Elgg  Version 4.3
security.js
Go to the documentation of this file.
1 define(['jquery', 'elgg'], function ($, elgg) {
2  var tokenRefreshTimer = setInterval(refreshToken, elgg.security.interval);
3 
12  function setToken(token_object, valid_tokens) {
13  // update the convenience object
14  elgg.security.token = token_object;
15 
16  // also update all forms
17  $('[name=__elgg_ts]').val(token_object.__elgg_ts);
18  $('[name=__elgg_token]').each(function () {
19  if (valid_tokens[$(this).val()]) {
20  $(this).val(token_object.__elgg_token);
21  }
22  });
23 
24  // also update all links that contain tokens and time stamps
25  $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function () {
26  var token = this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];
27  if (valid_tokens[token]) {
28  this.href = this.href
29  .replace(/__elgg_ts=\d+/i, '__elgg_ts=' + token_object.__elgg_ts)
30  .replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token=' + token_object.__elgg_token);
31  }
32  });
33  };
34 
41  function refreshToken() {
42  // round up token pairs present
43  var pairs = {};
44 
45  pairs[elgg.security.token.__elgg_ts + ',' + elgg.security.token.__elgg_token] = 1;
46 
47  $('form').each(function () {
48  // we need consider only the last ts/token inputs, as those will be submitted
49  var ts = $('[name=__elgg_ts]:last', this).val();
50  var token = $('[name=__elgg_token]:last', this).val();
51  // some forms won't have tokens
52  if (token) {
53  pairs[ts + ',' + token] = 1;
54  }
55  });
56 
57  $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function () {
58  var ts = this.href.match(/__elgg_ts=(\d+)/i)[1];
59  var token = this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];
60  pairs[ts + ',' + token] = 1;
61  });
62 
63  pairs = $.map(pairs, function (val, key) {
64  return key;
65  });
66 
67  require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n) {
68  var ajax = new Ajax(false);
69  ajax.path('refresh_token', {
70  data: {
71  pairs: pairs,
72  session_token: elgg.session.token
73  },
74  success: function (data) {
75  if (data) {
76  elgg.session.token = data.session_token;
77  setToken(data.token, data.valid_tokens);
78 
79  if (elgg.get_logged_in_user_guid() != data.user_guid) {
80  elgg.session.user = null;
81  elgg.user = null;
82  clearInterval(tokenRefreshTimer);
83  if (data.user_guid) {
84  system_messages.error(i18n.echo('session_changed_user'));
85  } else {
86  system_messages.error(i18n.echo('session_expired'));
87  }
88  }
89  }
90  },
91  error: function () {
92  }
93  });
94  });
95  };
96 
97  return {
104  addToken: function (data) {
105 
106  // 'http://example.com?data=sofar'
107  if (typeof data === 'string') {
108  // is this a full URL, relative URL, or just the query string?
109  var parts = elgg.parse_url(data),
110  args = {},
111  base = '';
112 
113  if (parts['host'] === undefined) {
114  if (data.indexOf('?') === 0) {
115  // query string
116  base = '?';
117  args = elgg.parse_str(parts['query']);
118  }
119  } else {
120  // full or relative URL
121 
122  if (parts['query'] !== undefined) {
123  // with query string
124  args = elgg.parse_str(parts['query']);
125  }
126  var split = data.split('?');
127  base = split[0] + '?';
128  }
129  args["__elgg_ts"] = elgg.security.token.__elgg_ts;
130  args["__elgg_token"] = elgg.security.token.__elgg_token;
131 
132  return base + jQuery.param(args);
133  }
134 
135  // no input! acts like a getter
136  if (data === undefined) {
137  return elgg.security.token;
138  }
139 
140  // {...}
141  if ($.isPlainObject(data)) {
142  return $.extend(data, elgg.security.token);
143  }
144 
145  if (data instanceof FormData) {
146  data.set('__elgg_ts', elgg.security.token.__elgg_ts);
147  data.set('__elgg_token', elgg.security.token.__elgg_token);
148  return data;
149  }
150 
151  // oops, don't recognize that!
152  throw new TypeError("addToken not implemented for " + (typeof data) + "s");
153  }
154  };
155 });
addToken
elgg security addToken
Add elgg action tokens to an object, URL, or query string (with a ?).
Definition: deprecated.js:389
define
define(['jquery', 'elgg'], function($, elgg){var tokenRefreshTimer=setInterval(refreshToken, elgg.security.interval);function setToken(token_object, valid_tokens){elgg.security.token=token_object;$('[name=__elgg_ts]').val(token_object.__elgg_ts);$('[name=__elgg_token]').each(function(){if(valid_tokens[$(this).val()]){$(this).val(token_object.__elgg_token);}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];if(valid_tokens[token]){this.href=this.href.replace(/__elgg_ts=\d+/i, '__elgg_ts='+token_object.__elgg_ts).replace(/__elgg_token=[0-9a-z_-]+/i, '__elgg_token='+token_object.__elgg_token);}});};function refreshToken(){var pairs={};pairs[elgg.security.token.__elgg_ts+ ','+elgg.security.token.__elgg_token]=1;$('form').each(function(){var ts=$('[name=__elgg_ts]:last', this).val();var token=$('[name=__elgg_token]:last', this).val();if(token){pairs[ts+ ','+token]=1;}});$('[href *="__elgg_ts"][href *="__elgg_token"]').each(function(){var ts=this.href.match(/__elgg_ts=(\d+)/i)[1];var token=this.href.match(/__elgg_token=([0-9a-z_-]+)/i)[1];pairs[ts+ ','+token]=1;});pairs=$.map(pairs, function(val, key){return key;});require(['elgg/Ajax', 'elgg/system_messages', 'elgg/i18n'], function(Ajax, system_messages, i18n){var ajax=new Ajax(false);ajax.path('refresh_token',{data:{pairs:pairs, session_token:elgg.session.token}, success:function(data){if(data){elgg.session.token=data.session_token;setToken(data.token, data.valid_tokens);if(elgg.get_logged_in_user_guid()!=data.user_guid){elgg.session.user=null;elgg.user=null;clearInterval(tokenRefreshTimer);if(data.user_guid){system_messages.error(i18n.echo('session_changed_user'));}else{system_messages.error(i18n.echo('session_expired'));}}}}, error:function(){}});});};return{addToken:function(data){if(typeof data=== 'string'){var parts=elgg.parse_url(data), args={}, base= '';if(parts['host']===undefined){if(data.indexOf('?')===0){base= '?';args=elgg.parse_str(parts['query']);}}else{if(parts['query']!==undefined){args=elgg.parse_str(parts['query']);}var split=data.split('?');base=split[0]+ '?';}args["__elgg_ts"]=elgg.security.token.__elgg_ts;args["__elgg_token"]=elgg.security.token.__elgg_token;return base+jQuery.param(args);}if(data===undefined){return elgg.security.token;}if($.isPlainObject(data)){return $.extend(data, elgg.security.token);}if(data instanceof FormData){data.set('__elgg_ts', elgg.security.token.__elgg_ts);data.set('__elgg_token', elgg.security.token.__elgg_token);return data;}throw new TypeError("addToken not implemented for "+(typeof data)+"s");}};})
error
$result error
Definition: admin_exception.php:17
isPlainObject
elgg isPlainObject
Check if the value is a "plain" object (i.e., created by {} or new Object())
Definition: deprecated.js:86
require
elgg require
Throw an error if the required package isn't present.
Definition: deprecated.js:176
ts
$result ts
Definition: admin_exception.php:18
elgg
var elgg
Definition: elgglib.js:4
Generated on Tue May 30 2023 00:00:27 for Elgg by   doxygen 1.8.11