security.js 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. /**
  2. * Hold security-related data here
  3. */
  4. elgg.provide('elgg.security.token');
  5. elgg.security.tokenRefreshFailed = false;
  6. elgg.security.tokenRefreshTimer = null;
  7. /**
  8. * Sets the currently active security token and updates all forms and links on the current page.
  9. *
  10. * @param {Object} json The json representation of a token containing __elgg_ts and __elgg_token
  11. * @return {Void}
  12. */
  13. elgg.security.setToken = function(json) {
  14. //update the convenience object
  15. elgg.security.token = json;
  16. //also update all forms
  17. $('[name=__elgg_ts]').val(json.__elgg_ts);
  18. $('[name=__elgg_token]').val(json.__elgg_token);
  19. // also update all links that contain tokens and time stamps
  20. $('[href*="__elgg_ts"][href*="__elgg_token"]').each(function() {
  21. this.href = this.href
  22. .replace(/__elgg_ts=\d*/, '__elgg_ts=' + json.__elgg_ts)
  23. .replace(/__elgg_token=[0-9a-f]*/, '__elgg_token=' + json.__elgg_token);
  24. });
  25. };
  26. /**
  27. * Security tokens time out so we refresh those every so often.
  28. *
  29. * @private
  30. */
  31. elgg.security.refreshToken = function() {
  32. elgg.getJSON('refresh_token', function(data) {
  33. if (data && data.__elgg_ts && data.__elgg_token) {
  34. elgg.security.setToken(data);
  35. if (elgg.is_logged_in() && data.logged_in === false) {
  36. elgg.session.user = null;
  37. elgg.register_error(elgg.echo('session_expired'));
  38. }
  39. }
  40. });
  41. };
  42. /**
  43. * Add elgg action tokens to an object, URL, or query string (with a ?).
  44. *
  45. * @param {Object|string} data
  46. * @return {Object} The new data object including action tokens
  47. * @private
  48. */
  49. elgg.security.addToken = function(data) {
  50. // 'http://example.com?data=sofar'
  51. if (elgg.isString(data)) {
  52. // is this a full URL, relative URL, or just the query string?
  53. var parts = elgg.parse_url(data),
  54. args = {},
  55. base = '';
  56. if (parts['host'] === undefined) {
  57. if (data.indexOf('?') === 0) {
  58. // query string
  59. base = '?';
  60. args = elgg.parse_str(parts['query']);
  61. }
  62. } else {
  63. // full or relative URL
  64. if (parts['query'] !== undefined) {
  65. // with query string
  66. args = elgg.parse_str(parts['query']);
  67. }
  68. var split = data.split('?');
  69. base = split[0] + '?';
  70. }
  71. args["__elgg_ts"] = elgg.security.token.__elgg_ts;
  72. args["__elgg_token"] = elgg.security.token.__elgg_token;
  73. return base + jQuery.param(args);
  74. }
  75. // no input! acts like a getter
  76. if (elgg.isUndefined(data)) {
  77. return elgg.security.token;
  78. }
  79. // {...}
  80. if (elgg.isPlainObject(data)) {
  81. return elgg.extend(data, elgg.security.token);
  82. }
  83. // oops, don't recognize that!
  84. throw new TypeError("elgg.security.addToken not implemented for " + (typeof data) + "s");
  85. };
  86. elgg.security.init = function() {
  87. // elgg.security.interval is set in the js/elgg PHP view.
  88. elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval);
  89. };
  90. elgg.register_hook_handler('boot', 'system', elgg.security.init);