Gergő Tisza has uploaded a new change for review. https://gerrit.wikimedia.org/r/283698
Change subject: Fix i18n message parameter for 'keep me logged in' days. ...................................................................... Fix i18n message parameter for 'keep me logged in' days. Also, make login cookie handling code do the right thing for expiration 0, which means session-only. It shouldn't normally be called for that (since the 'remember me' checkbox wouldn't be shown), but it could if the settings changed after the page was loaded, or the user modified the form manually. This patch is a rewrite of I7bf175 for AuthManager. Bug: T109031 Change-Id: Ic5a79a3d118646c6fcf3dcb768a379759f806a04 Co-Authored-By: Matthew Flaschen <[email protected]> --- M includes/auth/RememberMeAuthenticationRequest.php M includes/session/CookieSessionProvider.php M includes/specialpage/LoginSignupSpecialPage.php M includes/user/User.php M tests/phpunit/includes/session/CookieSessionProviderTest.php 5 files changed, 42 insertions(+), 20 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/98/283698/1 diff --git a/includes/auth/RememberMeAuthenticationRequest.php b/includes/auth/RememberMeAuthenticationRequest.php index 7cd7a16..7bbf99c 100644 --- a/includes/auth/RememberMeAuthenticationRequest.php +++ b/includes/auth/RememberMeAuthenticationRequest.php @@ -20,6 +20,7 @@ */ namespace MediaWiki\Auth; +use MediaWiki\Session\CookieSessionProvider; /** * This is an authentication request added by AuthManager to show a "remember @@ -35,8 +36,8 @@ public $rememberMe = false; public function getFieldInfo() { - global $wgCookieExpiration; - $expirationDays = ceil( $wgCookieExpiration / ( 3600 * 24 ) ); + $expiration = CookieSessionProvider::getLoginCookieExpiration(); + $expirationDays = ceil( $expiration / ( 3600 * 24 ) ); return [ 'rememberMe' => [ diff --git a/includes/session/CookieSessionProvider.php b/includes/session/CookieSessionProvider.php index 8ce3174..ee67971 100644 --- a/includes/session/CookieSessionProvider.php +++ b/includes/session/CookieSessionProvider.php @@ -218,14 +218,14 @@ ); $extendedCookies = $this->config->get( 'ExtendedLoginCookies' ); - $extendedExpiry = $this->config->get( 'ExtendedLoginCookieExpiration' ); + $cookieDuration = static::getLoginCookieExpiration(); foreach ( $cookies as $key => $value ) { if ( $value === false ) { $response->clearCookie( $key, $options ); } else { - if ( $extendedExpiry !== null && in_array( $key, $extendedCookies ) ) { - $expiry = time() + (int)$extendedExpiry; + if ( $cookieDuration !== null && in_array( $key, $extendedCookies ) ) { + $expiry = ( $cookieDuration === 0 ) ? null : time() + (int)$cookieDuration; } else { $expiry = 0; // Default cookie expiration } @@ -396,4 +396,14 @@ return wfMessage( 'sessionprovider-nocookies' ); } + /** + * Returns the lifespan of the login cookie, in seconds. 0 means current session. + * @return int|null + */ + public static function getLoginCookieExpiration() { + global $wgCookieExpiration, $wgExtendedLoginCookieExpiration; + return ( $wgExtendedLoginCookieExpiration !== null ) + ? $wgExtendedLoginCookieExpiration + : $wgCookieExpiration; + } } diff --git a/includes/specialpage/LoginSignupSpecialPage.php b/includes/specialpage/LoginSignupSpecialPage.php index 3fe0b2a..8756a1f 100644 --- a/includes/specialpage/LoginSignupSpecialPage.php +++ b/includes/specialpage/LoginSignupSpecialPage.php @@ -24,9 +24,9 @@ use MediaWiki\Auth\AuthenticationRequest; use MediaWiki\Auth\AuthenticationResponse; use MediaWiki\Auth\AuthManager; -use MediaWiki\Auth\PasswordAuthenticationRequest; use MediaWiki\Auth\Throttler; use MediaWiki\Logger\LoggerFactory; +use MediaWiki\Session\CookieSessionProvider; use MediaWiki\Session\SessionManager; use Psr\Log\LogLevel; @@ -884,9 +884,7 @@ $template->set( 'emailothers', $wgEnableUserEmail ); $template->set( 'canreset', $wgAuth->allowPasswordChange() ); $template->set( 'resetlink', $resetLink ); - $template->set( 'canremember', $wgExtendedLoginCookieExpiration === null ? - ( $wgCookieExpiration > 0 ) : - ( $wgExtendedLoginCookieExpiration > 0 ) ); + $template->set( 'canremember', CookieSessionProvider::getLoginCookieExpiration() > 0 ); $template->set( 'usereason', $user->isLoggedIn() ); $template->set( 'cansecurelogin', ( $wgSecureLogin ) ); $template->set( 'stickhttps', (int)$this->mStickHTTPS ); @@ -953,13 +951,12 @@ * @return array */ protected function getFieldDefinitions( $template ) { - global $wgEmailConfirmToEdit, $wgCookieExpiration, $wgExtendedLoginCookieExpiration, - $wgHiddenPrefs, $wgEnableEmail; + global $wgEmailConfirmToEdit, $wgHiddenPrefs, $wgEnableEmail; $isLoggedIn = $this->getUser()->isLoggedIn(); $continuePart = $this->isContinued() ? 'continue-' : ''; $anotherPart = $isLoggedIn ? 'another-' : ''; - $expirationDays = ceil( $wgCookieExpiration / ( 3600 * 24 ) ); + $expirationDays = ceil( CookieSessionProvider::getLoginCookieExpiration() / ( 3600 * 24 ) ); $secureLoginLink = ''; if ( $this->mSecureLoginUrl ) { $secureLoginLink = Html::element( 'a', [ @@ -1126,8 +1123,7 @@ ]; // FIXME this is provider business - $canRemember = $wgExtendedLoginCookieExpiration === null ? ( $wgCookieExpiration > 0 ) - : ( $wgExtendedLoginCookieExpiration > 0 ); + $canRemember = CookieSessionProvider::getLoginCookieExpiration() > 0; $createEmail = $wgEnableEmail && $isLoggedIn; $useRealName = !in_array( 'realname', $wgHiddenPrefs, true ); if ( !$canRemember ) { diff --git a/includes/user/User.php b/includes/user/User.php index 95f2502..a3e9057 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -20,6 +20,7 @@ * @file */ +use MediaWiki\Session\CookieSessionProvider; use MediaWiki\Session\SessionManager; use MediaWiki\Session\Token; use MediaWiki\Auth\AuthManager; @@ -3591,14 +3592,15 @@ * null (default): Use the default ($wgCookieSecure) to set the secure attribute */ protected function setExtendedLoginCookie( $name, $value, $secure ) { - global $wgExtendedLoginCookieExpiration, $wgCookieExpiration; - wfDeprecated( __METHOD__, '1.27' ); - $exp = time(); - $exp += $wgExtendedLoginCookieExpiration !== null - ? $wgExtendedLoginCookieExpiration - : $wgCookieExpiration; + $expirationDuration = CookieSessionProvider::getLoginCookieExpiration(); + + if ( $expirationDuration !== 0 ) { + $exp = time() + $expirationDuration; + } else { + $exp = null; + } $this->setCookie( $name, $value, $exp, $secure ); } diff --git a/tests/phpunit/includes/session/CookieSessionProviderTest.php b/tests/phpunit/includes/session/CookieSessionProviderTest.php index 70e89d4..1882388 100644 --- a/tests/phpunit/includes/session/CookieSessionProviderTest.php +++ b/tests/phpunit/includes/session/CookieSessionProviderTest.php @@ -783,4 +783,17 @@ $this->assertNull( $provider->getCookie( $request, 'Baz', 'x' ) ); } + public function testGetLoginCookieExpiration() { + $this->setMwGlobals( [ + 'wgCookieExpiration' => 123, + '$wgExtendedLoginCookieExpiration' => 45, + ] ); + $this->assertSame( 45, CookieSessionProvider::getLoginCookieExpiration() ); + + $this->setMwGlobals( [ + 'wgCookieExpiration' => 123, + '$wgExtendedLoginCookieExpiration' => null, + ] ); + $this->assertSame( 123, CookieSessionProvider::getLoginCookieExpiration() ); + } } -- To view, visit https://gerrit.wikimedia.org/r/283698 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic5a79a3d118646c6fcf3dcb768a379759f806a04 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Gergő Tisza <[email protected]> Gerrit-Reviewer: Mattflaschen <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
