dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added warning for improper ending of a token
[lhc/web/wiklou.git] / resources / src / mediawiki / api.js
1 ( function ( mw, $ ) {
2
3 /**
4 * @class mw.Api
5 */
6
7 /**
8 * @property {Object} defaultOptions Default options for #ajax calls. Can be overridden by passing
9 * `options` to mw.Api constructor.
10 * @property {Object} defaultOptions.parameters Default query parameters for API requests.
11 * @property {Object} defaultOptions.ajax Default options for jQuery#ajax.
12 * @property {boolean} defaultOptions.useUS Whether to use U+001F when joining multi-valued
13 * parameters (since 1.28). Default is true if ajax.url is not set, false otherwise for
14 * compatibility.
15 * @private
16 */
17 var defaultOptions = {
18 parameters: {
19 action: 'query',
20 format: 'json'
21 },
22 ajax: {
23 url: mw.util.wikiScript( 'api' ),
24 timeout: 30 * 1000, // 30 seconds
25 dataType: 'json'
26 }
27 },
28
29 // Keyed by ajax url and symbolic name for the individual request
30 promises = {};
31
32 function mapLegacyToken( action ) {
33 // Legacy types for backward-compatibility with API action=tokens.
34 var csrfActions = [
35 'edit',
36 'delete',
37 'protect',
38 'move',
39 'block',
40 'unblock',
41 'email',
42 'import',
43 'options'
44 ];
45 if ( $.inArray( action, csrfActions ) !== -1 ) {
46 mw.track( 'mw.deprecate', 'apitoken_' + action );
47 mw.log.warn( 'Use of the "' + action + '" token is deprecated. Use "csrf" instead.' );
48 return 'csrf';
49 }
50 return action;
51 }
52
53 // Pre-populate with fake ajax promises to save http requests for tokens
54 // we already have on the page via the user.tokens module (bug 34733).
55 promises[ defaultOptions.ajax.url ] = {};
56 $.each( mw.user.tokens.get(), function ( key, value ) {
57 // This requires #getToken to use the same key as user.tokens.
58 // Format: token-type + "Token" (eg. csrfToken, patrolToken, watchToken).
59 promises[ defaultOptions.ajax.url ][ key ] = $.Deferred()
60 .resolve( value )
61 .promise( { abort: function () {} } );
62 } );
63
64 /**
65 * Constructor to create an object to interact with the API of a particular MediaWiki server.
66 * mw.Api objects represent the API of a particular MediaWiki server.
67 *
68 * var api = new mw.Api();
69 * api.get( {
70 * action: 'query',
71 * meta: 'userinfo'
72 * } ).done( function ( data ) {
73 * console.log( data );
74 * } );
75 *
76 * Since MW 1.25, multiple values for a parameter can be specified using an array:
77 *
78 * var api = new mw.Api();
79 * api.get( {
80 * action: 'query',
81 * meta: [ 'userinfo', 'siteinfo' ] // same effect as 'userinfo|siteinfo'
82 * } ).done( function ( data ) {
83 * console.log( data );
84 * } );
85 *
86 * Since MW 1.26, boolean values for a parameter can be specified directly. If the value is
87 * `false` or `undefined`, the parameter will be omitted from the request, as required by the API.
88 *
89 * @constructor
90 * @param {Object} [options] See #defaultOptions documentation above. Can also be overridden for
91 * each individual request by passing them to #get or #post (or directly #ajax) later on.
92 */
93 mw.Api = function ( options ) {
94 options = options || {};
95
96 // Force a string if we got a mw.Uri object
97 if ( options.ajax && options.ajax.url !== undefined ) {
98 options.ajax.url = String( options.ajax.url );
99 }
100
101 options = $.extend( { useUS: !options.ajax || !options.ajax.url }, options );
102
103 options.parameters = $.extend( {}, defaultOptions.parameters, options.parameters );
104 options.ajax = $.extend( {}, defaultOptions.ajax, options.ajax );
105
106 this.defaults = options;
107 this.requests = [];
108 };
109
110 mw.Api.prototype = {
111 /**
112 * Abort all unfinished requests issued by this Api object.
113 *
114 * @method
115 */
116 abort: function () {
117 $.each( this.requests, function ( index, request ) {
118 if ( request ) {
119 request.abort();
120 }
121 } );
122 },
123
124 /**
125 * Perform API get request
126 *
127 * @param {Object} parameters
128 * @param {Object} [ajaxOptions]
129 * @return {jQuery.Promise}
130 */
131 get: function ( parameters, ajaxOptions ) {
132 ajaxOptions = ajaxOptions || {};
133 ajaxOptions.type = 'GET';
134 return this.ajax( parameters, ajaxOptions );
135 },
136
137 /**
138 * Perform API post request
139 *
140 * @param {Object} parameters
141 * @param {Object} [ajaxOptions]
142 * @return {jQuery.Promise}
143 */
144 post: function ( parameters, ajaxOptions ) {
145 ajaxOptions = ajaxOptions || {};
146 ajaxOptions.type = 'POST';
147 return this.ajax( parameters, ajaxOptions );
148 },
149
150 /**
151 * Massage parameters from the nice format we accept into a format suitable for the API.
152 *
153 * @private
154 * @param {Object} parameters (modified in-place)
155 * @param {boolean} useUS Whether to use U+001F when joining multi-valued parameters.
156 */
157 preprocessParameters: function ( parameters, useUS ) {
158 var key;
159 // Handle common MediaWiki API idioms for passing parameters
160 for ( key in parameters ) {
161 // Multiple values are pipe-separated
162 if ( $.isArray( parameters[ key ] ) ) {
163 if ( !useUS || parameters[ key ].join( '' ).indexOf( '|' ) === -1 ) {
164 parameters[ key ] = parameters[ key ].join( '|' );
165 } else {
166 parameters[ key ] = '\x1f' + parameters[ key ].join( '\x1f' );
167 }
168 }
169 // Boolean values are only false when not given at all
170 if ( parameters[ key ] === false || parameters[ key ] === undefined ) {
171 delete parameters[ key ];
172 }
173 }
174 },
175
176 /**
177 * Perform the API call.
178 *
179 * @param {Object} parameters
180 * @param {Object} [ajaxOptions]
181 * @return {jQuery.Promise} Done: API response data and the jqXHR object.
182 * Fail: Error code
183 */
184 ajax: function ( parameters, ajaxOptions ) {
185 var token, requestIndex,
186 api = this,
187 apiDeferred = $.Deferred(),
188 xhr, key, formData;
189
190 parameters = $.extend( {}, this.defaults.parameters, parameters );
191 ajaxOptions = $.extend( {}, this.defaults.ajax, ajaxOptions );
192
193 // Ensure that token parameter is last (per [[mw:API:Edit#Token]]).
194 if ( parameters.token ) {
195 token = parameters.token;
196 delete parameters.token;
197 }
198
199 this.preprocessParameters( parameters, this.defaults.useUS );
200
201 // If multipart/form-data has been requested and emulation is possible, emulate it
202 if (
203 ajaxOptions.type === 'POST' &&
204 window.FormData &&
205 ajaxOptions.contentType === 'multipart/form-data'
206 ) {
207
208 formData = new FormData();
209
210 for ( key in parameters ) {
211 formData.append( key, parameters[ key ] );
212 }
213 // If we extracted a token parameter, add it back in.
214 if ( token ) {
215 formData.append( 'token', token );
216 }
217
218 ajaxOptions.data = formData;
219
220 // Prevent jQuery from mangling our FormData object
221 ajaxOptions.processData = false;
222 // Prevent jQuery from overriding the Content-Type header
223 ajaxOptions.contentType = false;
224 } else {
225 // This works because jQuery accepts data as a query string or as an Object
226 ajaxOptions.data = $.param( parameters );
227 // If we extracted a token parameter, add it back in.
228 if ( token ) {
229 ajaxOptions.data += '&token=' + encodeURIComponent( token );
230 }
231
232 // Depending on server configuration, MediaWiki may forbid periods in URLs, due to an IE 6
233 // XSS bug. So let's escape them here. See WebRequest::checkUrlExtension() and T30235.
234 ajaxOptions.data = ajaxOptions.data.replace( /\./g, '%2E' );
235
236 if ( ajaxOptions.contentType === 'multipart/form-data' ) {
237 // We were asked to emulate but can't, so drop the Content-Type header, otherwise
238 // it'll be wrong and the server will fail to decode the POST body
239 delete ajaxOptions.contentType;
240 }
241 }
242
243 // Make the AJAX request
244 xhr = $.ajax( ajaxOptions )
245 // If AJAX fails, reject API call with error code 'http'
246 // and details in second argument.
247 .fail( function ( xhr, textStatus, exception ) {
248 apiDeferred.reject( 'http', {
249 xhr: xhr,
250 textStatus: textStatus,
251 exception: exception
252 } );
253 } )
254 // AJAX success just means "200 OK" response, also check API error codes
255 .done( function ( result, textStatus, jqXHR ) {
256 var code;
257 if ( result === undefined || result === null || result === '' ) {
258 apiDeferred.reject( 'ok-but-empty',
259 'OK response but empty result (check HTTP headers?)',
260 result,
261 jqXHR
262 );
263 } else if ( result.error ) {
264 code = result.error.code === undefined ? 'unknown' : result.error.code;
265 apiDeferred.reject( code, result, result, jqXHR );
266 } else {
267 apiDeferred.resolve( result, jqXHR );
268 }
269 } );
270
271 requestIndex = this.requests.length;
272 this.requests.push( xhr );
273 xhr.always( function () {
274 api.requests[ requestIndex ] = null;
275 } );
276 // Return the Promise
277 return apiDeferred.promise( { abort: xhr.abort } ).fail( function ( code, details ) {
278 if ( !( code === 'http' && details && details.textStatus === 'abort' ) ) {
279 mw.log( 'mw.Api error: ', code, details );
280 }
281 } );
282 },
283
284 /**
285 * Post to API with specified type of token. If we have no token, get one and try to post.
286 * If we have a cached token try using that, and if it fails, blank out the
287 * cached token and start over. For example to change an user option you could do:
288 *
289 * new mw.Api().postWithToken( 'csrf', {
290 * action: 'options',
291 * optionname: 'gender',
292 * optionvalue: 'female'
293 * } );
294 *
295 * @param {string} tokenType The name of the token, like options or edit.
296 * @param {Object} params API parameters
297 * @param {Object} [ajaxOptions]
298 * @return {jQuery.Promise} See #post
299 * @since 1.22
300 */
301 postWithToken: function ( tokenType, params, ajaxOptions ) {
302 var api = this,
303 abortedPromise = $.Deferred().reject( 'http',
304 { textStatus: 'abort', exception: 'abort' } ).promise(),
305 abortable,
306 aborted;
307
308 return api.getToken( tokenType, params.assert ).then( function ( token ) {
309 params.token = token;
310 // Request was aborted while token request was running, but we
311 // don't want to unnecessarily abort token requests, so abort
312 // a fake request instead
313 if ( aborted ) {
314 return abortedPromise;
315 }
316
317 return ( abortable = api.post( params, ajaxOptions ) ).then(
318 // If no error, return to caller as-is
319 null,
320 // Error handler
321 function ( code ) {
322 if ( code === 'badtoken' ) {
323 api.badToken( tokenType );
324 // Try again, once
325 params.token = undefined;
326 abortable = null;
327 return api.getToken( tokenType, params.assert ).then( function ( token ) {
328 params.token = token;
329 if ( aborted ) {
330 return abortedPromise;
331 }
332
333 return ( abortable = api.post( params, ajaxOptions ) );
334 } );
335 }
336
337 // Different error, pass on to let caller handle the error code
338 return this;
339 }
340 );
341 } ).promise( { abort: function () {
342 if ( abortable ) {
343 abortable.abort();
344 } else {
345 aborted = true;
346 }
347 } } );
348 },
349
350 /**
351 * Get a token for a certain action from the API.
352 *
353 * The assert parameter is only for internal use by #postWithToken.
354 *
355 * @since 1.22
356 * @param {string} type Token type
357 * @param {string} [assert]
358 * @return {jQuery.Promise} Received token.
359 */
360 getToken: function ( type, assert ) {
361 var apiPromise, promiseGroup, d;
362 type = mapLegacyToken( type );
363 promiseGroup = promises[ this.defaults.ajax.url ];
364 d = promiseGroup && promiseGroup[ type + 'Token' ];
365
366 if ( !d ) {
367 apiPromise = this.get( {
368 action: 'query',
369 meta: 'tokens',
370 type: type,
371 assert: assert
372 } );
373 d = apiPromise
374 .then( function ( res ) {
375 // If token type is unknown, it is omitted from the response
376 if ( !res.query.tokens[ type + 'token' ] ) {
377 return $.Deferred().reject( 'token-missing', res );
378 }
379
380 return res.query.tokens[ type + 'token' ];
381 }, function () {
382 // Clear promise. Do not cache errors.
383 delete promiseGroup[ type + 'Token' ];
384
385 // Pass on to allow the caller to handle the error
386 return this;
387 } )
388 // Attach abort handler
389 .promise( { abort: apiPromise.abort } );
390
391 // Store deferred now so that we can use it again even if it isn't ready yet
392 if ( !promiseGroup ) {
393 promiseGroup = promises[ this.defaults.ajax.url ] = {};
394 }
395 promiseGroup[ type + 'Token' ] = d;
396 }
397
398 return d;
399 },
400
401 /**
402 * Indicate that the cached token for a certain action of the API is bad.
403 *
404 * Call this if you get a 'badtoken' error when using the token returned by #getToken.
405 * You may also want to use #postWithToken instead, which invalidates bad cached tokens
406 * automatically.
407 *
408 * @param {string} type Token type
409 * @since 1.26
410 */
411 badToken: function ( type ) {
412 var promiseGroup = promises[ this.defaults.ajax.url ];
413
414 type = mapLegacyToken( type );
415 if ( promiseGroup ) {
416 delete promiseGroup[ type + 'Token' ];
417 }
418 }
419 };
420
421 /**
422 * @static
423 * @property {Array}
424 * List of errors we might receive from the API.
425 * For now, this just documents our expectation that there should be similar messages
426 * available.
427 */
428 mw.Api.errors = [
429 // occurs when POST aborted
430 // jQuery 1.4 can't distinguish abort or lost connection from 200 OK + empty result
431 'ok-but-empty',
432
433 // timeout
434 'timeout',
435
436 // really a warning, but we treat it like an error
437 'duplicate',
438 'duplicate-archive',
439
440 // upload succeeded, but no image info.
441 // this is probably impossible, but might as well check for it
442 'noimageinfo',
443 // remote errors, defined in API
444 'uploaddisabled',
445 'nomodule',
446 'mustbeposted',
447 'badaccess-groups',
448 'missingresult',
449 'missingparam',
450 'invalid-file-key',
451 'copyuploaddisabled',
452 'mustbeloggedin',
453 'empty-file',
454 'file-too-large',
455 'filetype-missing',
456 'filetype-banned',
457 'filetype-banned-type',
458 'filename-tooshort',
459 'illegal-filename',
460 'verification-error',
461 'hookaborted',
462 'unknown-error',
463 'internal-error',
464 'overwrite',
465 'badtoken',
466 'fetchfileerror',
467 'fileexists-shared-forbidden',
468 'invalidtitle',
469 'notloggedin',
470 'autoblocked',
471 'blocked',
472
473 // Stash-specific errors - expanded
474 'stashfailed',
475 'stasherror',
476 'stashedfilenotfound',
477 'stashpathinvalid',
478 'stashfilestorage',
479 'stashzerolength',
480 'stashnotloggedin',
481 'stashwrongowner',
482 'stashnosuchfilekey'
483 ];
484
485 /**
486 * @static
487 * @property {Array}
488 * List of warnings we might receive from the API.
489 * For now, this just documents our expectation that there should be similar messages
490 * available.
491 */
492 mw.Api.warnings = [
493 'duplicate',
494 'exists'
495 ];
496
497 }( mediaWiki, jQuery ) );
Wiklou, le Wiki du Wiklou