public function execute() { $user = $this->getUser(); $params = $this->extractRequestParams(); // If we're in JSON callback mode, no tokens can be obtained if ($this->lacksSameOriginSecurity()) { $this->dieUsage('Cannot obtain a centralauthtoken when using a callback', 'hascallback'); } if ($user->isAnon()) { $this->dieUsage('Anonymous users cannot obtain a centralauthtoken', 'notloggedin'); } if (CentralAuthHooks::hasApiToken()) { $this->dieUsage('Cannot obtain a centralauthtoken when using centralauthtoken', 'norecursion'); } $centralUser = CentralAuthUser::getInstance($user); if (!$centralUser->exists() || !$centralUser->isAttached()) { $this->dieUsage('Cannot obtain a centralauthtoken without an attached global account', 'notattached'); } $data = array('userName' => $user->getName(), 'token' => $centralUser->getAuthToken()); global $wgMemc; $loginToken = MWCryptRand::generateHex(32) . dechex($centralUser->getId()); $key = CentralAuthUser::memcKey('api-token', $loginToken); $wgMemc->add($key, $data, 60); $this->getResult()->addValue(null, $this->getModuleName(), array('centralauthtoken' => $loginToken)); }
/** * @static * @param $name * @param $value * @param $exp * @param bool $secure * true: Force setting the secure attribute when setting the cookie * false: Force NOT setting the secure attribute when setting the cookie * null (default): Use the default ($wgCookieSecure) to set the secure attribute * @param $prefix cookie prefix, or false to use $wgCentralAuthCookiePrefix * @throws Exception * @return void */ static function setCookie($name, $value, $exp = -1, $secure = null, $prefix = false) { global $wgCentralAuthCookiePrefix, $wgCentralAuthCookieDomain, $wgCookieExpiration, $wgCentralAuthCookiePath; if (CentralAuthHooks::hasApiToken()) { throw new Exception("Cannot set cookies when API 'centralauthtoken' parameter is given"); } self::setP3P(); if ($exp == -1) { $exp = time() + $wgCookieExpiration; } elseif ($exp == 0) { // Session cookie $exp = null; } elseif ($exp < 31600000.0) { // Relative expiry $exp += time(); } if ($prefix === false) { $prefix = $wgCentralAuthCookiePrefix; } RequestContext::getMain()->getRequest()->response()->setcookie($name, $value, $exp, array('prefix' => $prefix, 'path' => $wgCentralAuthCookiePath, 'domain' => $wgCentralAuthCookieDomain, 'secure' => $secure)); }