Merge "Introduce User::INVALID_TOKEN"

[lhc/web/wiklou.git] / includes / session / SessionManager.php
diff --git a/includes/session/SessionManager.php b/includes/session/SessionManager.php

index 0e45468..f03260f 100644 (file)
--- a/includes/session/SessionManager.php
+++ b/includes/session/SessionManager.php
@@ -25,6 +25,7 @@ namespace MediaWiki\Session;
  
  use Psr\Log\LoggerInterface;
  use BagOStuff;
+use CachedBagOStuff;
  use Config;
  use FauxRequest;
  use Language;
@@ -54,7 +55,7 @@ final class SessionManager implements SessionManagerInterface {
         /** @var Config */
         private $config;
  
-       /** @var BagOStuff|null */
+       /** @var CachedBagOStuff|null */
         private $store;
  
         /** @var SessionProvider[] */
@@ -165,11 +166,12 @@ final class SessionManager implements SessionManagerInterface {
                                         '$options[\'store\'] must be an instance of BagOStuff'
                                 );
                         }
-                       $this->store = $options['store'];
+                       $store = $options['store'];
                 } else {
-                       $this->store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
-                       $this->store->setLogger( $this->logger );
+                       $store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
+                       $store->setLogger( $this->logger );
                 }
+               $this->store = $store instanceof CachedBagOStuff ? $store : new CachedBagOStuff( $store );
  
                 register_shutdown_function( array( $this, 'shutdown' ) );
         }
@@ -178,15 +180,6 @@ final class SessionManager implements SessionManagerInterface {
                 $this->logger = $logger;
         }
  
-       public function getPersistedSessionId( WebRequest $request ) {
-               $info = $this->getSessionInfoForRequest( $request );
-               if ( $info && $info->wasPersisted() ) {
-                       return $info->getId();
-               } else {
-                       return null;
-               }
-       }
-
         public function getSessionForRequest( WebRequest $request ) {
                 $info = $this->getSessionInfoForRequest( $request );
  
@@ -492,10 +485,20 @@ final class SessionManager implements SessionManagerInterface {
                         // @codeCoverageIgnoreEnd
                 }
  
+               # Notify AuthPlugin
+               $tmpUser = $user;
+               $wgAuth->initUser( $tmpUser, true );
+               if ( $tmpUser !== $user ) {
+                       $logger->warning( __METHOD__ . ': ' .
+                               get_class( $wgAuth ) . '::initUser() replaced the user object' );
+               }
+
                 # Notify hooks (e.g. Newuserlog)
                 \Hooks::run( 'AuthPluginAutoCreate', array( $user ) );
                 \Hooks::run( 'LocalUserCreated', array( $user, true ) );
  
+               $user->saveSettings();
+
                 # Update user count
                 \DeferredUpdates::addUpdate( new \SiteStatsUpdate( 0, 0, 0, 0, 1 ) );
  
@@ -517,13 +520,6 @@ final class SessionManager implements SessionManagerInterface {
         public function preventSessionsForUser( $username ) {
                 $this->preventUsers[$username] = true;
  
-               // Reset the user's token to kill existing sessions
-               $user = User::newFromName( $username );
-               if ( $user && $user->getToken() ) {
-                       $user->setToken( true );
-                       $user->saveSettings();
-               }
-
                 // Instruct the session providers to kill any other sessions too.
                 foreach ( $this->getProviders() as $provider ) {
                         $provider->preventSessionsForUser( $username );
@@ -800,6 +796,9 @@ final class SessionManager implements SessionManagerInterface {
                         if ( !empty( $metadata['forceHTTPS'] ) && !$info->forceHTTPS() ) {
                                 $newParams['forceHTTPS'] = true;
                         }
+                       if ( !empty( $metadata['persisted'] ) && !$info->wasPersisted() ) {
+                               $newParams['persisted'] = true;
+                       }
  
                         if ( !$info->isIdSafe() ) {
                                 $newParams['idIsSafe'] = true;