REL1_33/php/ApiOATHValidate_8php_source.html

<?php


class ApiOATHValidate extends ApiBase {


    public function execute() {

        // Be extra paranoid about the data that is sent

        $this->requirePostedParameters( [ 'totp', 'token' ] );


        $params = $this->extractRequestParams();

        if ( $params['user'] === null ) {

            $params['user'] = $this->getUser()->getName();

        }


        $this->checkUserRightsAny( 'oathauth-api-all' );


        $user = User::newFromName( $params['user'] );

        if ( $user === false ) {

            $this->dieWithError( 'noname' );

        }


        // Don't increase pingLimiter, just check for limit exceeded.

        if ( $user->pingLimiter( 'badoath', 0 ) ) {

            $this->dieWithError( 'apierror-ratelimited' );

        }


        $result = [

            ApiResult::META_BC_BOOLS => [ 'enabled', 'valid' ],

            'enabled' => false,

            'valid' => false,

        ];


        if ( !$user->isAnon() ) {

            $oathUser = OATHAuthHooks::getOATHUserRepository()

                ->findByUser( $user );

            if ( $oathUser ) {

                $key = $oathUser->getKey();

                if ( $key !== null ) {

                    $result['enabled'] = true;

                    $result['valid'] = $key->verifyToken(

                        $params['totp'], $oathUser ) !== false;

                }

            }

        }


        $this->getResult()->addValue( null, $this->getModuleName(), $result );

    }


    public function getCacheMode( $params ) {

        return 'private';

    }


    public function isInternal() {

        return true;

    }


    public function needsToken() {

        return 'csrf';

    }


    public function getAllowedParams() {

        return [

            'user' => [

                ApiBase::PARAM_TYPE => 'user',

            ],

            'totp' => [

                ApiBase::PARAM_TYPE => 'string',

                ApiBase::PARAM_REQUIRED => true,

            ],

        ];

    }


    protected function getExamplesMessages() {

        return [

            'action=oathvalidate&totp=123456&token=123ABC'

                => 'apihelp-oathvalidate-example-1',

            'action=oathvalidate&user=Example&totp=123456&token=123ABC'

                => 'apihelp-oathvalidate-example-2',

        ];

    }


}


ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:37

ApiBase\PARAM_REQUIRED
const PARAM_REQUIRED
(boolean) Is the parameter required?
Definition ApiBase.php:111

ApiBase\checkUserRightsAny
checkUserRightsAny( $rights, $user=null)
Helper function for permission-denied errors.
Definition ApiBase.php:2105

ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=null)
Abort execution with an error.
Definition ApiBase.php:1990

ApiBase\PARAM_TYPE
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
Definition ApiBase.php:87

ApiBase\requirePostedParameters
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the post b...
Definition ApiBase.php:971

ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:632

ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:743

ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:512

ApiOATHValidate
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
Definition ApiOATHValidate.php:25

ApiOATHValidate\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiOATHValidate.php:93

ApiOATHValidate\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiOATHValidate.php:26

ApiOATHValidate\needsToken
needsToken()
Returns the token type this module requires in order to execute.
Definition ApiOATHValidate.php:77

ApiOATHValidate\getCacheMode
getCacheMode( $params)
Definition ApiOATHValidate.php:69

ApiOATHValidate\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition ApiOATHValidate.php:81

ApiOATHValidate\isInternal
isInternal()
Indicates whether this module is "internal" Internal API modules are not (yet) intended for 3rd party...
Definition ApiOATHValidate.php:73

ApiResult\META_BC_BOOLS
const META_BC_BOOLS
Key for the 'BC bools' metadata item.
Definition ApiResult.php:136

ContextSource\getUser
getUser()
Definition ContextSource.php:120

OATHAuthHooks\getOATHUserRepository
static getOATHUserRepository()
Get the singleton OATH user repository.
Definition OATHAuthHooks.php:34

User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:585

$params
$params
Definition styleTest.css.php:44