requirePostedParameters( [ 'totp', 'token' ] ); $params = $this->extractRequestParams(); if ( $params['user'] === null ) { $params['user'] = $this->getUser()->getName(); } if ( !$this->getUser()->isAllowed( 'oathauth-api-all' ) ) { $this->dieUsage( 'You do not have permission to validate an OATH token', 'permissiondenied' ); } $user = User::newFromName( $params['user'] ); if ( $user === false ) { $this->dieUsageMsg( [ 'noname', $params['user'] ] ); } // Don't increase pingLimiter, just check for limit exceeded. if ( $user->pingLimiter( 'badoath', 0 ) ) { $this->dieUsageMsg( 'actionthrottledtext' ); } $result = [ ApiResult::META_BC_BOOLS => [ 'enabled', 'valid' ], 'enabled' => false, 'valid' => false, ]; if ( !$user->isAnon() ) { $oathUser = OATHAuthHooks::getOATHUserRepository() ->findByUser( $user ); if ( $oathUser ) { $key = $oathUser->getKey(); if ( $key !== null ) { $result['enabled'] = true; $result['valid'] = $key->verifyToken( $params['totp'], $oathUser ) !== false; } } } $this->getResult()->addValue( null, $this->getModuleName(), $result ); } public function getCacheMode( $params ) { return 'private'; } public function isInternal() { return true; } public function needsToken() { return 'csrf'; } public function getAllowedParams() { return [ 'user' => [ ApiBase::PARAM_TYPE => 'user', ], 'totp' => [ ApiBase::PARAM_TYPE => 'string', ApiBase::PARAM_REQUIRED => true, ], ]; } protected function getExamplesMessages() { return [ 'action=oathvalidate&totp=123456&token=123ABC' => 'apihelp-oath-example-1', 'action=oathvalidate&user=Example&totp=123456&token=123ABC' => 'apihelp-oath-example-2', ]; } }