From 7faddf9e505c359c10761ce118cf3ac4f422ad5b Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Sun, 18 Mar 2018 20:00:40 +0000 Subject: [PATCH] REST API JS Client: Extend custom nonce functionality to collections. This brings the improved nonce handling from [41553] to collections to remove the direct `wpApiSettings.nonce` dependency. Merge of [42851] to the 4.9 branch. Props adamsilverstein, ocean90, swissspidy. See #43265. Built from https://develop.svn.wordpress.org/branches/4.9@42853 git-svn-id: http://core.svn.wordpress.org/branches/4.9@42683 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/js/wp-api.js | 34 +++++++++++++++++++++++++++++----- wp-includes/js/wp-api.min.js | 2 +- wp-includes/version.php | 2 +- 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/wp-includes/js/wp-api.js b/wp-includes/js/wp-api.js index 0f5135f3c9..1fe980e987 100644 --- a/wp-includes/js/wp-api.js +++ b/wp-includes/js/wp-api.js @@ -990,18 +990,28 @@ var beforeSend, success, self = this; - options = options || {}; - beforeSend = options.beforeSend; + options = options || {}; - // If we have a localized nonce, pass that along with each sync. - if ( 'undefined' !== typeof wpApiSettings.nonce ) { + if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { + beforeSend = options.beforeSend; + + // Include the nonce with requests. options.beforeSend = function( xhr ) { - xhr.setRequestHeader( 'X-WP-Nonce', wpApiSettings.nonce ); + xhr.setRequestHeader( 'X-WP-Nonce', model.nonce() ); if ( beforeSend ) { return beforeSend.apply( self, arguments ); } }; + + // Update the nonce when a new nonce is returned with the response. + options.complete = function( xhr ) { + var returnedNonce = xhr.getResponseHeader( 'X-WP-Nonce' ); + + if ( returnedNonce && _.isFunction( model.nonce ) && model.nonce() !== returnedNonce ) { + model.endpointModel.set( 'nonce', returnedNonce ); + } + }; } // When reading, add pagination data. @@ -1405,6 +1415,13 @@ return new loadingObjects.models[ modelClassName ]( attrs, options ); }, + // Track nonces at the Endpoint level. + nonce: function() { + return routeModel.get( 'nonce' ); + }, + + endpointModel: routeModel, + // Include a reference to the original class name. name: collectionClassName, @@ -1432,6 +1449,13 @@ return new loadingObjects.models[ modelClassName ]( attrs, options ); }, + // Track nonces at the Endpoint level. + nonce: function() { + return routeModel.get( 'nonce' ); + }, + + endpointModel: routeModel, + // Include a reference to the original class name. name: collectionClassName, diff --git a/wp-includes/js/wp-api.min.js b/wp-includes/js/wp-api.min.js index caad2b1083..dee828a349 100644 --- a/wp-includes/js/wp-api.min.js +++ b/wp-includes/js/wp-api.min.js @@ -1 +1 @@ -!function(a,b){"use strict";function c(){this.models={},this.collections={},this.views={}}a.wp=a.wp||{},wp.api=wp.api||new c,wp.api.versionString=wp.api.versionString||"wp/v2/",!_.isFunction(_.includes)&&_.isFunction(_.contains)&&(_.includes=_.contains)}(window),function(a,b){"use strict";var c,d;a.wp=a.wp||{},wp.api=wp.api||{},wp.api.utils=wp.api.utils||{},wp.api.getModelByRoute=function(a){return _.find(wp.api.models,function(b){return b.prototype.route&&a===b.prototype.route.index})},wp.api.getCollectionByRoute=function(a){return _.find(wp.api.collections,function(b){return b.prototype.route&&a===b.prototype.route.index})},Date.prototype.toISOString||(c=function(a){return d=String(a),1===d.length&&(d="0"+d),d},Date.prototype.toISOString=function(){return this.getUTCFullYear()+"-"+c(this.getUTCMonth()+1)+"-"+c(this.getUTCDate())+"T"+c(this.getUTCHours())+":"+c(this.getUTCMinutes())+":"+c(this.getUTCSeconds())+"."+String((this.getUTCMilliseconds()/1e3).toFixed(3)).slice(2,5)+"Z"}),wp.api.utils.parseISO8601=function(a){var c,d,e,f,g=0,h=[1,4,5,6,7,10,11];if(d=/^(\d{4}|[+\-]\d{6})(?:-(\d{2})(?:-(\d{2}))?)?(?:T(\d{2}):(\d{2})(?::(\d{2})(?:\.(\d{3}))?)?(?:(Z)|([+\-])(\d{2})(?::(\d{2}))?)?)?$/.exec(a)){for(e=0;f=h[e];++e)d[f]=+d[f]||0;d[2]=(+d[2]||1)-1,d[3]=+d[3]||1,"Z"!==d[8]&&b!==d[9]&&(g=60*d[10]+d[11],"+"===d[9]&&(g=0-g)),c=Date.UTC(d[1],d[2],d[3],d[4],d[5]+g,d[6],d[7])}else c=Date.parse?Date.parse(a):NaN;return c},wp.api.utils.getRootUrl=function(){return a.location.origin?a.location.origin+"/":a.location.protocol+"/"+a.location.host+"/"},wp.api.utils.capitalize=function(a){return _.isUndefined(a)?a:a.charAt(0).toUpperCase()+a.slice(1)},wp.api.utils.capitalizeAndCamelCaseDashes=function(a){return _.isUndefined(a)?a:(a=wp.api.utils.capitalize(a),wp.api.utils.camelCaseDashes(a))},wp.api.utils.camelCaseDashes=function(a){return a.replace(/-([a-z])/g,function(a){return a[1].toUpperCase()})},wp.api.utils.extractRoutePart=function(a,b,c,d){var e;return b=b||1,c=c||wp.api.versionString,0===a.indexOf("/"+c)&&(a=a.substr(c.length+1)),e=a.split("/"),d&&(e=e.reverse()),_.isUndefined(e[--b])?"":e[b]},wp.api.utils.extractParentName=function(a){var b,c=a.lastIndexOf("_id>[\\d]+)/");return c<0?"":(b=a.substr(0,c-1),b=b.split("/"),b.pop(),b=b.pop())},wp.api.utils.decorateFromRoute=function(a,b){_.each(a,function(a){_.includes(a.methods,"POST")||_.includes(a.methods,"PUT")?_.isEmpty(a.args)||(_.isEmpty(b.prototype.args)?b.prototype.args=a.args:b.prototype.args=_.extend(b.prototype.args,a.args)):_.includes(a.methods,"GET")&&(_.isEmpty(a.args)||(_.isEmpty(b.prototype.options)?b.prototype.options=a.args:b.prototype.options=_.extend(b.prototype.options,a.args)))})},wp.api.utils.addMixinsAndHelpers=function(a,b,c){var d=!1,e=["date","modified","date_gmt","modified_gmt"],f={setDate:function(a,b){var c=b||"date";return!(_.indexOf(e,c)<0)&&void this.set(c,a.toISOString())},getDate:function(a){var b=a||"date",c=this.get(b);return!(_.indexOf(e,b)<0||_.isNull(c))&&new Date(wp.api.utils.parseISO8601(c))}},g=function(a,b,c,d,e){var f,g,h,i;return i=jQuery.Deferred(),g=a.get("_embedded")||{},_.isNumber(b)&&0!==b?(g[d]&&(h=_.findWhere(g[d],{id:b})),h||(h={id:b}),f=new wp.api.models[c](h),f.get(e)?i.resolve(f):f.fetch({success:function(a){i.resolve(a)},error:function(a,b){i.reject(b)}}),i.promise()):(i.reject(),i)},h=function(a,b,c,d){var e,f,g,h="",j="",k=jQuery.Deferred();return e=a.get("id"),f=a.get("_embedded")||{},_.isNumber(e)&&0!==e?(_.isUndefined(c)||_.isUndefined(f[c])?h={parent:e}:j=_.isUndefined(d)?f[c]:f[c][d],g=new wp.api.collections[b](j,h),_.isUndefined(g.models[0])?g.fetch({success:function(a){i(a,e),k.resolve(a)},error:function(a,b){k.reject(b)}}):(i(g,e),k.resolve(g)),k.promise()):(k.reject(),k)},i=function(a,b){_.each(a.models,function(a){a.set("parent_post",b)})},j={getMeta:function(a){var b=this.get("meta");return b[a]},getMetas:function(){return this.get("meta")},setMetas:function(a){var b=this.get("meta");_.extend(b,a),this.set("meta",b)},setMeta:function(a,b){var c=this.get("meta");c[a]=b,this.set("meta",c)}},k={getRevisions:function(){return h(this,"PostRevisions")}},l={getTags:function(){var a=this.get("tags"),b=new wp.api.collections.Tags;return _.isEmpty(a)?jQuery.Deferred().resolve([]):b.fetch({data:{include:a}})},setTags:function(a){var b,c,d=this,e=[];return!_.isString(a)&&void(_.isArray(a)?(b=new wp.api.collections.Tags,b.fetch({data:{per_page:100},success:function(b){_.each(a,function(a){c=new wp.api.models.Tag(b.findWhere({slug:a})),c.set("parent_post",d.get("id")),e.push(c)}),a=new wp.api.collections.Tags(e),d.setTagsWithCollection(a)}})):this.setTagsWithCollection(a))},setTagsWithCollection:function(a){return this.set("tags",a.pluck("id")),this.save()}},m={getCategories:function(){var a=this.get("categories"),b=new wp.api.collections.Categories;return _.isEmpty(a)?jQuery.Deferred().resolve([]):b.fetch({data:{include:a}})},setCategories:function(a){var b,c,d=this,e=[];return!_.isString(a)&&void(_.isArray(a)?(b=new wp.api.collections.Categories,b.fetch({data:{per_page:100},success:function(b){_.each(a,function(a){c=new wp.api.models.Category(b.findWhere({slug:a})),c.set("parent_post",d.get("id")),e.push(c)}),a=new wp.api.collections.Categories(e),d.setCategoriesWithCollection(a)}})):this.setCategoriesWithCollection(a))},setCategoriesWithCollection:function(a){return this.set("categories",a.pluck("id")),this.save()}},n={getAuthorUser:function(){return g(this,this.get("author"),"User","author","name")}},o={getFeaturedMedia:function(){return g(this,this.get("featured_media"),"Media","wp:featuredmedia","source_url")}};return _.isUndefined(a.prototype.args)?a:(_.each(e,function(b){_.isUndefined(a.prototype.args[b])||(d=!0)}),d&&(a=a.extend(f)),_.isUndefined(a.prototype.args.author)||(a=a.extend(n)),_.isUndefined(a.prototype.args.featured_media)||(a=a.extend(o)),_.isUndefined(a.prototype.args.categories)||(a=a.extend(m)),_.isUndefined(a.prototype.args.meta)||(a=a.extend(j)),_.isUndefined(a.prototype.args.tags)||(a=a.extend(l)),_.isUndefined(c.collections[b+"Revisions"])||(a=a.extend(k)),a)}}(window),function(){"use strict";var a=window.wpApiSettings||{},b=["Comment","Media","Comment","Post","Page","Status","Taxonomy","Type"];wp.api.WPApiBaseModel=Backbone.Model.extend({initialize:function(){-1===_.indexOf(b,this.name)&&(this.requireForceForDelete=!0)},sync:function(a,b,c){var d;return c=c||{},_.isNull(b.get("date_gmt"))&&b.unset("date_gmt"),_.isEmpty(b.get("slug"))&&b.unset("slug"),!_.isFunction(b.nonce)||_.isUndefined(b.nonce())||_.isNull(b.nonce())||(d=c.beforeSend,c.beforeSend=function(a){if(a.setRequestHeader("X-WP-Nonce",b.nonce()),d)return d.apply(this,arguments)},c.complete=function(a){var c=a.getResponseHeader("X-WP-Nonce");c&&_.isFunction(b.nonce)&&b.nonce()!==c&&b.endpointModel.set("nonce",c)}),this.requireForceForDelete&&"delete"===a&&(b.url=b.url()+"?force=true"),Backbone.sync(a,b,c)},save:function(a,b){return!(!_.includes(this.methods,"PUT")&&!_.includes(this.methods,"POST"))&&Backbone.Model.prototype.save.call(this,a,b)},destroy:function(a){return!!_.includes(this.methods,"DELETE")&&Backbone.Model.prototype.destroy.call(this,a)}}),wp.api.models.Schema=wp.api.WPApiBaseModel.extend({defaults:{_links:{},namespace:null,routes:{}},initialize:function(b,c){var d=this;c=c||{},wp.api.WPApiBaseModel.prototype.initialize.call(d,b,c),d.apiRoot=c.apiRoot||a.root,d.versionString=c.versionString||a.versionString},url:function(){return this.apiRoot+this.versionString}})}(),function(){"use strict";var a=window.wpApiSettings||{};wp.api.WPApiBaseCollection=Backbone.Collection.extend({initialize:function(a,b){this.state={data:{},currentPage:null,totalPages:null,totalObjects:null},_.isUndefined(b)?this.parent="":this.parent=b.parent},sync:function(b,c,d){var e,f,g=this;return d=d||{},e=d.beforeSend,"undefined"!=typeof a.nonce&&(d.beforeSend=function(b){if(b.setRequestHeader("X-WP-Nonce",a.nonce),e)return e.apply(g,arguments)}),"read"===b&&(d.data?(g.state.data=_.clone(d.data),delete g.state.data.page):g.state.data=d.data={},"undefined"==typeof d.data.page?(g.state.currentPage=null,g.state.totalPages=null,g.state.totalObjects=null):g.state.currentPage=d.data.page-1,f=d.success,d.success=function(a,b,c){if(_.isUndefined(c)||(g.state.totalPages=parseInt(c.getResponseHeader("x-wp-totalpages"),10),g.state.totalObjects=parseInt(c.getResponseHeader("x-wp-total"),10)),null===g.state.currentPage?g.state.currentPage=1:g.state.currentPage++,f)return f.apply(this,arguments)}),Backbone.sync(b,c,d)},more:function(a){if(a=a||{},a.data=a.data||{},_.extend(a.data,this.state.data),"undefined"==typeof a.data.page){if(!this.hasMore())return!1;null===this.state.currentPage||this.state.currentPage<=1?a.data.page=2:a.data.page=this.state.currentPage+1}return this.fetch(a)},hasMore:function(){return null===this.state.totalPages||null===this.state.totalObjects||null===this.state.currentPage?null:this.state.currentPage[\\d]+)/");return c<0?"":(b=a.substr(0,c-1),b=b.split("/"),b.pop(),b=b.pop())},wp.api.utils.decorateFromRoute=function(a,b){_.each(a,function(a){_.includes(a.methods,"POST")||_.includes(a.methods,"PUT")?_.isEmpty(a.args)||(_.isEmpty(b.prototype.args)?b.prototype.args=a.args:b.prototype.args=_.extend(b.prototype.args,a.args)):_.includes(a.methods,"GET")&&(_.isEmpty(a.args)||(_.isEmpty(b.prototype.options)?b.prototype.options=a.args:b.prototype.options=_.extend(b.prototype.options,a.args)))})},wp.api.utils.addMixinsAndHelpers=function(a,b,c){var d=!1,e=["date","modified","date_gmt","modified_gmt"],f={setDate:function(a,b){var c=b||"date";return!(_.indexOf(e,c)<0)&&void this.set(c,a.toISOString())},getDate:function(a){var b=a||"date",c=this.get(b);return!(_.indexOf(e,b)<0||_.isNull(c))&&new Date(wp.api.utils.parseISO8601(c))}},g=function(a,b,c,d,e){var f,g,h,i;return i=jQuery.Deferred(),g=a.get("_embedded")||{},_.isNumber(b)&&0!==b?(g[d]&&(h=_.findWhere(g[d],{id:b})),h||(h={id:b}),f=new wp.api.models[c](h),f.get(e)?i.resolve(f):f.fetch({success:function(a){i.resolve(a)},error:function(a,b){i.reject(b)}}),i.promise()):(i.reject(),i)},h=function(a,b,c,d){var e,f,g,h="",j="",k=jQuery.Deferred();return e=a.get("id"),f=a.get("_embedded")||{},_.isNumber(e)&&0!==e?(_.isUndefined(c)||_.isUndefined(f[c])?h={parent:e}:j=_.isUndefined(d)?f[c]:f[c][d],g=new wp.api.collections[b](j,h),_.isUndefined(g.models[0])?g.fetch({success:function(a){i(a,e),k.resolve(a)},error:function(a,b){k.reject(b)}}):(i(g,e),k.resolve(g)),k.promise()):(k.reject(),k)},i=function(a,b){_.each(a.models,function(a){a.set("parent_post",b)})},j={getMeta:function(a){var b=this.get("meta");return b[a]},getMetas:function(){return this.get("meta")},setMetas:function(a){var b=this.get("meta");_.extend(b,a),this.set("meta",b)},setMeta:function(a,b){var c=this.get("meta");c[a]=b,this.set("meta",c)}},k={getRevisions:function(){return h(this,"PostRevisions")}},l={getTags:function(){var a=this.get("tags"),b=new wp.api.collections.Tags;return _.isEmpty(a)?jQuery.Deferred().resolve([]):b.fetch({data:{include:a}})},setTags:function(a){var b,c,d=this,e=[];return!_.isString(a)&&void(_.isArray(a)?(b=new wp.api.collections.Tags,b.fetch({data:{per_page:100},success:function(b){_.each(a,function(a){c=new wp.api.models.Tag(b.findWhere({slug:a})),c.set("parent_post",d.get("id")),e.push(c)}),a=new wp.api.collections.Tags(e),d.setTagsWithCollection(a)}})):this.setTagsWithCollection(a))},setTagsWithCollection:function(a){return this.set("tags",a.pluck("id")),this.save()}},m={getCategories:function(){var a=this.get("categories"),b=new wp.api.collections.Categories;return _.isEmpty(a)?jQuery.Deferred().resolve([]):b.fetch({data:{include:a}})},setCategories:function(a){var b,c,d=this,e=[];return!_.isString(a)&&void(_.isArray(a)?(b=new wp.api.collections.Categories,b.fetch({data:{per_page:100},success:function(b){_.each(a,function(a){c=new wp.api.models.Category(b.findWhere({slug:a})),c.set("parent_post",d.get("id")),e.push(c)}),a=new wp.api.collections.Categories(e),d.setCategoriesWithCollection(a)}})):this.setCategoriesWithCollection(a))},setCategoriesWithCollection:function(a){return this.set("categories",a.pluck("id")),this.save()}},n={getAuthorUser:function(){return g(this,this.get("author"),"User","author","name")}},o={getFeaturedMedia:function(){return g(this,this.get("featured_media"),"Media","wp:featuredmedia","source_url")}};return _.isUndefined(a.prototype.args)?a:(_.each(e,function(b){_.isUndefined(a.prototype.args[b])||(d=!0)}),d&&(a=a.extend(f)),_.isUndefined(a.prototype.args.author)||(a=a.extend(n)),_.isUndefined(a.prototype.args.featured_media)||(a=a.extend(o)),_.isUndefined(a.prototype.args.categories)||(a=a.extend(m)),_.isUndefined(a.prototype.args.meta)||(a=a.extend(j)),_.isUndefined(a.prototype.args.tags)||(a=a.extend(l)),_.isUndefined(c.collections[b+"Revisions"])||(a=a.extend(k)),a)}}(window),function(){"use strict";var a=window.wpApiSettings||{},b=["Comment","Media","Comment","Post","Page","Status","Taxonomy","Type"];wp.api.WPApiBaseModel=Backbone.Model.extend({initialize:function(){-1===_.indexOf(b,this.name)&&(this.requireForceForDelete=!0)},sync:function(a,b,c){var d;return c=c||{},_.isNull(b.get("date_gmt"))&&b.unset("date_gmt"),_.isEmpty(b.get("slug"))&&b.unset("slug"),!_.isFunction(b.nonce)||_.isUndefined(b.nonce())||_.isNull(b.nonce())||(d=c.beforeSend,c.beforeSend=function(a){if(a.setRequestHeader("X-WP-Nonce",b.nonce()),d)return d.apply(this,arguments)},c.complete=function(a){var c=a.getResponseHeader("X-WP-Nonce");c&&_.isFunction(b.nonce)&&b.nonce()!==c&&b.endpointModel.set("nonce",c)}),this.requireForceForDelete&&"delete"===a&&(b.url=b.url()+"?force=true"),Backbone.sync(a,b,c)},save:function(a,b){return!(!_.includes(this.methods,"PUT")&&!_.includes(this.methods,"POST"))&&Backbone.Model.prototype.save.call(this,a,b)},destroy:function(a){return!!_.includes(this.methods,"DELETE")&&Backbone.Model.prototype.destroy.call(this,a)}}),wp.api.models.Schema=wp.api.WPApiBaseModel.extend({defaults:{_links:{},namespace:null,routes:{}},initialize:function(b,c){var d=this;c=c||{},wp.api.WPApiBaseModel.prototype.initialize.call(d,b,c),d.apiRoot=c.apiRoot||a.root,d.versionString=c.versionString||a.versionString},url:function(){return this.apiRoot+this.versionString}})}(),function(){"use strict";window.wpApiSettings||{};wp.api.WPApiBaseCollection=Backbone.Collection.extend({initialize:function(a,b){this.state={data:{},currentPage:null,totalPages:null,totalObjects:null},_.isUndefined(b)?this.parent="":this.parent=b.parent},sync:function(a,b,c){var d,e,f=this;return c=c||{},!_.isFunction(b.nonce)||_.isUndefined(b.nonce())||_.isNull(b.nonce())||(d=c.beforeSend,c.beforeSend=function(a){if(a.setRequestHeader("X-WP-Nonce",b.nonce()),d)return d.apply(f,arguments)},c.complete=function(a){var c=a.getResponseHeader("X-WP-Nonce");c&&_.isFunction(b.nonce)&&b.nonce()!==c&&b.endpointModel.set("nonce",c)}),"read"===a&&(c.data?(f.state.data=_.clone(c.data),delete f.state.data.page):f.state.data=c.data={},"undefined"==typeof c.data.page?(f.state.currentPage=null,f.state.totalPages=null,f.state.totalObjects=null):f.state.currentPage=c.data.page-1,e=c.success,c.success=function(a,b,c){if(_.isUndefined(c)||(f.state.totalPages=parseInt(c.getResponseHeader("x-wp-totalpages"),10),f.state.totalObjects=parseInt(c.getResponseHeader("x-wp-total"),10)),null===f.state.currentPage?f.state.currentPage=1:f.state.currentPage++,e)return e.apply(this,arguments)}),Backbone.sync(a,b,c)},more:function(a){if(a=a||{},a.data=a.data||{},_.extend(a.data,this.state.data),"undefined"==typeof a.data.page){if(!this.hasMore())return!1;null===this.state.currentPage||this.state.currentPage<=1?a.data.page=2:a.data.page=this.state.currentPage+1}return this.fetch(a)},hasMore:function(){return null===this.state.totalPages||null===this.state.totalObjects||null===this.state.currentPage?null:this.state.currentPage