if ( $value === false ) {
$response->clearCookie( $key, $options );
} else {
- $expirationDuration = $this->getLoginCookieExpiration( $key );
+ $expirationDuration = $this->getLoginCookieExpiration( $key, $session->shouldRememberUser() );
$expiration = $expirationDuration ? $expirationDuration + time() : null;
$response->setCookie( $key, (string)$value, $expiration, $options );
}
$response = $request->response();
if ( $set ) {
if ( $backend->shouldRememberUser() ) {
- $expirationDuration = $this->getLoginCookieExpiration( 'forceHTTPS' );
+ $expirationDuration = $this->getLoginCookieExpiration(
+ 'forceHTTPS',
+ true
+ );
$expiration = $expirationDuration ? $expirationDuration + time() : null;
} else {
$expiration = null;
}
public function getRememberUserDuration() {
- return min( $this->getLoginCookieExpiration( 'UserID' ),
- $this->getLoginCookieExpiration( 'Token' ) ) ?: null;
+ return min( $this->getLoginCookieExpiration( 'UserID', true ),
+ $this->getLoginCookieExpiration( 'Token', true ) ) ?: null;
+ }
+
+ /**
+ * Gets the list of cookies that must be set to the 'remember me' duration,
+ * if $wgExtendedLoginCookieExpiration is in use.
+ *
+ * @return string[] Array of unprefixed cookie keys
+ */
+ protected function getExtendedLoginCookies() {
+ return [ 'UserID', 'UserName', 'Token' ];
}
/**
* Returns the lifespan of the login cookies, in seconds. 0 means until the end of the session.
+ *
+ * Cookies that are session-length do not call this function.
+ *
* @param string $cookieName
+ * @param boolean $shouldRememberUser Whether the user should be remembered
+ * long-term
* @return int Cookie expiration time in seconds; 0 for session cookies
*/
- protected function getLoginCookieExpiration( $cookieName ) {
+ protected function getLoginCookieExpiration( $cookieName, $shouldRememberUser ) {
+ $extendedCookies = $this->getExtendedLoginCookies();
$normalExpiration = $this->config->get( 'CookieExpiration' );
- $extendedExpiration = $this->config->get( 'ExtendedLoginCookieExpiration' );
- $extendedCookies = $this->config->get( 'ExtendedLoginCookies' );
- if ( !in_array( $cookieName, $extendedCookies, true ) ) {
+ if ( $shouldRememberUser && in_array( $cookieName, $extendedCookies, true ) ) {
+ $extendedExpiration = $this->config->get( 'ExtendedLoginCookieExpiration' );
+
+ return ( $extendedExpiration !== null ) ? (int)$extendedExpiration : (int)$normalExpiration;
+ } else {
return (int)$normalExpiration;
}
- return ( $extendedExpiration !== null ) ? (int)$extendedExpiration : (int)$normalExpiration;
}
}
'CookieHttpOnly' => true,
'SessionName' => false,
'CookieExpiration' => 100,
- 'ExtendedLoginCookies' => [ 'UserID', 'Token' ],
'ExtendedLoginCookieExpiration' => 200,
] );
}
$this->assertTrue( $provider->persistsSessionId() );
$this->assertTrue( $provider->canChangeUser() );
+ $extendedCookies = [ 'UserID', 'UserName', 'Token' ];
+
+ $this->assertEquals(
+ $extendedCookies,
+ \TestingAccessWrapper::newFromObject( $provider )->getExtendedLoginCookies(),
+ 'List of extended cookies (subclasses can add values, but we\'re calling the core one here)'
+ );
+
$msg = $provider->whyNoSession();
$this->assertInstanceOf( 'Message', $msg );
$this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
'httpOnly' => $config->get( 'CookieHttpOnly' ),
'raw' => false,
];
+
+ $normalExpiry = $config->get( 'CookieExpiration' );
$extendedExpiry = $config->get( 'ExtendedLoginCookieExpiration' );
$extendedExpiry = (int)( $extendedExpiry === null ? 0 : $extendedExpiry );
- $this->assertEquals( [ 'UserID', 'Token' ], $config->get( 'ExtendedLoginCookies' ),
- 'sanity check' );
$expect = [
'MySessionName' => [
'value' => (string)$sessionId,
] + $defaults,
'xUserID' => [
'value' => (string)$user->getId(),
- 'expire' => $extendedExpiry,
+ 'expire' => $remember ? $extendedExpiry : $normalExpiry,
] + $defaults,
'xUserName' => [
'value' => $user->getName(),
+ 'expire' => $remember ? $extendedExpiry : $normalExpiry
] + $defaults,
'xToken' => [
'value' => $remember ? $user->getToken() : '',
$provider->setConfig( $config );
$provider->setManager( SessionManager::singleton() );
- $this->assertSame( 200, $provider->getLoginCookieExpiration( 'Token' ) );
- $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User' ) );
+ // First cookie is an extended cookie, remember me true
+ $this->assertSame( 200, $provider->getLoginCookieExpiration( 'Token', true ) );
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );
+
+ // First cookie is an extended cookie, remember me false
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'UserID', false ) );
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );
$config->set( 'ExtendedLoginCookieExpiration', null );
- $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token' ) );
- $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User' ) );
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', true ) );
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', true ) );
+
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'Token', false ) );
+ $this->assertSame( 100, $provider->getLoginCookieExpiration( 'User', false ) );
}
}