MediaWiki  1.34.0
ApiCheckToken.php
Go to the documentation of this file.
1 <?php
23 use MediaWiki\Session\Token;
24 
29 class ApiCheckToken extends ApiBase {
30 
31  public function execute() {
32  $params = $this->extractRequestParams();
33  $token = $params['token'];
34  $maxage = $params['maxtokenage'];
35  $salts = ApiQueryTokens::getTokenTypeSalts();
36 
37  $res = [];
38 
39  $tokenObj = ApiQueryTokens::getToken(
40  $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
41  );
42 
43  if ( substr( $token, -strlen( urldecode( Token::SUFFIX ) ) ) === urldecode( Token::SUFFIX ) ) {
44  $this->addWarning( 'apiwarn-checktoken-percentencoding' );
45  }
46 
47  if ( $tokenObj->match( $token, $maxage ) ) {
48  $res['result'] = 'valid';
49  } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
50  $res['result'] = 'expired';
51  } else {
52  $res['result'] = 'invalid';
53  }
54 
55  $ts = Token::getTimestamp( $token );
56  if ( $ts !== null ) {
57  $mwts = new MWTimestamp();
58  $mwts->timestamp->setTimestamp( $ts );
59  $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );
60  }
61 
62  $this->getResult()->addValue( null, $this->getModuleName(), $res );
63  }
64 
65  public function getAllowedParams() {
66  return [
67  'type' => [
68  ApiBase::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),
69  ApiBase::PARAM_REQUIRED => true,
70  ],
71  'token' => [
72  ApiBase::PARAM_TYPE => 'string',
73  ApiBase::PARAM_REQUIRED => true,
74  ApiBase::PARAM_SENSITIVE => true,
75  ],
76  'maxtokenage' => [
77  ApiBase::PARAM_TYPE => 'integer',
78  ],
79  ];
80  }
81 
82  protected function getExamplesMessages() {
83  return [
84  'action=checktoken&type=csrf&token=123ABC'
85  => 'apihelp-checktoken-example-simple',
86  ];
87  }
88 }
MWTimestamp
Library for creating and parsing MW-style timestamps.
Definition: MWTimestamp.php:32
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1933
ApiCheckToken
Definition: ApiCheckToken.php:29
ApiBase\PARAM_REQUIRED
const PARAM_REQUIRED
(boolean) Is the parameter required?
Definition: ApiBase.php:118
ApiBase\PARAM_TYPE
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
Definition: ApiBase.php:94
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:640
ContextSource\getRequest
getRequest()
Definition: ContextSource.php:71
$res
$res
Definition: testCompression.php:52
ContextSource\getUser
getUser()
Definition: ContextSource.php:120
ApiCheckToken\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiCheckToken.php:65
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:42
ApiCheckToken\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiCheckToken.php:82
ApiBase\PARAM_SENSITIVE
const PARAM_SENSITIVE
(boolean) Is the parameter sensitive? Note 'password'-type fields are always sensitive regardless of ...
Definition: ApiBase.php:200
ApiCheckToken\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiCheckToken.php:31
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:63
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:761
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:94
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:520
getTimestamp
getTimestamp()
Definition: RevisionSearchResultTrait.php:154
MediaWiki\Session\Token
Value object representing a CSRF token.
Definition: Token.php:32