master/php/ApiCheckToken_8php_source.html

<?php

namespace MediaWiki\Api;


use MediaWiki\Session\Token;

use MediaWiki\Utils\MWTimestamp;

use Wikimedia\ParamValidator\ParamValidator;


class ApiCheckToken extends ApiBase {


    public function execute() {

        $params = $this->extractRequestParams();

        $token = $params['token'];

        $maxage = $params['maxtokenage'];

        $salts = ApiQueryTokens::getTokenTypeSalts();


        $res = [];


        $tokenObj = ApiQueryTokens::getToken(

            $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]

        );


        if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) {

            $this->addWarning( 'apiwarn-checktoken-percentencoding' );

        }


        if ( $tokenObj->match( $token, $maxage ) ) {

            $res['result'] = 'valid';

        } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {

            $res['result'] = 'expired';

        } else {

            $res['result'] = 'invalid';

        }


        $ts = Token::getTimestamp( $token );

        if ( $ts !== null ) {

            $mwts = new MWTimestamp();

            $mwts->timestamp->setTimestamp( $ts );

            $res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );

        }


        $this->getResult()->addValue( null, $this->getModuleName(), $res );

    }


    public function getAllowedParams() {

        return [

            'type' => [

                ParamValidator::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),

                ParamValidator::PARAM_REQUIRED => true,

            ],

            'token' => [

                ParamValidator::PARAM_TYPE => 'string',

                ParamValidator::PARAM_REQUIRED => true,

                ParamValidator::PARAM_SENSITIVE => true,

            ],

            'maxtokenage' => [

                ParamValidator::PARAM_TYPE => 'integer',

            ],

        ];

    }


    protected function getExamplesMessages() {

        return [

            'action=checktoken&type=csrf&token=123ABC'

                => 'apihelp-checktoken-example-simple',

        ];

    }


    public function getHelpUrls() {

        return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Checktoken';

    }


}


class_alias( ApiCheckToken::class, 'ApiCheckToken' );

MediaWiki\Api\ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:75

MediaWiki\Api\ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:557

MediaWiki\Api\ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:696

MediaWiki\Api\ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition ApiBase.php:1440

MediaWiki\Api\ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:837

MediaWiki\Api\ApiCheckToken
Definition ApiCheckToken.php:33

MediaWiki\Api\ApiCheckToken\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition ApiCheckToken.php:69

MediaWiki\Api\ApiCheckToken\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition ApiCheckToken.php:93

MediaWiki\Api\ApiCheckToken\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiCheckToken.php:35

MediaWiki\Api\ApiCheckToken\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition ApiCheckToken.php:86

MediaWiki\Api\ApiQueryTokens\getToken
static getToken(User $user, \MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition ApiQueryTokens.php:111

MediaWiki\Api\ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition ApiQueryTokens.php:78

MediaWiki\Session\Token
Value object representing a CSRF token.
Definition Token.php:34

MediaWiki\Session\Token\SUFFIX
const SUFFIX
CSRF token suffix.
Definition Token.php:38

MediaWiki\Session\Token\getTimestamp
static getTimestamp( $token)
Decode the timestamp from a token string.
Definition Token.php:69

MediaWiki\Utils\MWTimestamp
Library for creating and parsing MW-style timestamps.
Definition MWTimestamp.php:48

Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42

MediaWiki\Api
Definition ApiAcquireTempUserName.php:22

MediaWiki\Api\getUser
getUser()

MediaWiki\Api\getRequest
getRequest()