Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 29 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 1 |
| ApiContentTranslationToken | |
0.00% |
0 / 29 |
|
0.00% |
0 / 3 |
72 | |
0.00% |
0 / 1 |
| execute | |
0.00% |
0 / 25 |
|
0.00% |
0 / 1 |
42 | |||
| needsToken | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getExamplesMessages | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace ContentTranslation\ActionApi; |
| 4 | |
| 5 | use Firebase\JWT\JWT; |
| 6 | use MediaWiki\Api\ApiBase; |
| 7 | |
| 8 | /** |
| 9 | * Module that provides JWT tokens to authenticate with cxserver. |
| 10 | * |
| 11 | * @copyright See AUTHORS.txt |
| 12 | * @license GPL-2.0-or-later |
| 13 | */ |
| 14 | class ApiContentTranslationToken extends ApiBase { |
| 15 | public function execute() { |
| 16 | $user = $this->getUser(); |
| 17 | |
| 18 | $block = $user->getBlock(); |
| 19 | if ( $block && $block->isSitewide() ) { |
| 20 | $this->dieBlocked( $block ); |
| 21 | } |
| 22 | |
| 23 | if ( !$user->isRegistered() ) { |
| 24 | // XXX: Maybe this should use a different error code. Currently it does not |
| 25 | // matter, because most likely some other API call will fail first. CX2 |
| 26 | // is also using assert=user, so this case won't be hit. |
| 27 | $this->dieWithError( 'apierror-mustbeloggedin-generic', 'token-impossible' ); |
| 28 | } |
| 29 | |
| 30 | // Do not fatal out if firebase/php-jwt is missing |
| 31 | if ( !class_exists( JWT::class ) ) { |
| 32 | $this->dieWithError( 'apierror-cx-jwtmissing', 'token-impossible' ); |
| 33 | } |
| 34 | |
| 35 | $config = $this->getConfig()->get( 'ContentTranslationCXServerAuth' ); |
| 36 | $algorithm = $config['algorithm']; |
| 37 | $key = $config['key']; |
| 38 | |
| 39 | if ( $key === '' ) { |
| 40 | $this->dieWithError( 'apierror-cx-keynotconfigured', 'token-impossible' ); |
| 41 | } |
| 42 | |
| 43 | $age = (int)$config['age']; |
| 44 | $iat = time(); |
| 45 | $exp = $iat + $age; |
| 46 | |
| 47 | $token = [ |
| 48 | 'sub' => $user->getName(), |
| 49 | 'iat' => $iat, |
| 50 | 'exp' => $exp, |
| 51 | ]; |
| 52 | |
| 53 | $jwt = JWT::encode( $token, $key, $algorithm ); |
| 54 | |
| 55 | $this->getResult()->addValue( null, 'jwt', $jwt ); |
| 56 | // Include some additional information for the client, so it does not need to |
| 57 | // concern itself with the actual token, but just to pass it forward and to |
| 58 | // know when to fetch a new one. |
| 59 | $this->getResult()->addValue( null, 'exp', $exp ); |
| 60 | $this->getResult()->addValue( null, 'age', $age ); |
| 61 | } |
| 62 | |
| 63 | /** @inheritDoc */ |
| 64 | public function needsToken() { |
| 65 | return 'csrf'; |
| 66 | } |
| 67 | |
| 68 | /** @inheritDoc */ |
| 69 | protected function getExamplesMessages() { |
| 70 | return [ |
| 71 | 'action=cxtoken&token=123ABC' => 'apihelp-cxtoken-example-1' |
| 72 | ]; |
| 73 | } |
| 74 | } |