3 namespace MediaWiki\Session
;
11 * @covers MediaWiki\Session\ImmutableSessionProviderWithCookie
13 class ImmutableSessionProviderWithCookieTest
extends MediaWikiTestCase
{
15 private function getProvider( $name, $prefix = null ) {
16 $config = new \
HashConfig();
17 $config->set( 'CookiePrefix', 'wgCookiePrefix' );
20 'sessionCookieName' => $name,
21 'sessionCookieOptions' => [],
23 if ( $prefix !== null ) {
24 $params['sessionCookieOptions']['prefix'] = $prefix;
27 $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie
::class )
28 ->setConstructorArgs( [ $params ] )
29 ->getMockForAbstractClass();
30 $provider->setLogger( new \
TestLogger() );
31 $provider->setConfig( $config );
32 $provider->setManager( new SessionManager() );
37 public function testConstructor() {
38 $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie
::class )
39 ->getMockForAbstractClass();
40 $priv = \TestingAccessWrapper
::newFromObject( $provider );
41 $this->assertNull( $priv->sessionCookieName
);
42 $this->assertSame( [], $priv->sessionCookieOptions
);
44 $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie
::class )
45 ->setConstructorArgs( [ [
46 'sessionCookieName' => 'Foo',
47 'sessionCookieOptions' => [ 'Bar' ],
49 ->getMockForAbstractClass();
50 $priv = \TestingAccessWrapper
::newFromObject( $provider );
51 $this->assertSame( 'Foo', $priv->sessionCookieName
);
52 $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions
);
55 $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie
::class )
56 ->setConstructorArgs( [ [
57 'sessionCookieName' => false,
59 ->getMockForAbstractClass();
60 $this->fail( 'Expected exception not thrown' );
61 } catch ( \InvalidArgumentException
$ex ) {
63 'sessionCookieName must be a string',
69 $provider = $this->getMockBuilder( ImmutableSessionProviderWithCookie
::class )
70 ->setConstructorArgs( [ [
71 'sessionCookieOptions' => 'x',
73 ->getMockForAbstractClass();
74 $this->fail( 'Expected exception not thrown' );
75 } catch ( \InvalidArgumentException
$ex ) {
77 'sessionCookieOptions must be an array',
83 public function testBasics() {
84 $provider = $this->getProvider( null );
85 $this->assertFalse( $provider->persistsSessionID() );
86 $this->assertFalse( $provider->canChangeUser() );
88 $provider = $this->getProvider( 'Foo' );
89 $this->assertTrue( $provider->persistsSessionID() );
90 $this->assertFalse( $provider->canChangeUser() );
92 $msg = $provider->whyNoSession();
93 $this->assertInstanceOf( 'Message', $msg );
94 $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
97 public function testGetVaryCookies() {
98 $provider = $this->getProvider( null );
99 $this->assertSame( [], $provider->getVaryCookies() );
101 $provider = $this->getProvider( 'Foo' );
102 $this->assertSame( [ 'wgCookiePrefixFoo' ], $provider->getVaryCookies() );
104 $provider = $this->getProvider( 'Foo', 'Bar' );
105 $this->assertSame( [ 'BarFoo' ], $provider->getVaryCookies() );
107 $provider = $this->getProvider( 'Foo', '' );
108 $this->assertSame( [ 'Foo' ], $provider->getVaryCookies() );
111 public function testGetSessionIdFromCookie() {
112 $this->setMwGlobals( 'wgCookiePrefix', 'wgCookiePrefix' );
113 $request = new \
FauxRequest();
114 $request->setCookies( [
115 '' => 'empty---------------------------',
116 'Foo' => 'foo-----------------------------',
117 'wgCookiePrefixFoo' => 'wgfoo---------------------------',
118 'BarFoo' => 'foobar--------------------------',
122 $provider = \TestingAccessWrapper
::newFromObject( $this->getProvider( null ) );
124 $provider->getSessionIdFromCookie( $request );
125 $this->fail( 'Expected exception not thrown' );
126 } catch ( \BadMethodCallException
$ex ) {
128 'MediaWiki\\Session\\ImmutableSessionProviderWithCookie::getSessionIdFromCookie ' .
129 'may not be called when $this->sessionCookieName === null',
134 $provider = \TestingAccessWrapper
::newFromObject( $this->getProvider( 'Foo' ) );
136 'wgfoo---------------------------',
137 $provider->getSessionIdFromCookie( $request )
140 $provider = \TestingAccessWrapper
::newFromObject( $this->getProvider( 'Foo', 'Bar' ) );
142 'foobar--------------------------',
143 $provider->getSessionIdFromCookie( $request )
146 $provider = \TestingAccessWrapper
::newFromObject( $this->getProvider( 'Foo', '' ) );
148 'foo-----------------------------',
149 $provider->getSessionIdFromCookie( $request )
152 $provider = \TestingAccessWrapper
::newFromObject( $this->getProvider( 'bad', '' ) );
153 $this->assertSame( null, $provider->getSessionIdFromCookie( $request ) );
155 $provider = \TestingAccessWrapper
::newFromObject( $this->getProvider( 'none', '' ) );
156 $this->assertSame( null, $provider->getSessionIdFromCookie( $request ) );
159 protected function getSentRequest() {
160 $sentResponse = $this->getMockBuilder( 'FauxResponse' )
161 ->setMethods( [ 'headersSent', 'setCookie', 'header' ] )
163 $sentResponse->expects( $this->any() )->method( 'headersSent' )
164 ->will( $this->returnValue( true ) );
165 $sentResponse->expects( $this->never() )->method( 'setCookie' );
166 $sentResponse->expects( $this->never() )->method( 'header' );
168 $sentRequest = $this->getMockBuilder( 'FauxRequest' )
169 ->setMethods( [ 'response' ] )->getMock();
170 $sentRequest->expects( $this->any() )->method( 'response' )
171 ->will( $this->returnValue( $sentResponse ) );
176 * @dataProvider providePersistSession
177 * @param bool $secure
178 * @param bool $remember
180 public function testPersistSession( $secure, $remember ) {
181 $this->setMwGlobals( [
182 'wgCookieExpiration' => 100,
183 'wgSecureLogin' => false,
186 $provider = $this->getProvider( 'session' );
187 $provider->setLogger( new \Psr\Log\
NullLogger() );
188 $priv = \TestingAccessWrapper
::newFromObject( $provider );
189 $priv->sessionCookieOptions
= [
191 'path' => 'CookiePath',
192 'domain' => 'CookieDomain',
197 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
198 $user = User
::newFromName( 'UTSysop' );
199 $this->assertFalse( $user->requiresHTTPS(), 'sanity check' );
201 $backend = new SessionBackend(
202 new SessionId( $sessionId ),
203 new SessionInfo( SessionInfo
::MIN_PRIORITY
, [
204 'provider' => $provider,
207 'userInfo' => UserInfo
::newFromUser( $user, true ),
211 new \Psr\Log\
NullLogger(),
214 \TestingAccessWrapper
::newFromObject( $backend )->usePhpSessionHandling
= false;
215 $backend->setRememberUser( $remember );
216 $backend->setForceHTTPS( $secure );
219 $priv->sessionCookieName
= null;
220 $request = new \
FauxRequest();
221 $provider->persistSession( $backend, $request );
222 $this->assertSame( [], $request->response()->getCookies() );
225 $priv->sessionCookieName
= 'session';
226 $request = new \
FauxRequest();
228 $provider->persistSession( $backend, $request );
230 $cookie = $request->response()->getCookieData( 'xsession' );
231 $this->assertInternalType( 'array', $cookie );
232 if ( isset( $cookie['expire'] ) && $cookie['expire'] > 0 ) {
233 // Round expiry so we don't randomly fail if the seconds ticked during the test.
234 $cookie['expire'] = round( $cookie['expire'] - $time, -2 );
236 $this->assertEquals( [
237 'value' => $sessionId,
239 'path' => 'CookiePath',
240 'domain' => 'CookieDomain',
246 $cookie = $request->response()->getCookieData( 'forceHTTPS' );
248 $this->assertInternalType( 'array', $cookie );
249 if ( isset( $cookie['expire'] ) && $cookie['expire'] > 0 ) {
250 // Round expiry so we don't randomly fail if the seconds ticked during the test.
251 $cookie['expire'] = round( $cookie['expire'] - $time, -2 );
253 $this->assertEquals( [
256 'path' => 'CookiePath',
257 'domain' => 'CookieDomain',
263 $this->assertNull( $cookie );
267 $request = $this->getSentRequest();
268 $provider->persistSession( $backend, $request );
269 $this->assertSame( [], $request->response()->getCookies() );
272 public static function providePersistSession() {
281 public function testUnpersistSession() {
282 $provider = $this->getProvider( 'session', '' );
283 $provider->setLogger( new \Psr\Log\
NullLogger() );
284 $priv = \TestingAccessWrapper
::newFromObject( $provider );
287 $priv->sessionCookieName
= null;
288 $request = new \
FauxRequest();
289 $provider->unpersistSession( $request );
290 $this->assertSame( null, $request->response()->getCookie( 'session', '' ) );
293 $priv->sessionCookieName
= 'session';
294 $request = new \
FauxRequest();
295 $provider->unpersistSession( $request );
296 $this->assertSame( '', $request->response()->getCookie( 'session', '' ) );
299 $request = $this->getSentRequest();
300 $provider->unpersistSession( $request );
301 $this->assertSame( null, $request->response()->getCookie( 'session', '' ) );