-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVerifySession.php
63 lines (55 loc) · 1.59 KB
/
VerifySession.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
/*
Third party session verification
GPLv2+.
Code derived from MediaWiki (© Wikimedia).
*/
class ApiThirdPartySessionVerification extends ApiBase {
public function execute() {
$res = [];
$token = $this->extractRequestParams()['token'];
if($token) {
$this->verifyToken($token, $res);
} else {
$this->generateToken($res);
}
$this->getResult()->addValue( null, $this->getModuleName(), $res );
}
private function generateToken(&$res) {
$userID = $this->getUser()->getID();
if($userID == 0) {
$res['error'] = 'No user';
} else {
$salt = bin2hex(openssl_random_pseudo_bytes(10));
$time = time();
$hash = $this->generateHash($userID, $time, $salt);
$res['token'] = ($hash . '-' . $salt . '-' . $time . '-' . $userID);
}
}
private function verifyToken($token, &$res) {
[$hash, $salt, $time, $userID] = explode('-', $token);
if($hash == $this->generateHash($userID, $time, $salt)) {
$res['success'] = 1;
$res['userID'] = $userID;
$res['token_age_in_seconds'] = (time() - $time);
} else {
$res['error'] = 'Incorrect token';
}
}
private function generateHash($userID, $time, $salt) {
global $wgSecretKey, $wgAuthenticationTokenVersion;
$secret = $userID . $wgSecretKey . $wgAuthenticationTokenVersion . $time;
$iterations = 5000;
$hash = hash_pbkdf2( 'sha256', $secret, $salt, $iterations, 40, false );
return $hash;
}
public function getAllowedParams() {
return [
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => false,
ApiBase::PARAM_SENSITIVE => true,
],
];
}
}