summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordklawren <dklawren@users.noreply.github.com>2018-05-01 17:10:03 +0200
committerGitHub <noreply@github.com>2018-05-01 17:10:03 +0200
commit9184ec2442347f0c4f7a4c0b4e4436ea8d41e875 (patch)
tree549dd235eb79266b47ce36ca54aee895ea0cc2a7
parentba5f2af68c6dd8639c6bd45d3e419741e1946134 (diff)
downloadbugzilla-9184ec2442347f0c4f7a4c0b4e4436ea8d41e875.tar.gz
bugzilla-9184ec2442347f0c4f7a4c0b4e4436ea8d41e875.tar.xz
Bug 1452984 - double-check new accounts with BMO to catch and notify of username squatting
-rw-r--r--extensions/PhabBugz/lib/Feed.pm57
-rw-r--r--extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl34
2 files changed, 89 insertions, 2 deletions
diff --git a/extensions/PhabBugz/lib/Feed.pm b/extensions/PhabBugz/lib/Feed.pm
index c35eeba4d..3517d44fd 100644
--- a/extensions/PhabBugz/lib/Feed.pm
+++ b/extensions/PhabBugz/lib/Feed.pm
@@ -17,10 +17,11 @@ use Moo;
use Try::Tiny;
use Bugzilla::Constants;
-use Bugzilla::Field;
+use Bugzilla::Error;
use Bugzilla::Logging;
+use Bugzilla::Mailer;
use Bugzilla::Search;
-use Bugzilla::Util qw(diff_arrays with_writable_database with_readonly_database);
+use Bugzilla::Util qw(diff_arrays format_time with_writable_database with_readonly_database);
use Bugzilla::Extension::PhabBugz::Constants;
use Bugzilla::Extension::PhabBugz::Policy;
@@ -520,6 +521,55 @@ sub process_new_user {
# Pre setup before querying DB
my $old_user = set_phab_user();
+ # CHECK AND WARN FOR POSSIBLE USERNAME SQUATTING
+ INFO("Checking for username squatters");
+ my $dbh = Bugzilla->dbh;
+ my $regexp = $dbh->quote( ":?:" . quotemeta($phab_user->name) . "[[:>:]]" );
+ my $results = $dbh->selectall_arrayref( "
+ SELECT userid, login_name, realname
+ FROM profiles
+ WHERE userid != ? AND " . $dbh->sql_regexp( 'realname', $regexp ),
+ { Slice => {} },
+ $bug_user->id );
+ if (@$results) {
+ # The email client will display the Date: header in the desired timezone,
+ # so we can always use UTC here.
+ my $timestamp = Bugzilla->dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)');
+ $timestamp = format_time($timestamp, '%a, %d %b %Y %T %z', 'UTC');
+
+ foreach my $row (@$results) {
+ WARN(
+ 'Possible username squatter: ',
+ 'phab user login: ' . $phab_user->name,
+ ' phab user realname: ' . $phab_user->realname,
+ ' bugzilla user id: ' . $row->{userid},
+ ' bugzilla login: ' . $row->{login_name},
+ ' bugzilla realname: ' . $row->{realname}
+ );
+
+ my $vars = {
+ date => $timestamp,
+ phab_user_login => $phab_user->name,
+ phab_user_realname => $phab_user->realname,
+ bugzilla_userid => $phab_user->bugzilla_user->id,
+ bugzilla_login => $phab_user->bugzilla_user->login,
+ bugzilla_realname => $phab_user->bugzilla_user->name,
+ squat_userid => $row->{userid},
+ squat_login => $row->{login_name},
+ squat_realname => $row->{realname}
+ };
+
+ my $message;
+ my $template = Bugzilla->template;
+ $template->process("admin/email/squatter-alert.txt.tmpl", $vars, \$message)
+ || ThrowTemplateError($template->error());
+
+ MessageToMTA($message);
+ }
+ }
+
+ # ADD SUBSCRIBERS TO REVSISIONS FOR CURRENT PRIVATE BUGS
+
my $params = {
f3 => 'OP',
j3 => 'OR',
@@ -563,6 +613,8 @@ sub process_new_user {
# the first value of each row should be the bug id
my @bug_ids = map { shift @$_ } @$data;
+ INFO("Updating subscriber values for old private bugs");
+
foreach my $bug_id (@bug_ids) {
INFO("Processing bug $bug_id");
@@ -573,6 +625,7 @@ sub process_new_user {
foreach my $attachment (@attachments) {
my ($revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN);
+
INFO("Processing revision D$revision_id");
my $revision = Bugzilla::Extension::PhabBugz::Revision->new_from_query(
diff --git a/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl b/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl
new file mode 100644
index 000000000..98e92a379
--- /dev/null
+++ b/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl
@@ -0,0 +1,34 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
+[% PROCESS global/variables.none.tmpl %]
+
+From: [% Param('mailfrom') %]
+To: phabricator-admin@mozilla.com
+Subject: Possible Phabricator Username Squatter Alert
+Date: [% date %]
+X-Bugzilla-Type: squatter-alert
+
+Possible username squatter:
+
+Phabricator Account
+
+login: [% phab_user_login %]
+realname: [% phab_user_realname %]
+
+Bugzilla Account Matching Phabricator Account
+
+user id: [% bugzilla_userid %]
+login: [% bugzilla_login %]
+realname: [% bugzilla_realname %]
+
+Possible Bugzilla Account Squatting On
+
+user id: [% squat_userid %]
+login: [% squat_login %]
+realname: [% squat_realname %]