From 06c3b6e3c41c629e510c55199bd19914273b0e64 Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 23 Feb 2013 14:16:29 -0500
Subject: Fixes #4997 stop requesting a token after a failed request

---
 engine/lib/actions.php | 14 ++++++++++++--
 js/lib/security.js     | 33 ++++++++++-----------------------
 languages/en.php       |  4 ++--
 3 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 53b185dea..ac6325813 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -252,10 +252,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
 					register_error(elgg_echo('actiongatekeeper:pluginprevents'));
 				}
 			} else if ($visibleerrors) {
-				register_error(elgg_echo('actiongatekeeper:timeerror'));
+				// this is necessary because of #5133
+				if (elgg_is_xhr()) {
+					register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
+				} else {
+					register_error(elgg_echo('actiongatekeeper:timeerror'));
+				}
 			}
 		} else if ($visibleerrors) {
-			register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
+			// this is necessary because of #5133
+			if (elgg_is_xhr()) {
+				register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
+			} else {
+				register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
+			}
 		}
 	} else {
 		if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) {
diff --git a/js/lib/security.js b/js/lib/security.js
index 61aa1cfcd..af02824a6 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -7,6 +7,8 @@ elgg.security.token = {};
 
 elgg.security.tokenRefreshFailed = false;
 
+elgg.security.tokenRefreshTimer = null;
+
 /**
  * Sets the currently active security token and updates all forms and links on the current page.
  *
@@ -30,31 +32,17 @@ elgg.security.setToken = function(json) {
 };
 
 /**
- * Security tokens time out, so lets refresh those every so often.
+ * Security tokens time out so we refresh those every so often.
  * 
- * @todo handle error and bad return data
+ * @private
  */
 elgg.security.refreshToken = function() {
 	elgg.action('security/refreshtoken', function(data) {
-
-		// @todo might want to move this to setToken() once http://trac.elgg.org/ticket/3127
-		// is implemented. It's here right now to avoid soggy code.
-		if (!data || !(data.output.__elgg_ts && data.output.__elgg_token)) {
-			elgg.register_error(elgg.echo('js:security:token_refresh_failed', [elgg.get_site_url()]));
-			elgg.security.tokenRefreshFailed = true;
-
-			// don't setToken because we refresh every 5 minutes and tokens are good for 1
-			// hour by default
-			return;
-		}
-
-		// if had problems last time, let them know it's working now
-		if (elgg.security.tokenRefreshFailed) {
-			elgg.system_message(elgg.echo('js:security:token_refreshed', [elgg.get_site_url()]));
-			elgg.security.tokenRefreshFailed = false;
+		if (data && data.output.__elgg_ts && data.output.__elgg_token) {
+			elgg.security.setToken(data.output);
+		} else {
+			clearInterval(elgg.security.tokenRefreshTimer);
 		}
-		
-		elgg.security.setToken(data.output);
 	});
 };
 
@@ -112,9 +100,8 @@ elgg.security.addToken = function(data) {
 };
 
 elgg.security.init = function() {
-	//refresh security token every 5 minutes
-	//this is set in the js/elgg PHP view.
-	setInterval(elgg.security.refreshToken, elgg.security.interval);
+	// elgg.security.interval is set in the js/elgg PHP view.
+	elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, 60 * 1000);
 };
 
 elgg.register_hook_handler('boot', 'system', elgg.security.init);
\ No newline at end of file
diff --git a/languages/en.php b/languages/en.php
index 353896047..fe450b8a2 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -1189,7 +1189,7 @@ You cannot reply to this email.",
  * Action gatekeeper
  */
 	'actiongatekeeper:missingfields' => 'Form is missing __token or __ts fields',
-	'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.",
+	'actiongatekeeper:tokeninvalid' => "The page you were using had expired. Please try again.",
 	'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.',
 	'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.',
 	'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator',
@@ -1211,7 +1211,7 @@ You cannot reply to this email.",
  * Javascript
  */
 
-	'js:security:token_refresh_failed' => 'Cannot contact %s. You may experience problems saving content.',
+	'js:security:token_refresh_failed' => 'Failed to contact %s. You may experience problems saving content. Please refresh this page.',
 	'js:security:token_refreshed' => 'Connection to %s restored!',
 
 /**
-- 
cgit v1.2.3