MediaWiki  master
ApiCheckToken.php
Go to the documentation of this file.
1 <?php
25 
30 class ApiCheckToken extends ApiBase {
31 
32  public function execute() {
33  $params = $this->extractRequestParams();
34  $token = $params['token'];
35  $maxage = $params['maxtokenage'];
37 
38  $res = [];
39 
40  $tokenObj = ApiQueryTokens::getToken(
41  $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
42  );
43 
44  if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) {
45  $this->addWarning( 'apiwarn-checktoken-percentencoding' );
46  }
47 
48  if ( $tokenObj->match( $token, $maxage ) ) {
49  $res['result'] = 'valid';
50  } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
51  $res['result'] = 'expired';
52  } else {
53  $res['result'] = 'invalid';
54  }
55 
56  $ts = Token::getTimestamp( $token );
57  if ( $ts !== null ) {
58  $mwts = new MWTimestamp();
59  $mwts->timestamp->setTimestamp( $ts );
60  $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );
61  }
62 
63  $this->getResult()->addValue( null, $this->getModuleName(), $res );
64  }
65 
66  public function getAllowedParams() {
67  return [
68  'type' => [
69  ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),
70  ParamValidator::PARAM_REQUIRED => true,
71  ],
72  'token' => [
73  ParamValidator::PARAM_TYPE => 'string',
74  ParamValidator::PARAM_REQUIRED => true,
75  ParamValidator::PARAM_SENSITIVE => true,
76  ],
77  'maxtokenage' => [
78  ParamValidator::PARAM_TYPE => 'integer',
79  ],
80  ];
81  }
82 
83  protected function getExamplesMessages() {
84  return [
85  'action=checktoken&type=csrf&token=123ABC'
86  => 'apihelp-checktoken-example-simple',
87  ];
88  }
89 }
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:56
getResult()
Get the result object.
Definition: ApiBase.php:629
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:765
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1376
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:498
getExamplesMessages()
Returns usage examples for this module.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Library for creating and parsing MW-style timestamps.
Definition: MWTimestamp.php:39
Value object representing a CSRF token.
Definition: Token.php:32
Service for formatting and validating API parameters.