MediaWiki master
Namespaces | Classes | Functions | Variables
MediaWiki\Rest Namespace Reference

Namespaces

namespace  BasicAccess
 
namespace  Handler
 Copyright (C) 2011-2020 Wikimedia Foundation and others.
 
namespace  HeaderParser
 
namespace  Hook
 
namespace  Module
 
namespace  PathTemplateMatcher
 
namespace  Reporter
 
namespace  Validator
 

Classes

class  ConditionalHeaderUtil
 
interface  CopyableStreamInterface
 An interface for a stream with a copyToStream() function. More...
 
class  CorsUtils
 
class  EntryPoint
 
class  Handler
 Base class for REST route handlers. More...
 
class  HeaderContainer
 This is a container for storing headers. More...
 
class  HttpException
 This is the base exception class for non-fatal exceptions thrown from REST handlers. More...
 
class  JsonEncodingException
 
class  LocalizedHttpException
 
class  RedirectException
 This is an exception class that extends HttpException and will generate a redirect when handled. More...
 
class  RequestBase
 Shared code between RequestData and RequestFromGlobals. More...
 
class  RequestData
 This is a Request class that allows data to be injected, for the purposes of testing or internal requests. More...
 
class  RequestFromGlobals
 This is a request class that gets data directly from the superglobals and other global PHP state, notably php://input. More...
 
interface  RequestInterface
 A request interface similar to PSR-7's ServerRequestInterface. More...
 
class  Response
 
class  ResponseException
 This is an exception class that wraps a Response and extends HttpException. More...
 
class  ResponseFactory
 Generates standardized response objects. More...
 
interface  ResponseInterface
 An interface similar to PSR-7's ResponseInterface, the primary difference being that it is mutable. More...
 
class  RouteDefinitionException
 
class  Router
 The REST router is responsible for gathering module configuration, matching an input path against the defined modules, and constructing and executing the relevant module for a request. More...
 
class  SimpleHandler
 
class  Stream
 
class  StringStream
 A stream class which uses a string as the underlying storage. More...
 

Functions

 getBadTokenMessage ()
 Returns a standard error message to use when the given CSRF token is invalid.
 
 getSession ()
 
 getToken ()
 Determines the CSRF token to be used, possibly taking it from a request parameter.
 
 getTokenParamDefinition ()
 Returns the definition for the token parameter, to be used in getBodyValidator().
 
 needsToken ()
 Determines whether a CSRF token is needed.
 
 validateToken (bool $allowAnonymousToken=false)
 Checks that the given CSRF token is valid (or the used authentication method does not require CSRF).
 

Variables

trait TokenAwareHandlerTrait
 

Function Documentation

◆ getBadTokenMessage()

MediaWiki\Rest\getBadTokenMessage ( )
protected

Returns a standard error message to use when the given CSRF token is invalid.

In the future, this trait may also provide a method for checking the token.

Returns
MessageValue

Definition at line 82 of file TokenAwareHandlerTrait.php.

◆ getSession()

MediaWiki\Rest\getSession ( )
abstract

◆ getToken()

MediaWiki\Rest\getToken ( )
protected

Determines the CSRF token to be used, possibly taking it from a request parameter.

Returns an empty string if the request isn't known to be safe and no token was supplied by the client. Returns null if the session provider is safe against CSRF (and thus no token is needed)

Returns
string|null

Definition at line 51 of file TokenAwareHandlerTrait.php.

Referenced by MediaWiki\Rest\Handler\CreationHandler\getActionModuleParameters(), and MediaWiki\Rest\Handler\UpdateHandler\getActionModuleParameters().

◆ getTokenParamDefinition()

MediaWiki\Rest\getTokenParamDefinition ( )
protected

Returns the definition for the token parameter, to be used in getBodyValidator().

Returns
array[]

Definition at line 30 of file TokenAwareHandlerTrait.php.

◆ needsToken()

MediaWiki\Rest\needsToken ( )
protected

Determines whether a CSRF token is needed.

Returns false if the request has been authenticated in a way that protects against CSRF, such as OAuth.

Returns
bool

Definition at line 72 of file TokenAwareHandlerTrait.php.

Referenced by MediaWiki\Rest\Handler\CreationHandler\getActionModuleParameters(), and MediaWiki\Rest\Handler\UpdateHandler\getActionModuleParameters().

◆ validateToken()

MediaWiki\Rest\validateToken ( bool $allowAnonymousToken = false)
protected

Checks that the given CSRF token is valid (or the used authentication method does not require CSRF).

Note that this method only supports the 'csrf' token type. The body validator must return an array and include the 'token' field (see getTokenParamDefinition()).

Parameters
bool$allowAnonymousTokenAllow anonymous users to pass the check by submitting an empty token. (This matches how e.g. anonymous editing works on the action API and web.)
Returns
void
Exceptions
LocalizedHttpException

Definition at line 96 of file TokenAwareHandlerTrait.php.

Referenced by MediaWiki\Rest\Handler\EditHandler\validate().

Variable Documentation

◆ TokenAwareHandlerTrait

trait MediaWiki::Rest\TokenAwareHandlerTrait
Initial value:
{
abstract public function getValidatedBody()

Definition at line 20 of file TokenAwareHandlerTrait.php.