diff options
author | dklawren <dklawren@users.noreply.github.com> | 2018-05-01 17:10:03 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-01 17:10:03 +0200 |
commit | 9184ec2442347f0c4f7a4c0b4e4436ea8d41e875 (patch) | |
tree | 549dd235eb79266b47ce36ca54aee895ea0cc2a7 | |
parent | ba5f2af68c6dd8639c6bd45d3e419741e1946134 (diff) | |
download | bugzilla-9184ec2442347f0c4f7a4c0b4e4436ea8d41e875.tar.gz bugzilla-9184ec2442347f0c4f7a4c0b4e4436ea8d41e875.tar.xz |
Bug 1452984 - double-check new accounts with BMO to catch and notify of username squatting
-rw-r--r-- | extensions/PhabBugz/lib/Feed.pm | 57 | ||||
-rw-r--r-- | extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl | 34 |
2 files changed, 89 insertions, 2 deletions
diff --git a/extensions/PhabBugz/lib/Feed.pm b/extensions/PhabBugz/lib/Feed.pm index c35eeba4d..3517d44fd 100644 --- a/extensions/PhabBugz/lib/Feed.pm +++ b/extensions/PhabBugz/lib/Feed.pm @@ -17,10 +17,11 @@ use Moo; use Try::Tiny; use Bugzilla::Constants; -use Bugzilla::Field; +use Bugzilla::Error; use Bugzilla::Logging; +use Bugzilla::Mailer; use Bugzilla::Search; -use Bugzilla::Util qw(diff_arrays with_writable_database with_readonly_database); +use Bugzilla::Util qw(diff_arrays format_time with_writable_database with_readonly_database); use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Policy; @@ -520,6 +521,55 @@ sub process_new_user { # Pre setup before querying DB my $old_user = set_phab_user(); + # CHECK AND WARN FOR POSSIBLE USERNAME SQUATTING + INFO("Checking for username squatters"); + my $dbh = Bugzilla->dbh; + my $regexp = $dbh->quote( ":?:" . quotemeta($phab_user->name) . "[[:>:]]" ); + my $results = $dbh->selectall_arrayref( " + SELECT userid, login_name, realname + FROM profiles + WHERE userid != ? AND " . $dbh->sql_regexp( 'realname', $regexp ), + { Slice => {} }, + $bug_user->id ); + if (@$results) { + # The email client will display the Date: header in the desired timezone, + # so we can always use UTC here. + my $timestamp = Bugzilla->dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)'); + $timestamp = format_time($timestamp, '%a, %d %b %Y %T %z', 'UTC'); + + foreach my $row (@$results) { + WARN( + 'Possible username squatter: ', + 'phab user login: ' . $phab_user->name, + ' phab user realname: ' . $phab_user->realname, + ' bugzilla user id: ' . $row->{userid}, + ' bugzilla login: ' . $row->{login_name}, + ' bugzilla realname: ' . $row->{realname} + ); + + my $vars = { + date => $timestamp, + phab_user_login => $phab_user->name, + phab_user_realname => $phab_user->realname, + bugzilla_userid => $phab_user->bugzilla_user->id, + bugzilla_login => $phab_user->bugzilla_user->login, + bugzilla_realname => $phab_user->bugzilla_user->name, + squat_userid => $row->{userid}, + squat_login => $row->{login_name}, + squat_realname => $row->{realname} + }; + + my $message; + my $template = Bugzilla->template; + $template->process("admin/email/squatter-alert.txt.tmpl", $vars, \$message) + || ThrowTemplateError($template->error()); + + MessageToMTA($message); + } + } + + # ADD SUBSCRIBERS TO REVSISIONS FOR CURRENT PRIVATE BUGS + my $params = { f3 => 'OP', j3 => 'OR', @@ -563,6 +613,8 @@ sub process_new_user { # the first value of each row should be the bug id my @bug_ids = map { shift @$_ } @$data; + INFO("Updating subscriber values for old private bugs"); + foreach my $bug_id (@bug_ids) { INFO("Processing bug $bug_id"); @@ -573,6 +625,7 @@ sub process_new_user { foreach my $attachment (@attachments) { my ($revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN); + INFO("Processing revision D$revision_id"); my $revision = Bugzilla::Extension::PhabBugz::Revision->new_from_query( diff --git a/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl b/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl new file mode 100644 index 000000000..98e92a379 --- /dev/null +++ b/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl @@ -0,0 +1,34 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% PROCESS global/variables.none.tmpl %] + +From: [% Param('mailfrom') %] +To: phabricator-admin@mozilla.com +Subject: Possible Phabricator Username Squatter Alert +Date: [% date %] +X-Bugzilla-Type: squatter-alert + +Possible username squatter: + +Phabricator Account + +login: [% phab_user_login %] +realname: [% phab_user_realname %] + +Bugzilla Account Matching Phabricator Account + +user id: [% bugzilla_userid %] +login: [% bugzilla_login %] +realname: [% bugzilla_realname %] + +Possible Bugzilla Account Squatting On + +user id: [% squat_userid %] +login: [% squat_login %] +realname: [% squat_realname %] |