RefreshCsrfToken_8php_source.html

 <?php

 namespace Elgg\Controllers;

 use Symfony\Component\HttpFoundation\Response;

 class RefreshCsrfToken {

     public function __invoke(\Elgg\Http\Request $request) {
         _elgg_services()->session->boot();

         // the page's session_token might have expired (not matching __elgg_session in the session), but
         // we still allow it to be given to validate the tokens in the page.
         $session_token = get_input('session_token', null, false);
         $pairs = (array) get_input('pairs', [], false);
         $valid_tokens = (object) [];

         foreach ($pairs as $pair) {
             list($ts, $token) = explode(',', $pair, 2);
             if (_elgg_services()->csrf->validateTokenOwnership($token, (int) $ts, $session_token)) {
                 $valid_tokens->{$token} = true;
             }
         }

         $ts = _elgg_services()->csrf->getCurrentTime()->getTimestamp();
         $token = _elgg_services()->csrf->generateActionToken($ts);

         $data = [
             'token' => [
                 '__elgg_ts' => $ts,
                 '__elgg_token' => $token,
                 'logged_in' => _elgg_services()->session_manager->isLoggedIn(),
             ],
             'valid_tokens' => $valid_tokens,
             'session_token' => _elgg_services()->session->get('__elgg_session'),
             'user_guid' => _elgg_services()->session_manager->getLoggedInUserGuid(),
         ];

         $response = new Response();
         $response->headers->set('Content-Type', 'application/json;charset=utf-8', true);
         $response->headers->set('X-Content-Type-Options', 'nosniff', true);

         return $response->setContent(json_encode($data));
     }
 }
$response
$response
Definition: content.php:10

$request
$request
Definition: livesearch.php:12

Response

get_input
get_input(string $variable, $default=null, bool $filter_result=true)
Parameter input functions.
Definition: input.php:20

$data
if(!$entity instanceof\ElggUser) $data
Definition: attributes.php:13

Elgg
Definition: ActionsService.php:3

Elgg\Controllers
Definition: CommentEntityRedirector.php:3

$token
$token
Definition: securitytoken.php:9

Elgg\Controllers\RefreshCsrfToken
Handles requests to /refresh_token.
Definition: RefreshCsrfToken.php:12

$ts
$ts
CSRF security token view for use with secure forms.
Definition: securitytoken.php:8

Elgg\Request
Request container.
Definition: Request.php:12

_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353

Elgg\Controllers\RefreshCsrfToken\__invoke
__invoke(\Elgg\Http\Request $request)
Send an updated CSRF token, provided the page&#39;s current tokens were not fake.
Definition: RefreshCsrfToken.php:21