Elgg  Version 4.3
Functions
security.js File Reference

Go to the source code of this file.

Functions

 define (['jquery', 'elgg'], function($, elgg){var tokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[$(this).val()]){$(this).val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=\d+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(\d+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};})
 

Function Documentation

define ( function($, elgg){var tokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[$(this).val()]){$(this).val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=\d+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(\d+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};}  )
Parameters
function($,elgg){vartokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[.val()]){.val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};} Updates in-page CSRF tokens that were validated on the server. Only validated __elgg_token values are replaced.
{Object}token_object Value to replace elgg.security.token
{Object}valid_tokens Map of valid tokens (as keys) in the current page
Returns
{void}

Security tokens time out so we refresh those every so often.

We don't want to update invalid tokens, so we collect all tokens in the page and send them to the server to be validated. Those that were valid are replaced in setToken().

Add elgg action tokens to an object, URL, or query string (with a ?).

Parameters
{FormData|Object|string}data
Returns
{FormData|Object|string} The new data object including action tokens
Generated on Tue May 30 2023 00:00:28 for Elgg by   doxygen 1.8.11