Created page with "fdsfds" |
No edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
===Name=== | |||
API | |||
===Type=== | |||
FlexFormOpen (Available since 2.7.1) | |||
===Synopsis=== | |||
Open FlexForm API endpoint for lightweight validation actions. | |||
===Description=== | |||
The '''FlexFormOpen''' API provides limited, publicly accessible FlexForm functionality intended for frontend validation use cases. It does not require readapi-rights. | |||
Currently, the available actions are: | |||
* '''canUserBeCreated''' – Checks whether a username can be created. | |||
This API is especially useful when implementing [[DevOps:Doc/FlexForm/2.0/CreateUser|CreateUser]] forms. | |||
When paired with JavaScript, it allows real-time username validation (e.g., checking whether a username already exists or is invalid) before form submission. | |||
For security reasons, this API is '''disabled by default'''. | |||
To enable it, set the following configuration option: | |||
<syntaxhighlight lang="php"> | |||
$wgFlexFormConfig['allowFlexFormOpenAPI'] = true; | |||
</syntaxhighlight> | |||
===Parameters=== | |||
'''ffAction''' – The FlexFormOpen action to execute. | |||
* '''canUserBeCreated''' (required) | |||
'''additionalData''' – Additional data required for the action. | |||
* For '''canUserBeCreated''', this must contain the username to validate. (required) | |||
===Action: canUserBeCreated=== | |||
Checks whether a username: | |||
* Does not already exist | |||
* Meets MediaWiki username validation requirements | |||
* Can safely be created | |||
This action does not create the user. It only performs validation. | |||
===Example (JavaScript)=== | |||
Example using MediaWiki's mw.Api(): | |||
<syntaxhighlight lang="javascript"> | |||
var api = new mw.Api(); | |||
api.get({ | |||
action: "FlexFormOpen", | |||
ffAction: "canUserBeCreated", | |||
additionalData: correctedUsername, | |||
formatversion: 2 | |||
}).done(function (data) { | |||
if (data.canUser === true) { | |||
console.log("Username can be created."); | |||
} else { | |||
console.log("Username cannot be created."); | |||
} | |||
}); | |||
</syntaxhighlight> | |||
If the API is disabled via configuration (or default): | |||
<syntaxhighlight lang="json"> | |||
{ | |||
"error": { | |||
"message": "FlexFormOpen API is disabled." | |||
} | |||
} | |||
</syntaxhighlight> | |||
===Security Considerations=== | |||
Because this API does not require authentication, it is disabled by default. | |||
It is strongly recommended to: | |||
* Only enable it when necessary | |||
* Implement frontend throttling or rate limiting if heavy usage is expected | |||
* Avoid exposing sensitive validation logic | |||
===Future Improvements=== | |||
In future versions, an optional attribute may be introduced on FlexForm input fields that automatically performs username validation without requiring custom JavaScript. | |||
| ws-base-props | |||
|---|---|---|---|
| Line 1: | Line 1: | ||
{{Base properties | |||
|Title=FlexFormOpen | |||
|Class=Doc | |||
}} | |||
| ws-class-props | |||
| Line 1: | Line 1: | ||
{{Csp class properties | |||
|Doc subject=DevOps:Doc/FlexForm | |||
|Subject version=2.5 | |||
|Doc parent=DevOps:Doc/FlexForm/1.1/API | |||
|Doc sort order=10 | |||
|Doc target group=Developer | |||
|Doc synopsis=Trigger a FlexForm open action | |||
}} | |||
Latest revision as of 15:37, 23 February 2026
Name
API
Type
FlexFormOpen (Available since 2.7.1)
Synopsis
Open FlexForm API endpoint for lightweight validation actions.
Description
The FlexFormOpen API provides limited, publicly accessible FlexForm functionality intended for frontend validation use cases. It does not require readapi-rights.
Currently, the available actions are:
- canUserBeCreated – Checks whether a username can be created.
This API is especially useful when implementing CreateUser forms.
When paired with JavaScript, it allows real-time username validation (e.g., checking whether a username already exists or is invalid) before form submission.
For security reasons, this API is disabled by default.
To enable it, set the following configuration option:
$wgFlexFormConfig['allowFlexFormOpenAPI'] = true;
Parameters
ffAction – The FlexFormOpen action to execute.
- canUserBeCreated (required)
additionalData – Additional data required for the action.
- For canUserBeCreated, this must contain the username to validate. (required)
Action: canUserBeCreated
Checks whether a username:
- Does not already exist
- Meets MediaWiki username validation requirements
- Can safely be created
This action does not create the user. It only performs validation.
Example (JavaScript)
Example using MediaWiki's mw.Api():
var api = new mw.Api();
api.get({
action: "FlexFormOpen",
ffAction: "canUserBeCreated",
additionalData: correctedUsername,
formatversion: 2
}).done(function (data) {
if (data.canUser === true) {
console.log("Username can be created.");
} else {
console.log("Username cannot be created.");
}
});
If the API is disabled via configuration (or default):
{
"error": {
"message": "FlexFormOpen API is disabled."
}
}
Security Considerations
Because this API does not require authentication, it is disabled by default.
It is strongly recommended to:
- Only enable it when necessary
- Implement frontend throttling or rate limiting if heavy usage is expected
- Avoid exposing sensitive validation logic
Future Improvements
In future versions, an optional attribute may be introduced on FlexForm input fields that automatically performs username validation without requiring custom JavaScript.
