Name
global.PwdAjaxRequestProcessor
Description
Base Ajax request processor for Password Reset application.
Script
var PwdAjaxRequestProcessor = Class.create();
PwdAjaxRequestProcessor.prototype = Object.extendsObject(AbstractAjaxProcessor, {
/**
* Tests if the security is good enough.
*/
_validateSecurity: function() {
//check if there's any csrf violation or not.
//now, we have only csrf validation.
if (!this._validateCSRF())
return false;
// if csrf violation didn't get detected, then set response attributes and return.
var token = this.getParameter("sysparam_pwd_csrf_token");
this._setSecurityResponseMessage('ok','',token);
return true;
},
/**
* Validates CSRF violation.
*/
_validateCSRF: function() {
var csrf_token = this.getParameter("sysparam_pwd_csrf_token");
var securityMgr = new SNC.PwdSecurityManager();
var result = securityMgr.validateSecureToken(csrf_token);
// if the result turns out bad, set the response and return the result.
if (!result) {
//remove the stored security token.
securityMgr.removeSecurityToken();
var msg = gs.getMessage('Security violation');
this._setSecurityResponseMessage('error',msg,'');
}
return result;
},
/**
* Sets a security response and send it back.
*/
_setSecurityResponseMessage: function(status, msg, token) {
var response = this.newItem("security");
response.setAttribute("status", status);
response.setAttribute("message", msg);
response.setAttribute("pwd_csrf_token", token);
},
_setResponseMessage: function(status, msg, value) {
var response = this.newItem("response");
response.setAttribute("status", status);
response.setAttribute("message", msg);
response.setAttribute("value", value);
}
});
Sys ID
69f573039f10010054005f29468ba388