MediaWiki REL1_41
ApiCheckToken.php
Go to the documentation of this file.
1<?php
26
31class ApiCheckToken extends ApiBase {
32
33 public function execute() {
34 $params = $this->extractRequestParams();
35 $token = $params['token'];
36 $maxage = $params['maxtokenage'];
38
39 $res = [];
40
41 $tokenObj = ApiQueryTokens::getToken(
42 $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
43 );
44
45 if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) {
46 $this->addWarning( 'apiwarn-checktoken-percentencoding' );
47 }
48
49 if ( $tokenObj->match( $token, $maxage ) ) {
50 $res['result'] = 'valid';
51 } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
52 $res['result'] = 'expired';
53 } else {
54 $res['result'] = 'invalid';
55 }
56
57 $ts = Token::getTimestamp( $token );
58 if ( $ts !== null ) {
59 $mwts = new MWTimestamp();
60 $mwts->timestamp->setTimestamp( $ts );
61 $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );
62 }
63
64 $this->getResult()->addValue( null, $this->getModuleName(), $res );
65 }
66
67 public function getAllowedParams() {
68 return [
69 'type' => [
70 ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),
71 ParamValidator::PARAM_REQUIRED => true,
72 ],
73 'token' => [
74 ParamValidator::PARAM_TYPE => 'string',
75 ParamValidator::PARAM_REQUIRED => true,
76 ParamValidator::PARAM_SENSITIVE => true,
77 ],
78 'maxtokenage' => [
79 ParamValidator::PARAM_TYPE => 'integer',
80 ],
81 ];
82 }
83
84 protected function getExamplesMessages() {
85 return [
86 'action=checktoken&type=csrf&token=123ABC'
87 => 'apihelp-checktoken-example-simple',
88 ];
89 }
90}
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:62
getResult()
Get the result object.
Definition ApiBase.php:667
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:807
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition ApiBase.php:1433
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:528
getExamplesMessages()
Returns usage examples for this module.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Value object representing a CSRF token.
Definition Token.php:32
Library for creating and parsing MW-style timestamps.
Service for formatting and validating API parameters.