namespace MediaWiki\Session;
use Psr\Log\LoggerInterface;
-use Psr\Log\LogLevel;
use BagOStuff;
use CachedBagOStuff;
use Config;
private $varyHeaders = null;
/** @var SessionBackend[] */
- private $allSessionBackends = array();
+ private $allSessionBackends = [];
/** @var SessionId[] */
- private $allSessionIds = array();
+ private $allSessionIds = [];
/** @var string[] */
- private $preventUsers = array();
+ private $preventUsers = [];
/**
* Get the global SessionManager
* - logger: LoggerInterface to use for logging. Defaults to the 'session' channel.
* - store: BagOStuff to store session data in.
*/
- public function __construct( $options = array() ) {
+ public function __construct( $options = [] ) {
if ( isset( $options['config'] ) ) {
$this->config = $options['config'];
if ( !$this->config instanceof Config ) {
$store = $options['store'];
} else {
$store = \ObjectCache::getInstance( $this->config->get( 'SessionCacheType' ) );
- $store->setLogger( $this->logger );
}
$this->store = $store instanceof CachedBagOStuff ? $store : new CachedBagOStuff( $store );
- register_shutdown_function( array( $this, 'shutdown' ) );
+ register_shutdown_function( [ $this, 'shutdown' ] );
}
public function setLogger( LoggerInterface $logger ) {
// of "no such ID"
$key = wfMemcKey( 'MWSession', $id );
if ( is_array( $this->store->get( $key ) ) ) {
- $info = new SessionInfo( SessionInfo::MIN_PRIORITY, array( 'id' => $id, 'idIsSafe' => true ) );
+ $info = new SessionInfo( SessionInfo::MIN_PRIORITY, [ 'id' => $id, 'idIsSafe' => true ] );
if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
$session = $this->getSessionFromInfo( $info, $request );
}
$session = $this->getEmptySessionInternal( $request, $id );
} catch ( \Exception $ex ) {
$this->logger->error( 'Failed to create empty session: {exception}',
- array(
+ [
'method' => __METHOD__,
'exception' => $ex,
- ) );
+ ] );
$session = null;
}
}
$request = new FauxRequest;
}
- $infos = array();
+ $infos = [];
foreach ( $this->getProviders() as $provider ) {
$info = $provider->newSessionInfo( $id );
if ( !$info ) {
if ( $compare === 0 ) {
$infos[] = $info;
} else {
- $infos = array( $info );
+ $infos = [ $info ];
}
}
public function getVaryHeaders() {
if ( $this->varyHeaders === null ) {
- $headers = array();
+ $headers = [];
foreach ( $this->getProviders() as $provider ) {
foreach ( $provider->getVaryHeaders() as $header => $options ) {
if ( !isset( $headers[$header] ) ) {
- $headers[$header] = array();
+ $headers[$header] = [];
}
if ( is_array( $options ) ) {
$headers[$header] = array_unique( array_merge( $headers[$header], $options ) );
public function getVaryCookies() {
if ( $this->varyCookies === null ) {
- $cookies = array();
+ $cookies = [];
foreach ( $this->getProviders() as $provider ) {
$cookies = array_merge( $cookies, $provider->getVaryCookies() );
}
// Try the local user from the slave DB
$localId = User::idFromName( $user->getName() );
+ $flags = 0;
// Fetch the user ID from the master, so that we don't try to create the user
// when they already exist, due to replication lag
// @codeCoverageIgnoreStart
if ( !$localId && wfGetLB()->getReaderIndex() != 0 ) {
$localId = User::idFromName( $user->getName(), User::READ_LATEST );
+ $flags = User::READ_LATEST;
}
// @codeCoverageIgnoreEnd
if ( $localId ) {
// User exists after all.
$user->setId( $localId );
- $user->loadFromId();
+ $user->loadFromId( $flags );
return false;
}
// Give other extensions a chance to stop auto creation.
$user->loadDefaults( $userName );
$abortMessage = '';
- if ( !\Hooks::run( 'AbortAutoAccount', array( $user, &$abortMessage ) ) ) {
+ if ( !\Hooks::run( 'AbortAutoAccount', [ $user, &$abortMessage ] ) ) {
// In this case we have no way to return the message to the user,
// but we can log it.
$logger->debug( __METHOD__ . ": denied by hook: $abortMessage" );
// Checks passed, create the user...
$from = isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : 'CLI';
$logger->info( __METHOD__ . ': creating new user ({username}) - from: {url}',
- array(
+ [
'username' => $userName,
'url' => $from,
- ) );
+ ] );
try {
// Insert the user into the local DB master
$status = $user->addToDatabase();
if ( !$status->isOK() ) {
// @codeCoverageIgnoreStart
- $logger->error( __METHOD__ . ': failed with message ' . $status->getWikiText(),
- array(
- 'username' => $userName,
- ) );
- $user->setId( 0 );
- $user->loadFromId();
+ // double-check for a race condition (T70012)
+ $id = User::idFromName( $user->getName(), User::READ_LATEST );
+ if ( $id ) {
+ $logger->info( __METHOD__ . ': tried to autocreate existing user',
+ [
+ 'username' => $userName,
+ ] );
+ } else {
+ $logger->error( __METHOD__ . ': failed with message ' . $status->getWikiText(),
+ [
+ 'username' => $userName,
+ ] );
+ }
+ $user->setId( $id );
+ $user->loadFromId( User::READ_LATEST );
return false;
// @codeCoverageIgnoreEnd
}
} catch ( \Exception $ex ) {
// @codeCoverageIgnoreStart
- $logger->error( __METHOD__ . ': failed with exception {exception}', array(
+ $logger->error( __METHOD__ . ': failed with exception {exception}', [
'exception' => $ex,
'username' => $userName,
- ) );
+ ] );
// Do not keep throwing errors for a while
$cache->set( $backoffKey, 1, 600 );
// Bubble up error; which should normally trigger DB rollbacks
}
# Notify hooks (e.g. Newuserlog)
- \Hooks::run( 'AuthPluginAutoCreate', array( $user ) );
- \Hooks::run( 'LocalUserCreated', array( $user, true ) );
+ \Hooks::run( 'AuthPluginAutoCreate', [ $user ] );
+ \Hooks::run( 'LocalUserCreated', [ $user, true ] );
$user->saveSettings();
*/
protected function getProviders() {
if ( $this->sessionProviders === null ) {
- $this->sessionProviders = array();
+ $this->sessionProviders = [];
foreach ( $this->config->get( 'SessionProviders' ) as $spec ) {
$provider = \ObjectFactory::getObjectFromSpec( $spec );
$provider->setLogger( $this->logger );
*/
private function getSessionInfoForRequest( WebRequest $request ) {
// Call all providers to fetch "the" session
- $infos = array();
+ $infos = [];
foreach ( $this->getProviders() as $provider ) {
$info = $provider->provideSessionInfo( $request );
if ( !$info ) {
// successfully loaded, and then all the ones after it with the same
// priority.
usort( $infos, 'MediaWiki\\Session\\SessionInfo::compare' );
- $retInfos = array();
+ $retInfos = [];
while ( $infos ) {
$info = array_pop( $infos );
if ( $this->loadSessionInfoFromStore( $info, $request ) ) {
$key = wfMemcKey( 'MWSession', $info->getId() );
$blob = $this->store->get( $key );
- $newParams = array();
+ $newParams = [];
if ( $blob !== false ) {
// Sanity check: blob must be an array, if it's saved at all
if ( !is_array( $blob ) ) {
- $this->logger->warning( 'Session "{session}": Bad data', array(
+ $this->logger->warning( 'Session "{session}": Bad data', [
'session' => $info,
- ) );
+ ] );
$this->store->delete( $key );
return false;
}
if ( !isset( $blob['data'] ) || !is_array( $blob['data'] ) ||
!isset( $blob['metadata'] ) || !is_array( $blob['metadata'] )
) {
- $this->logger->warning( 'Session "{session}": Bad data structure', array(
+ $this->logger->warning( 'Session "{session}": Bad data structure', [
'session' => $info,
- ) );
+ ] );
$this->store->delete( $key );
return false;
}
!array_key_exists( 'userToken', $metadata ) ||
!array_key_exists( 'provider', $metadata )
) {
- $this->logger->warning( 'Session "{session}": Bad metadata', array(
+ $this->logger->warning( 'Session "{session}": Bad metadata', [
'session' => $info,
- ) );
+ ] );
$this->store->delete( $key );
return false;
}
if ( !$provider ) {
$this->logger->warning(
'Session "{session}": Unknown provider ' . $metadata['provider'],
- array(
+ [
'session' => $info,
- )
+ ]
);
$this->store->delete( $key );
return false;
} elseif ( $metadata['provider'] !== (string)$provider ) {
$this->logger->warning( 'Session "{session}": Wrong provider ' .
$metadata['provider'] . ' !== ' . $provider,
- array(
+ [
'session' => $info,
- ) );
+ ] );
return false;
}
} catch ( MetadataMergeException $ex ) {
$this->logger->warning(
'Session "{session}": Metadata merge failed: {exception}',
- array(
+ [
'session' => $info,
'exception' => $ex,
- ) + $ex->getContext()
+ ] + $ex->getContext()
);
return false;
}
$userInfo = UserInfo::newAnonymous();
}
} catch ( \InvalidArgumentException $ex ) {
- $this->logger->error( 'Session "{session}": {exception}', array(
+ $this->logger->error( 'Session "{session}": {exception}', [
'session' => $info,
'exception' => $ex,
- ) );
+ ] );
return false;
}
$newParams['userInfo'] = $userInfo;
if ( $metadata['userId'] !== $userInfo->getId() ) {
$this->logger->warning(
'Session "{session}": User ID mismatch, {uid_a} !== {uid_b}',
- array(
+ [
'session' => $info,
'uid_a' => $metadata['userId'],
'uid_b' => $userInfo->getId(),
- ) );
+ ] );
return false;
}
) {
$this->logger->warning(
'Session "{session}": User ID matched but name didn\'t (rename?), {uname_a} !== {uname_b}',
- array(
+ [
'session' => $info,
'uname_a' => $metadata['userName'],
'uname_b' => $userInfo->getName(),
- ) );
+ ] );
return false;
}
if ( $metadata['userName'] !== $userInfo->getName() ) {
$this->logger->warning(
'Session "{session}": User name mismatch, {uname_a} !== {uname_b}',
- array(
+ [
'session' => $info,
'uname_a' => $metadata['userName'],
'uname_b' => $userInfo->getName(),
- ) );
+ ] );
return false;
}
} elseif ( !$userInfo->isAnon() ) {
// user isn't anonymous.
$this->logger->warning(
'Session "{session}": Metadata has an anonymous user, but a non-anon user was provided',
- array(
+ [
'session' => $info,
- ) );
+ ] );
return false;
}
}
if ( $metadata['userToken'] !== null &&
$userInfo->getToken() !== $metadata['userToken']
) {
- $this->logger->warning( 'Session "{session}": User token mismatch', array(
+ $this->logger->warning( 'Session "{session}": User token mismatch', [
'session' => $info,
- ) );
+ ] );
return false;
}
if ( !$userInfo->isVerified() ) {
if ( $info->getProvider() === null ) {
$this->logger->warning(
'Session "{session}": Null provider and no metadata',
- array(
+ [
'session' => $info,
- ) );
+ ] );
return false;
}
} else {
$this->logger->info(
'Session "{session}": No user provided and provider cannot set user',
- array(
+ [
'session' => $info,
- ) );
+ ] );
return false;
}
} elseif ( !$info->getUserInfo()->isVerified() ) {
$this->logger->warning(
'Session "{session}": Unverified user provided and no metadata to auth it',
- array(
+ [
'session' => $info,
- ) );
+ ] );
return false;
}
return false;
}
if ( $providerMetadata !== $info->getProviderMetadata() ) {
- $info = new SessionInfo( $info->getPriority(), array(
+ $info = new SessionInfo( $info->getPriority(), [
'metadata' => $providerMetadata,
'copyFrom' => $info,
- ) );
+ ] );
}
// Give hooks a chance to abort. Combined with the SessionMetadata
$reason = 'Hook aborted';
if ( !\Hooks::run(
'SessionCheckInfo',
- array( &$reason, $info, $request, $metadata, $data )
+ [ &$reason, $info, $request, $metadata, $data ]
) ) {
- $this->logger->warning( 'Session "{session}": ' . $reason, array(
+ $this->logger->warning( 'Session "{session}": ' . $reason, [
'session' => $info,
- ) );
+ ] );
return false;
}
* @return Session
*/
public function getSessionFromInfo( SessionInfo $info, WebRequest $request ) {
+ if ( defined( 'MW_NO_SESSION' ) ) {
+ if ( MW_NO_SESSION === 'warn' ) {
+ // Undocumented safety case for converting existing entry points
+ $this->logger->error( 'Sessions are supposed to be disabled for this entry point' );
+ } else {
+ throw new \BadMethodCallException( 'Sessions are disabled for this entry point' );
+ }
+ }
+
$id = $info->getId();
if ( !isset( $this->allSessionBackends[$id] ) ) {
self::$globalSessionRequest = null;
}
- /**
- * Do a sanity check to make sure the session is not used from many different IP addresses
- * and store some data for later sanity checks.
- * FIXME remove this once SessionManager is considered stable
- * @private For use in Setup.php only
- * @param Session $session Defaults to the global session.
- */
- public function checkIpLimits( Session $session = null ) {
- $session = $session ?: self::getGlobalSession();
-
- try {
- $ip = $session->getRequest()->getIP();
- } catch ( \MWException $e ) {
- return;
- }
- if ( $ip === '127.0.0.1' || \IP::isConfiguredProxy( $ip ) ) {
- return;
- }
- $now = time();
-
- // Record (and possibly log) that the IP is using the current session.
- // Don't touch the stored data unless we are adding a new IP or re-adding an expired one.
- // This is slightly inaccurate (when an existing IP is seen again, the expiry is not
- // extended) but that shouldn't make much difference and limits the session write frequency
- // to # of IPs / $wgSuspiciousIpExpiry.
- $data = $session->get( 'SessionManager-ip', array() );
- if (
- !isset( $data[$ip] )
- || $data[$ip] < $now
- ) {
- $data[$ip] = time() + $this->config->get( 'SuspiciousIpExpiry' );
- foreach ( $data as $key => $expires ) {
- if ( $expires < $now ) {
- unset( $data[$key] );
- }
- }
- $session->set( 'SessionManager-ip', $data );
-
- $logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'session-ip' );
- $logLevel = count( $data ) >= $this->config->get( 'SuspiciousIpPerSessionLimit' )
- ? LogLevel::WARNING : ( count( $data ) === 1 ? LogLevel::DEBUG : LogLevel::INFO );
- $logger->log(
- $logLevel,
- 'Same session used from {count} IPs',
- array(
- 'count' => count( $data ),
- 'ips' => $data,
- 'session' => $session->getId(),
- 'user' => $session->getUser()->getName(),
- 'persistent' => $session->isPersistent(),
- )
- );
- }
-
- // Now do the same thing globally for the current user.
- // We are using the object cache and assume it is shared between all wikis of a farm,
- // and further assume that the same name belongs to the same user on all wikis. (It's either
- // that or a central ID lookup which would mean an extra SQL query on every request.)
- if ( $session->getUser()->isLoggedIn() ) {
- $userKey = 'SessionManager-ip:' . md5( $session->getUser()->getName() );
- $data = $this->store->get( $userKey ) ?: array();
- if (
- !isset( $data[$ip] )
- || $data[$ip] < $now
- ) {
- $data[$ip] = time() + $this->config->get( 'SuspiciousIpExpiry' );
- foreach ( $data as $key => $expires ) {
- if ( $expires < $now ) {
- unset( $data[$key] );
- }
- }
- $this->store->set( $userKey, $data, $this->config->get( 'SuspiciousIpExpiry' ) );
- $logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'session-ip' );
- $logLevel = count( $data ) >= $this->config->get( 'SuspiciousIpPerUserLimit' )
- ? LogLevel::WARNING : ( count( $data ) === 1 ? LogLevel::DEBUG : LogLevel::INFO );
- $logger->log(
- $logLevel,
- 'Same user had sessions from {count} IPs',
- array(
- 'count' => count( $data ),
- 'ips' => $data,
- 'session' => $session->getId(),
- 'user' => $session->getUser()->getName(),
- 'persistent' => $session->isPersistent(),
- )
- );
- }
- }
- }
-
/**@}*/
}