MediaWiki  1.34.0
ApiOATHValidate.php
Go to the documentation of this file.
1 <?php
19 namespace MediaWiki\Extension\OATHAuth\Api\Module;
20 
21 use MediaWiki\Extension\OATHAuth\Module\TOTP;
22 use MediaWiki\MediaWikiServices;
23 use MediaWiki\Extension\OATHAuth\IModule;
24 use ApiBase;
25 use User;
26 use ApiResult;
27 use FormatJson;
28 
35 class ApiOATHValidate extends ApiBase {
36  public function execute() {
37  // Be extra paranoid about the data that is sent
38  $this->requireAtLeastOneParameter( $this->extractRequestParams(), 'totp', 'data' );
39  $this->requirePostedParameters( [ 'token', 'data', 'totp' ] );
40 
41  $params = $this->extractRequestParams();
42  if ( $params['user'] === null ) {
43  $params['user'] = $this->getUser()->getName();
44  }
45 
46  $this->checkUserRightsAny( 'oathauth-api-all' );
47 
48  $user = User::newFromName( $params['user'] );
49  if ( $user === false ) {
50  $this->dieWithError( 'noname' );
51  }
52 
53  // Don't increase pingLimiter, just check for limit exceeded.
54  if ( $user->pingLimiter( 'badoath', 0 ) ) {
55  $this->dieWithError( 'apierror-ratelimited' );
56  }
57 
58  $result = [
59  ApiResult::META_BC_BOOLS => [ 'enabled', 'valid' ],
60  'enabled' => false,
61  'valid' => false,
62  'module' => ''
63  ];
64 
65  if ( !$user->isAnon() ) {
66  $userRepo = MediaWikiServices::getInstance()->getService( 'OATHUserRepository' );
67  $authUser = $userRepo->findByUser( $user );
68  if ( $authUser ) {
69  $module = $authUser->getModule();
70  if ( $module instanceof IModule ) {
71  $data = [];
72  if ( isset( $params['totp'] ) ) {
73  // Legacy
74  if ( $module instanceof TOTP ) {
75  $data = [
76  'token' => $params['totp']
77  ];
78  }
79  } else {
80  $decoded = FormatJson::decode( $params['data'], true );
81  if ( is_array( $decoded ) ) {
82  $data = $decoded;
83  }
84  }
85  $result['enabled'] = $module->isEnabled( $authUser );
86  $result['valid'] = $module->verify( $authUser, $data ) !== false;
87  $result['module'] = $module->getName();
88  }
89  }
90  }
91 
92  $this->getResult()->addValue( null, $this->getModuleName(), $result );
93  }
94 
95  public function getCacheMode( $params ) {
96  return 'private';
97  }
98 
99  public function isInternal() {
100  return true;
101  }
102 
103  public function needsToken() {
104  return 'csrf';
105  }
106 
107  public function getAllowedParams() {
108  return [
109  'user' => [
110  ApiBase::PARAM_TYPE => 'user',
111  ],
112  'totp' => [
113  ApiBase::PARAM_TYPE => 'string',
114  ApiBase::PARAM_DEPRECATED => true
115  ],
116  'data' => [
117  ApiBase::PARAM_TYPE => 'string'
118  ]
119  ];
120  }
121 
122  protected function getExamplesMessages() {
123  return [
124  'action=oathvalidate&totp=123456&token=123ABC'
125  => 'apihelp-oathvalidate-example-1',
126  'action=oathvalidate&user=Example&totp=123456&token=123ABC'
127  => 'apihelp-oathvalidate-example-2',
128  'action=oathvalidate&user=Example&data={"totp":"123456"}&token=123ABC'
129  => 'apihelp-oathvalidate-example-3',
130  ];
131  }
132 }
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\getCacheMode
getCacheMode( $params)
Definition: ApiOATHValidate.php:95
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:117
ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=null)
Abort execution with an error.
Definition: ApiBase.php:2014
true
return true
Definition: router.php:92
ApiBase\PARAM_TYPE
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
Definition: ApiBase.php:94
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:640
ApiBase\checkUserRightsAny
checkUserRightsAny( $rights, $user=null)
Helper function for permission-denied errors.
Definition: ApiBase.php:2130
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition: User.php:515
ContextSource\getUser
getUser()
Definition: ContextSource.php:120
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:42
MediaWiki\Extension\OATHAuth\Module\TOTP
Definition: TOTP.php:18
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:138
ApiBase\PARAM_DEPRECATED
const PARAM_DEPRECATED
(boolean) Is the parameter deprecated (will show a warning)?
Definition: ApiBase.php:112
FormatJson\decode
static decode( $value, $assoc=false)
Decodes a JSON string.
Definition: FormatJson.php:174
FormatJson
JSON formatter wrapper class.
Definition: FormatJson.php:26
ApiResult
This class represents the result of the API operations.
Definition: ApiResult.php:35
ApiResult\META_BC_BOOLS
const META_BC_BOOLS
Key for the 'BC bools' metadata item.
Definition: ApiResult.php:136
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:761
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiOATHValidate.php:122
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\isInternal
isInternal()
Indicates whether this module is "internal" Internal API modules are not (yet) intended for 3rd party...
Definition: ApiOATHValidate.php:99
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiOATHValidate.php:36
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\needsToken
needsToken()
Returns the token type this module requires in order to execute.
Definition: ApiOATHValidate.php:103
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiOATHValidate.php:107
ApiBase\requireAtLeastOneParameter
requireAtLeastOneParameter( $params, $required)
Die if none of a certain set of parameters is set and not false.
Definition: ApiBase.php:959
MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate
Validate an OATH token.
Definition: ApiOATHValidate.php:35
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:520
MediaWiki\Extension\OATHAuth\Api\Module
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
Definition: ApiOATHValidate.php:19
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:51
ApiBase\requirePostedParameters
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the post b...
Definition: ApiBase.php:989
MediaWiki\Extension\OATHAuth\IModule
Definition: IModule.php:9