MediaWiki master
|
Namespaces | |
namespace | BasicAccess |
namespace | Handler |
Copyright (C) 2011-2020 Wikimedia Foundation and others. | |
namespace | HeaderParser |
namespace | Hook |
namespace | Module |
namespace | PathTemplateMatcher |
namespace | Reporter |
namespace | Validator |
Classes | |
class | ConditionalHeaderUtil |
interface | CopyableStreamInterface |
An interface for a stream with a copyToStream() function. More... | |
class | CorsUtils |
class | EntryPoint |
class | Handler |
Base class for REST route handlers. More... | |
class | HeaderContainer |
This is a container for storing headers. More... | |
class | HttpException |
This is the base exception class for non-fatal exceptions thrown from REST handlers. More... | |
class | JsonEncodingException |
class | LocalizedHttpException |
class | RedirectException |
This is an exception class that extends HttpException and will generate a redirect when handled. More... | |
class | RequestBase |
Shared code between RequestData and RequestFromGlobals. More... | |
class | RequestData |
This is a Request class that allows data to be injected, for the purposes of testing or internal requests. More... | |
class | RequestFromGlobals |
This is a request class that gets data directly from the superglobals and other global PHP state, notably php://input. More... | |
interface | RequestInterface |
A request interface similar to PSR-7's ServerRequestInterface. More... | |
class | Response |
class | ResponseException |
This is an exception class that wraps a Response and extends HttpException. More... | |
class | ResponseFactory |
Generates standardized response objects. More... | |
interface | ResponseInterface |
An interface similar to PSR-7's ResponseInterface, the primary difference being that it is mutable. More... | |
class | RouteDefinitionException |
class | Router |
The REST router is responsible for gathering module configuration, matching an input path against the defined modules, and constructing and executing the relevant module for a request. More... | |
class | SimpleHandler |
class | Stream |
class | StringStream |
A stream class which uses a string as the underlying storage. More... | |
Functions | |
getBadTokenMessage () | |
Returns a standard error message to use when the given CSRF token is invalid. | |
getSession () | |
getToken () | |
Determines the CSRF token to be used, possibly taking it from a request parameter. | |
getTokenParamDefinition () | |
Returns the definition for the token parameter, to be used in getBodyValidator(). | |
needsToken () | |
Determines whether a CSRF token is needed. | |
validateToken (bool $allowAnonymousToken=false) | |
Checks that the given CSRF token is valid (or the used authentication method does not require CSRF). | |
Variables | |
trait | TokenAwareHandlerTrait |
|
protected |
Returns a standard error message to use when the given CSRF token is invalid.
In the future, this trait may also provide a method for checking the token.
Definition at line 82 of file TokenAwareHandlerTrait.php.
|
abstract |
|
protected |
Determines the CSRF token to be used, possibly taking it from a request parameter.
Returns an empty string if the request isn't known to be safe and no token was supplied by the client. Returns null if the session provider is safe against CSRF (and thus no token is needed)
Definition at line 51 of file TokenAwareHandlerTrait.php.
Referenced by MediaWiki\Rest\Handler\CreationHandler\getActionModuleParameters(), and MediaWiki\Rest\Handler\UpdateHandler\getActionModuleParameters().
|
protected |
Returns the definition for the token parameter, to be used in getBodyValidator().
Definition at line 30 of file TokenAwareHandlerTrait.php.
|
protected |
Determines whether a CSRF token is needed.
Returns false if the request has been authenticated in a way that protects against CSRF, such as OAuth.
Definition at line 72 of file TokenAwareHandlerTrait.php.
Referenced by MediaWiki\Rest\Handler\CreationHandler\getActionModuleParameters(), and MediaWiki\Rest\Handler\UpdateHandler\getActionModuleParameters().
|
protected |
Checks that the given CSRF token is valid (or the used authentication method does not require CSRF).
Note that this method only supports the 'csrf' token type. The body validator must return an array and include the 'token' field (see getTokenParamDefinition()).
bool | $allowAnonymousToken | Allow anonymous users to pass the check by submitting an empty token. (This matches how e.g. anonymous editing works on the action API and web.) |
LocalizedHttpException |
Definition at line 96 of file TokenAwareHandlerTrait.php.
Referenced by MediaWiki\Rest\Handler\EditHandler\validate().
trait MediaWiki::Rest\TokenAwareHandlerTrait |
Definition at line 20 of file TokenAwareHandlerTrait.php.