X-Git-Url: https://git.cyclocoop.org/%242?a=blobdiff_plain;f=resources%2Fsrc%2Fmediawiki.user.js;h=251b108078c424344e69fde3fd05e870073bf361;hb=153ade3fb6a93162dabb3be8ea7fcd3289cc88d8;hp=5fc19907588dd388d1f72449b5d84fb2dd09d2a3;hpb=fd3f586dbbbb556aa19c0a53c7e8cb1aa93fa164;p=lhc%2Fweb%2Fwiklou.git diff --git a/resources/src/mediawiki.user.js b/resources/src/mediawiki.user.js index 5fc1990758..251b108078 100644 --- a/resources/src/mediawiki.user.js +++ b/resources/src/mediawiki.user.js @@ -2,9 +2,9 @@ * @class mw.user * @singleton */ -/* global Uint32Array */ +/* global Uint16Array */ ( function ( mw, $ ) { - var userInfoPromise, stickyRandomSessionId; + var userInfoPromise, pageviewRandomId; /** * Get the current user's groups or rights @@ -36,53 +36,56 @@ * mobile usages of this code is probably higher. * * Rationale: - * We need about 64 bits to make sure that probability of collision - * on 500 million (5*10^8) is <= 1% - * See https://en.wikipedia.org/wiki/Birthday_problem#Probability_table + * We need about 80 bits to make sure that probability of collision + * on 155 billion is <= 1% * - * @return {string} 64 bit integer in hex format, padded + * See https://en.wikipedia.org/wiki/Birthday_attack#Mathematics + * n(p;H) = n(0.01,2^80)= sqrt (2 * 2^80 * ln(1/(1-0.01))) + + * @return {string} 80 bit integer in hex format, padded */ generateRandomSessionId: function () { var rnds, i, - hexRnds = new Array( 2 ), // Support: IE 11 crypto = window.crypto || window.msCrypto; - if ( crypto && crypto.getRandomValues && typeof Uint32Array === 'function' ) { - // Fill an array with 2 random values, each of which is 32 bits. - // Note that Uint32Array is array-like but does not implement Array. - rnds = new Uint32Array( 2 ); + if ( crypto && crypto.getRandomValues && typeof Uint16Array === 'function' ) { + // Fill an array with 5 random values, each of which is 16 bits. + // Note that Uint16Array is array-like but does not implement Array. + rnds = new Uint16Array( 5 ); crypto.getRandomValues( rnds ); } else { - rnds = [ - Math.floor( Math.random() * 0x100000000 ), - Math.floor( Math.random() * 0x100000000 ) - ]; - } - // Convert number to a string with 16 hex characters - for ( i = 0; i < 2; i++ ) { - // Add 0x100000000 before converting to hex and strip the extra character - // after converting to keep the leading zeros. - hexRnds[ i ] = ( rnds[ i ] + 0x100000000 ).toString( 16 ).slice( 1 ); + // 0x10000 is 2^16 so the operation below will return a number + // between 2^16 and zero + for ( i = 0; i < 5; i++ ) { + rnds[ i ] = Math.floor( Math.random() * 0x10000 ); + } } + // Convert the 5 16bit-numbers into 20 characters (4 hex per 16 bits). // Concatenation of two random integers with entropy n and m - // returns a string with entropy n+m if those strings are independent - return hexRnds.join( '' ); + // returns a string with entropy n+m if those strings are independent. + // Tested that below code is faster than array + loop + join. + return ( rnds[ 0 ] + 0x10000 ).toString( 16 ).slice( 1 ) + + ( rnds[ 1 ] + 0x10000 ).toString( 16 ).slice( 1 ) + + ( rnds[ 2 ] + 0x10000 ).toString( 16 ).slice( 1 ) + + ( rnds[ 3 ] + 0x10000 ).toString( 16 ).slice( 1 ) + + ( rnds[ 4 ] + 0x10000 ).toString( 16 ).slice( 1 ); }, /** * A sticky generateRandomSessionId for the current JS execution context, - * cached within this class. + * cached within this class (also known as a page view token). * + * @since 1.32 * @return {string} 64 bit integer in hex format, padded */ - stickyRandomId: function () { - if ( !stickyRandomSessionId ) { - stickyRandomSessionId = mw.user.generateRandomSessionId(); + getPageviewToken: function () { + if ( !pageviewRandomId ) { + pageviewRandomId = mw.user.generateRandomSessionId(); } - return stickyRandomSessionId; + return pageviewRandomId; }, /** @@ -186,4 +189,10 @@ } } ); + /** + * @method stickyRandomId + * @deprecated since 1.32 use getPageviewToken instead + */ + mw.log.deprecate( mw.user, 'stickyRandomId', mw.user.getPageviewToken, 'Please use getPageviewToken instead' ); + }( mediaWiki, jQuery ) );