Elgg  Version 3.0
RefreshCsrfToken.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg\Controllers;
4 
7 
14 
15  use TimeUsing;
16 
23  public function __invoke(\Elgg\Request $request) {
24 
25  // the page's session_token might have expired (not matching __elgg_session in the session), but
26  // we still allow it to be given to validate the tokens in the page.
27  $session_token = get_input('session_token', null, false);
28  $pairs = (array) get_input('pairs', [], false);
29  $valid_tokens = (object) [];
30  foreach ($pairs as $pair) {
31  list($ts, $token) = explode(',', $pair, 2);
32  if ($request->elgg()->csrf->validateTokenOwnership($token, (int) $ts, $session_token)) {
33  $valid_tokens->{$token} = true;
34  }
35  }
36 
37  $ts = $this->getCurrentTime()->getTimestamp();
38  $token = $request->elgg()->csrf->generateActionToken($ts);
39  $data = [
40  'token' => [
41  '__elgg_ts' => $ts,
42  '__elgg_token' => $token,
43  'logged_in' => $request->elgg()->session->isLoggedIn(),
44  ],
45  'valid_tokens' => $valid_tokens,
46  'session_token' => $request->elgg()->session->get('__elgg_session'),
47  'user_guid' => $request->elgg()->session->getLoggedInUserGuid(),
48  ];
49 
50  elgg_set_http_header("Content-Type: application/json;charset=utf-8");
51 
52  return elgg_ok_response($data);
53  }
54 
55 }
elgg_set_http_header($header, $replace=true)
Set a response HTTP header.
Definition: elgglib.php:57
$request
Page handler for autocomplete endpoint.
Definition: livesearch.php:9
if(elgg_trigger_plugin_hook('usersettings:save', 'user', $hooks_params, true)) foreach($request->validation() ->all() as $item) $data
Definition: save.php:57
getCurrentTime($modifier= '')
Get the (cloned) time.
Definition: TimeUsing.php:27
Configuration exception.
get_input($variable, $default=null, $filter_result=true)
Get some input from variables passed submitted through GET or POST.
Definition: input.php:27
__invoke(\Elgg\Request $request)
Send an updated CSRF token, provided the page&#39;s current tokens were not fake.
$token
elgg_ok_response($content= '', $message= '', $forward_url=null, $status_code=ELGG_HTTP_OK)
Prepares a successful response to be returned by a page or an action handler.
Handles requests to /refresh_token.
Request container.
Definition: Request.php:13
trait TimeUsing
Adds methods for setting the current time (for testing)
Definition: TimeUsing.php:12