Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
87.50% |
35 / 40 |
|
50.00% |
2 / 4 |
CRAP | |
0.00% |
0 / 1 |
ApiCheckToken | |
87.50% |
35 / 40 |
|
50.00% |
2 / 4 |
9.16 | |
0.00% |
0 / 1 |
execute | |
100.00% |
21 / 21 |
|
100.00% |
1 / 1 |
6 | |||
getAllowedParams | |
100.00% |
14 / 14 |
|
100.00% |
1 / 1 |
1 | |||
getExamplesMessages | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
getHelpUrls | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | /** |
3 | * Copyright © 2015 Wikimedia Foundation and contributors |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | */ |
22 | |
23 | use MediaWiki\Session\Token; |
24 | use MediaWiki\Utils\MWTimestamp; |
25 | use Wikimedia\ParamValidator\ParamValidator; |
26 | |
27 | /** |
28 | * @since 1.25 |
29 | * @ingroup API |
30 | */ |
31 | class ApiCheckToken extends ApiBase { |
32 | |
33 | public function execute() { |
34 | $params = $this->extractRequestParams(); |
35 | $token = $params['token']; |
36 | $maxage = $params['maxtokenage']; |
37 | $salts = ApiQueryTokens::getTokenTypeSalts(); |
38 | |
39 | $res = []; |
40 | |
41 | $tokenObj = ApiQueryTokens::getToken( |
42 | $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']] |
43 | ); |
44 | |
45 | if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) { |
46 | $this->addWarning( 'apiwarn-checktoken-percentencoding' ); |
47 | } |
48 | |
49 | if ( $tokenObj->match( $token, $maxage ) ) { |
50 | $res['result'] = 'valid'; |
51 | } elseif ( $maxage !== null && $tokenObj->match( $token ) ) { |
52 | $res['result'] = 'expired'; |
53 | } else { |
54 | $res['result'] = 'invalid'; |
55 | } |
56 | |
57 | $ts = Token::getTimestamp( $token ); |
58 | if ( $ts !== null ) { |
59 | $mwts = new MWTimestamp(); |
60 | $mwts->timestamp->setTimestamp( $ts ); |
61 | $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 ); |
62 | } |
63 | |
64 | $this->getResult()->addValue( null, $this->getModuleName(), $res ); |
65 | } |
66 | |
67 | public function getAllowedParams() { |
68 | return [ |
69 | 'type' => [ |
70 | ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ), |
71 | ParamValidator::PARAM_REQUIRED => true, |
72 | ], |
73 | 'token' => [ |
74 | ParamValidator::PARAM_TYPE => 'string', |
75 | ParamValidator::PARAM_REQUIRED => true, |
76 | ParamValidator::PARAM_SENSITIVE => true, |
77 | ], |
78 | 'maxtokenage' => [ |
79 | ParamValidator::PARAM_TYPE => 'integer', |
80 | ], |
81 | ]; |
82 | } |
83 | |
84 | protected function getExamplesMessages() { |
85 | return [ |
86 | 'action=checktoken&type=csrf&token=123ABC' |
87 | => 'apihelp-checktoken-example-simple', |
88 | ]; |
89 | } |
90 | |
91 | public function getHelpUrls() { |
92 | return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Checktoken'; |
93 | } |
94 | } |