OAuth/src/Setup.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

<?php

namespace MediaWiki\Extensions\OAuth;

use MediaWiki\Extensions\OAuth\Backend\Utils;

/**
 * Class containing hooked functions for an OAuth environment
 */
class Setup {
	const TTL_REFRESH_WINDOW = 600; // refresh if expiring in 10 minutes

	/**
	 * Prevent CentralAuth from issuing centralauthtokens if we have
	 * OAuth headers in this request.
	 * @return bool
	 */
	public static function onCentralAuthAbortCentralAuthToken() {
		$request = \RequestContext::getMain()->getRequest();
		return !self::isOAuthRequest( $request );
	}

	/**
	 * Prevent redirects to canonical titles, since that's not what the OAuth
	 * request signed.
	 * @param \WebRequest $request
	 * @param \Title $title
	 * @param \OutputPage $output
	 * @return bool
	 */
	public static function onTestCanonicalRedirect( $request, $title, $output ) {
		return !self::isOAuthRequest( $request );
	}

	protected static function isOAuthRequest( $request ) {
		if ( Utils::hasOAuthHeaders( $request ) ) {
			return true;
		}
		return ResourceServer::isOAuth2Request( $request );
	}
}