Merge "Update session log messages"

[lhc/web/wiklou.git] / includes / session / SessionManager.php
diff --git a/includes/session/SessionManager.php b/includes/session/SessionManager.php

index 1c8686c..07291e9 100644 (file)
--- a/includes/session/SessionManager.php
+++ b/includes/session/SessionManager.php
@@ -25,6 +25,7 @@ namespace MediaWiki\Session;
  
  use Psr\Log\LoggerInterface;
  use BagOStuff;
+use CachedBagOStuff;
  use Config;
  use FauxRequest;
  use Language;
@@ -54,7 +55,7 @@ final class SessionManager implements SessionManagerInterface {
         /** @var Config */
         private $config;
  
-       /** @var BagOStuff|null */
+       /** @var CachedBagOStuff|null */
         private $store;
  
         /** @var SessionProvider[] */
@@ -123,7 +124,8 @@ final class SessionManager implements SessionManagerInterface {
                                 // Someone used session_id(), so we need to follow suit.
                                 // Note this overwrites whatever session might already be
                                 // associated with $request with the one for $id.
-                               self::$globalSession = self::singleton()->getSessionById( $id, false, $request );
+                               self::$globalSession = self::singleton()->getSessionById( $id, true, $request )
+                                       ?: $request->getSession();
                         }
                 }
                 return self::$globalSession;
@@ -164,11 +166,12 @@ final class SessionManager implements SessionManagerInterface {
                                         '$options[\'store\'] must be an instance of BagOStuff'
                                 );
                         }
-                       $this->store = $options['store'];
+                       $store = $options['store'];
                 } else {
-                       $this->store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
-                       $this->store->setLogger( $this->logger );
+                       $store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
+                       $store->setLogger( $this->logger );
                 }
+               $this->store = $store instanceof CachedBagOStuff ? $store : new CachedBagOStuff( $store );
  
                 register_shutdown_function( array( $this, 'shutdown' ) );
         }
@@ -177,15 +180,6 @@ final class SessionManager implements SessionManagerInterface {
                 $this->logger = $logger;
         }
  
-       public function getPersistedSessionId( WebRequest $request ) {
-               $info = $this->getSessionInfoForRequest( $request );
-               if ( $info && $info->wasPersisted() ) {
-                       return $info->getId();
-               } else {
-                       return null;
-               }
-       }
-
         public function getSessionForRequest( WebRequest $request ) {
                 $info = $this->getSessionInfoForRequest( $request );
  
@@ -197,7 +191,7 @@ final class SessionManager implements SessionManagerInterface {
                 return $session;
         }
  
-       public function getSessionById( $id, $noEmpty = false, WebRequest $request = null ) {
+       public function getSessionById( $id, $create = false, WebRequest $request = null ) {
                 if ( !self::validateSessionId( $id ) ) {
                         throw new \InvalidArgumentException( 'Invalid session ID' );
                 }
@@ -217,20 +211,18 @@ final class SessionManager implements SessionManagerInterface {
                         }
                 }
  
-               if ( !$noEmpty && $session === null ) {
+               if ( $create && $session === null ) {
                         $ex = null;
                         try {
                                 $session = $this->getEmptySessionInternal( $request, $id );
                         } catch ( \Exception $ex ) {
-                               $this->logger->error( __METHOD__ . ': failed to create empty session: ' .
-                                       $ex->getMessage() );
+                               $this->logger->error( 'Failed to create empty session: {exception}',
+                                       array(
+                                               'method' => __METHOD__,
+                                               'exception' => $ex,
+                               ) );
                                 $session = null;
                         }
-                       if ( $session === null ) {
-                               throw new \UnexpectedValueException(
-                                       'Can neither load the session nor create an empty session', 0, $ex
-                               );
-                       }
                 }
  
                 return $session;
@@ -473,14 +465,21 @@ final class SessionManager implements SessionManagerInterface {
  
                 // Checks passed, create the user...
                 $from = isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : 'CLI';
-               $logger->info( __METHOD__ . ": creating new user ($userName) - from: $from" );
+               $logger->info( __METHOD__ . ': creating new user ({username}) - from: {url}',
+                       array(
+                               'username' => $userName,
+                               'url' => $from,
+               ) );
  
                 try {
                         // Insert the user into the local DB master
                         $status = $user->addToDatabase();
                         if ( !$status->isOK() ) {
                                 // @codeCoverageIgnoreStart
-                               $logger->error( __METHOD__ . ': failed with message ' . $status->getWikiText() );
+                               $logger->error( __METHOD__ . ': failed with message ' . $status->getWikiText(),
+                                       array(
+                                               'username' => $userName,
+                               ) );
                                 $user->setId( 0 );
                                 $user->loadFromId();
                                 return false;
@@ -488,7 +487,10 @@ final class SessionManager implements SessionManagerInterface {
                         }
                 } catch ( \Exception $ex ) {
                         // @codeCoverageIgnoreStart
-                       $logger->error( __METHOD__ . ': failed with exception ' . $ex->getMessage() );
+                       $logger->error( __METHOD__ . ': failed with exception {exception}', array(
+                               'exception' => $ex,
+                               'username' => $userName,
+                       ) );
                         // Do not keep throwing errors for a while
                         $cache->set( $backoffKey, 1, 600 );
                         // Bubble up error; which should normally trigger DB rollbacks
@@ -496,10 +498,20 @@ final class SessionManager implements SessionManagerInterface {
                         // @codeCoverageIgnoreEnd
                 }
  
+               # Notify AuthPlugin
+               $tmpUser = $user;
+               $wgAuth->initUser( $tmpUser, true );
+               if ( $tmpUser !== $user ) {
+                       $logger->warning( __METHOD__ . ': ' .
+                               get_class( $wgAuth ) . '::initUser() replaced the user object' );
+               }
+
                 # Notify hooks (e.g. Newuserlog)
                 \Hooks::run( 'AuthPluginAutoCreate', array( $user ) );
                 \Hooks::run( 'LocalUserCreated', array( $user, true ) );
  
+               $user->saveSettings();
+
                 # Update user count
                 \DeferredUpdates::addUpdate( new \SiteStatsUpdate( 0, 0, 0, 0, 1 ) );
  
@@ -521,13 +533,6 @@ final class SessionManager implements SessionManagerInterface {
         public function preventSessionsForUser( $username ) {
                 $this->preventUsers[$username] = true;
  
-               // Reset the user's token to kill existing sessions
-               $user = User::newFromName( $username );
-               if ( $user && $user->getToken() ) {
-                       $user->setToken( true );
-                       $user->saveSettings();
-               }
-
                 // Instruct the session providers to kill any other sessions too.
                 foreach ( $this->getProviders() as $provider ) {
                         $provider->preventSessionsForUser( $username );
@@ -662,14 +667,18 @@ final class SessionManager implements SessionManagerInterface {
          * @return bool Whether the session info matches the stored data (if any)
          */
         private function loadSessionInfoFromStore( SessionInfo &$info, WebRequest $request ) {
-               $blob = $this->store->get( wfMemcKey( 'MWSession', $info->getId() ) );
+               $key = wfMemcKey( 'MWSession', $info->getId() );
+               $blob = $this->store->get( $key );
  
                 $newParams = array();
  
                 if ( $blob !== false ) {
                         // Sanity check: blob must be an array, if it's saved at all
                         if ( !is_array( $blob ) ) {
-                               $this->logger->warning( "Session $info: Bad data" );
+                               $this->logger->warning( 'Session "{session}": Bad data', array(
+                                       'session' => $info,
+                               ) );
+                               $this->store->delete( $key );
                                 return false;
                         }
  
@@ -677,7 +686,10 @@ final class SessionManager implements SessionManagerInterface {
                         if ( !isset( $blob['data'] ) || !is_array( $blob['data'] ) ||
                                 !isset( $blob['metadata'] ) || !is_array( $blob['metadata'] )
                         ) {
-                               $this->logger->warning( "Session $info: Bad data structure" );
+                               $this->logger->warning( 'Session "{session}": Bad data structure', array(
+                                       'session' => $info,
+                               ) );
+                               $this->store->delete( $key );
                                 return false;
                         }
  
@@ -691,7 +703,10 @@ final class SessionManager implements SessionManagerInterface {
                                 !array_key_exists( 'userToken', $metadata ) ||
                                 !array_key_exists( 'provider', $metadata )
                         ) {
-                               $this->logger->warning( "Session $info: Bad metadata" );
+                               $this->logger->warning( 'Session "{session}": Bad metadata', array(
+                                       'session' => $info,
+                               ) );
+                               $this->store->delete( $key );
                                 return false;
                         }
  
@@ -700,12 +715,21 @@ final class SessionManager implements SessionManagerInterface {
                         if ( $provider === null ) {
                                 $newParams['provider'] = $provider = $this->getProvider( $metadata['provider'] );
                                 if ( !$provider ) {
-                                       $this->logger->warning( "Session $info: Unknown provider, " . $metadata['provider'] );
+                                       $this->logger->warning(
+                                               'Session "{session}": Unknown provider ' . $metadata['provider'],
+                                               array(
+                                                       'session' => $info,
+                                               )
+                                       );
+                                       $this->store->delete( $key );
                                         return false;
                                 }
                         } elseif ( $metadata['provider'] !== (string)$provider ) {
-                               $this->logger->warning( "Session $info: Wrong provider, " .
-                                       $metadata['provider'] . ' !== ' . $provider );
+                               $this->logger->warning( 'Session "{session}": Wrong provider ' .
+                                       $metadata['provider'] . ' !== ' . $provider,
+                                       array(
+                                               'session' => $info,
+                               ) );
                                 return false;
                         }
  
@@ -723,7 +747,12 @@ final class SessionManager implements SessionManagerInterface {
                                                         $newParams['metadata'] = $newProviderMetadata;
                                                 }
                                         } catch ( \UnexpectedValueException $ex ) {
-                                               $this->logger->warning( "Session $info: Metadata merge failed: " . $ex->getMessage() );
+                                               $this->logger->warning(
+                                                       'Session "{session}": Metadata merge failed: {exception}',
+                                                       array(
+                                                               'session' => $info,
+                                                               'exception' => $ex,
+                                               ) );
                                                 return false;
                                         }
                                 }
@@ -742,7 +771,10 @@ final class SessionManager implements SessionManagerInterface {
                                                 $userInfo = UserInfo::newAnonymous();
                                         }
                                 } catch ( \InvalidArgumentException $ex ) {
-                                       $this->logger->error( "Session $info: " . $ex->getMessage() );
+                                       $this->logger->error( 'Session "{session}": {exception}', array(
+                                               'session' => $info,
+                                               'exception' => $ex,
+                                       ) );
                                         return false;
                                 }
                                 $newParams['userInfo'] = $userInfo;
@@ -751,8 +783,13 @@ final class SessionManager implements SessionManagerInterface {
                                 // is no saved ID and the names match.
                                 if ( $metadata['userId'] ) {
                                         if ( $metadata['userId'] !== $userInfo->getId() ) {
-                                               $this->logger->warning( "Session $info: User ID mismatch, " .
-                                                       $metadata['userId'] . ' !== ' . $userInfo->getId() );
+                                               $this->logger->warning(
+                                                       'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}',
+                                                       array(
+                                                               'session' => $info,
+                                                               'uid_a' => $metadata['userId'],
+                                                               'uid_b' => $userInfo->getId(),
+                                               ) );
                                                 return false;
                                         }
  
@@ -760,24 +797,35 @@ final class SessionManager implements SessionManagerInterface {
                                         if ( $metadata['userName'] !== null &&
                                                 $userInfo->getName() !== $metadata['userName']
                                         ) {
-                                               $this->logger->warning( "Session $info: User ID matched but name didn't (rename?), " .
-                                                       $metadata['userName'] . ' !== ' . $userInfo->getName() );
+                                               $this->logger->warning(
+                                                       'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}',
+                                                       array(
+                                                               'session' => $info,
+                                                               'uname_a' => $metadata['userName'],
+                                                               'uname_b' => $userInfo->getName(),
+                                               ) );
                                                 return false;
                                         }
  
                                 } elseif ( $metadata['userName'] !== null ) { // Shouldn't happen, but just in case
                                         if ( $metadata['userName'] !== $userInfo->getName() ) {
-                                               $this->logger->warning( "Session $info: User name mismatch, " .
-                                                       $metadata['userName'] . ' !== ' . $userInfo->getName() );
+                                               $this->logger->warning(
+                                                       'Session "{session}": User name mismatch, {uname_a} !== {uname_b}',
+                                                       array(
+                                                               'session' => $info,
+                                                               'uname_a' => $metadata['userName'],
+                                                               'uname_b' => $userInfo->getName(),
+                                               ) );
                                                 return false;
                                         }
                                 } elseif ( !$userInfo->isAnon() ) {
                                         // Metadata specifies an anonymous user, but the passed-in
                                         // user isn't anonymous.
                                         $this->logger->warning(
-                                               "Session $info: Metadata has an anonymous user, " .
-                                                       'but a non-anon user was provided'
-                                       );
+                                               'Session "{session}": Metadata has an anonymous user, but a non-anon user was provided',
+                                               array(
+                                                       'session' => $info,
+                                       ) );
                                         return false;
                                 }
                         }
@@ -786,7 +834,9 @@ final class SessionManager implements SessionManagerInterface {
                         if ( $metadata['userToken'] !== null &&
                                 $userInfo->getToken() !== $metadata['userToken']
                         ) {
-                               $this->logger->warning( "Session $info: User token mismatch" );
+                               $this->logger->warning( 'Session "{session}": User token mismatch', array(
+                                       'session' => $info,
+                               ) );
                                 return false;
                         }
                         if ( !$userInfo->isVerified() ) {
@@ -799,6 +849,9 @@ final class SessionManager implements SessionManagerInterface {
                         if ( !empty( $metadata['forceHTTPS'] ) && !$info->forceHTTPS() ) {
                                 $newParams['forceHTTPS'] = true;
                         }
+                       if ( !empty( $metadata['persisted'] ) && !$info->wasPersisted() ) {
+                               $newParams['persisted'] = true;
+                       }
  
                         if ( !$info->isIdSafe() ) {
                                 $newParams['idIsSafe'] = true;
@@ -806,7 +859,11 @@ final class SessionManager implements SessionManagerInterface {
                 } else {
                         // No metadata, so we can't load the provider if one wasn't given.
                         if ( $info->getProvider() === null ) {
-                               $this->logger->warning( "Session $info: Null provider and no metadata" );
+                               $this->logger->warning(
+                                       'Session "{session}": Null provider and no metadata',
+                                       array(
+                                               'session' => $info,
+                               ) );
                                 return false;
                         }
  
@@ -816,14 +873,18 @@ final class SessionManager implements SessionManagerInterface {
                                         $newParams['userInfo'] = UserInfo::newAnonymous();
                                 } else {
                                         $this->logger->info(
-                                               "Session $info: No user provided and provider cannot set user"
-                                       );
+                                               'Session "{session}": No user provided and provider cannot set user',
+                                               array(
+                                                       'session' => $info,
+                                       ) );
                                         return false;
                                 }
                         } elseif ( !$info->getUserInfo()->isVerified() ) {
                                 $this->logger->warning(
-                                       "Session $info: Unverified user provided and no metadata to auth it"
-                               );
+                                       'Session "{session}": Unverified user provided and no metadata to auth it',
+                                       array(
+                                               'session' => $info,
+                               ) );
                                 return false;
                         }
  
@@ -863,7 +924,9 @@ final class SessionManager implements SessionManagerInterface {
                         'SessionCheckInfo',
                         array( &$reason, $info, $request, $metadata, $data )
                 ) ) {
-                       $this->logger->warning( "Session $info: $reason" );
+                       $this->logger->warning( 'Session "{session}": ' . $reason, array(
+                               'session' => $info,
+                       ) );
                         return false;
                 }