REL1_34/php/ApiOATHValidate_8php_source.html

<?php

namespace MediaWiki\Extension\OATHAuth\Api\Module;


use MediaWiki\Extension\OATHAuth\Module\TOTP;

use MediaWiki\MediaWikiServices;

use MediaWiki\Extension\OATHAuth\IModule;

use ApiBase;

use User;

use ApiResult;

use FormatJson;


class ApiOATHValidate extends ApiBase {


    public function execute() {

        // Be extra paranoid about the data that is sent

        $this->requireAtLeastOneParameter( $this->extractRequestParams(), 'totp', 'data' );

        $this->requirePostedParameters( [ 'token', 'data', 'totp' ] );


        $params = $this->extractRequestParams();

        if ( $params['user'] === null ) {

            $params['user'] = $this->getUser()->getName();

        }


        $this->checkUserRightsAny( 'oathauth-api-all' );


        $user = User::newFromName( $params['user'] );

        if ( $user === false ) {

            $this->dieWithError( 'noname' );

        }


        // Don't increase pingLimiter, just check for limit exceeded.

        if ( $user->pingLimiter( 'badoath', 0 ) ) {

            $this->dieWithError( 'apierror-ratelimited' );

        }


        $result = [

            ApiResult::META_BC_BOOLS => [ 'enabled', 'valid' ],

            'enabled' => false,

            'valid' => false,

            'module' => ''

        ];


        if ( !$user->isAnon() ) {

            $userRepo = MediaWikiServices::getInstance()->getService( 'OATHUserRepository' );

            $authUser = $userRepo->findByUser( $user );

            if ( $authUser ) {

                $module = $authUser->getModule();

                if ( $module instanceof IModule ) {

                    $data = [];

                    if ( isset( $params['totp'] ) ) {

                        // Legacy

                        if ( $module instanceof TOTP ) {

                            $data = [

                                'token' => $params['totp']

                            ];

                        }

                    } else {

                        $decoded = FormatJson::decode( $params['data'], true );

                        if ( is_array( $decoded ) ) {

                            $data = $decoded;

                        }

                    }

                    $result['enabled'] = $module->isEnabled( $authUser );

                    $result['valid'] = $module->verify( $authUser, $data ) !== false;

                    $result['module'] = $module->getName();

                }

            }

        }


        $this->getResult()->addValue( null, $this->getModuleName(), $result );

    }


    public function getCacheMode( $params ) {

        return 'private';

    }


    public function isInternal() {

        return true;

    }


    public function needsToken() {

        return 'csrf';

    }


    public function getAllowedParams() {

        return [

            'user' => [

                ApiBase::PARAM_TYPE => 'user',

            ],

            'totp' => [

                ApiBase::PARAM_TYPE => 'string',

                ApiBase::PARAM_DEPRECATED => true

            ],

            'data' => [

                ApiBase::PARAM_TYPE => 'string'

            ]

        ];

    }


    protected function getExamplesMessages() {

        return [

            'action=oathvalidate&totp=123456&token=123ABC'

                => 'apihelp-oathvalidate-example-1',

            'action=oathvalidate&user=Example&totp=123456&token=123ABC'

                => 'apihelp-oathvalidate-example-2',

            'action=oathvalidate&user=Example&data={"totp":"123456"}&token=123ABC'

                => 'apihelp-oathvalidate-example-3',

        ];

    }


}


ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:42

ApiBase\PARAM_DEPRECATED
const PARAM_DEPRECATED
(boolean) Is the parameter deprecated (will show a warning)?
Definition ApiBase.php:112

ApiBase\checkUserRightsAny
checkUserRightsAny( $rights, $user=null)
Helper function for permission-denied errors.
Definition ApiBase.php:2130

ApiBase\dieWithError
dieWithError( $msg, $code=null, $data=null, $httpCode=null)
Abort execution with an error.
Definition ApiBase.php:2014

ApiBase\PARAM_TYPE
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
Definition ApiBase.php:94

ApiBase\requirePostedParameters
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the post b...
Definition ApiBase.php:989

ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:640

ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:761

ApiBase\requireAtLeastOneParameter
requireAtLeastOneParameter( $params, $required)
Die if none of a certain set of parameters is set and not false.
Definition ApiBase.php:959

ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:520

ApiResult
This class represents the result of the API operations.
Definition ApiResult.php:35

ContextSource\getUser
getUser()
Definition ContextSource.php:120

FormatJson
JSON formatter wrapper class.
Definition FormatJson.php:26

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate
Validate an OATH token.
Definition ApiOATHValidate.php:35

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\isInternal
isInternal()
Indicates whether this module is "internal" Internal API modules are not (yet) intended for 3rd party...
Definition ApiOATHValidate.php:99

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\getCacheMode
getCacheMode( $params)
Definition ApiOATHValidate.php:95

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition ApiOATHValidate.php:107

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiOATHValidate.php:122

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\needsToken
needsToken()
Returns the token type this module requires in order to execute.
Definition ApiOATHValidate.php:103

MediaWiki\Extension\OATHAuth\Api\Module\ApiOATHValidate\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiOATHValidate.php:36

MediaWiki\Extension\OATHAuth\Module\TOTP
Definition TOTP.php:18

MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:117

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:138

User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51

User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:518

MediaWiki\Extension\OATHAuth\IModule
Definition IModule.php:9

MediaWiki\Extension\OATHAuth\Api\Module
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
Definition ApiOATHValidate.php:19

true
return true
Definition router.php:94