Commit 4051f7fb authored by Michael Tross's avatar Michael Tross

Merge branch '12056-changes' into 'master'

various cleanups and  changes

removed debug log
added csrf support

somewhat related to #12056 (needed a vdc to test with)

See merge request !5
parents 61e78f86 e923d270
......@@ -6,6 +6,7 @@
<link rel="stylesheet" href="netatmo-vdc.css">
<title>Configuration interface for Netatmo vDC</title>
<script src="js/jquery-1.11.3.min.js"></script>
<script src="js/jquery.cookie.js"></script>
<script src="js/netatmo-vdc.js"></script>
</head>
<body>
......
/*!
* jQuery Cookie Plugin v1.4.1
* https://github.com/carhartl/jquery-cookie
*
* Copyright 2013 Klaus Hartl
* Released under the MIT license
*/
(function (factory) {
if (typeof define === 'function' && define.amd) {
// AMD
define(['jquery'], factory);
} else if (typeof exports === 'object') {
// CommonJS
factory(require('jquery'));
} else {
// Browser globals
factory(jQuery);
}
}(function ($) {
var pluses = /\+/g;
function encode(s) {
return config.raw ? s : encodeURIComponent(s);
}
function decode(s) {
return config.raw ? s : decodeURIComponent(s);
}
function stringifyCookieValue(value) {
return encode(config.json ? JSON.stringify(value) : String(value));
}
function parseCookieValue(s) {
if (s.indexOf('"') === 0) {
// This is a quoted cookie as according to RFC2068, unescape...
s = s.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, '\\');
}
try {
// Replace server-side written pluses with spaces.
// If we can't decode the cookie, ignore it, it's unusable.
// If we can't parse the cookie, ignore it, it's unusable.
s = decodeURIComponent(s.replace(pluses, ' '));
return config.json ? JSON.parse(s) : s;
} catch(e) {}
}
function read(s, converter) {
var value = config.raw ? s : parseCookieValue(s);
return $.isFunction(converter) ? converter(value) : value;
}
var config = $.cookie = function (key, value, options) {
// Write
if (value !== undefined && !$.isFunction(value)) {
options = $.extend({}, config.defaults, options);
if (typeof options.expires === 'number') {
var days = options.expires, t = options.expires = new Date();
t.setTime(+t + days * 864e+5);
}
return (document.cookie = [
encode(key), '=', stringifyCookieValue(value),
options.expires ? '; expires=' + options.expires.toUTCString() : '', // use expires attribute, max-age is not supported by IE
options.path ? '; path=' + options.path : '',
options.domain ? '; domain=' + options.domain : '',
options.secure ? '; secure' : ''
].join(''));
}
// Read
var result = key ? undefined : {};
// To prevent the for loop in the first place assign an empty array
// in case there are no cookies at all. Also prevents odd result when
// calling $.cookie().
var cookies = document.cookie ? document.cookie.split('; ') : [];
for (var i = 0, l = cookies.length; i < l; i++) {
var parts = cookies[i].split('=');
var name = decode(parts.shift());
var cookie = parts.join('=');
if (key && key === name) {
// If second argument (value) is a function it's a converter...
result = read(cookie, value);
break;
}
// Prevent storing a cookie that we couldn't decode.
if (!key && (cookie = read(cookie)) !== undefined) {
result[name] = cookie;
}
}
return result;
};
config.defaults = {};
$.removeCookie = function (key, options) {
if ($.cookie(key) === undefined) {
return false;
}
// Must not alter options, thus extending a fresh object...
$.cookie(key, '', $.extend({}, options, { expires: -1 }));
return !$.cookie(key);
};
}));
......@@ -353,8 +353,6 @@ var vdc_search = function()
var vdc_check_auth = function(device)
{
console.log("check_auth: " + g_auth.code + "/" + g_auth.access_token);
if ((g_auth.dSUID !== undefined) && (g_auth.code !== undefined))
{
jQuery.each(g_vdcs, function(key, val)
......@@ -373,21 +371,11 @@ var vdc_check_auth = function(device)
};
var url = "https://api.netatmo.net/oauth2/token";
var jqxhr = $.post(url, query, function(data) {
console.log('Post response loaded: ', data, 'target: ', data.target);
g_auth.access_token = data.access_token;
g_auth.refresh_token = data.refresh_token;
g_auth.refresh_timeout = data.expires_in;
g_auth.code = undefined;
vdc_check_auth(device);
})
.done(function() {
console.log("post second success");
})
.fail(function(data) {
console.log("post errur: ", data);
})
.always(function() {
console.log("post finished");
});
return false;
......@@ -517,6 +505,20 @@ var vdc_search_callback = function(data)
$(document).ready(function()
{
$.ajaxPrefilter(function(options)
{
if (!options.beforeSend)
{
options.beforeSend = function(xhr)
{
var csrf = $.cookie("csrf-token");
if (csrf)
{
xhr.setRequestHeader('X-CSRF-Token', csrf);
}
}
}
});
vdc_setup();
vdc_search();
});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment