[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Module to fetch tokens via action=query&meta=tokens
   4   *
   5   * Created on August 8, 2014
   6   *
   7   * Copyright © 2014 Brad Jorsch [email protected]
   8   *
   9   * This program is free software; you can redistribute it and/or modify
  10   * it under the terms of the GNU General Public License as published by
  11   * the Free Software Foundation; either version 2 of the License, or
  12   * (at your option) any later version.
  13   *
  14   * This program is distributed in the hope that it will be useful,
  15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17   * GNU General Public License for more details.
  18   *
  19   * You should have received a copy of the GNU General Public License along
  20   * with this program; if not, write to the Free Software Foundation, Inc.,
  21   * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  22   * http://www.gnu.org/copyleft/gpl.html
  23   *
  24   * @file
  25   * @since 1.24
  26   */
  27  
  28  /**
  29   * Module to fetch tokens via action=query&meta=tokens
  30   *
  31   * @ingroup API
  32   * @since 1.24
  33   */
  34  class ApiQueryTokens extends ApiQueryBase {
  35  
  36  	public function execute() {
  37          $params = $this->extractRequestParams();
  38          $res = array();
  39  
  40          if ( $this->getMain()->getRequest()->getVal( 'callback' ) !== null ) {
  41              $this->setWarning( 'Tokens may not be obtained when using a callback' );
  42              return;
  43          }
  44  
  45          $salts = self::getTokenTypeSalts();
  46          foreach ( $params['type'] as $type ) {
  47              $salt = $salts[$type];
  48              $val = $this->getUser()->getEditToken( $salt, $this->getRequest() );
  49              $res[$type . 'token'] = $val;
  50          }
  51  
  52          $this->getResult()->addValue( 'query', $this->getModuleName(), $res );
  53      }
  54  
  55  	public static function getTokenTypeSalts() {
  56          static $salts = null;
  57          if ( !$salts ) {
  58              wfProfileIn( __METHOD__ );
  59              $salts = array(
  60                  'csrf' => '',
  61                  'watch' => 'watch',
  62                  'patrol' => 'patrol',
  63                  'rollback' => 'rollback',
  64                  'userrights' => 'userrights',
  65              );
  66              wfRunHooks( 'ApiQueryTokensRegisterTypes', array( &$salts ) );
  67              ksort( $salts );
  68              wfProfileOut( __METHOD__ );
  69          }
  70  
  71          return $salts;
  72      }
  73  
  74  	public function getAllowedParams() {
  75          return array(
  76              'type' => array(
  77                  ApiBase::PARAM_DFLT => 'csrf',
  78                  ApiBase::PARAM_ISMULTI => true,
  79                  ApiBase::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
  80              ),
  81          );
  82      }
  83  
  84  	public function getParamDescription() {
  85          return array(
  86              'type' => 'Type of token(s) to request'
  87          );
  88      }
  89  
  90  	public function getDescription() {
  91          return 'Gets tokens for data-modifying actions.';
  92      }
  93  
  94  	protected function getExamples() {
  95          return array(
  96              'api.php?action=query&meta=tokens' => 'Retrieve a csrf token (the default)',
  97              'api.php?action=query&meta=tokens&type=watch|patrol' => 'Retrieve a watch token and a patrol token'
  98          );
  99      }
 100  
 101  	public function getCacheMode( $params ) {
 102          return 'private';
 103      }
 104  }