MediaWiki  master
ApiTokens.php
Go to the documentation of this file.
1 <?php
27 class ApiTokens extends ApiBase {
28 
29  public function execute() {
30  $this->addDeprecation(
31  [ 'apiwarn-deprecation-withreplacement', 'action=tokens', 'action=query&meta=tokens' ],
32  'action=tokens'
33  );
34 
35  $params = $this->extractRequestParams();
36  $res = [
37  ApiResult::META_TYPE => 'assoc',
38  ];
39 
40  $types = $this->getTokenTypes();
41  foreach ( $params['type'] as $type ) {
42  $val = call_user_func( $types[$type], null, null );
43 
44  if ( $val === false ) {
45  $this->addWarning( [ 'apiwarn-tokennotallowed', $type ] );
46  } else {
47  $res[$type . 'token'] = $val;
48  }
49  }
50 
51  $this->getResult()->addValue( null, $this->getModuleName(), $res );
52  }
53 
54  private function getTokenTypes() {
55  // If we're in a mode that breaks the same-origin policy, no tokens can
56  // be obtained
57  if ( $this->lacksSameOriginSecurity() ) {
58  return [];
59  }
60 
61  static $types = null;
62  if ( $types ) {
63  return $types;
64  }
65  $types = [ 'patrol' => [ ApiQueryRecentChanges::class, 'getPatrolToken' ] ];
66  $names = [ 'edit', 'delete', 'protect', 'move', 'block', 'unblock',
67  'email', 'import', 'watch', 'options' ];
68  foreach ( $names as $name ) {
69  $types[$name] = [ ApiQueryInfo::class, 'get' . ucfirst( $name ) . 'Token' ];
70  }
71  Hooks::run( 'ApiTokensGetTokenTypes', [ &$types ] );
72 
73  // For forwards-compat, copy any token types from ApiQueryTokens that
74  // we don't already have something for.
75  $user = $this->getUser();
76  $request = $this->getRequest();
77  foreach ( ApiQueryTokens::getTokenTypeSalts() as $name => $salt ) {
78  if ( !isset( $types[$name] ) ) {
79  $types[$name] = function () use ( $salt, $user, $request ) {
80  return ApiQueryTokens::getToken( $user, $request->getSession(), $salt )->toString();
81  };
82  }
83  }
84 
85  ksort( $types );
86 
87  return $types;
88  }
89 
90  public function isDeprecated() {
91  return true;
92  }
93 
94  public function getAllowedParams() {
95  return [
96  'type' => [
97  ApiBase::PARAM_DFLT => 'edit',
98  ApiBase::PARAM_ISMULTI => true,
99  ApiBase::PARAM_TYPE => array_keys( $this->getTokenTypes() ),
100  ],
101  ];
102  }
103 
104  protected function getExamplesMessages() {
105  return [
106  'action=tokens'
107  => 'apihelp-tokens-example-edit',
108  'action=tokens&type=email|move'
109  => 'apihelp-tokens-example-emailmove',
110  ];
111  }
112 }
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below...
Definition: ApiBase.php:94
getResult()
Get the result object.
Definition: ApiBase.php:640
addDeprecation( $msg, $feature, $data=[])
Add a deprecation warning for this module.
Definition: ApiBase.php:1939
const PARAM_DFLT
(null|boolean|integer|string) Default value of the parameter.
Definition: ApiBase.php:55
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:568
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user...
Definition: ApiBase.php:761
const META_TYPE
Key for the &#39;type&#39; metadata item.
Definition: ApiResult.php:110
getTokenTypes()
Definition: ApiTokens.php:54
isDeprecated()
Definition: ApiTokens.php:90
getExamplesMessages()
Definition: ApiTokens.php:104
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:520
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1925
const PARAM_ISMULTI
(boolean) Accept multiple pipe-separated values for this parameter (e.g.
Definition: ApiBase.php:58
This abstract class implements many basic API functions, and is the base of all API classes...
Definition: ApiBase.php:42
getAllowedParams()
Definition: ApiTokens.php:94
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:200