MediaWiki REL1_37
ApiQueryTokens.php
Go to the documentation of this file.
1<?php
26use MediaWiki\Api\ApiHookRunner;
27use MediaWiki\MediaWikiServices;
28
35class ApiQueryTokens extends ApiQueryBase {
36
37 public function execute() {
38 $params = $this->extractRequestParams();
39 $res = [
40 ApiResult::META_TYPE => 'assoc',
41 ];
42
43 if ( $this->lacksSameOriginSecurity() ) {
44 $this->addWarning( [ 'apiwarn-tokens-origin' ] );
45 return;
46 }
47
48 $user = $this->getUser();
49 $session = $this->getRequest()->getSession();
50 $salts = self::getTokenTypeSalts();
51 foreach ( $params['type'] as $type ) {
52 $res[$type . 'token'] = self::getToken( $user, $session, $salts[$type] )->toString();
53 }
54
55 $this->getResult()->addValue( 'query', $this->getModuleName(), $res );
56 }
57
66 public static function getTokenTypeSalts() {
67 static $salts = null;
68 if ( !$salts ) {
69 $salts = [
70 'csrf' => '',
71 'watch' => 'watch',
72 'patrol' => 'patrol',
73 'rollback' => 'rollback',
74 'userrights' => 'userrights',
75 'login' => [ '', 'login' ],
76 'createaccount' => [ '', 'createaccount' ],
77 ];
78 $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
79 $hookRunner = new ApiHookRunner( $hookContainer );
80 $hookRunner->onApiQueryTokensRegisterTypes( $salts );
81 ksort( $salts );
82 }
83
84 return $salts;
85 }
86
99 public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
100 if ( is_array( $salt ) ) {
101 $session->persist();
102 return $session->getToken( ...$salt );
103 } else {
104 return $user->getEditTokenObject( $salt, $session->getRequest() );
105 }
106 }
107
108 public function getAllowedParams() {
109 return [
110 'type' => [
111 ApiBase::PARAM_DFLT => 'csrf',
112 ApiBase::PARAM_ISMULTI => true,
113 ApiBase::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
114 ],
115 ];
116 }
117
118 protected function getExamplesMessages() {
119 return [
120 'action=query&meta=tokens'
121 => 'apihelp-query+tokens-example-simple',
122 'action=query&meta=tokens&type=watch|patrol'
123 => 'apihelp-query+tokens-example-types',
124 ];
125 }
126
127 public function isReadMode() {
128 // So login tokens can be fetched on private wikis
129 return false;
130 }
131
132 public function getCacheMode( $params ) {
133 return 'private';
134 }
135
136 public function getHelpUrls() {
137 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
138 }
139}
ApiBase\PARAM_TYPE
const PARAM_TYPE
Definition ApiBase.php:81
ApiBase\PARAM_DFLT
const PARAM_DFLT
Definition ApiBase.php:73
ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:628
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:764
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition ApiBase.php:1354
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:497
ApiBase\$hookContainer
HookContainer $hookContainer
Definition ApiBase.php:60
ApiBase\$hookRunner
ApiHookRunner $hookRunner
Definition ApiBase.php:63
ApiBase\PARAM_ISMULTI
const PARAM_ISMULTI
Definition ApiBase.php:77
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition ApiBase.php:559
ApiQueryBase
This is a base class for all Query modules.
Definition ApiQueryBase.php:37
ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition ApiQueryTokens.php:35
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition ApiQueryTokens.php:66
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition ApiQueryTokens.php:99
ApiQueryTokens\getCacheMode
getCacheMode( $params)
Get the cache mode for the data generated by this module.
Definition ApiQueryTokens.php:132
ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition ApiQueryTokens.php:136
ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition ApiQueryTokens.php:127
ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition ApiQueryTokens.php:108
ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiQueryTokens.php:118
ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiQueryTokens.php:37
MediaWiki\Api\ApiHookRunner
This class provides an implementation of the hook interfaces used by the core Action API,...
Definition ApiHookRunner.php:55
MediaWiki\Api\ApiHookRunner\onApiQueryTokensRegisterTypes
onApiQueryTokensRegisterTypes(&$salts)
Use this hook to add additional token types to action=query&meta=tokens.
Definition ApiHookRunner.php:230
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:190
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:69
User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition User.php:3690
MediaWiki
A helper class for throttling authentication attempts.