jenkins-bot has submitted this change and it was merged.
Change subject: Make CentralAuth explicitly say which cookies need to be
extended
......................................................................
Make CentralAuth explicitly say which cookies need to be extended
We don't want to rely on a $wg config variable for this (users
shouldn't need to understand cookie implementation details), so change
it to use a code-defined list instead. This just uses the list
from CookieSessionProvider in core, and adds 'User'.
Bug: T68699
Depends-On: Ia3259846433980408f79d44f665e17e15670e8ee
Change-Id: I229dbc9f097bb0efc5e3e45c6a3b98ffcf9527e2
---
M includes/session/CentralAuthSessionProvider.php
M tests/phpunit/CentralAuthSessionProviderTest.php
2 files changed, 17 insertions(+), 15 deletions(-)
Approvals:
Anomie: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/session/CentralAuthSessionProvider.php
b/includes/session/CentralAuthSessionProvider.php
index 13edb07..b867d0e 100644
--- a/includes/session/CentralAuthSessionProvider.php
+++ b/includes/session/CentralAuthSessionProvider.php
@@ -328,7 +328,7 @@
if ( $value === false ) {
$response->clearCookie( $name, $options
);
} else {
- $expirationDuration =
$this->getLoginCookieExpiration( $name );
+ $expirationDuration =
$this->getLoginCookieExpiration( $name, $remember );
$expiration = $expirationDuration ?
$expirationDuration + time() : null;
$response->setCookie( $name,
(string)$value, $expiration, $options );
}
@@ -422,8 +422,13 @@
if ( !$sameCookie ) {
parent::setForceHTTPSCookie( false, $backend,
$request );
}
- if ( $backend->shouldRememberUser() ) {
- $expirationDuration =
$this->getLoginCookieExpiration( 'forceHTTPS' );
+
+ $shouldRemember = $backend->shouldRememberUser();
+ if ( $shouldRemember ) {
+ $expirationDuration =
$this->getLoginCookieExpiration(
+ 'forceHTTPS',
+ /* $shouldRememberUser */ true
+ );
$expiration = $expirationDuration ?
$expirationDuration + time() : null;
} else {
$expiration = null;
@@ -478,6 +483,12 @@
return $this->centralCookieOptions['domain'];
}
+ protected function getExtendedLoginCookies() {
+ $cookies = parent::getExtendedLoginCookies();
+ $cookies[] = 'User';
+ return $cookies;
+ }
+
public function getRememberUserDuration() {
// CentralAuth needs User and Token cookies to remember the
user. The fallback to
// sessions needs UserID as well, so if that one has shorter
expiration, the remember
@@ -485,9 +496,9 @@
// duration in that case.
return min(
- $this->getLoginCookieExpiration( 'User' ),
- $this->getLoginCookieExpiration( 'Token' ),
- $this->getLoginCookieExpiration( 'UserID' )
+ $this->getLoginCookieExpiration( 'User', /*
$shouldRememberUser */ true ),
+ $this->getLoginCookieExpiration( 'Token', /*
$shouldRememberUser */ true ),
+ $this->getLoginCookieExpiration( 'UserID', /*
$shouldRememberUser */ true )
) ?: null;
}
}
diff --git a/tests/phpunit/CentralAuthSessionProviderTest.php
b/tests/phpunit/CentralAuthSessionProviderTest.php
index a9d4ee9..ff328a4 100644
--- a/tests/phpunit/CentralAuthSessionProviderTest.php
+++ b/tests/phpunit/CentralAuthSessionProviderTest.php
@@ -34,7 +34,6 @@
$config = new HashConfig( [
'CookieExpiration' => 100,
'ExtendedLoginCookieExpiration' => 200,
- 'ExtendedLoginCookies' => [ 'User', 'UserID', 'Token' ],
// these are needed by CookieSessionProvider::getConfig
'SessionName' => null,
'CookiePrefix' => '',
@@ -47,13 +46,5 @@
$provider->setConfig( $config );
$this->assertSame( 200, $provider->getRememberUserDuration() );
-
- $config->set( 'ExtendedLoginCookies', [ 'UserID', 'Token' ] );
-
- $this->assertSame( 100, $provider->getRememberUserDuration() );
-
- $config->set( 'ExtendedLoginCookies', [ 'User', 'Token' ] );
-
- $this->assertSame( 100, $provider->getRememberUserDuration() );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/295553
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I229dbc9f097bb0efc5e3e45c6a3b98ffcf9527e2
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Mattflaschen <mflasc...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
