From: Sam Reed Date: Mon, 15 Feb 2010 23:53:43 +0000 (+0000) Subject: Refactor requiresToken to getTokenSalt - Returns salt if exists, null if no salt... X-Git-Tag: 1.31.0-rc.0~37736 X-Git-Url: http://git.cyclocoop.org/%27.parametre_url%28%20%20%20generer_action_auteur%28%27charger_plugin%27%2C%20%27update_flux%27%29%2C%27update_flux%27%2C%20%27oui%27%29.%27?a=commitdiff_plain;h=0e8b0b41ac5b2364d25e4a722456a213463e8291;p=lhc%2Fweb%2Fwiklou.git Refactor requiresToken to getTokenSalt - Returns salt if exists, null if no salt, else false if no token required Move sessionfailure (token validation checking) up a couple of levels Part of bug 21991 Followup to r62482 and r62504 --- diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index a3033fb684..e62e9f9481 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -970,10 +970,10 @@ abstract class ApiBase { } /** - * Indicates whether this module needs a token to preform the request + * Returns the token salt if there is one, null if the module doesn't require a salt, else false if the module doesn't need a token * @returns bool */ - public function requiresToken() { + public function getTokenSalt() { return false; } @@ -997,7 +997,7 @@ abstract class ApiBase { $ret[] = array ( 'writedisabled' ); } - if ( $this->requiresToken() ) { + if ( $this->getTokenSalt() != false ) { $ret[] = array( 'missingparam', 'token' ); } diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php index f2b41feb0f..27895aa183 100644 --- a/includes/api/ApiBlock.php +++ b/includes/api/ApiBlock.php @@ -61,8 +61,6 @@ class ApiBlock extends ApiBase { if ( is_null( $params['user'] ) ) $this->dieUsageMsg( array( 'missingparam', 'user' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); if ( !$wgUser->isAllowed( 'block' ) ) $this->dieUsageMsg( array( 'cantblock' ) ); if ( $params['hidename'] && !$wgUser->isAllowed( 'hideuser' ) ) @@ -161,15 +159,14 @@ class ApiBlock extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'user' ), - array( 'sessionfailure' ), array( 'cantblock' ), array( 'canthide' ), array( 'cantblock-email' ), ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiDelete.php b/includes/api/ApiDelete.php index e4686cf3eb..89ee8312e4 100644 --- a/includes/api/ApiDelete.php +++ b/includes/api/ApiDelete.php @@ -47,7 +47,8 @@ class ApiDelete extends ApiBase { * result object. */ public function execute() { - global $wgUser; + global $wgUser; + $params = $this->extractRequestParams(); $this->requireOnlyOneParameter( $params, 'title', 'pageid' ); @@ -78,7 +79,7 @@ class ApiDelete extends ApiBase { if ( count( $retval ) ) $this->dieUsageMsg( reset( $retval ) ); // We don't care about multiple errors, just report one of them - + if ( $params['watch'] || $wgUser->getOption( 'watchdeletion' ) ) $articleObj->doWatch(); else if ( $params['unwatch'] ) @@ -95,10 +96,7 @@ class ApiDelete extends ApiBase { // Check permissions $errors = $title->getUserPermissionsErrors( 'delete', $wgUser ); if ( count( $errors ) > 0 ) return $errors; - - // Check token - if ( !$wgUser->matchEditToken( $token ) ) - return array( array( 'sessionfailure' ) ); + return array(); } @@ -219,8 +217,8 @@ class ApiDelete extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index 3eb414123f..5c434d330c 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -53,9 +53,6 @@ class ApiEditPage extends ApiBase { $params['undo'] == 0 ) $this->dieUsageMsg( array( 'missingtext' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); - $titleObj = Title::newFromText( $params['title'] ); if ( !$titleObj || $titleObj->isExternal() ) $this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) ); @@ -347,7 +344,6 @@ class ApiEditPage extends ApiBase { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'title' ), array( 'missingtext' ), - array( 'sessionfailure' ), array( 'invalidtitle', 'title' ), array( 'createonly-exists' ), array( 'nocreate-missing' ), @@ -463,8 +459,8 @@ class ApiEditPage extends ApiBase { ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiEmailUser.php b/includes/api/ApiEmailUser.php index b93b77fb7a..1a735b7306 100644 --- a/includes/api/ApiEmailUser.php +++ b/includes/api/ApiEmailUser.php @@ -112,8 +112,8 @@ class ApiEmailUser extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiImport.php b/includes/api/ApiImport.php index a68a103168..163f2eb7a1 100644 --- a/includes/api/ApiImport.php +++ b/includes/api/ApiImport.php @@ -44,8 +44,6 @@ class ApiImport extends ApiBase { if ( !$wgUser->isAllowed( 'import' ) ) $this->dieUsageMsg( array( 'cantimport' ) ); $params = $this->extractRequestParams(); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); $source = null; $isUpload = false; @@ -144,7 +142,6 @@ class ApiImport extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'cantimport' ), - array( 'sessionfailure' ), array( 'missingparam', 'interwikipage' ), array( 'cantimport-upload' ), array( 'import-unknownerror', 'source' ), @@ -152,8 +149,8 @@ class ApiImport extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 3a2602e673..0686fe540e 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -400,7 +400,7 @@ class ApiMain extends ApiBase { $this->getResult()->addValue( null, 'requestid', $requestid ); $params = $this->extractRequestParams(); - + $this->mShowVersions = $params['version']; $this->mAction = $params['action']; @@ -412,9 +412,22 @@ class ApiMain extends ApiBase { $module = new $this->mModules[$this->mAction] ( $this, $this->mAction ); $this->mModule = $module; + $moduleParams = $module->extractRequestParams(); + //Die if token required, but not provided (unless there is a gettoken parameter) - if ( $module->requiresToken() && !isset( $params['token'] ) && isset( $params['gettoken'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); + $salt = $module->getTokenSalt(); + if ( $salt != false ) + { + if ( !isset( $moduleParams['token'] ) && !isset( $moduleParams['gettoken'] ) ) { + $this->dieUsageMsg( array( 'missingparam', 'token' ) ); + } else { + global $wgUser; + if ( ( $salt != null /*&& !$wgUser->matchEditToken( $moduleParams['token'], $salt )*/ ) + /*|| !$wgUser->matchEditToken( $moduleParams['token'] )*/ ) { + $this->dieUsageMsg( array( 'sessionfailure' ) ); + } + } + } if ( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) { // Check for maxlag diff --git a/includes/api/ApiMove.php b/includes/api/ApiMove.php index 0f1e31cd35..66bf71bdda 100644 --- a/includes/api/ApiMove.php +++ b/includes/api/ApiMove.php @@ -46,8 +46,6 @@ class ApiMove extends ApiBase { $this->requireOnlyOneParameter( $params, 'from', 'fromid' ); if ( !isset( $params['to'] ) ) $this->dieUsageMsg( array( 'missingparam', 'to' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); if ( isset( $params['from'] ) ) { @@ -213,7 +211,6 @@ class ApiMove extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'to' ), - array( 'sessionfailure' ), array( 'invalidtitle', 'from' ), array( 'nosuchpageid', 'fromid' ), array( 'notanarticle' ), @@ -222,8 +219,8 @@ class ApiMove extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiPatrol.php b/includes/api/ApiPatrol.php index 101bed12b4..f42523be08 100644 --- a/includes/api/ApiPatrol.php +++ b/includes/api/ApiPatrol.php @@ -41,13 +41,10 @@ class ApiPatrol extends ApiBase { * Patrols the article or provides the reason the patrol failed. */ public function execute() { - global $wgUser; $params = $this->extractRequestParams(); if ( !isset( $params['rcid'] ) ) $this->dieUsageMsg( array( 'missingparam', 'rcid' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); $rc = RecentChange::newFromID( $params['rcid'] ); if ( !$rc instanceof RecentChange ) @@ -91,13 +88,12 @@ class ApiPatrol extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'rcid' ), - array( 'sessionfailure' ), array( 'nosuchrcid', 'rcid' ), ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiProtect.php b/includes/api/ApiProtect.php index a417dace1f..a1aff82661 100644 --- a/includes/api/ApiProtect.php +++ b/includes/api/ApiProtect.php @@ -46,9 +46,6 @@ class ApiProtect extends ApiBase { if ( empty( $params['protections'] ) ) $this->dieUsageMsg( array( 'missingparam', 'protections' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); - $titleObj = Title::newFromText( $params['title'] ); if ( !$titleObj ) $this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) ); @@ -176,7 +173,6 @@ class ApiProtect extends ApiBase { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'title' ), array( 'missingparam', 'protections' ), - array( 'sessionfailure' ), array( 'invalidtitle', 'title' ), array( 'toofewexpiries', 'noofexpiries', 'noofprotections' ), array( 'create-titleexists' ), @@ -188,8 +184,8 @@ class ApiProtect extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiRollback.php b/includes/api/ApiRollback.php index 4245289ba6..d09800c7ba 100644 --- a/includes/api/ApiRollback.php +++ b/includes/api/ApiRollback.php @@ -122,8 +122,8 @@ class ApiRollback extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php index 595dcc7b2d..9fe7ac9867 100644 --- a/includes/api/ApiUnblock.php +++ b/includes/api/ApiUnblock.php @@ -57,8 +57,7 @@ class ApiUnblock extends ApiBase { $this->dieUsageMsg( array( 'unblock-notarget' ) ); if ( !is_null( $params['id'] ) && !is_null( $params['user'] ) ) $this->dieUsageMsg( array( 'unblock-idanduser' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); + if ( !$wgUser->isAllowed( 'block' ) ) $this->dieUsageMsg( array( 'cantunblock' ) ); @@ -113,13 +112,12 @@ class ApiUnblock extends ApiBase { return array_merge( parent::getPossibleErrors(), array( array( 'unblock-notarget' ), array( 'unblock-idanduser' ), - array( 'sessionfailure' ), array( 'cantunblock' ), ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php index 828d60b009..41ee00dadd 100644 --- a/includes/api/ApiUndelete.php +++ b/includes/api/ApiUndelete.php @@ -50,9 +50,6 @@ class ApiUndelete extends ApiBase { if ( $wgUser->isBlocked() ) $this->dieUsageMsg( array( 'blockedtext' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); - $titleObj = Title::newFromText( $params['title'] ); if ( !$titleObj ) $this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) ); @@ -123,14 +120,13 @@ class ApiUndelete extends ApiBase { array( 'missingparam', 'title' ), array( 'permdenied-undelete' ), array( 'blockedtext' ), - array( 'sessionfailure' ), array( 'invalidtitle', 'title' ), array( 'cannotundelete' ), ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php index 41742a9ea0..0995326df2 100644 --- a/includes/api/ApiUpload.php +++ b/includes/api/ApiUpload.php @@ -47,10 +47,6 @@ class ApiUpload extends ApiBase { $this->mParams = $this->extractRequestParams(); $request = $this->getMain()->getRequest(); - // Do token checks: - if ( !$wgUser->matchEditToken( $this->mParams['token'] ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); - // Add the uploaded file to the params array $this->mParams['file'] = $request->getFileName( 'file' ); @@ -328,7 +324,6 @@ class ApiUpload extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'uploaddisabled' ), - array( 'sessionfailure' ), array( 'invalid-session-key' ), array( 'uploaddisabled' ), array( 'badaccess-groups' ), @@ -347,8 +342,8 @@ class ApiUpload extends ApiBase { ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + return null; } protected function getExamples() { diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php index 6117c8cc4f..bf44976379 100644 --- a/includes/api/ApiUserrights.php +++ b/includes/api/ApiUserrights.php @@ -37,19 +37,11 @@ class ApiUserrights extends ApiBase { } public function execute() { - global $wgUser; $params = $this->extractRequestParams(); - if ( is_null( $params['user'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'user' ) ); - + + //User already validated in call to getTokenSalt from Main $form = new UserrightsPage; $user = $form->fetchUser( $params['user'] ); - if ( $user instanceof WikiErrorMsg ) - $this->dieUsageMsg( array_merge( - (array)$user->getMessageKey(), $user->getMessageArgs() ) ); - - if ( !$wgUser->matchEditToken( $params['token'], $user->getName() ) ) - $this->dieUsageMsg( array( 'sessionfailure' ) ); $r['user'] = $user->getName(); list( $r['added'], $r['removed'] ) = @@ -107,12 +99,21 @@ class ApiUserrights extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'user' ), - array( 'sessionfailure' ), ) ); } - public function requiresToken() { - return true; + public function getTokenSalt() { + $params = $this->extractRequestParams(); + if ( is_null( $params['user'] ) ) + $this->dieUsageMsg( array( 'missingparam', 'user' ) ); + + $form = new UserrightsPage; + $user = $form->fetchUser( $params['user'] ); + if ( $user instanceof WikiErrorMsg ) + $this->dieUsageMsg( array_merge( + (array)$user->getMessageKey(), $user->getMessageArgs() ) ); + + return $user->getName(); } protected function getExamples() {