jenkins-bot has submitted this change and it was merged.
Change subject: Add SessionManager::invalidateSessionsForUser
......................................................................
Add SessionManager::invalidateSessionsForUser
Most of the time calling User::setToken() is enough, but CentralAuth
needs to be able to call CentralAuthUser::resetAuthToken() on command.
Change-Id: Iad2ae914a81481f040e047b550f3fd3437277626
(cherry picked from commit 3e618de36377403ab0f853101c0d88c33e27ae21)
---
M includes/AuthPlugin.php
M includes/session/SessionManager.php
M includes/session/SessionManagerInterface.php
M includes/session/SessionProvider.php
M includes/specials/SpecialUserlogin.php
M includes/user/User.php
M tests/phpunit/includes/session/SessionManagerTest.php
M tests/phpunit/includes/session/SessionProviderTest.php
8 files changed, 76 insertions(+), 3 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php
index 6449d37..add5876 100644
--- a/includes/AuthPlugin.php
+++ b/includes/AuthPlugin.php
@@ -352,6 +352,9 @@
return false;
}
+ /**
+ * @deprecated since 1.28, use
SessionManager::invalidateSessionForUser() instead.
+ */
public function resetAuthToken() {
# Override this!
return true;
diff --git a/includes/session/SessionManager.php
b/includes/session/SessionManager.php
index 01a9fe5..b8b98f2 100644
--- a/includes/session/SessionManager.php
+++ b/includes/session/SessionManager.php
@@ -301,6 +301,19 @@
return $this->getSessionFromInfo( $infos[0], $request );
}
+ public function invalidateSessionsForUser( User $user ) {
+ global $wgAuth;
+
+ $user->setToken();
+ $user->saveSettings();
+
+ $wgAuth->getUserInstance( $user )->resetAuthToken();
+
+ foreach ( $this->getProviders() as $provider ) {
+ $provider->invalidateSessionsForUser( $user );
+ }
+ }
+
public function getVaryHeaders() {
// @codeCoverageIgnoreStart
if ( defined( 'MW_NO_SESSION' ) && MW_NO_SESSION !== 'warn' ) {
diff --git a/includes/session/SessionManagerInterface.php
b/includes/session/SessionManagerInterface.php
index b3e28fe..d4e52c7 100644
--- a/includes/session/SessionManagerInterface.php
+++ b/includes/session/SessionManagerInterface.php
@@ -24,6 +24,7 @@
namespace MediaWiki\Session;
use Psr\Log\LoggerAwareInterface;
+use User;
use WebRequest;
/**
@@ -73,6 +74,17 @@
public function getEmptySession( WebRequest $request = null );
/**
+ * Invalidate sessions for a user
+ *
+ * After calling this, existing sessions should be invalid. For mutable
+ * session providers, this generally means the user has to log in again;
+ * for immutable providers, it generally means the loss of session data.
+ *
+ * @param User $user
+ */
+ public function invalidateSessionsForUser( User $user );
+
+ /**
* Return the HTTP headers that need varying on.
*
* The return value is such that someone could theoretically do this:
diff --git a/includes/session/SessionProvider.php
b/includes/session/SessionProvider.php
index a1cf57d..03b3bd8 100644
--- a/includes/session/SessionProvider.php
+++ b/includes/session/SessionProvider.php
@@ -27,6 +27,7 @@
use Psr\Log\LoggerInterface;
use Config;
use Language;
+use User;
use WebRequest;
/**
@@ -359,6 +360,19 @@
}
/**
+ * Invalidate existing sessions for a user
+ *
+ * If the provider has its own equivalent of CookieSessionProvider's
Token
+ * cookie (and doesn't use User::getToken() to implement it), it should
+ * reset whatever token it does use here.
+ *
+ * @protected For use by \MediaWiki\Session\SessionManager only
+ * @param User $user;
+ */
+ public function invalidateSessionsForUser( User $user ) {
+ }
+
+ /**
* Return the HTTP headers that need varying on.
*
* The return value is such that someone could theoretically do this:
diff --git a/includes/specials/SpecialUserlogin.php
b/includes/specials/SpecialUserlogin.php
index a77c79e..45315a7 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -699,7 +699,7 @@
$u->setEmail( $this->mEmail );
$u->setRealName( $this->mRealName );
- $u->setToken();
+ SessionManager::singleton()->invalidateSessionsForUser( $u );
Hooks::run( 'LocalUserCreated', [ $u, $autocreate ] );
$oldUser = $u;
diff --git a/includes/user/User.php b/includes/user/User.php
index 7e05ee8..cb1780a 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2489,9 +2489,9 @@
throw new PasswordError( wfMessage( 'externaldberror'
)->text() );
}
- $this->setToken();
$this->setOption( 'watchlisttoken', false );
$this->setPasswordInternal( $str );
+ SessionManager::singleton()->invalidateSessionsForUser( $this );
return true;
}
@@ -2508,9 +2508,9 @@
global $wgAuth;
if ( $wgAuth->allowSetLocalPassword() ) {
- $this->setToken();
$this->setOption( 'watchlisttoken', false );
$this->setPasswordInternal( $str );
+ SessionManager::singleton()->invalidateSessionsForUser(
$this );
}
}
diff --git a/tests/phpunit/includes/session/SessionManagerTest.php
b/tests/phpunit/includes/session/SessionManagerTest.php
index 9c9115d..5f387ea 100644
--- a/tests/phpunit/includes/session/SessionManagerTest.php
+++ b/tests/phpunit/includes/session/SessionManagerTest.php
@@ -642,6 +642,35 @@
}
}
+ public function testInvalidateSessionsForUser() {
+ $user = User::newFromName( 'UTSysop' );
+ $manager = $this->getManager();
+
+ $providerBuilder = $this->getMockBuilder(
'DummySessionProvider' )
+ ->setMethods( [ 'invalidateSessionsForUser',
'__toString' ] );
+
+ $provider1 = $providerBuilder->getMock();
+ $provider1->expects( $this->once() )->method(
'invalidateSessionsForUser' )
+ ->with( $this->identicalTo( $user ) );
+ $provider1->expects( $this->any() )->method( '__toString' )
+ ->will( $this->returnValue( 'MockProvider1' ) );
+
+ $provider2 = $providerBuilder->getMock();
+ $provider2->expects( $this->once() )->method(
'invalidateSessionsForUser' )
+ ->with( $this->identicalTo( $user ) );
+ $provider2->expects( $this->any() )->method( '__toString' )
+ ->will( $this->returnValue( 'MockProvider2' ) );
+
+ $this->config->set( 'SessionProviders', [
+ $this->objectCacheDef( $provider1 ),
+ $this->objectCacheDef( $provider2 ),
+ ] );
+
+ $oldToken = $user->getToken( true );
+ $manager->invalidateSessionsForUser( $user );
+ $this->assertNotEquals( $oldToken, $user->getToken() );
+ }
+
public function testGetVaryHeaders() {
$manager = $this->getManager();
diff --git a/tests/phpunit/includes/session/SessionProviderTest.php
b/tests/phpunit/includes/session/SessionProviderTest.php
index 18b1efd..f80baf2 100644
--- a/tests/phpunit/includes/session/SessionProviderTest.php
+++ b/tests/phpunit/includes/session/SessionProviderTest.php
@@ -27,6 +27,8 @@
$this->assertSame( $manager, $priv->manager );
$this->assertSame( $manager, $provider->getManager() );
+ $provider->invalidateSessionsForUser( new \User );
+
$this->assertSame( [], $provider->getVaryHeaders() );
$this->assertSame( [], $provider->getVaryCookies() );
$this->assertSame( null, $provider->suggestLoginUsername( new
\FauxRequest ) );
--
To view, visit https://gerrit.wikimedia.org/r/289076
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iad2ae914a81481f040e047b550f3fd3437277626
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Florianschmidtwelzow <[email protected]>
Gerrit-Reviewer: Gergő Tisza <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
