MediaWiki  REL1_31
MediaWiki\Session\Token Class Reference

Value object representing a CSRF token. More...

Inheritance diagram for MediaWiki\Session\Token:

Public Member Functions

 __construct ( $secret, $salt, $new=false)
 
 __toString ()
 
 match ( $userToken, $maxAge=null)
 Test if the token-string matches this token. More...
 
 toString ()
 Get the string representation of the token. More...
 
 wasNew ()
 Indicate whether this token was just created. More...
 

Static Public Member Functions

static getTimestamp ( $token)
 Decode the timestamp from a token string. More...
 

Public Attributes

const SUFFIX = '+\\'
 CSRF token suffix. More...
 

Protected Member Functions

 toStringAtTimestamp ( $timestamp)
 Get the string representation of the token at a timestamp. More...
 

Private Attributes

 $new = false
 
 $salt = ''
 
 $secret = ''
 

Detailed Description

Value object representing a CSRF token.

Since
1.27

Definition at line 32 of file Token.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\Token::__construct (   $secret,
  $salt,
  $new = false 
)
Parameters
string$secretToken secret
string$saltToken salt
bool$newWhether the secret was newly-created

Definition at line 46 of file Token.php.

References MediaWiki\Session\Token\$new, MediaWiki\Session\Token\$salt, and MediaWiki\Session\Token\$secret.

Member Function Documentation

◆ __toString()

MediaWiki\Session\Token::__toString ( )

Definition at line 93 of file Token.php.

References MediaWiki\Session\Token\toString().

◆ getTimestamp()

static MediaWiki\Session\Token::getTimestamp (   $token)
static

Decode the timestamp from a token string.

Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.

Parameters
string$token
Returns
int|null

Definition at line 61 of file Token.php.

Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\TokenTest\testGetTimestamp().

◆ match()

MediaWiki\Session\Token::match (   $userToken,
  $maxAge = null 
)

Test if the token-string matches this token.

Parameters
string$userToken
int | null$maxAgeReturn false if $userToken is older than this many seconds
Returns
bool

Reimplemented in LoggedOutEditToken.

Definition at line 103 of file Token.php.

References MediaWiki\Session\Token\getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

◆ toString()

MediaWiki\Session\Token::toString ( )

Get the string representation of the token.

Returns
string

Definition at line 89 of file Token.php.

References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

Referenced by MediaWiki\Session\Token\__toString().

◆ toStringAtTimestamp()

MediaWiki\Session\Token::toStringAtTimestamp (   $timestamp)
protected

Get the string representation of the token at a timestamp.

Parameters
int$timestamp
Returns
string

Reimplemented in LoggedOutEditToken.

Definition at line 79 of file Token.php.

References MediaWiki\Session\Token\SUFFIX.

Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().

◆ wasNew()

MediaWiki\Session\Token::wasNew ( )

Indicate whether this token was just created.

Returns
bool

Definition at line 121 of file Token.php.

References MediaWiki\Session\Token\$new.

Member Data Documentation

◆ $new

MediaWiki\Session\Token::$new = false
private

◆ $salt

MediaWiki\Session\Token::$salt = ''
private

Definition at line 38 of file Token.php.

Referenced by MediaWiki\Session\Token\__construct().

◆ $secret

MediaWiki\Session\Token::$secret = ''
private

Definition at line 37 of file Token.php.

Referenced by MediaWiki\Session\Token\__construct().

◆ SUFFIX

const MediaWiki\Session\Token::SUFFIX = '+\\'

CSRF token suffix.

Plus and terminal backslash are included to stop editing from certain broken proxies.

Definition at line 35 of file Token.php.

Referenced by LoggedOutEditToken\match(), MediaWiki\Session\Token\toStringAtTimestamp(), and LoggedOutEditToken\toStringAtTimestamp().


The documentation for this class was generated from the following file: