MediaWiki  master
TokenAwareHandlerTrait.php File Reference

Go to the source code of this file.

Functions

 MediaWiki\Rest::getBadTokenMessage ()
 Returns a standard error message to use when the given CSRF token is invalid. More...
 
 MediaWiki\Rest::getSession ()
 
 MediaWiki\Rest::getToken ()
 Determines the CSRF token to be used, possibly taking it from a request parameter. More...
 
 MediaWiki\Rest::getTokenParamDefinition ()
 Returns the definition for the token parameter, to be used in getBodyValidator(). More...
 
 MediaWiki\Rest::validateToken (bool $allowAnonymousToken=false)
 Checks that the given CSRF token is valid (or the used authentication method does not require CSRF). More...
 

Variables

trait MediaWiki\Rest::TokenAwareHandlerTrait
 

Function Documentation

◆ getBadTokenMessage()

MediaWiki\Rest\getBadTokenMessage ( )
protected

Returns a standard error message to use when the given CSRF token is invalid.

In the future, this trait may also provide a method for checking the token.

Returns
MessageValue

Definition at line 70 of file TokenAwareHandlerTrait.php.

References MediaWiki\Rest\getBadTokenMessage().

Referenced by MediaWiki\Rest\getBadTokenMessage().

◆ getSession()

MediaWiki\Rest\getSession ( )
abstract

◆ getToken()

MediaWiki\Rest\getToken ( )
protected

Determines the CSRF token to be used, possibly taking it from a request parameter.

Returns an empty string if the request isn't known to be safe and no token was supplied by the client. Returns null if the session provider is safe against CSRF (and thus no token is needed)

Returns
string|null

Definition at line 51 of file TokenAwareHandlerTrait.php.

References MediaWiki\Rest\getToken().

Referenced by MediaWiki\Rest\Handler\CreationHandler\getActionModuleParameters(), MediaWiki\Rest\Handler\UpdateHandler\getActionModuleParameters(), and MediaWiki\Rest\getToken().

◆ getTokenParamDefinition()

MediaWiki\Rest\getTokenParamDefinition ( )
protected

Returns the definition for the token parameter, to be used in getBodyValidator().

Returns
array[]

Definition at line 30 of file TokenAwareHandlerTrait.php.

References MediaWiki\Rest\getTokenParamDefinition().

Referenced by MediaWiki\Rest\Handler\CreationHandler\getBodyValidator(), MediaWiki\Rest\Handler\UpdateHandler\getBodyValidator(), and MediaWiki\Rest\getTokenParamDefinition().

◆ validateToken()

MediaWiki\Rest\validateToken ( bool  $allowAnonymousToken = false)
protected

Checks that the given CSRF token is valid (or the used authentication method does not require CSRF).

Note that this method only supports the 'csrf' token type. The body validator must return an array and include the 'token' field (see getTokenParamDefinition()).

Parameters
bool$allowAnonymousTokenAllow anonymous users to pass the check by submitting an empty token. (This matches how e.g. anonymous editing works on the action API and web.)
Returns
void
Exceptions
LocalizedHttpException

Definition at line 84 of file TokenAwareHandlerTrait.php.

References MediaWiki\Rest\getSession(), and MediaWiki\Rest\validateToken().

Referenced by MediaWiki\Rest\validateToken().

Variable Documentation

◆ TokenAwareHandlerTrait

trait MediaWiki::Rest\TokenAwareHandlerTrait
Initial value:
{
abstract public function getValidatedBody()

Definition at line 20 of file TokenAwareHandlerTrait.php.