MediaWiki
master
|
Go to the source code of this file.
Functions | |
MediaWiki\Rest::getBadTokenMessage () | |
Returns a standard error message to use when the given CSRF token is invalid. More... | |
MediaWiki\Rest::getSession () | |
MediaWiki\Rest::getToken () | |
Determines the CSRF token to be used, possibly taking it from a request parameter. More... | |
MediaWiki\Rest::getTokenParamDefinition () | |
Returns the definition for the token parameter, to be used in getBodyValidator(). More... | |
MediaWiki\Rest::validateToken (bool $allowAnonymousToken=false) | |
Checks that the given CSRF token is valid (or the used authentication method does not require CSRF). More... | |
Variables | |
trait | MediaWiki\Rest::TokenAwareHandlerTrait |
|
protected |
Returns a standard error message to use when the given CSRF token is invalid.
In the future, this trait may also provide a method for checking the token.
Definition at line 70 of file TokenAwareHandlerTrait.php.
References MediaWiki\Rest\getBadTokenMessage().
Referenced by MediaWiki\Rest\getBadTokenMessage().
|
abstract |
References MediaWiki\Rest\getSession().
Referenced by MediaWiki\Rest\getSession(), and MediaWiki\Rest\validateToken().
|
protected |
Determines the CSRF token to be used, possibly taking it from a request parameter.
Returns an empty string if the request isn't known to be safe and no token was supplied by the client. Returns null if the session provider is safe against CSRF (and thus no token is needed)
Definition at line 51 of file TokenAwareHandlerTrait.php.
References MediaWiki\Rest\getToken().
Referenced by MediaWiki\Rest\Handler\CreationHandler\getActionModuleParameters(), MediaWiki\Rest\Handler\UpdateHandler\getActionModuleParameters(), and MediaWiki\Rest\getToken().
|
protected |
Returns the definition for the token parameter, to be used in getBodyValidator().
Definition at line 30 of file TokenAwareHandlerTrait.php.
References MediaWiki\Rest\getTokenParamDefinition().
Referenced by MediaWiki\Rest\Handler\CreationHandler\getBodyValidator(), MediaWiki\Rest\Handler\UpdateHandler\getBodyValidator(), and MediaWiki\Rest\getTokenParamDefinition().
|
protected |
Checks that the given CSRF token is valid (or the used authentication method does not require CSRF).
Note that this method only supports the 'csrf' token type. The body validator must return an array and include the 'token' field (see getTokenParamDefinition()).
bool | $allowAnonymousToken | Allow anonymous users to pass the check by submitting an empty token. (This matches how e.g. anonymous editing works on the action API and web.) |
LocalizedHttpException |
Definition at line 84 of file TokenAwareHandlerTrait.php.
References MediaWiki\Rest\getSession(), and MediaWiki\Rest\validateToken().
Referenced by MediaWiki\Rest\validateToken().
trait MediaWiki::Rest\TokenAwareHandlerTrait |
Definition at line 20 of file TokenAwareHandlerTrait.php.