MediaWiki  master
MediaWiki\Session\Token Class Reference

Value object representing a CSRF token. More...

Inheritance diagram for MediaWiki\Session\Token:
Collaboration diagram for MediaWiki\Session\Token:

Public Member Functions

 __construct ( $secret, $salt, $new=false)
 
 __toString ()
 
 match ( $userToken, $maxAge=null)
 Test if the token-string matches this token. More...
 
 toString ()
 Get the string representation of the token. More...
 
 wasNew ()
 Indicate whether this token was just created. More...
 

Static Public Member Functions

static getTimestamp ( $token)
 Decode the timestamp from a token string. More...
 

Public Attributes

const SUFFIX = '+\\'
 CSRF token suffix. More...
 

Protected Member Functions

 toStringAtTimestamp ( $timestamp)
 Get the string representation of the token at a timestamp. More...
 

Private Attributes

bool $new = false
 
string $salt = ''
 
string $secret = ''
 

Detailed Description

Value object representing a CSRF token.

Since
1.27

Definition at line 32 of file Token.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\Token::__construct (   $secret,
  $salt,
  $new = false 
)
Parameters
string$secretToken secret
string$saltToken salt
bool$newWhether the secret was newly-created

Definition at line 51 of file Token.php.

References MediaWiki\Session\Token\$new, MediaWiki\Session\Token\$salt, and MediaWiki\Session\Token\$secret.

Member Function Documentation

◆ __toString()

MediaWiki\Session\Token::__toString ( )

Definition at line 98 of file Token.php.

References MediaWiki\Session\Token\toString().

◆ getTimestamp()

static MediaWiki\Session\Token::getTimestamp (   $token)
static

Decode the timestamp from a token string.

Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.

Parameters
string$token
Returns
int|null

Definition at line 66 of file Token.php.

References null.

Referenced by MediaWiki\Session\TokenTest\testGetTimestamp().

◆ match()

MediaWiki\Session\Token::match (   $userToken,
  $maxAge = null 
)

Test if the token-string matches this token.

Parameters
string$userToken
int | null$maxAgeReturn false if $userToken is older than this many seconds
Returns
bool

Definition at line 108 of file Token.php.

References null, MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

◆ toString()

MediaWiki\Session\Token::toString ( )

Get the string representation of the token.

Returns
string

Definition at line 94 of file Token.php.

References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().

Referenced by MediaWiki\Session\Token\__toString().

◆ toStringAtTimestamp()

MediaWiki\Session\Token::toStringAtTimestamp (   $timestamp)
protected

Get the string representation of the token at a timestamp.

Parameters
int$timestamp
Returns
string

Definition at line 84 of file Token.php.

Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().

◆ wasNew()

MediaWiki\Session\Token::wasNew ( )

Indicate whether this token was just created.

Returns
bool

Definition at line 126 of file Token.php.

References MediaWiki\Session\Token\$new.

Member Data Documentation

◆ $new

bool MediaWiki\Session\Token::$new = false
private

◆ $salt

string MediaWiki\Session\Token::$salt = ''
private

Definition at line 41 of file Token.php.

Referenced by MediaWiki\Session\Token\__construct().

◆ $secret

string MediaWiki\Session\Token::$secret = ''
private

Definition at line 38 of file Token.php.

Referenced by MediaWiki\Session\Token\__construct().

◆ SUFFIX

const MediaWiki\Session\Token::SUFFIX = '+\\'

CSRF token suffix.

Plus and terminal backslash are included to stop editing from certain broken proxies.

Definition at line 35 of file Token.php.


The documentation for this class was generated from the following file: