Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
85.37% covered (warning)
85.37%
35 / 41
50.00% covered (danger)
50.00%
2 / 4
 CRAP
0.00% covered (danger)
0.00%
0 / 1
ApiCheckToken
87.50% covered (warning)
87.50%
35 / 40
50.00% covered (danger)
50.00%
2 / 4
 9.16
0.00% covered (danger)
0.00%
0 / 1
 execute
100.00% covered (success)
100.00%
21 / 21
100.00% covered (success)
100.00%
1 / 1
 6
 getAllowedParams
100.00% covered (success)
100.00%
14 / 14
100.00% covered (success)
100.00%
1 / 1
 1
 getExamplesMessages
0.00% covered (danger)
0.00%
0 / 4
0.00% covered (danger)
0.00%
0 / 1
 2
 getHelpUrls
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
1<?php
2/**
3 * Copyright © 2015 Wikimedia Foundation and contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23namespace MediaWiki\Api;
24
25use MediaWiki\Session\Token;
26use MediaWiki\Utils\MWTimestamp;
27use Wikimedia\ParamValidator\ParamValidator;
28
29/**
30 * @since 1.25
31 * @ingroup API
32 */
33class ApiCheckToken extends ApiBase {
34
35    public function execute() {
36        $params = $this->extractRequestParams();
37        $token = $params['token'];
38        $maxage = $params['maxtokenage'];
39        $salts = ApiQueryTokens::getTokenTypeSalts();
40
41        $res = [];
42
43        $tokenObj = ApiQueryTokens::getToken(
44            $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
45        );
46
47        if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) {
48            $this->addWarning( 'apiwarn-checktoken-percentencoding' );
49        }
50
51        if ( $tokenObj->match( $token, $maxage ) ) {
52            $res['result'] = 'valid';
53        } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
54            $res['result'] = 'expired';
55        } else {
56            $res['result'] = 'invalid';
57        }
58
59        $ts = Token::getTimestamp( $token );
60        if ( $ts !== null ) {
61            $mwts = new MWTimestamp();
62            $mwts->timestamp->setTimestamp( $ts );
63            $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );
64        }
65
66        $this->getResult()->addValue( null, $this->getModuleName(), $res );
67    }
68
69    public function getAllowedParams() {
70        return [
71            'type' => [
72                ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),
73                ParamValidator::PARAM_REQUIRED => true,
74            ],
75            'token' => [
76                ParamValidator::PARAM_TYPE => 'string',
77                ParamValidator::PARAM_REQUIRED => true,
78                ParamValidator::PARAM_SENSITIVE => true,
79            ],
80            'maxtokenage' => [
81                ParamValidator::PARAM_TYPE => 'integer',
82            ],
83        ];
84    }
85
86    protected function getExamplesMessages() {
87        return [
88            'action=checktoken&type=csrf&token=123ABC'
89                => 'apihelp-checktoken-example-simple',
90        ];
91    }
92
93    public function getHelpUrls() {
94        return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Checktoken';
95    }
96}
97
98/** @deprecated class alias since 1.43 */
99class_alias( ApiCheckToken::class, 'ApiCheckToken' );