Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
85.37% |
35 / 41 |
|
50.00% |
2 / 4 |
CRAP | |
0.00% |
0 / 1 |
| ApiCheckToken | |
87.50% |
35 / 40 |
|
50.00% |
2 / 4 |
9.16 | |
0.00% |
0 / 1 |
| execute | |
100.00% |
21 / 21 |
|
100.00% |
1 / 1 |
6 | |||
| getAllowedParams | |
100.00% |
14 / 14 |
|
100.00% |
1 / 1 |
1 | |||
| getExamplesMessages | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| getHelpUrls | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Copyright © 2015 Wikimedia Foundation and contributors |
| 4 | * |
| 5 | * @license GPL-2.0-or-later |
| 6 | * @file |
| 7 | */ |
| 8 | |
| 9 | namespace MediaWiki\Api; |
| 10 | |
| 11 | use MediaWiki\Session\Token; |
| 12 | use MediaWiki\Utils\MWTimestamp; |
| 13 | use Wikimedia\ParamValidator\ParamValidator; |
| 14 | use Wikimedia\Timestamp\TimestampFormat as TS; |
| 15 | |
| 16 | /** |
| 17 | * @since 1.25 |
| 18 | * @ingroup API |
| 19 | */ |
| 20 | class ApiCheckToken extends ApiBase { |
| 21 | |
| 22 | public function execute() { |
| 23 | $params = $this->extractRequestParams(); |
| 24 | $token = $params['token']; |
| 25 | $maxage = $params['maxtokenage']; |
| 26 | $salts = ApiQueryTokens::getTokenTypeSalts(); |
| 27 | |
| 28 | $res = []; |
| 29 | |
| 30 | $tokenObj = ApiQueryTokens::getToken( |
| 31 | $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']] |
| 32 | ); |
| 33 | |
| 34 | if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) { |
| 35 | $this->addWarning( 'apiwarn-checktoken-percentencoding' ); |
| 36 | } |
| 37 | |
| 38 | if ( $tokenObj->match( $token, $maxage ) ) { |
| 39 | $res['result'] = 'valid'; |
| 40 | } elseif ( $maxage !== null && $tokenObj->match( $token ) ) { |
| 41 | $res['result'] = 'expired'; |
| 42 | } else { |
| 43 | $res['result'] = 'invalid'; |
| 44 | } |
| 45 | |
| 46 | $ts = Token::getTimestamp( $token ); |
| 47 | if ( $ts !== null ) { |
| 48 | $mwts = new MWTimestamp(); |
| 49 | $mwts->timestamp->setTimestamp( $ts ); |
| 50 | $res['generated'] = $mwts->getTimestamp( TS::ISO_8601 ); |
| 51 | } |
| 52 | |
| 53 | $this->getResult()->addValue( null, $this->getModuleName(), $res ); |
| 54 | } |
| 55 | |
| 56 | /** @inheritDoc */ |
| 57 | public function getAllowedParams() { |
| 58 | return [ |
| 59 | 'type' => [ |
| 60 | ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ), |
| 61 | ParamValidator::PARAM_REQUIRED => true, |
| 62 | ], |
| 63 | 'token' => [ |
| 64 | ParamValidator::PARAM_TYPE => 'string', |
| 65 | ParamValidator::PARAM_REQUIRED => true, |
| 66 | ParamValidator::PARAM_SENSITIVE => true, |
| 67 | ], |
| 68 | 'maxtokenage' => [ |
| 69 | ParamValidator::PARAM_TYPE => 'integer', |
| 70 | ], |
| 71 | ]; |
| 72 | } |
| 73 | |
| 74 | /** @inheritDoc */ |
| 75 | protected function getExamplesMessages() { |
| 76 | return [ |
| 77 | 'action=checktoken&type=csrf&token=123ABC' |
| 78 | => 'apihelp-checktoken-example-simple', |
| 79 | ]; |
| 80 | } |
| 81 | |
| 82 | /** @inheritDoc */ |
| 83 | public function getHelpUrls() { |
| 84 | return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Checktoken'; |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | /** @deprecated class alias since 1.43 */ |
| 89 | class_alias( ApiCheckToken::class, 'ApiCheckToken' ); |