1 | <?php |
||
2 | |||
3 | namespace Elgg\Controllers; |
||
4 | |||
5 | use Elgg\Http\ResponseBuilder; |
||
6 | use Elgg\TimeUsing; |
||
7 | |||
8 | /** |
||
9 | * Handles requests to /refresh_token |
||
10 | * |
||
11 | * @access private |
||
12 | * @internal |
||
13 | */ |
||
14 | class RefreshCsrfToken { |
||
15 | |||
16 | use TimeUsing; |
||
17 | |||
18 | /** |
||
19 | * Send an updated CSRF token, provided the page's current tokens were not fake. |
||
20 | * |
||
21 | * @param \Elgg\Request $request Request |
||
22 | * @return ResponseBuilder |
||
23 | */ |
||
24 | 1 | public function __invoke(\Elgg\Request $request) { |
|
25 | |||
26 | // the page's session_token might have expired (not matching __elgg_session in the session), but |
||
27 | // we still allow it to be given to validate the tokens in the page. |
||
28 | 1 | $session_token = get_input('session_token', null, false); |
|
29 | 1 | $pairs = (array) get_input('pairs', [], false); |
|
30 | 1 | $valid_tokens = (object) []; |
|
31 | 1 | foreach ($pairs as $pair) { |
|
32 | 1 | list($ts, $token) = explode(',', $pair, 2); |
|
33 | 1 | if ($request->elgg()->csrf->validateTokenOwnership($token, $ts, $session_token)) { |
|
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
34 | 1 | $valid_tokens->{$token} = true; |
|
35 | } |
||
36 | } |
||
37 | |||
38 | 1 | $ts = $this->getCurrentTime()->getTimestamp(); |
|
39 | 1 | $token = $request->elgg()->csrf->generateActionToken($ts); |
|
40 | $data = [ |
||
41 | 'token' => [ |
||
42 | 1 | '__elgg_ts' => $ts, |
|
43 | 1 | '__elgg_token' => $token, |
|
44 | 1 | 'logged_in' => $request->elgg()->session->isLoggedIn(), |
|
45 | ], |
||
46 | 1 | 'valid_tokens' => $valid_tokens, |
|
47 | 1 | 'session_token' => $request->elgg()->session->get('__elgg_session'), |
|
48 | 1 | 'user_guid' => $request->elgg()->session->getLoggedInUserGuid(), |
|
49 | ]; |
||
50 | |||
51 | 1 | elgg_set_http_header("Content-Type: application/json;charset=utf-8"); |
|
52 | |||
53 | 1 | return elgg_ok_response($data); |
|
54 | } |
||
55 | |||
56 | } |
||
57 |