Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 33 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 1 |
ApiCentralAuthToken | |
0.00% |
0 / 33 |
|
0.00% |
0 / 4 |
90 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
execute | |
0.00% |
0 / 26 |
|
0.00% |
0 / 1 |
42 | |||
getAllowedParams | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getExamplesMessages | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | /** |
3 | * Created on Aug 09, 2014 |
4 | * |
5 | * CentralAuth extension |
6 | * |
7 | * Copyright (C) 2014 Brad Jorsch bjorsch@wikimedia.org |
8 | * |
9 | * This program is free software; you can redistribute it and/or modify |
10 | * it under the terms of the GNU General Public License as published by |
11 | * the Free Software Foundation; either version 2 of the License, or |
12 | * (at your option) any later version. |
13 | * |
14 | * This program is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17 | * GNU General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU General Public License along |
20 | * with this program; if not, write to the Free Software Foundation, Inc., |
21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
22 | * http://www.gnu.org/copyleft/gpl.html |
23 | */ |
24 | |
25 | namespace MediaWiki\Extension\CentralAuth\Api; |
26 | |
27 | use ApiBase; |
28 | use ApiMain; |
29 | use CentralAuthSessionProvider; |
30 | use MediaWiki\Extension\CentralAuth\CentralAuthSessionManager; |
31 | use MediaWiki\Extension\CentralAuth\User\CentralAuthUser; |
32 | use MediaWiki\Session\SessionManager; |
33 | use MediaWiki\WikiMap\WikiMap; |
34 | use MWCryptRand; |
35 | |
36 | /** |
37 | * Module to fetch the centralauthtoken for cross-wiki queries. |
38 | * |
39 | * @ingroup API |
40 | * @ingroup Extensions |
41 | * @see \MediaWiki\Extension\CentralAuth\Hooks\Handlers\ApiHookHandler::onAPIGetAllowedParams |
42 | * @see \CentralAuthApiSessionProvider |
43 | * @see \CentralAuthHeaderSessionProvider |
44 | */ |
45 | class ApiCentralAuthToken extends ApiBase { |
46 | /** @var CentralAuthSessionManager */ |
47 | private $sessionManager; |
48 | |
49 | /** |
50 | * @param ApiMain $main |
51 | * @param string $moduleName |
52 | * @param CentralAuthSessionManager $sessionManager |
53 | */ |
54 | public function __construct( |
55 | ApiMain $main, |
56 | $moduleName, |
57 | CentralAuthSessionManager $sessionManager |
58 | ) { |
59 | parent::__construct( $main, $moduleName ); |
60 | $this->sessionManager = $sessionManager; |
61 | } |
62 | |
63 | public function execute() { |
64 | $user = $this->getUser(); |
65 | |
66 | // If we're in JSON callback mode, no tokens can be obtained |
67 | if ( $this->lacksSameOriginSecurity() ) { |
68 | $this->dieWithError( 'apiwarn-tokens-origin', 'hascallback' ); |
69 | } |
70 | |
71 | if ( !$user->isRegistered() ) { |
72 | $this->dieWithError( 'apierror-centralauth-notloggedin', 'notloggedin' ); |
73 | } |
74 | |
75 | $session = SessionManager::getGlobalSession(); |
76 | if ( !$session->getProvider() instanceof CentralAuthSessionProvider ) { |
77 | $this->dieWithError( 'apierror-centralauth-badsession', 'badsession' ); |
78 | } |
79 | $id = $session->getId(); |
80 | |
81 | $centralUser = CentralAuthUser::getInstance( $user ); |
82 | if ( !$centralUser->exists() || !$centralUser->isAttached() ) { |
83 | $this->dieWithError( 'apierror-centralauth-notattached', 'notattached' ); |
84 | } |
85 | |
86 | $data = [ |
87 | 'userName' => $user->getName(), |
88 | 'token' => $centralUser->getAuthToken(), |
89 | 'origin' => WikiMap::getCurrentWikiId(), |
90 | 'originSessionId' => $id, |
91 | ]; |
92 | |
93 | $loginToken = MWCryptRand::generateHex( 32 ) . dechex( $centralUser->getId() ); |
94 | |
95 | $key = $this->sessionManager->makeTokenKey( 'api-token', $loginToken ); |
96 | $this->sessionManager->getTokenStore()->set( |
97 | $key, $data, $this->sessionManager->getTokenStore()::TTL_MINUTE |
98 | ); |
99 | |
100 | $this->getResult()->addValue( null, $this->getModuleName(), [ |
101 | 'centralauthtoken' => $loginToken |
102 | ] ); |
103 | } |
104 | |
105 | /** @inheritDoc */ |
106 | public function getAllowedParams() { |
107 | return []; |
108 | } |
109 | |
110 | /** @inheritDoc */ |
111 | protected function getExamplesMessages() { |
112 | return [ |
113 | 'action=centralauthtoken' |
114 | => 'apihelp-centralauthtoken-example-1', |
115 | ]; |
116 | } |
117 | } |