MediaWiki master
MediaWiki\Session\Token Class Reference

Value object representing a CSRF token. More...

Inherited by MediaWiki\User\LoggedOutEditToken.

Public Member Functions

 __construct ( $secret, $salt, $new=false)
 
 __toString ()
 
 match ( $userToken, $maxAge=null)
 Test if the token-string matches this token.
 
 toString ()
 Get the string representation of the token.
 
 wasNew ()
 Indicate whether this token was just created.
 

Static Public Member Functions

static getTimestamp ( $token)
 Decode the timestamp from a token string.
 

Public Attributes

const SUFFIX = '+\\'
 CSRF token suffix.
 

Protected Member Functions

 toStringAtTimestamp ( $timestamp)
 Get the string representation of the token at a timestamp.
 

Detailed Description

Value object representing a CSRF token.

Since
1.27

Definition at line 32 of file Token.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\Token::__construct (   $secret,
  $salt,
  $new = false 
)
Parameters
string$secretToken secret
string$saltToken salt
bool$newWhether the secret was newly-created

Definition at line 52 of file Token.php.

Member Function Documentation

◆ __toString()

MediaWiki\Session\Token::__toString ( )

Definition at line 99 of file Token.php.

References MediaWiki\Session\Token\toString().

◆ getTimestamp()

static MediaWiki\Session\Token::getTimestamp (   $token)
static

Decode the timestamp from a token string.

Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.

Parameters
string$token
Returns
int|null

Definition at line 67 of file Token.php.

◆ match()

MediaWiki\Session\Token::match (   $userToken,
  $maxAge = null 
)

Test if the token-string matches this token.

Parameters
string | null$userToken
int | null$maxAgeReturn false if $userToken is older than this many seconds
Returns
bool

Reimplemented in MediaWiki\User\LoggedOutEditToken.

Definition at line 109 of file Token.php.

References getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

◆ toString()

MediaWiki\Session\Token::toString ( )

Get the string representation of the token.

Returns
string

Definition at line 95 of file Token.php.

References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

Referenced by MediaWiki\Session\Token\__toString().

◆ toStringAtTimestamp()

MediaWiki\Session\Token::toStringAtTimestamp (   $timestamp)
protected

Get the string representation of the token at a timestamp.

Parameters
int$timestamp
Returns
string

Reimplemented in MediaWiki\User\LoggedOutEditToken.

Definition at line 85 of file Token.php.

References MediaWiki\Session\Token\SUFFIX.

Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().

◆ wasNew()

MediaWiki\Session\Token::wasNew ( )

Indicate whether this token was just created.

Returns
bool

Definition at line 130 of file Token.php.

Member Data Documentation

◆ SUFFIX

const MediaWiki\Session\Token::SUFFIX = '+\\'

CSRF token suffix.

Plus and terminal backslash are included to stop editing from certain broken proxies.

Definition at line 36 of file Token.php.

Referenced by MediaWiki\User\LoggedOutEditToken\match(), MediaWiki\Session\Token\toStringAtTimestamp(), and MediaWiki\User\LoggedOutEditToken\toStringAtTimestamp().


The documentation for this class was generated from the following file: