
"$provider returned empty session info with id flagged unsafe"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$compare = $infos ? SessionInfo::compare( $infos[0], $info ) : -1;
|
|
|
|
|
if ( $compare > 0 ) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if ( $compare === 0 ) {
|
|
|
|
|
$infos[] = $info;
|
|
|
|
|
} else {
|
2016-02-17 09:09:32 +00:00
|
|
|
$infos = [ $info ];
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Make sure there's exactly one
|
|
|
|
|
if ( count( $infos ) > 1 ) {
|
|
|
|
|
throw new \UnexpectedValueException(
|
2016-03-08 08:13:12 +00:00
|
|
|
'Multiple empty sessions tied for top priority: ' . implode( ', ', $infos )
|
2016-02-01 20:44:03 +00:00
|
|
|
);
|
|
|
|
|
} elseif ( count( $infos ) < 1 ) {
|
|
|
|
|
throw new \UnexpectedValueException( 'No provider could provide an empty session!' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->getSessionFromInfo( $infos[0], $request );
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-10 20:40:46 +00:00
|
|
|
public function invalidateSessionsForUser( User $user ) {
|
|
|
|
|
$user->setToken();
|
|
|
|
|
$user->saveSettings();
|
|
|
|
|
|
|
|
|
|
foreach ( $this->getProviders() as $provider ) {
|
|
|
|
|
$provider->invalidateSessionsForUser( $user );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
public function getVaryHeaders() {
|
2016-02-26 20:02:56 +00:00
|
|
|
// @codeCoverageIgnoreStart
|
2016-02-24 06:45:04 +00:00
|
|
|
if ( defined( 'MW_NO_SESSION' ) && MW_NO_SESSION !== 'warn' ) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
2016-02-26 20:02:56 +00:00
|
|
|
// @codeCoverageIgnoreEnd
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( $this->varyHeaders === null ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$headers = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
foreach ( $this->getProviders() as $provider ) {
|
|
|
|
|
foreach ( $provider->getVaryHeaders() as $header => $options ) {
|
2018-10-18 16:01:23 +00:00
|
|
|
# Note that the $options value returned has been deprecated
|
|
|
|
|
# and is ignored.
|
|
|
|
|
$headers[$header] = null;
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$this->varyHeaders = $headers;
|
|
|
|
|
}
|
|
|
|
|
return $this->varyHeaders;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getVaryCookies() {
|
2016-02-26 20:02:56 +00:00
|
|
|
// @codeCoverageIgnoreStart
|
2016-02-24 06:45:04 +00:00
|
|
|
if ( defined( 'MW_NO_SESSION' ) && MW_NO_SESSION !== 'warn' ) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
2016-02-26 20:02:56 +00:00
|
|
|
// @codeCoverageIgnoreEnd
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( $this->varyCookies === null ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$cookies = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
foreach ( $this->getProviders() as $provider ) {
|
|
|
|
|
$cookies = array_merge( $cookies, $provider->getVaryCookies() );
|
|
|
|
|
}
|
|
|
|
|
$this->varyCookies = array_values( array_unique( $cookies ) );
|
|
|
|
|
}
|
|
|
|
|
return $this->varyCookies;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validate a session ID
|
|
|
|
|
* @param string $id
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public static function validateSessionId( $id ) {
|
|
|
|
|
return is_string( $id ) && preg_match( '/^[a-zA-Z0-9_-]{32,}$/', $id );
|
|
|
|
|
}
|
|
|
|
|
|
Improve custom folding and grouping
PHPStorm can use custom folding regions defined in either the
VisualStudio style or the NetBeans style. The VisualStudio style is more
pleasing to the eye and also works as a vim foldmarker. So get rid of
the previous vim foldmarkers, and use region/endregion.
region/endregion need to be in a single-line comment which is not a doc
comment, and the rest of the comment is used as a region heading (by
both PHPStorm and vim). So to retain Doxygen @name tags, it is
necessary to repeat the section heading, once in a @name and once in a
region. Establish a standard style for this, with a divider and three
spaces before the heading, to better set off the heading name in plain
text.
Besides being the previous vim foldmarker, @{ is also a Doxygen
grouping command. However, almost all prior usages of @{ ... @} in this
sense were broken for one reason or another. It's necessary for the @{
to be in a doc comment, and DISTRIBUTE_GROUP_DOC doesn't work if any of
the individual members in the group are separately documented.
@name alone is sufficient to create a Doxygen section when the sections
are adjacent, but if there is ungrouped content after the section, it
is necessary to use @{ ... @} to avoid having the Doxygen group run on.
So I retained, fixed or added @{ ... @} in certain cases.
I wasn't able to test the changes to the trait documentation in Doxygen
since trait syntax is not recognised and the output is badly broken.
Change-Id: I7d819fdb376c861f40bfc01aed74cd3706141b20
2020-12-22 23:52:00 +00:00
|
|
|
/***************************************************************************/
|
|
|
|
|
// region Internal methods
|
|
|
|
|
/** @name Internal methods */
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Prevent future sessions for the user
|
|
|
|
|
*
|
|
|
|
|
* The intention is that the named account will never again be usable for
|
|
|
|
|
* normal login (i.e. there is no way to undo the prevention of access).
|
|
|
|
|
*
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For use from \User::newSystemUser only
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param string $username
|
|
|
|
|
*/
|
|
|
|
|
public function preventSessionsForUser( $username ) {
|
|
|
|
|
$this->preventUsers[$username] = true;
|
|
|
|
|
|
|
|
|
|
// Instruct the session providers to kill any other sessions too.
|
|
|
|
|
foreach ( $this->getProviders() as $provider ) {
|
|
|
|
|
$provider->preventSessionsForUser( $username );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Test if a user is prevented
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For use from SessionBackend only
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param string $username
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function isUserSessionPrevented( $username ) {
|
|
|
|
|
return !empty( $this->preventUsers[$username] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the available SessionProviders
|
|
|
|
|
* @return SessionProvider[]
|
|
|
|
|
*/
|
|
|
|
|
protected function getProviders() {
|
|
|
|
|
if ( $this->sessionProviders === null ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->sessionProviders = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
foreach ( $this->config->get( 'SessionProviders' ) as $spec ) {
|
2020-04-27 15:33:10 +00:00
|
|
|
/** @var SessionProvider */
|
2022-01-21 20:18:45 +00:00
|
|
|
$provider = $this->objectFactory->createObject( $spec );
|
2021-04-29 20:44:45 +00:00
|
|
|
$provider->init(
|
|
|
|
|
$this->logger,
|
|
|
|
|
$this->config,
|
|
|
|
|
$this,
|
|
|
|
|
$this->hookContainer,
|
|
|
|
|
$this->userNameUtils
|
|
|
|
|
);
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( isset( $this->sessionProviders[(string)$provider] ) ) {
|
2019-08-29 09:59:59 +00:00
|
|
|
// @phan-suppress-next-line PhanTypeSuspiciousStringExpression
|
2016-02-01 20:44:03 +00:00
|
|
|
throw new \UnexpectedValueException( "Duplicate provider name \"$provider\"" );
|
|
|
|
|
}
|
|
|
|
|
$this->sessionProviders[(string)$provider] = $provider;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $this->sessionProviders;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a session provider by name
|
|
|
|
|
*
|
|
|
|
|
* Generally, this will only be used by internal implementation of some
|
|
|
|
|
* special session-providing mechanism. General purpose code, if it needs
|
|
|
|
|
* to access a SessionProvider at all, will use Session::getProvider().
|
|
|
|
|
*
|
|
|
|
|
* @param string $name
|
|
|
|
|
* @return SessionProvider|null
|
|
|
|
|
*/
|
|
|
|
|
public function getProvider( $name ) {
|
|
|
|
|
$providers = $this->getProviders();
|
2017-10-06 22:17:58 +00:00
|
|
|
return $providers[$name] ?? null;
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Save all active sessions on shutdown
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For internal use with register_shutdown_function()
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
|
|
|
|
public function shutdown() {
|
|
|
|
|
if ( $this->allSessionBackends ) {
|
|
|
|
|
$this->logger->debug( 'Saving all sessions on shutdown' );
|
|
|
|
|
if ( session_id() !== '' ) {
|
|
|
|
|
// @codeCoverageIgnoreStart
|
|
|
|
|
session_write_close();
|
|
|
|
|
}
|
|
|
|
|
// @codeCoverageIgnoreEnd
|
|
|
|
|
foreach ( $this->allSessionBackends as $backend ) {
|
2016-04-20 16:27:26 +00:00
|
|
|
$backend->shutdown();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fetch the SessionInfo(s) for a request
|
|
|
|
|
* @param WebRequest $request
|
|
|
|
|
* @return SessionInfo|null
|
|
|
|
|
*/
|
|
|
|
|
private function getSessionInfoForRequest( WebRequest $request ) {
|
|
|
|
|
// Call all providers to fetch "the" session
|
2016-02-17 09:09:32 +00:00
|
|
|
$infos = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
foreach ( $this->getProviders() as $provider ) {
|
|
|
|
|
$info = $provider->provideSessionInfo( $request );
|
|
|
|
|
if ( !$info ) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if ( $info->getProvider() !== $provider ) {
|
|
|
|
|
throw new \UnexpectedValueException(
|
|
|
|
|
"$provider returned session info for a different provider: $info"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$infos[] = $info;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Sort the SessionInfos. Then find the first one that can be
|
|
|
|
|
// successfully loaded, and then all the ones after it with the same
|
|
|
|
|
// priority.
|
2020-04-27 15:35:10 +00:00
|
|
|
usort( $infos, [ SessionInfo::class, 'compare' ] );
|
2016-02-17 09:09:32 +00:00
|
|
|
$retInfos = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
while ( $infos ) {
|
|
|
|
|
$info = array_pop( $infos );
|
|
|
|
|
if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
|
|
|
|
|
$retInfos[] = $info;
|
|
|
|
|
while ( $infos ) {
|
2020-10-07 03:42:50 +00:00
|
|
|
/** @var SessionInfo $info */
|
2016-02-01 20:44:03 +00:00
|
|
|
$info = array_pop( $infos );
|
|
|
|
|
if ( SessionInfo::compare( $retInfos[0], $info ) ) {
|
|
|
|
|
// We hit a lower priority, stop checking.
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
|
|
|
|
|
// This is going to error out below, but we want to
|
|
|
|
|
// provide a complete list.
|
|
|
|
|
$retInfos[] = $info;
|
2016-02-26 21:37:52 +00:00
|
|
|
} else {
|
|
|
|
|
// Session load failed, so unpersist it from this request
|
2020-10-07 03:42:50 +00:00
|
|
|
$this->logUnpersist( $info, $request );
|
2016-02-26 21:37:52 +00:00
|
|
|
$info->getProvider()->unpersistSession( $request );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-02-26 21:37:52 +00:00
|
|
|
} else {
|
|
|
|
|
// Session load failed, so unpersist it from this request
|
2020-10-07 03:42:50 +00:00
|
|
|
$this->logUnpersist( $info, $request );
|
2016-02-26 21:37:52 +00:00
|
|
|
$info->getProvider()->unpersistSession( $request );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( count( $retInfos ) > 1 ) {
|
2019-09-07 14:21:09 +00:00
|
|
|
throw new SessionOverflowException(
|
|
|
|
|
$retInfos,
|
2016-03-08 08:13:12 +00:00
|
|
|
'Multiple sessions for this request tied for top priority: ' . implode( ', ', $retInfos )
|
2016-02-01 20:44:03 +00:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $retInfos ? $retInfos[0] : null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Load and verify the session info against the store
|
|
|
|
|
*
|
|
|
|
|
* @param SessionInfo &$info Will likely be replaced with an updated SessionInfo instance
|
|
|
|
|
* @param WebRequest $request
|
|
|
|
|
* @return bool Whether the session info matches the stored data (if any)
|
|
|
|
|
*/
|
|
|
|
|
private function loadSessionInfoFromStore( SessionInfo &$info, WebRequest $request ) {
|
2017-05-24 03:36:28 +00:00
|
|
|
$key = $this->store->makeKey( 'MWSession', $info->getId() );
|
2016-01-30 01:09:57 +00:00
|
|
|
$blob = $this->store->get( $key );
|
2016-02-01 20:44:03 +00:00
|
|
|
|
2016-05-10 19:25:39 +00:00
|
|
|
// If we got data from the store and the SessionInfo says to force use,
|
|
|
|
|
// "fail" means to delete the data from the store and retry. Otherwise,
|
|
|
|
|
// "fail" is just return false.
|
|
|
|
|
if ( $info->forceUse() && $blob !== false ) {
|
|
|
|
|
$failHandler = function () use ( $key, &$info, $request ) {
|
|
|
|
|
$this->store->delete( $key );
|
|
|
|
|
return $this->loadSessionInfoFromStore( $info, $request );
|
|
|
|
|
};
|
|
|
|
|
} else {
|
2021-02-10 22:31:02 +00:00
|
|
|
$failHandler = static function () {
|
2016-05-10 19:25:39 +00:00
|
|
|
return false;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
$newParams = [];
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
if ( $blob !== false ) {
|
2021-11-19 23:19:42 +00:00
|
|
|
// Double check: blob must be an array, if it's saved at all
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( !is_array( $blob ) ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->warning( 'Session "{session}": Bad data', [
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-01-30 01:09:57 +00:00
|
|
|
$this->store->delete( $key );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
2021-11-19 23:19:42 +00:00
|
|
|
// Double check: blob has data and metadata arrays
|
2016-02-01 20:44:03 +00:00
|
|
|
if ( !isset( $blob['data'] ) || !is_array( $blob['data'] ) ||
|
|
|
|
|
!isset( $blob['metadata'] ) || !is_array( $blob['metadata'] )
|
|
|
|
|
) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->warning( 'Session "{session}": Bad data structure', [
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-01-30 01:09:57 +00:00
|
|
|
$this->store->delete( $key );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = $blob['data'];
|
|
|
|
|
$metadata = $blob['metadata'];
|
|
|
|
|
|
2021-11-19 23:19:42 +00:00
|
|
|
// Double check: metadata must be an array and must contain certain
|
2016-02-01 20:44:03 +00:00
|
|
|
// keys, if it's saved at all
|
|
|
|
|
if ( !array_key_exists( 'userId', $metadata ) ||
|
|
|
|
|
!array_key_exists( 'userName', $metadata ) ||
|
|
|
|
|
!array_key_exists( 'userToken', $metadata ) ||
|
|
|
|
|
!array_key_exists( 'provider', $metadata )
|
|
|
|
|
) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->warning( 'Session "{session}": Bad metadata', [
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-01-30 01:09:57 +00:00
|
|
|
$this->store->delete( $key );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// First, load the provider from metadata, or validate it against the metadata.
|
|
|
|
|
$provider = $info->getProvider();
|
|
|
|
|
if ( $provider === null ) {
|
|
|
|
|
$newParams['provider'] = $provider = $this->getProvider( $metadata['provider'] );
|
|
|
|
|
if ( !$provider ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'Session "{session}": Unknown provider ' . $metadata['provider'],
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
]
|
2016-02-02 16:37:27 +00:00
|
|
|
);
|
2016-01-30 01:09:57 +00:00
|
|
|
$this->store->delete( $key );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
} elseif ( $metadata['provider'] !== (string)$provider ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning( 'Session "{session}": Wrong provider ' .
|
|
|
|
|
$metadata['provider'] . ' !== ' . $provider,
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Load provider metadata from metadata, or validate it against the metadata
|
|
|
|
|
$providerMetadata = $info->getProviderMetadata();
|
|
|
|
|
if ( isset( $metadata['providerMetadata'] ) ) {
|
|
|
|
|
if ( $providerMetadata === null ) {
|
|
|
|
|
$newParams['metadata'] = $metadata['providerMetadata'];
|
|
|
|
|
} else {
|
|
|
|
|
try {
|
|
|
|
|
$newProviderMetadata = $provider->mergeMetadata(
|
|
|
|
|
$metadata['providerMetadata'], $providerMetadata
|
|
|
|
|
);
|
|
|
|
|
if ( $newProviderMetadata !== $providerMetadata ) {
|
|
|
|
|
$newParams['metadata'] = $newProviderMetadata;
|
|
|
|
|
}
|
2016-02-11 16:55:37 +00:00
|
|
|
} catch ( MetadataMergeException $ex ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'Session "{session}": Metadata merge failed: {exception}',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-02 16:37:27 +00:00
|
|
|
'exception' => $ex,
|
2016-02-17 09:09:32 +00:00
|
|
|
] + $ex->getContext()
|
2016-02-11 16:55:37 +00:00
|
|
|
);
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Next, load the user from metadata, or validate it against the metadata.
|
|
|
|
|
$userInfo = $info->getUserInfo();
|
|
|
|
|
if ( !$userInfo ) {
|
|
|
|
|
// For loading, id is preferred to name.
|
|
|
|
|
try {
|
|
|
|
|
if ( $metadata['userId'] ) {
|
|
|
|
|
$userInfo = UserInfo::newFromId( $metadata['userId'] );
|
|
|
|
|
} elseif ( $metadata['userName'] !== null ) { // Shouldn't happen, but just in case
|
|
|
|
|
$userInfo = UserInfo::newFromName( $metadata['userName'] );
|
|
|
|
|
} else {
|
|
|
|
|
$userInfo = UserInfo::newAnonymous();
|
|
|
|
|
}
|
|
|
|
|
} catch ( \InvalidArgumentException $ex ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->error( 'Session "{session}": {exception}', [
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-02 16:37:27 +00:00
|
|
|
'exception' => $ex,
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
$newParams['userInfo'] = $userInfo;
|
|
|
|
|
} else {
|
|
|
|
|
// User validation passes if user ID matches, or if there
|
|
|
|
|
// is no saved ID and the names match.
|
|
|
|
|
if ( $metadata['userId'] ) {
|
|
|
|
|
if ( $metadata['userId'] !== $userInfo->getId() ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-02 16:37:27 +00:00
|
|
|
'uid_a' => $metadata['userId'],
|
|
|
|
|
'uid_b' => $userInfo->getId(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If the user was renamed, probably best to fail here.
|
|
|
|
|
if ( $metadata['userName'] !== null &&
|
|
|
|
|
$userInfo->getName() !== $metadata['userName']
|
|
|
|
|
) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-02 16:37:27 +00:00
|
|
|
'uname_a' => $metadata['userName'],
|
|
|
|
|
'uname_b' => $userInfo->getName(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} elseif ( $metadata['userName'] !== null ) { // Shouldn't happen, but just in case
|
|
|
|
|
if ( $metadata['userName'] !== $userInfo->getName() ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'Session "{session}": User name mismatch, {uname_a} !== {uname_b}',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-02 16:37:27 +00:00
|
|
|
'uname_a' => $metadata['userName'],
|
|
|
|
|
'uname_b' => $userInfo->getName(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
} elseif ( !$userInfo->isAnon() ) {
|
|
|
|
|
// Metadata specifies an anonymous user, but the passed-in
|
|
|
|
|
// user isn't anonymous.
|
|
|
|
|
$this->logger->warning(
|
2016-02-02 16:37:27 +00:00
|
|
|
'Session "{session}": Metadata has an anonymous user, but a non-anon user was provided',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// And if we have a token in the metadata, it must match the loaded/provided user.
|
|
|
|
|
if ( $metadata['userToken'] !== null &&
|
|
|
|
|
$userInfo->getToken() !== $metadata['userToken']
|
|
|
|
|
) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->warning( 'Session "{session}": User token mismatch', [
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
if ( !$userInfo->isVerified() ) {
|
|
|
|
|
$newParams['userInfo'] = $userInfo->verified();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !empty( $metadata['remember'] ) && !$info->wasRemembered() ) {
|
|
|
|
|
$newParams['remembered'] = true;
|
|
|
|
|
}
|
|
|
|
|
if ( !empty( $metadata['forceHTTPS'] ) && !$info->forceHTTPS() ) {
|
|
|
|
|
$newParams['forceHTTPS'] = true;
|
|
|
|
|
}
|
|
|
|
|
if ( !empty( $metadata['persisted'] ) && !$info->wasPersisted() ) {
|
|
|
|
|
$newParams['persisted'] = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !$info->isIdSafe() ) {
|
|
|
|
|
$newParams['idIsSafe'] = true;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// No metadata, so we can't load the provider if one wasn't given.
|
|
|
|
|
if ( $info->getProvider() === null ) {
|
2016-02-02 16:37:27 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'Session "{session}": Null provider and no metadata',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If no user was provided and no metadata, it must be anon.
|
|
|
|
|
if ( !$info->getUserInfo() ) {
|
|
|
|
|
if ( $info->getProvider()->canChangeUser() ) {
|
|
|
|
|
$newParams['userInfo'] = UserInfo::newAnonymous();
|
|
|
|
|
} else {
|
|
|
|
|
$this->logger->info(
|
2016-02-02 16:37:27 +00:00
|
|
|
'Session "{session}": No user provided and provider cannot set user',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
} elseif ( !$info->getUserInfo()->isVerified() ) {
|
2017-02-17 00:49:57 +00:00
|
|
|
// probably just a session timeout
|
|
|
|
|
$this->logger->info(
|
2016-02-02 16:37:27 +00:00
|
|
|
'Session "{session}": Unverified user provided and no metadata to auth it',
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = false;
|
|
|
|
|
$metadata = false;
|
|
|
|
|
|
|
|
|
|
if ( !$info->getProvider()->persistsSessionId() && !$info->isIdSafe() ) {
|
|
|
|
|
// The ID doesn't come from the user, so it should be safe
|
|
|
|
|
// (and if not, nothing we can do about it anyway)
|
|
|
|
|
$newParams['idIsSafe'] = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Construct the replacement SessionInfo, if necessary
|
|
|
|
|
if ( $newParams ) {
|
|
|
|
|
$newParams['copyFrom'] = $info;
|
|
|
|
|
$info = new SessionInfo( $info->getPriority(), $newParams );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Allow the provider to check the loaded SessionInfo
|
|
|
|
|
$providerMetadata = $info->getProviderMetadata();
|
|
|
|
|
if ( !$info->getProvider()->refreshSessionInfo( $info, $request, $providerMetadata ) ) {
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
if ( $providerMetadata !== $info->getProviderMetadata() ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$info = new SessionInfo( $info->getPriority(), [
|
2016-02-01 20:44:03 +00:00
|
|
|
'metadata' => $providerMetadata,
|
|
|
|
|
'copyFrom' => $info,
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Give hooks a chance to abort. Combined with the SessionMetadata
|
|
|
|
|
// hook, this can allow for tying a session to an IP address or the
|
|
|
|
|
// like.
|
|
|
|
|
$reason = 'Hook aborted';
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
if ( !$this->hookRunner->onSessionCheckInfo(
|
|
|
|
|
$reason, $info, $request, $metadata, $data )
|
|
|
|
|
) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->logger->warning( 'Session "{session}": ' . $reason, [
|
2021-01-25 21:40:34 +00:00
|
|
|
'session' => $info->__toString(),
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
2016-05-10 19:25:39 +00:00
|
|
|
return $failHandler();
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-08-27 05:40:37 +00:00
|
|
|
* Create a Session corresponding to the passed SessionInfo
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For use by a SessionProvider that needs to specially create its
|
2016-08-27 05:40:37 +00:00
|
|
|
* own Session. Most session providers won't need this.
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param SessionInfo $info
|
|
|
|
|
* @param WebRequest $request
|
|
|
|
|
* @return Session
|
|
|
|
|
*/
|
|
|
|
|
public function getSessionFromInfo( SessionInfo $info, WebRequest $request ) {
|
2016-02-26 20:02:56 +00:00
|
|
|
// @codeCoverageIgnoreStart
|
2016-02-18 20:56:40 +00:00
|
|
|
if ( defined( 'MW_NO_SESSION' ) ) {
|
2021-12-08 06:43:11 +00:00
|
|
|
$ep = defined( 'MW_ENTRY_POINT' ) ? MW_ENTRY_POINT : 'this';
|
|
|
|
|
|
2016-02-18 20:56:40 +00:00
|
|
|
if ( MW_NO_SESSION === 'warn' ) {
|
|
|
|
|
// Undocumented safety case for converting existing entry points
|
2016-03-09 17:00:06 +00:00
|
|
|
$this->logger->error( 'Sessions are supposed to be disabled for this entry point', [
|
2021-12-08 06:43:11 +00:00
|
|
|
'exception' => new \BadMethodCallException( "Sessions are disabled for $ep entry point" ),
|
2016-03-09 17:00:06 +00:00
|
|
|
] );
|
2016-02-18 20:56:40 +00:00
|
|
|
} else {
|
2021-12-08 06:43:11 +00:00
|
|
|
throw new \BadMethodCallException( "Sessions are disabled for $ep entry point" );
|
2016-02-18 20:56:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-02-26 20:02:56 +00:00
|
|
|
// @codeCoverageIgnoreEnd
|
2016-02-18 20:56:40 +00:00
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
$id = $info->getId();
|
|
|
|
|
|
|
|
|
|
if ( !isset( $this->allSessionBackends[$id] ) ) {
|
|
|
|
|
if ( !isset( $this->allSessionIds[$id] ) ) {
|
|
|
|
|
$this->allSessionIds[$id] = new SessionId( $id );
|
|
|
|
|
}
|
|
|
|
|
$backend = new SessionBackend(
|
|
|
|
|
$this->allSessionIds[$id],
|
|
|
|
|
$info,
|
2016-01-30 01:09:57 +00:00
|
|
|
$this->store,
|
2016-02-01 20:44:03 +00:00
|
|
|
$this->logger,
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hookContainer,
|
2016-02-01 20:44:03 +00:00
|
|
|
$this->config->get( 'ObjectCacheSessionExpiry' )
|
|
|
|
|
);
|
|
|
|
|
$this->allSessionBackends[$id] = $backend;
|
|
|
|
|
$delay = $backend->delaySave();
|
|
|
|
|
} else {
|
|
|
|
|
$backend = $this->allSessionBackends[$id];
|
|
|
|
|
$delay = $backend->delaySave();
|
|
|
|
|
if ( $info->wasPersisted() ) {
|
|
|
|
|
$backend->persist();
|
|
|
|
|
}
|
|
|
|
|
if ( $info->wasRemembered() ) {
|
|
|
|
|
$backend->setRememberUser( true );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$request->setSessionId( $backend->getSessionId() );
|
|
|
|
|
$session = $backend->getSession( $request );
|
|
|
|
|
|
|
|
|
|
if ( !$info->isIdSafe() ) {
|
|
|
|
|
$session->resetId();
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-12 05:36:03 +00:00
|
|
|
\Wikimedia\ScopedCallback::consume( $delay );
|
2016-02-01 20:44:03 +00:00
|
|
|
return $session;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Deregister a SessionBackend
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For use from \MediaWiki\Session\SessionBackend only
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param SessionBackend $backend
|
|
|
|
|
*/
|
|
|
|
|
public function deregisterSessionBackend( SessionBackend $backend ) {
|
|
|
|
|
$id = $backend->getId();
|
|
|
|
|
if ( !isset( $this->allSessionBackends[$id] ) || !isset( $this->allSessionIds[$id] ) ||
|
|
|
|
|
$this->allSessionBackends[$id] !== $backend ||
|
|
|
|
|
$this->allSessionIds[$id] !== $backend->getSessionId()
|
|
|
|
|
) {
|
|
|
|
|
throw new \InvalidArgumentException( 'Backend was not registered with this SessionManager' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unset( $this->allSessionBackends[$id] );
|
|
|
|
|
// Explicitly do not unset $this->allSessionIds[$id]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Change a SessionBackend's ID
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal For use from \MediaWiki\Session\SessionBackend only
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param SessionBackend $backend
|
|
|
|
|
*/
|
|
|
|
|
public function changeBackendId( SessionBackend $backend ) {
|
|
|
|
|
$sessionId = $backend->getSessionId();
|
|
|
|
|
$oldId = (string)$sessionId;
|
|
|
|
|
if ( !isset( $this->allSessionBackends[$oldId] ) || !isset( $this->allSessionIds[$oldId] ) ||
|
|
|
|
|
$this->allSessionBackends[$oldId] !== $backend ||
|
|
|
|
|
$this->allSessionIds[$oldId] !== $sessionId
|
|
|
|
|
) {
|
|
|
|
|
throw new \InvalidArgumentException( 'Backend was not registered with this SessionManager' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$newId = $this->generateSessionId();
|
|
|
|
|
|
|
|
|
|
unset( $this->allSessionBackends[$oldId], $this->allSessionIds[$oldId] );
|
|
|
|
|
$sessionId->setId( $newId );
|
|
|
|
|
$this->allSessionBackends[$newId] = $backend;
|
|
|
|
|
$this->allSessionIds[$newId] = $sessionId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate a new random session ID
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function generateSessionId() {
|
|
|
|
|
do {
|
2016-05-07 11:59:31 +00:00
|
|
|
$id = \Wikimedia\base_convert( \MWCryptRand::generateHex( 40 ), 16, 32, 32 );
|
2017-05-24 03:36:28 +00:00
|
|
|
$key = $this->store->makeKey( 'MWSession', $id );
|
2016-01-30 01:09:57 +00:00
|
|
|
} while ( isset( $this->allSessionIds[$id] ) || is_array( $this->store->get( $key ) ) );
|
2016-02-01 20:44:03 +00:00
|
|
|
return $id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Call setters on a PHPSessionHandler
|
2020-06-26 12:14:23 +00:00
|
|
|
* @internal Use PhpSessionHandler::install()
|
2016-02-01 20:44:03 +00:00
|
|
|
* @param PHPSessionHandler $handler
|
|
|
|
|
*/
|
|
|
|
|
public function setupPHPSessionHandler( PHPSessionHandler $handler ) {
|
2016-01-30 01:09:57 +00:00
|
|
|
$handler->setManager( $this, $this->store, $this->logger );
|
2016-02-01 20:44:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Reset the internal caching for unit testing
|
2020-06-26 12:31:16 +00:00
|
|
|
* @note Unit tests only
|
|
|
|
|
* @internal
|
2016-02-01 20:44:03 +00:00
|
|
|
*/
|
|
|
|
|
public static function resetCache() {
|
2020-12-23 18:52:12 +00:00
|
|
|
if ( !defined( 'MW_PHPUNIT_TEST' ) && !defined( 'MW_PARSER_TEST' ) ) {
|
2016-04-11 20:37:32 +00:00
|
|
|
// @codeCoverageIgnoreStart
|
|
|
|
|
throw new MWException( __METHOD__ . ' may only be called from unit tests!' );
|
|
|
|
|
// @codeCoverageIgnoreEnd
|
|
|
|
|
}
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
self::$globalSession = null;
|
|
|
|
|
self::$globalSessionRequest = null;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-07 03:42:50 +00:00
|
|
|
private function logUnpersist( SessionInfo $info, WebRequest $request ) {
|
|
|
|
|
$logData = [
|
|
|
|
|
'id' => $info->getId(),
|
|
|
|
|
'provider' => get_class( $info->getProvider() ),
|
|
|
|
|
'user' => '<anon>',
|
|
|
|
|
'clientip' => $request->getIP(),
|
|
|
|
|
'userAgent' => $request->getHeader( 'user-agent' ),
|
|
|
|
|
];
|
|
|
|
|
if ( $info->getUserInfo() ) {
|
|
|
|
|
if ( !$info->getUserInfo()->isAnon() ) {
|
|
|
|
|
$logData['user'] = $info->getUserInfo()->getName();
|
|
|
|
|
}
|
|
|
|
|
$logData['userVerified'] = $info->getUserInfo()->isVerified();
|
|
|
|
|
}
|
|
|
|
|
$this->logger->info( 'Failed to load session, unpersisting', $logData );
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-07 19:24:05 +00:00
|
|
|
/**
|
|
|
|
|
* If the same session is suddenly used from a different IP, that's potentially due
|
|
|
|
|
* to a session leak, so log it. In the vast majority of cases it is a false positive
|
|
|
|
|
* due to a user switching connections, but we are interested in an audit track where
|
|
|
|
|
* we can look up a specific username, so a noisy log is fine.
|
|
|
|
|
* Also log changes to the mwuser cookie, an analytics cookie set by mediawiki.user.js
|
|
|
|
|
* which should be a little less noisy.
|
|
|
|
|
* @private For use in Setup.php only
|
|
|
|
|
* @param Session|null $session For testing only
|
|
|
|
|
*/
|
|
|
|
|
public function logPotentialSessionLeakage( Session $session = null ) {
|
|
|
|
|
$proxyLookup = MediaWikiServices::getInstance()->getProxyLookup();
|
|
|
|
|
$session = $session ?: self::getGlobalSession();
|
|
|
|
|
$suspiciousIpExpiry = $this->config->get( 'SuspiciousIpExpiry' );
|
|
|
|
|
|
|
|
|
|
if ( $suspiciousIpExpiry === false
|
|
|
|
|
// We only care about logged-in users.
|
|
|
|
|
|| !$session->isPersistent() || $session->getUser()->isAnon()
|
|
|
|
|
// We only care about cookie-based sessions.
|
|
|
|
|
|| !( $session->getProvider() instanceof CookieSessionProvider )
|
|
|
|
|
) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
$ip = $session->getRequest()->getIP();
|
|
|
|
|
} catch ( \MWException $e ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if ( $ip === '127.0.0.1' || $proxyLookup->isConfiguredProxy( $ip ) ) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
$mwuser = $session->getRequest()->getCookie( 'mwuser-sessionId' );
|
2022-02-26 16:28:48 +00:00
|
|
|
$now = (int)\MWTimestamp::now( TS_UNIX );
|
2016-02-07 19:24:05 +00:00
|
|
|
|
|
|
|
|
// Record (and possibly log) that the IP is using the current session.
|
|
|
|
|
// Don't touch the stored data unless we are changing the IP or re-adding an expired one.
|
|
|
|
|
// This is slightly inaccurate (when an existing IP is seen again, the expiry is not
|
|
|
|
|
// extended) but that shouldn't make much difference and limits the session write frequency.
|
|
|
|
|
$data = $session->get( 'SessionManager-logPotentialSessionLeakage', [] )
|
|
|
|
|
+ [ 'ip' => null, 'mwuser' => null, 'timestamp' => 0 ];
|
|
|
|
|
// Ignore old IP records; users change networks over time. mwuser is a session cookie and the
|
|
|
|
|
// SessionManager session id is also a session cookie so there shouldn't be any problem there.
|
|
|
|
|
if ( $data['ip'] &&
|
|
|
|
|
( $now - $data['timestamp'] > $suspiciousIpExpiry )
|
|
|
|
|
) {
|
|
|
|
|
$data['ip'] = $data['timestamp'] = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $data['ip'] !== $ip || $data['mwuser'] !== $mwuser ) {
|
|
|
|
|
$session->set( 'SessionManager-logPotentialSessionLeakage',
|
|
|
|
|
[ 'ip' => $ip, 'mwuser' => $mwuser, 'timestamp' => $now ] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ipChanged = ( $data['ip'] && $data['ip'] !== $ip );
|
|
|
|
|
$mwuserChanged = ( $data['mwuser'] && $data['mwuser'] !== $mwuser );
|
|
|
|
|
$logLevel = $message = null;
|
|
|
|
|
$logData = [];
|
|
|
|
|
// IPs change all the time. mwuser is a session cookie that's only set when missing,
|
|
|
|
|
// so it should only change when the browser session ends which ends the SessionManager
|
|
|
|
|
// session as well. Unless we are dealing with a very weird client, such as a bot that
|
|
|
|
|
//manipulates cookies and can run Javascript, it should not change.
|
|
|
|
|
// IP and mwuser changing at the same time would be *very* suspicious.
|
|
|
|
|
if ( $ipChanged ) {
|
|
|
|
|
$logLevel = LogLevel::INFO;
|
|
|
|
|
$message = 'IP change within the same session';
|
|
|
|
|
$logData += [
|
|
|
|
|
'oldIp' => $data['ip'],
|
|
|
|
|
'oldIpRecorded' => $data['timestamp'],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
if ( $mwuserChanged ) {
|
|
|
|
|
$logLevel = LogLevel::NOTICE;
|
|
|
|
|
$message = 'mwuser change within the same session';
|
|
|
|
|
$logData += [
|
|
|
|
|
'oldMwuser' => $data['mwuser'],
|
|
|
|
|
'newMwuser' => $mwuser,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
if ( $ipChanged && $mwuserChanged ) {
|
|
|
|
|
$logLevel = LogLevel::WARNING;
|
|
|
|
|
$message = 'IP and mwuser change within the same session';
|
|
|
|
|
}
|
|
|
|
|
if ( $logLevel ) {
|
|
|
|
|
$logData += [
|
|
|
|
|
'session' => $session->getId(),
|
|
|
|
|
'user' => $session->getUser()->getName(),
|
2020-10-09 16:45:22 +00:00
|
|
|
'clientip' => $ip,
|
|
|
|
|
'userAgent' => $session->getRequest()->getHeader( 'user-agent' ),
|
2016-02-07 19:24:05 +00:00
|
|
|
];
|
|
|
|
|
$logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'session-ip' );
|
|
|
|
|
$logger->log( $logLevel, $message, $logData );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Improve custom folding and grouping
PHPStorm can use custom folding regions defined in either the
VisualStudio style or the NetBeans style. The VisualStudio style is more
pleasing to the eye and also works as a vim foldmarker. So get rid of
the previous vim foldmarkers, and use region/endregion.
region/endregion need to be in a single-line comment which is not a doc
comment, and the rest of the comment is used as a region heading (by
both PHPStorm and vim). So to retain Doxygen @name tags, it is
necessary to repeat the section heading, once in a @name and once in a
region. Establish a standard style for this, with a divider and three
spaces before the heading, to better set off the heading name in plain
text.
Besides being the previous vim foldmarker, @{ is also a Doxygen
grouping command. However, almost all prior usages of @{ ... @} in this
sense were broken for one reason or another. It's necessary for the @{
to be in a doc comment, and DISTRIBUTE_GROUP_DOC doesn't work if any of
the individual members in the group are separately documented.
@name alone is sufficient to create a Doxygen section when the sections
are adjacent, but if there is ungrouped content after the section, it
is necessary to use @{ ... @} to avoid having the Doxygen group run on.
So I retained, fixed or added @{ ... @} in certain cases.
I wasn't able to test the changes to the trait documentation in Doxygen
since trait syntax is not recognised and the output is badly broken.
Change-Id: I7d819fdb376c861f40bfc01aed74cd3706141b20
2020-12-22 23:52:00 +00:00
|
|
|
// endregion -- end of Internal methods
|
2016-02-01 20:44:03 +00:00
|
|
|
|
|
|
|
|
}
|
