MediaWiki  master
ApiCheckToken.php
Go to the documentation of this file.
1 <?php
23 use MediaWiki\Session\Token;
24 use MediaWiki\Utils\MWTimestamp;
25 use Wikimedia\ParamValidator\ParamValidator;
26 
31 class ApiCheckToken extends ApiBase {
32 
33  public function execute() {
34  $params = $this->extractRequestParams();
35  $token = $params['token'];
36  $maxage = $params['maxtokenage'];
37  $salts = ApiQueryTokens::getTokenTypeSalts();
38 
39  $res = [];
40 
41  $tokenObj = ApiQueryTokens::getToken(
42  $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
43  );
44 
45  if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) {
46  $this->addWarning( 'apiwarn-checktoken-percentencoding' );
47  }
48 
49  if ( $tokenObj->match( $token, $maxage ) ) {
50  $res['result'] = 'valid';
51  } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
52  $res['result'] = 'expired';
53  } else {
54  $res['result'] = 'invalid';
55  }
56 
57  $ts = Token::getTimestamp( $token );
58  if ( $ts !== null ) {
59  $mwts = new MWTimestamp();
60  $mwts->timestamp->setTimestamp( $ts );
61  $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );
62  }
63 
64  $this->getResult()->addValue( null, $this->getModuleName(), $res );
65  }
66 
67  public function getAllowedParams() {
68  return [
69  'type' => [
70  ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),
71  ParamValidator::PARAM_REQUIRED => true,
72  ],
73  'token' => [
74  ParamValidator::PARAM_TYPE => 'string',
75  ParamValidator::PARAM_REQUIRED => true,
76  ParamValidator::PARAM_SENSITIVE => true,
77  ],
78  'maxtokenage' => [
79  ParamValidator::PARAM_TYPE => 'integer',
80  ],
81  ];
82  }
83 
84  protected function getExamplesMessages() {
85  return [
86  'action=checktoken&type=csrf&token=123ABC'
87  => 'apihelp-checktoken-example-simple',
88  ];
89  }
90 }
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:63
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:668
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:808
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1434
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:529
ApiCheckToken\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiCheckToken.php:84
ApiCheckToken\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiCheckToken.php:67
ApiCheckToken\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiCheckToken.php:33
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:77
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:110
MediaWiki\Session\Token
Value object representing a CSRF token.
Definition: Token.php:32
MediaWiki\Utils\MWTimestamp
Library for creating and parsing MW-style timestamps.
Definition: MWTimestamp.php:48
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition: ParamValidator.php:42