Elgg
Version 4.3
|
Go to the source code of this file.
Functions | |
define (['jquery', 'elgg'], function($, elgg){var tokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[$(this).val()]){$(this).val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=\d+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(\d+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};}) | |
define | ( | function($, elgg){var tokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[$(this).val()]){$(this).val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=\d+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(\d+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};} | ) |
function($,elgg){var | tokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[.val()]){.val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};} Updates in-page CSRF tokens that were validated on the server. Only validated __elgg_token values are replaced. |
{Object} | token_object Value to replace elgg.security.token |
{Object} | valid_tokens Map of valid tokens (as keys) in the current page |
Security tokens time out so we refresh those every so often.
We don't want to update invalid tokens, so we collect all tokens in the page and send them to the server to be validated. Those that were valid are replaced in setToken().
Add elgg action tokens to an object, URL, or query string (with a ?).
{FormData|Object|string} | data |