jenkins-bot has submitted this change and it was merged. Change subject: Make CentralAuth explicitly say which cookies need to be extended ......................................................................
Make CentralAuth explicitly say which cookies need to be extended We don't want to rely on a $wg config variable for this (users shouldn't need to understand cookie implementation details), so change it to use a code-defined list instead. This just uses the list from CookieSessionProvider in core, and adds 'User'. Bug: T68699 Depends-On: Ia3259846433980408f79d44f665e17e15670e8ee Change-Id: I229dbc9f097bb0efc5e3e45c6a3b98ffcf9527e2 --- M includes/session/CentralAuthSessionProvider.php M tests/phpunit/CentralAuthSessionProviderTest.php 2 files changed, 17 insertions(+), 15 deletions(-) Approvals: Anomie: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/session/CentralAuthSessionProvider.php b/includes/session/CentralAuthSessionProvider.php index 13edb07..b867d0e 100644 --- a/includes/session/CentralAuthSessionProvider.php +++ b/includes/session/CentralAuthSessionProvider.php @@ -328,7 +328,7 @@ if ( $value === false ) { $response->clearCookie( $name, $options ); } else { - $expirationDuration = $this->getLoginCookieExpiration( $name ); + $expirationDuration = $this->getLoginCookieExpiration( $name, $remember ); $expiration = $expirationDuration ? $expirationDuration + time() : null; $response->setCookie( $name, (string)$value, $expiration, $options ); } @@ -422,8 +422,13 @@ if ( !$sameCookie ) { parent::setForceHTTPSCookie( false, $backend, $request ); } - if ( $backend->shouldRememberUser() ) { - $expirationDuration = $this->getLoginCookieExpiration( 'forceHTTPS' ); + + $shouldRemember = $backend->shouldRememberUser(); + if ( $shouldRemember ) { + $expirationDuration = $this->getLoginCookieExpiration( + 'forceHTTPS', + /* $shouldRememberUser */ true + ); $expiration = $expirationDuration ? $expirationDuration + time() : null; } else { $expiration = null; @@ -478,6 +483,12 @@ return $this->centralCookieOptions['domain']; } + protected function getExtendedLoginCookies() { + $cookies = parent::getExtendedLoginCookies(); + $cookies[] = 'User'; + return $cookies; + } + public function getRememberUserDuration() { // CentralAuth needs User and Token cookies to remember the user. The fallback to // sessions needs UserID as well, so if that one has shorter expiration, the remember @@ -485,9 +496,9 @@ // duration in that case. return min( - $this->getLoginCookieExpiration( 'User' ), - $this->getLoginCookieExpiration( 'Token' ), - $this->getLoginCookieExpiration( 'UserID' ) + $this->getLoginCookieExpiration( 'User', /* $shouldRememberUser */ true ), + $this->getLoginCookieExpiration( 'Token', /* $shouldRememberUser */ true ), + $this->getLoginCookieExpiration( 'UserID', /* $shouldRememberUser */ true ) ) ?: null; } } diff --git a/tests/phpunit/CentralAuthSessionProviderTest.php b/tests/phpunit/CentralAuthSessionProviderTest.php index a9d4ee9..ff328a4 100644 --- a/tests/phpunit/CentralAuthSessionProviderTest.php +++ b/tests/phpunit/CentralAuthSessionProviderTest.php @@ -34,7 +34,6 @@ $config = new HashConfig( [ 'CookieExpiration' => 100, 'ExtendedLoginCookieExpiration' => 200, - 'ExtendedLoginCookies' => [ 'User', 'UserID', 'Token' ], // these are needed by CookieSessionProvider::getConfig 'SessionName' => null, 'CookiePrefix' => '', @@ -47,13 +46,5 @@ $provider->setConfig( $config ); $this->assertSame( 200, $provider->getRememberUserDuration() ); - - $config->set( 'ExtendedLoginCookies', [ 'UserID', 'Token' ] ); - - $this->assertSame( 100, $provider->getRememberUserDuration() ); - - $config->set( 'ExtendedLoginCookies', [ 'User', 'Token' ] ); - - $this->assertSame( 100, $provider->getRememberUserDuration() ); } } -- To view, visit https://gerrit.wikimedia.org/r/295553 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I229dbc9f097bb0efc5e3e45c6a3b98ffcf9527e2 Gerrit-PatchSet: 4 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: master Gerrit-Owner: Mattflaschen <mflasc...@wikimedia.org> Gerrit-Reviewer: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits