MediaWiki master
MediaWiki\Session\Token Class Reference

Value object representing a CSRF token. More...

Inherits Stringable.

Inherited by MediaWiki\User\LoggedOutEditToken.

Collaboration diagram for MediaWiki\Session\Token:

Public Member Functions

 __construct ( $secret, $salt, $new=false)
 
 __toString ()
 
 match ( $userToken, $maxAge=null)
 Test if the token-string matches this token.
 
 toString ()
 Get the string representation of the token.
 
 wasNew ()
 Indicate whether this token was just created.
 

Static Public Member Functions

static getTimestamp ( $token)
 Decode the timestamp from a token string.
 

Public Attributes

const SUFFIX = '+\\'
 CSRF token suffix.
 

Protected Member Functions

 toStringAtTimestamp ( $timestamp)
 Get the string representation of the token at a timestamp.
 

Detailed Description

Value object representing a CSRF token.

Since
1.27

Definition at line 34 of file Token.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\Token::__construct ( $secret,
$salt,
$new = false )
Parameters
string$secretToken secret
string$saltToken salt
bool$newWhether the secret was newly-created

Definition at line 54 of file Token.php.

Member Function Documentation

◆ __toString()

MediaWiki\Session\Token::__toString ( )

Definition at line 101 of file Token.php.

References MediaWiki\Session\Token\toString().

◆ getTimestamp()

static MediaWiki\Session\Token::getTimestamp ( $token)
static

Decode the timestamp from a token string.

Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.

Parameters
string$token
Returns
int|null

Definition at line 69 of file Token.php.

Referenced by MediaWiki\Api\ApiCheckToken\execute().

◆ match()

MediaWiki\Session\Token::match ( $userToken,
$maxAge = null )

Test if the token-string matches this token.

Parameters
string | null$userToken
int | null$maxAgeReturn false if $userToken is older than this many seconds
Returns
bool

Reimplemented in MediaWiki\User\LoggedOutEditToken.

Definition at line 111 of file Token.php.

References getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

◆ toString()

MediaWiki\Session\Token::toString ( )

Get the string representation of the token.

Returns
string

Definition at line 97 of file Token.php.

References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

Referenced by MediaWiki\Session\Token\__toString().

◆ toStringAtTimestamp()

MediaWiki\Session\Token::toStringAtTimestamp ( $timestamp)
protected

Get the string representation of the token at a timestamp.

Parameters
int$timestamp
Returns
string

Reimplemented in MediaWiki\User\LoggedOutEditToken.

Definition at line 87 of file Token.php.

References MediaWiki\Session\Token\SUFFIX.

Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().

◆ wasNew()

MediaWiki\Session\Token::wasNew ( )

Indicate whether this token was just created.

Returns
bool

Definition at line 132 of file Token.php.

Member Data Documentation

◆ SUFFIX

const MediaWiki\Session\Token::SUFFIX = '+\\'

CSRF token suffix.

Plus and terminal backslash are included to stop editing from certain broken proxies.

Definition at line 38 of file Token.php.

Referenced by MediaWiki\Api\ApiCheckToken\execute(), MediaWiki\User\LoggedOutEditToken\match(), MediaWiki\Session\Token\toStringAtTimestamp(), and MediaWiki\User\LoggedOutEditToken\toStringAtTimestamp().


The documentation for this class was generated from the following file: