diff options
Diffstat (limited to 'js/lib/security.js')
| -rw-r--r-- | js/lib/security.js | 62 |
1 files changed, 29 insertions, 33 deletions
diff --git a/js/lib/security.js b/js/lib/security.js index d14ddff95..9c12f8586 100644 --- a/js/lib/security.js +++ b/js/lib/security.js @@ -7,6 +7,8 @@ elgg.security.token = {}; elgg.security.tokenRefreshFailed = false; +elgg.security.tokenRefreshTimer = null; + /** * Sets the currently active security token and updates all forms and links on the current page. * @@ -30,37 +32,23 @@ elgg.security.setToken = function(json) { }; /** - * Security tokens time out, so lets refresh those every so often. + * Security tokens time out so we refresh those every so often. * - * @todo handle error and bad return data + * @private */ elgg.security.refreshToken = function() { elgg.action('security/refreshtoken', function(data) { - - // @todo might want to move this to setToken() once http://trac.elgg.org/ticket/3127 - // is implemented. It's here right now to avoid soggy code. - if (!data || !(data.output.__elgg_ts && data.output.__elgg_token)) { - elgg.register_error(elgg.echo('js:security:token_refresh_failed', [elgg.get_site_url()])); - elgg.security.tokenRefreshFailed = true; - - // don't setToken because we refresh every 5 minutes and tokens are good for 1 - // hour by default - return; - } - - // if had problems last time, let them know it's working now - if (elgg.security.tokenRefreshFailed) { - elgg.system_message(elgg.echo('js:security:token_refreshed', [elgg.get_site_url()])); - elgg.security.tokenRefreshFailed = false; + if (data && data.output.__elgg_ts && data.output.__elgg_token) { + elgg.security.setToken(data.output); + } else { + clearInterval(elgg.security.tokenRefreshTimer); } - - elgg.security.setToken(data.output); }); }; /** - * Add elgg action tokens to an object or string (assumed to be url data) + * Add elgg action tokens to an object, URL, or query string (with a ?). * * @param {Object|string} data * @return {Object} The new data object including action tokens @@ -70,22 +58,31 @@ elgg.security.addToken = function(data) { // 'http://example.com?data=sofar' if (elgg.isString(data)) { - var args = {}, + // is this a full URL, relative URL, or just the query string? + var parts = elgg.parse_url(data), + args = {}, base = ''; + + if (parts['host'] == undefined) { + if (data.indexOf('?') === 0) { + // query string + base = '?'; + args = elgg.parse_str(parts['query']); + } + } else { + // full or relative URL - // check for query strings - if (data.indexOf('?') != -1) { + if (parts['query'] != undefined) { + // with query string + args = elgg.parse_str(parts['query']); + } var split = data.split('?'); - base = split[0]; - args = elgg.parse_str(split[1]); - } else { - base = data; + base = split[0] + '?'; } - args["__elgg_ts"] = elgg.security.token.__elgg_ts; args["__elgg_token"] = elgg.security.token.__elgg_token; - return base + '?' + jQuery.param(args); + return base + jQuery.param(args); } // no input! acts like a getter @@ -103,9 +100,8 @@ elgg.security.addToken = function(data) { }; elgg.security.init = function() { - //refresh security token every 5 minutes - //this is set in the js/elgg PHP view. - setInterval(elgg.security.refreshToken, elgg.security.interval); + // elgg.security.interval is set in the js/elgg PHP view. + elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval); }; elgg.register_hook_handler('boot', 'system', elgg.security.init);
\ No newline at end of file |