Elgg  Version 3.0
security.js
Go to the documentation of this file.
1 
4 elgg.provide('elgg.security.token');
5 
6 elgg.security.tokenRefreshTimer = null;
7 
18 elgg.security.setToken = function (token_object, valid_tokens) {
19  // update the convenience object
20  elgg.security.token = token_object;
21 
22  // also update all forms
23  $('[name=__elgg_ts]').val(token_object.__elgg_ts);
24  $('[name=__elgg_token]').each(function () {
25  if (valid_tokens[$(this).val()]) {
26  $(this).val(token_object.__elgg_token);
27  }
28  });
29 
30  // also update all links that contain tokens and time stamps
31  $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function () {
32  var token = this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];
33  if (valid_tokens[token]) {
34  this.href = this.href
35  .replace(/__elgg_ts=\d+/i, '__elgg_ts=' + token_object.__elgg_ts)
36  .replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token=' + token_object.__elgg_token);
37  }
38  });
39 };
40 
49 elgg.security.refreshToken = function () {
50  // round up token pairs present
51  var pairs = {};
52 
53  pairs[elgg.security.token.__elgg_ts + ',' + elgg.security.token.__elgg_token] = 1;
54 
55  $('form').each(function () {
56  // we need consider only the last ts/token inputs, as those will be submitted
57  var ts = $('[name=__elgg_ts]:last', this).val();
58  var token = $('[name=__elgg_token]:last', this).val();
59  // some forms won't have tokens
60  if (token) {
61  pairs[ts + ',' + token] = 1;
62  }
63  });
64 
65  $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function () {
66  var ts = this.href.match(/__elgg_ts=(\d+)/i)[1];
67  var token = this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];
68  pairs[ts + ',' + token] = 1;
69  });
70 
71  pairs = $.map(pairs, function (val, key) {
72  return key;
73  });
74 
75  elgg.ajax('refresh_token', {
76  data: {
77  pairs: pairs,
78  session_token: elgg.session.token
79  },
80  dataType: 'json',
81  method: 'POST',
82  success: function (data) {
83  if (data) {
84  elgg.session.token = data.session_token;
85  elgg.security.setToken(data.token, data.valid_tokens);
86 
87  if (elgg.get_logged_in_user_guid() != data.user_guid) {
88  elgg.session.user = null;
89  if (data.user_guid) {
90  elgg.register_error(elgg.echo('session_changed_user'));
91  } else {
92  elgg.register_error(elgg.echo('session_expired'));
93  }
94  }
95  }
96  },
97  error: function () {
98  }
99  });
100 };
101 
109 elgg.security.addToken = function (data) {
110 
111  // 'http://example.com?data=sofar'
112  if (elgg.isString(data)) {
113  // is this a full URL, relative URL, or just the query string?
114  var parts = elgg.parse_url(data),
115  args = {},
116  base = '';
117 
118  if (parts['host'] === undefined) {
119  if (data.indexOf('?') === 0) {
120  // query string
121  base = '?';
122  args = elgg.parse_str(parts['query']);
123  }
124  } else {
125  // full or relative URL
126 
127  if (parts['query'] !== undefined) {
128  // with query string
129  args = elgg.parse_str(parts['query']);
130  }
131  var split = data.split('?');
132  base = split[0] + '?';
133  }
134  args["__elgg_ts"] = elgg.security.token.__elgg_ts;
135  args["__elgg_token"] = elgg.security.token.__elgg_token;
136 
137  return base + jQuery.param(args);
138  }
139 
140  // no input! acts like a getter
141  if (elgg.isUndefined(data)) {
142  return elgg.security.token;
143  }
144 
145  // {...}
146  if (elgg.isPlainObject(data)) {
147  return elgg.extend(data, elgg.security.token);
148  }
149 
150  if (data instanceof FormData) {
151  data.set('__elgg_ts', elgg.security.token.__elgg_ts);
152  data.set('__elgg_token', elgg.security.token.__elgg_token);
153  return data;
154  }
155 
156  // oops, don't recognize that!
157  throw new TypeError("elgg.security.addToken not implemented for " + (typeof data) + "s");
158 };
159 
163 elgg.security.init = function () {
164  // elgg.security.interval is set in the `elgg.js` view.
165  elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval);
166 };
167 
168 elgg.register_hook_handler('boot', 'system', elgg.security.init);
$result error
$result ts
var elgg
Definition: elgglib.js:4