MediaWiki REL1_35
MediaWiki\Session\Token Class Reference

Value object representing a CSRF token. More...

Inheritance diagram for MediaWiki\Session\Token:

Public Member Functions

 __construct ( $secret, $salt, $new=false)
 
 __toString ()
 
 match ( $userToken, $maxAge=null)
 Test if the token-string matches this token.
 
 toString ()
 Get the string representation of the token.
 
 wasNew ()
 Indicate whether this token was just created.
 

Static Public Member Functions

static getTimestamp ( $token)
 Decode the timestamp from a token string.
 

Public Attributes

const SUFFIX = '+\\'
 CSRF token suffix.
 

Protected Member Functions

 toStringAtTimestamp ( $timestamp)
 Get the string representation of the token at a timestamp.
 

Private Attributes

bool $new = false
 
string $salt = ''
 
string $secret = ''
 

Detailed Description

Value object representing a CSRF token.

Since
1.27

Definition at line 32 of file Token.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\Token::__construct (   $secret,
  $salt,
  $new = false 
)
Parameters
string$secretToken secret
string$saltToken salt
bool$newWhether the secret was newly-created

Definition at line 52 of file Token.php.

References MediaWiki\Session\Token\$new, MediaWiki\Session\Token\$salt, and MediaWiki\Session\Token\$secret.

Member Function Documentation

◆ __toString()

MediaWiki\Session\Token::__toString ( )

Definition at line 99 of file Token.php.

References MediaWiki\Session\Token\toString().

◆ getTimestamp()

static MediaWiki\Session\Token::getTimestamp (   $token)
static

Decode the timestamp from a token string.

Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.

Parameters
string$token
Returns
int|null

Definition at line 67 of file Token.php.

◆ match()

MediaWiki\Session\Token::match (   $userToken,
  $maxAge = null 
)

Test if the token-string matches this token.

Parameters
string$userToken
int | null$maxAgeReturn false if $userToken is older than this many seconds
Returns
bool

Reimplemented in LoggedOutEditToken.

Definition at line 109 of file Token.php.

References getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

◆ toString()

MediaWiki\Session\Token::toString ( )

Get the string representation of the token.

Returns
string

Definition at line 95 of file Token.php.

References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

Referenced by MediaWiki\Session\Token\__toString().

◆ toStringAtTimestamp()

MediaWiki\Session\Token::toStringAtTimestamp (   $timestamp)
protected

Get the string representation of the token at a timestamp.

Parameters
int$timestamp
Returns
string

Reimplemented in LoggedOutEditToken.

Definition at line 85 of file Token.php.

References MediaWiki\Session\Token\SUFFIX.

Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().

◆ wasNew()

MediaWiki\Session\Token::wasNew ( )

Indicate whether this token was just created.

Returns
bool

Definition at line 127 of file Token.php.

References MediaWiki\Session\Token\$new.

Member Data Documentation

◆ $new

bool MediaWiki\Session\Token::$new = false
private

◆ $salt

string MediaWiki\Session\Token::$salt = ''
private

Definition at line 42 of file Token.php.

Referenced by MediaWiki\Session\Token\__construct().

◆ $secret

string MediaWiki\Session\Token::$secret = ''
private

Definition at line 39 of file Token.php.

Referenced by MediaWiki\Session\Token\__construct().

◆ SUFFIX

const MediaWiki\Session\Token::SUFFIX = '+\\'

CSRF token suffix.

Plus and terminal backslash are included to stop editing from certain broken proxies.

Definition at line 36 of file Token.php.

Referenced by LoggedOutEditToken\match(), MediaWiki\Session\Token\toStringAtTimestamp(), and LoggedOutEditToken\toStringAtTimestamp().


The documentation for this class was generated from the following file: