framework/js/lib/Session.js

/**
 * The `Session` class defines the current user session. It stores a reference
 * to the current authenticated user, and provides methods to log in/out.
 */
export default class Session {
  constructor(user, csrfToken) {
    /**
     * The current authenticated user.
     *
     * @type {User|null}
     * @public
     */
    this.user = user;

    /**
     * The CSRF token.
     *
     * @type {String|null}
     * @public
     */
    this.csrfToken = csrfToken;
  }

  /**
   * Attempt to log in a user.
   *
   * @param {String} identification The username/email.
   * @param {String} password
   * @param {Object} [options]
   * @return {Promise}
   * @public
   */
  login(data, options = {}) {
    return app.request(Object.assign({
      method: 'POST',
      url: app.forum.attribute('baseUrl') + '/login',
      data
    }, options));
  }

  /**
   * Log the user out.
   *
   * @public
   */
  logout() {
    window.location = app.forum.attribute('baseUrl') + '/logout?token=' + this.csrfToken;
  }
}
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`/**`
			* The `Session` class defines the current user session. It stores a reference
			`* to the current authenticated user, and provides methods to log in/out.`
			`*/`
Reload page on login closes flarum/core#145 2015-08-06 13:34:20 +08:00			`export default class Session {`
Overhaul sessions, tokens, and authentication - Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit) 2015-11-05 13:47:00 +08:00			`constructor(user, csrfToken) {`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`/**`
			`* The current authenticated user.`
			`*`
			`* @type {User\|null}`
			`* @public`
			`*/`
			`this.user = user;`

			`/**`
Overhaul sessions, tokens, and authentication - Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit) 2015-11-05 13:47:00 +08:00			`* The CSRF token.`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`*`
			`* @type {String\|null}`
Only set XHR authorization header if token isn't empty 2015-09-14 13:19:11 +08:00			`* @public`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`*/`
Overhaul sessions, tokens, and authentication - Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit) 2015-11-05 13:47:00 +08:00			`this.csrfToken = csrfToken;`
Replace Ember app with Mithril app 2015-04-25 20:58:39 +08:00			`}`

Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`/**`
			`* Attempt to log in a user.`
			`*`
			`* @param {String} identification The username/email.`
			`* @param {String} password`
Improve client XHR error handling The default XHR error handler produce an alert which is appropriate to the response status code. It can be overridden per-request (by specifying the `errorHandler` option) so that the alert can be suppressed or displayed in a different position (e.g. inside a modal). ref #118 2015-10-20 10:18:26 +08:00			`* @param {Object} [options]`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`* @return {Promise}`
Only set XHR authorization header if token isn't empty 2015-09-14 13:19:11 +08:00			`* @public`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`*/`
Remember checkbox (#1075) * Add session option to Rememberer class * Update session login function to allow send additional data * Add Remember me checkbox * Cleanup login modal 2016-11-29 15:32:12 +08:00			`login(data, options = {}) {`
Improve client XHR error handling The default XHR error handler produce an alert which is appropriate to the response status code. It can be overridden per-request (by specifying the `errorHandler` option) so that the alert can be suppressed or displayed in a different position (e.g. inside a modal). ref #118 2015-10-20 10:18:26 +08:00			`return app.request(Object.assign({`
Replace Ember app with Mithril app 2015-04-25 20:58:39 +08:00			`method: 'POST',`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`url: app.forum.attribute('baseUrl') + '/login',`
Remember checkbox (#1075) * Add session option to Rememberer class * Update session login function to allow send additional data * Add Remember me checkbox * Cleanup login modal 2016-11-29 15:32:12 +08:00			`data`
Overhaul sessions, tokens, and authentication - Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit) 2015-11-05 13:47:00 +08:00			`}, options));`
Replace Ember app with Mithril app 2015-04-25 20:58:39 +08:00			`}`

Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`/**`
			`* Log the user out.`
Only set XHR authorization header if token isn't empty 2015-09-14 13:19:11 +08:00			`*`
			`* @public`
Massive JavaScript cleanup - Use JSX for templates - Docblock/comment everything - Mostly passes ESLint (still some work to do) - Lots of renaming, refactoring, etc. CSS hasn't been updated yet. 2015-07-15 12:30:11 +08:00			`*/`
Replace Ember app with Mithril app 2015-04-25 20:58:39 +08:00			`logout() {`
Overhaul sessions, tokens, and authentication - Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit) 2015-11-05 13:47:00 +08:00			`window.location = app.forum.attribute('baseUrl') + '/logout?token=' + this.csrfToken;`
Replace Ember app with Mithril app 2015-04-25 20:58:39 +08:00			`}`
			`}`