Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Wikimate::token() to remember CSRF token (fixes #115) #122

Merged
merged 2 commits into from
Aug 25, 2021
Merged

Update Wikimate::token() to remember CSRF token (fixes #115) #122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d782d4a
Add CSRF token and store/return it in token() method
Xymph Aug 24, 2021
2a8a803
Change token() error value to null; add changelog entry
Xymph Aug 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ Since v0.10.0 this project adheres to [Semantic Versioning](http://semver.org/)

### Upcoming version

#### Changed

* Updated `Wikimate::token()` to remember CSRF token and reduce API calls ([#122])

#### Fixed

* Fixed format of user agent string ([#121])
Expand Down Expand Up @@ -141,3 +145,4 @@ Since v0.10.0 this project adheres to [Semantic Versioning](http://semver.org/)
[#114]: https://github.com/hamstar/Wikimate/pull/114
[#118]: https://github.com/hamstar/Wikimate/pull/118
[#121]: https://github.com/hamstar/Wikimate/pull/121
[#122]: https://github.com/hamstar/Wikimate/pull/122
37 changes: 28 additions & 9 deletions Wikimate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,15 @@ class Wikimate
*/
protected $maxretries = -1;

/**
* Stored CSRF token for API requests
*
* @var string|null
* @link https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens
* @link https://www.mediawiki.org/wiki/Special:MyLanguage/API:Edit#Additional_notes
*/
private $csrf_token = null;

/**
* Creates a new Wikimate object.
*
Expand Down Expand Up @@ -229,22 +238,30 @@ private function request($data, $headers = array(), $post = false)

/**
* Obtains a wiki token for logging in or data-modifying actions.
*
* If a CSRF (default) token is requested, it is stored and returned
* upon further such requests, instead of making another API call.
* For now this method, in Wikimate tradition, is kept simple and supports
* only the two token types needed elsewhere in the library. It also
* doesn't support the option to request multiple tokens at once.
* See {@see https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens}
* for more information.
*
* @param string $type The token type
* @return string The requested token
* @return mixed The requested token (string), or null if error
waldyrious marked this conversation as resolved.
Show resolved Hide resolved
*/
protected function token($type = self::TOKEN_DEFAULT)
{
// Check for supported token types
if ($type != self::TOKEN_DEFAULT && $type != self::TOKEN_LOGIN) {
$this->error = array();
$this->error['token'] = 'The API does not support the token type';
return false;
return null;
}

// Check for existing CSRF token for this login session
if ($type == self::TOKEN_DEFAULT && $this->csrf_token !== null) {
return $this->csrf_token;
}

$details = array(
Expand All @@ -260,15 +277,15 @@ protected function token($type = self::TOKEN_DEFAULT)
if (strpos($response->body, "This is an auto-generated MediaWiki API documentation page") !== false) {
$this->error = array();
$this->error['token'] = 'The API could not understand the token request';
return false;
return null;
}

$tokenResult = json_decode($response->body, true);
// Check if we got a JSON result
if ($tokenResult === null) {
$this->error = array();
$this->error['token'] = 'The API did not return the token response';
return false;
return null;
}

if ($this->debugMode) {
Expand All @@ -281,7 +298,9 @@ protected function token($type = self::TOKEN_DEFAULT)
if ($type == self::TOKEN_LOGIN) {
return $tokenResult['query']['tokens']['logintoken'];
} else {
return $tokenResult['query']['tokens']['csrftoken'];
// Store CSRF token for this login session
$this->csrf_token = $tokenResult['query']['tokens']['csrftoken'];
return $this->csrf_token;
}
}

Expand All @@ -297,7 +316,7 @@ protected function token($type = self::TOKEN_DEFAULT)
public function login($username, $password, $domain = null)
{
// Obtain login token first
if (($logintoken = $this->token(self::TOKEN_LOGIN)) === false) {
if (($logintoken = $this->token(self::TOKEN_LOGIN)) === null) {
return false;
}

Expand Down Expand Up @@ -557,7 +576,7 @@ public function parse($array)
public function edit($array)
{
// Obtain default token first
if (($edittoken = $this->token()) === false) {
if (($edittoken = $this->token()) === null) {
return false;
}

Expand Down Expand Up @@ -591,7 +610,7 @@ public function edit($array)
public function delete($array)
{
// Obtain default token first
if (($deletetoken = $this->token()) === false) {
if (($deletetoken = $this->token()) === null) {
return false;
}

Expand Down Expand Up @@ -648,7 +667,7 @@ public function download($url)
public function upload($array)
{
// Obtain default token first
if (($uploadtoken = $this->token()) === false) {
if (($uploadtoken = $this->token()) === null) {
return false;
}

Expand Down