+
+ // If the user doesn't have a token, return null to indicate that.
+ // Otherwise, hmac the version with the secret if we have a version.
+ if ( !$this->mToken ) {
+ return null;
+ } elseif ( $wgAuthenticationTokenVersion === null ) {
+ return $this->mToken;
+ } else {
+ $ret = MWCryptHash::hmac( $wgAuthenticationTokenVersion, $this->mToken, false );
+
+ // The raw hash can be overly long. Shorten it up.
+ $len = max( 32, self::TOKEN_LENGTH );
+ if ( strlen( $ret ) < $len ) {
+ // Should never happen, even md5 is 128 bits
+ throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' );
+ }
+ return substr( $ret, -$len );
+ }