diff options
| author | Brad Jorsch <bjorsch@wikimedia.org> | 2014-08-08 17:56:07 +0100 |
|---|---|---|
| committer | Brad Jorsch <bjorsch@wikimedia.org> | 2014-08-26 14:53:45 -0400 |
| commit | fdddf94570efc33fd06f16c72d41636a45cf203a (patch) | |
| tree | 92568e71339b40e72971a30bfb818422daddc13f /includes/api/ApiQueryInfo.php | |
| parent | b728d6920b05c8b667651f7e99d749496474f02b (diff) | |
| download | mediawikicore-fdddf94570efc33fd06f16c72d41636a45cf203a.tar.gz mediawikicore-fdddf94570efc33fd06f16c72d41636a45cf203a.zip | |
API: Overhaul token handling
The current token handling is a mess. This simplifies things greatly:
* *All* tokens are obtained from action=query&meta=tokens, rather than
being spread over action=tokens, action=query&prop=info,
action=query&prop=revisions, action=query&prop=recentchanges, and
action=query&prop=users. All these old methods are deprecated.
* Similarly, there is only one hook to register new token types. All old
hooks are deprecated.
* All tokens are cacheable.
* Most token types are dropped in favor of a 'csrf' token. They already
were returning the same token anyway.
* All token-using modules will document the required token type in a
standard manner in action=help and are documented in machine-readable
fashion in action=paraminfo.
Note this will require updates to all extensions using tokens.
Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
Diffstat (limited to 'includes/api/ApiQueryInfo.php')
| -rw-r--r-- | includes/api/ApiQueryInfo.php | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/includes/api/ApiQueryInfo.php b/includes/api/ApiQueryInfo.php index be1de9385b0b..3ac9c8ac1d4f 100644 --- a/includes/api/ApiQueryInfo.php +++ b/includes/api/ApiQueryInfo.php @@ -79,6 +79,7 @@ class ApiQueryInfo extends ApiQueryBase { * Get an array mapping token names to their handler functions. * The prototype for a token function is func($pageid, $title) * it should return a token or false (permission denied) + * @deprecated since 1.24 * @return array Array(tokenname => function) */ protected function getTokenFunctions() { @@ -110,10 +111,16 @@ class ApiQueryInfo extends ApiQueryBase { static protected $cachedTokens = array(); + /** + * @deprecated since 1.24 + */ public static function resetTokenCache() { ApiQueryInfo::$cachedTokens = array(); } + /** + * @deprecated since 1.24 + */ public static function getEditToken( $pageid, $title ) { // We could check for $title->userCan('edit') here, // but that's too expensive for this purpose @@ -131,6 +138,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['edit']; } + /** + * @deprecated since 1.24 + */ public static function getDeleteToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isAllowed( 'delete' ) ) { @@ -145,6 +155,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['delete']; } + /** + * @deprecated since 1.24 + */ public static function getProtectToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isAllowed( 'protect' ) ) { @@ -159,6 +172,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['protect']; } + /** + * @deprecated since 1.24 + */ public static function getMoveToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isAllowed( 'move' ) ) { @@ -173,6 +189,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['move']; } + /** + * @deprecated since 1.24 + */ public static function getBlockToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isAllowed( 'block' ) ) { @@ -187,11 +206,17 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['block']; } + /** + * @deprecated since 1.24 + */ public static function getUnblockToken( $pageid, $title ) { // Currently, this is exactly the same as the block token return self::getBlockToken( $pageid, $title ); } + /** + * @deprecated since 1.24 + */ public static function getEmailToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->canSendEmail() || $wgUser->isBlockedFromEmailUser() ) { @@ -206,6 +231,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['email']; } + /** + * @deprecated since 1.24 + */ public static function getImportToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isAllowedAny( 'import', 'importupload' ) ) { @@ -220,6 +248,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['import']; } + /** + * @deprecated since 1.24 + */ public static function getWatchToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isLoggedIn() ) { @@ -234,6 +265,9 @@ class ApiQueryInfo extends ApiQueryBase { return ApiQueryInfo::$cachedTokens['watch']; } + /** + * @deprecated since 1.24 + */ public static function getOptionsToken( $pageid, $title ) { global $wgUser; if ( !$wgUser->isLoggedIn() ) { @@ -784,6 +818,7 @@ class ApiQueryInfo extends ApiQueryBase { // need to be added to getCacheMode() ) ), 'token' => array( + ApiBase::PARAM_DEPRECATED => true, ApiBase::PARAM_DFLT => null, ApiBase::PARAM_ISMULTI => true, ApiBase::PARAM_TYPE => array_keys( $this->getTokenFunctions() ) |