Merge pull request #122 from Xymph/122-store-csrf-token

Update Wikimate::token() to remember CSRF token (fixes #115)
hamstar · Aug 25, 2021 · 4b8652b · 4b8652b
2 parents 5acedf8 + 2a8a803
commit 4b8652b
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@ Since v0.10.0 this project adheres to [Semantic Versioning](http://semver.org/)
 
 ### Upcoming version
 
+#### Changed
+
+* Updated `Wikimate::token()` to remember CSRF token and reduce API calls ([#122])
+
 #### Fixed
 
 * Fixed format of user agent string ([#121])
@@ -141,3 +145,4 @@ Since v0.10.0 this project adheres to [Semantic Versioning](http://semver.org/)
 [#114]: https://github.com/hamstar/Wikimate/pull/114
 [#118]: https://github.com/hamstar/Wikimate/pull/118
 [#121]: https://github.com/hamstar/Wikimate/pull/121
+[#122]: https://github.com/hamstar/Wikimate/pull/122
diff --git a/Wikimate.php b/Wikimate.php
@@ -121,6 +121,15 @@ class Wikimate
 	 */
 	protected $maxretries = -1;
 
+	/**
+	 * Stored CSRF token for API requests
+	 *
+	 * @var string|null
+	 * @link https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens
+	 * @link https://www.mediawiki.org/wiki/Special:MyLanguage/API:Edit#Additional_notes
+	 */
+	private $csrf_token = null;
+
 	/**
 	 * Creates a new Wikimate object.
 	 *
@@ -229,22 +238,30 @@ private function request($data, $headers = array(), $post = false)
 
 	/**
 	 * Obtains a wiki token for logging in or data-modifying actions.
+	 *
+	 * If a CSRF (default) token is requested, it is stored and returned
+	 * upon further such requests, instead of making another API call.
 	 * For now this method, in Wikimate tradition, is kept simple and supports
 	 * only the two token types needed elsewhere in the library.  It also
 	 * doesn't support the option to request multiple tokens at once.
 	 * See {@see https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens}
 	 * for more information.
 	 *
 	 * @param   string  $type  The token type
-	 * @return  string         The requested token
+	 * @return  mixed          The requested token (string), or null if error
 	 */
 	protected function token($type = self::TOKEN_DEFAULT)
 	{
 		// Check for supported token types
 		if ($type != self::TOKEN_DEFAULT && $type != self::TOKEN_LOGIN) {
 			$this->error = array();
 			$this->error['token'] = 'The API does not support the token type';
-			return false;
+			return null;
+		}
+
+		// Check for existing CSRF token for this login session
+		if ($type == self::TOKEN_DEFAULT && $this->csrf_token !== null) {
+			return $this->csrf_token;
 		}
 
 		$details = array(
@@ -260,15 +277,15 @@ protected function token($type = self::TOKEN_DEFAULT)
 		if (strpos($response->body, "This is an auto-generated MediaWiki API documentation page") !== false) {
 			$this->error = array();
 			$this->error['token'] = 'The API could not understand the token request';
-			return false;
+			return null;
 		}
 
 		$tokenResult = json_decode($response->body, true);
 		// Check if we got a JSON result
 		if ($tokenResult === null) {
 			$this->error = array();
 			$this->error['token'] = 'The API did not return the token response';
-			return false;
+			return null;
 		}
 
 		if ($this->debugMode) {
@@ -281,7 +298,9 @@ protected function token($type = self::TOKEN_DEFAULT)
 		if ($type == self::TOKEN_LOGIN) {
 			return $tokenResult['query']['tokens']['logintoken'];
 		} else {
-			return $tokenResult['query']['tokens']['csrftoken'];
+			// Store CSRF token for this login session
+			$this->csrf_token = $tokenResult['query']['tokens']['csrftoken'];
+			return $this->csrf_token;
 		}
 	}
 
@@ -297,7 +316,7 @@ protected function token($type = self::TOKEN_DEFAULT)
 	public function login($username, $password, $domain = null)
 	{
 		// Obtain login token first
-		if (($logintoken = $this->token(self::TOKEN_LOGIN)) === false) {
+		if (($logintoken = $this->token(self::TOKEN_LOGIN)) === null) {
 			return false;
 		}
 
@@ -557,7 +576,7 @@ public function parse($array)
 	public function edit($array)
 	{
 		// Obtain default token first
-		if (($edittoken = $this->token()) === false) {
+		if (($edittoken = $this->token()) === null) {
 			return false;
 		}
 
@@ -591,7 +610,7 @@ public function edit($array)
 	public function delete($array)
 	{
 		// Obtain default token first
-		if (($deletetoken = $this->token()) === false) {
+		if (($deletetoken = $this->token()) === null) {
 			return false;
 		}
 
@@ -648,7 +667,7 @@ public function download($url)
 	public function upload($array)
 	{
 		// Obtain default token first
-		if (($uploadtoken = $this->token()) === false) {
+		if (($uploadtoken = $this->token()) === null) {
 			return false;
 		}