Elgg  Version 1.11
security.js
Go to the documentation of this file.
1 
4 elgg.provide('elgg.security.token');
5 
6 elgg.security.tokenRefreshTimer = null;
7 
18 elgg.security.setToken = function(token_object, valid_tokens) {
19  // update the convenience object
20  elgg.security.token = token_object;
21 
22  // also update all forms
23  $('[name=__elgg_ts]').val(token_object.__elgg_ts);
24  $('[name=__elgg_token]').each(function () {
25  if (valid_tokens[$(this).val()]) {
26  $(this).val(token_object.__elgg_token);
27  }
28  });
29 
30  // also update all links that contain tokens and time stamps
31  $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function() {
32  var token = this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];
33  if (valid_tokens[token]) {
34  this.href = this.href
35  .replace(/__elgg_ts=\d+/i, '__elgg_ts=' + token_object.__elgg_ts)
36  .replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token=' + token_object.__elgg_token);
37  }
38  });
39 };
40 
49 elgg.security.refreshToken = function() {
50  // round up token pairs present
51  var pairs = {};
52 
53  pairs[elgg.security.token.__elgg_ts + ',' + elgg.security.token.__elgg_token] = 1;
54 
55  $('form').each(function () {
56  // we need consider only the last ts/token inputs, as those will be submitted
57  var ts = $('[name=__elgg_ts]:last', this).val();
58  var token = $('[name=__elgg_token]:last', this).val();
59  // some forms won't have tokens
60  if (token) {
61  pairs[ts + ',' + token] = 1;
62  }
63  });
64 
65  $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function() {
66  var ts = this.href.match(/__elgg_ts=(\d+)/i)[1];
67  var token = this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];
68  pairs[ts + ',' + token] = 1;
69  });
70 
71  pairs = $.map(pairs, function(val, key) {
72  return key;
73  });
74 
75  elgg.ajax('refresh_token', {
76  data: {
77  pairs: pairs,
78  session_token: elgg.session.token
79  },
80  dataType: 'json',
81  method: 'POST',
82  success: function(data) {
83  if (data) {
84  elgg.session.token = data.session_token;
85  elgg.security.setToken(data.token, data.valid_tokens);
86 
87  if (elgg.get_logged_in_user_guid() != data.user_guid) {
88  elgg.session.user = null;
89  if (data.user_guid) {
90  elgg.register_error(elgg.echo('session_changed_user'));
91  } else {
92  elgg.register_error(elgg.echo('session_expired'));
93  }
94  }
95  }
96  },
97  error: function() {}
98  });
99 };
100 
108 elgg.security.addToken = function(data) {
109 
110  // 'http://example.com?data=sofar'
111  if (elgg.isString(data)) {
112  // is this a full URL, relative URL, or just the query string?
113  var parts = elgg.parse_url(data),
114  args = {},
115  base = '';
116 
117  if (parts['host'] === undefined) {
118  if (data.indexOf('?') === 0) {
119  // query string
120  base = '?';
121  args = elgg.parse_str(parts['query']);
122  }
123  } else {
124  // full or relative URL
125 
126  if (parts['query'] !== undefined) {
127  // with query string
128  args = elgg.parse_str(parts['query']);
129  }
130  var split = data.split('?');
131  base = split[0] + '?';
132  }
133  args["__elgg_ts"] = elgg.security.token.__elgg_ts;
134  args["__elgg_token"] = elgg.security.token.__elgg_token;
135 
136  return base + jQuery.param(args);
137  }
138 
139  // no input! acts like a getter
140  if (elgg.isUndefined(data)) {
141  return elgg.security.token;
142  }
143 
144  // {...}
145  if (elgg.isPlainObject(data)) {
146  return elgg.extend(data, elgg.security.token);
147  }
148 
149  // oops, don't recognize that!
150  throw new TypeError("elgg.security.addToken not implemented for " + (typeof data) + "s");
151 };
152 
156 elgg.security.init = function() {
157  // elgg.security.interval is set in the js/elgg PHP view.
158  elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval);
159 };
160 
161 elgg.register_hook_handler('boot', 'system', elgg.security.init);
elgg message elgg state success
Definition: admin.php:252
elgg
Definition: install.js:23
i
Definition: admin.php:47
elgg message elgg state error
Definition: admin.php:247
a
Definition: admin.php:97