diff options
author | gerv%gerv.net <> | 2002-05-03 15:37:42 +0200 |
---|---|---|
committer | gerv%gerv.net <> | 2002-05-03 15:37:42 +0200 |
commit | af7e8c59d7024eacba4c2740e1f1367ef069cbc4 (patch) | |
tree | 5db2ab2bd826ae8808936c63b9bb515d3af74692 | |
parent | 975393052e91c1c22b301c708c156f3784601358 (diff) | |
download | bugzilla-af7e8c59d7024eacba4c2740e1f1367ef069cbc4.tar.gz bugzilla-af7e8c59d7024eacba4c2740e1f1367ef069cbc4.tar.xz |
Bug 135836 - change requests should include expiration details. Patch by zeroJ@null.net; r=gerv, justdave.
-rw-r--r-- | Bugzilla/Token.pm | 29 | ||||
-rw-r--r-- | Token.pm | 29 | ||||
-rw-r--r-- | template/en/default/account/email/change-new.txt.tmpl | 3 | ||||
-rw-r--r-- | template/en/default/account/email/change-old.txt.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/account/password/forgotten-password.txt.tmpl | 4 |
5 files changed, 61 insertions, 8 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 3f75eeb95..358a1bb22 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -30,16 +30,28 @@ use strict; # Bundle the functions in this file together into the "Token" package. package Token; +use Date::Format; + # This module requires that its caller have said "require CGI.pl" to import # relevant functions from that script and its companion globals.pl. ################################################################################ +# Constants +################################################################################ + +# The maximum number of days a token will remain valid. +my $maxtokenage = 3; + +################################################################################ # Functions ################################################################################ sub IssueEmailChangeToken { my ($userid, $old_email, $new_email) = @_; + my $token_ts = time(); + my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts); + # Generate a unique token and insert it into the tokens table. # We have to lock the tokens table before generating the token, # since the database must be queried for token uniqueness. @@ -49,13 +61,13 @@ sub IssueEmailChangeToken { my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email); &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata ) - VALUES ( $userid , NOW() , $quotedtoken , + VALUES ( $userid , '$issuedate' , $quotedtoken , 'emailold' , $quoted_emails )"); my $newtoken = GenerateUniqueToken(); $quotedtoken = &::SqlQuote($newtoken); &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata ) - VALUES ( $userid , NOW() , $quotedtoken , + VALUES ( $userid , '$issuedate' , $quotedtoken , 'emailnew' , $quoted_emails )"); &::SendSQL("UNLOCK TABLES"); @@ -66,6 +78,9 @@ sub IssueEmailChangeToken { $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); + + $vars->{'max_token_age'} = $maxtokenage; + $vars->{'token_ts'} = $token_ts; $vars->{'token'} = $token; $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); @@ -102,6 +117,9 @@ sub IssuePasswordToken { &::SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname"); my ($userid) = &::FetchSQLData(); + my $token_ts = time(); + my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts); + # Generate a unique token and insert it into the tokens table. # We have to lock the tokens table before generating the token, # since the database must be queried for token uniqueness. @@ -110,7 +128,7 @@ sub IssuePasswordToken { my $quotedtoken = &::SqlQuote($token); my $quotedipaddr = &::SqlQuote($::ENV{'REMOTE_ADDR'}); &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata ) - VALUES ( $userid , NOW() , $quotedtoken , 'password' , $quotedipaddr )"); + VALUES ( $userid , '$issuedate' , $quotedtoken , 'password' , $quotedipaddr )"); &::SendSQL("UNLOCK TABLES"); # Mail the user the token along with instructions for using it. @@ -121,6 +139,9 @@ sub IssuePasswordToken { $vars->{'token'} = $token; $vars->{'emailaddress'} = $loginname . &::Param('emailsuffix'); + $vars->{'max_token_age'} = $maxtokenage; + $vars->{'token_ts'} = $token_ts; + my $message = ""; $template->process("account/password/forgotten-password.txt.tmpl", $vars, \$message) @@ -136,7 +157,7 @@ sub IssuePasswordToken { sub CleanTokenTable { &::SendSQL("LOCK TABLES tokens WRITE"); &::SendSQL("DELETE FROM tokens - WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3"); + WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= " . $maxtokenage); &::SendSQL("UNLOCK TABLES"); } @@ -30,16 +30,28 @@ use strict; # Bundle the functions in this file together into the "Token" package. package Token; +use Date::Format; + # This module requires that its caller have said "require CGI.pl" to import # relevant functions from that script and its companion globals.pl. ################################################################################ +# Constants +################################################################################ + +# The maximum number of days a token will remain valid. +my $maxtokenage = 3; + +################################################################################ # Functions ################################################################################ sub IssueEmailChangeToken { my ($userid, $old_email, $new_email) = @_; + my $token_ts = time(); + my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts); + # Generate a unique token and insert it into the tokens table. # We have to lock the tokens table before generating the token, # since the database must be queried for token uniqueness. @@ -49,13 +61,13 @@ sub IssueEmailChangeToken { my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email); &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata ) - VALUES ( $userid , NOW() , $quotedtoken , + VALUES ( $userid , '$issuedate' , $quotedtoken , 'emailold' , $quoted_emails )"); my $newtoken = GenerateUniqueToken(); $quotedtoken = &::SqlQuote($newtoken); &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata ) - VALUES ( $userid , NOW() , $quotedtoken , + VALUES ( $userid , '$issuedate' , $quotedtoken , 'emailnew' , $quoted_emails )"); &::SendSQL("UNLOCK TABLES"); @@ -66,6 +78,9 @@ sub IssueEmailChangeToken { $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); + + $vars->{'max_token_age'} = $maxtokenage; + $vars->{'token_ts'} = $token_ts; $vars->{'token'} = $token; $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); @@ -102,6 +117,9 @@ sub IssuePasswordToken { &::SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname"); my ($userid) = &::FetchSQLData(); + my $token_ts = time(); + my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts); + # Generate a unique token and insert it into the tokens table. # We have to lock the tokens table before generating the token, # since the database must be queried for token uniqueness. @@ -110,7 +128,7 @@ sub IssuePasswordToken { my $quotedtoken = &::SqlQuote($token); my $quotedipaddr = &::SqlQuote($::ENV{'REMOTE_ADDR'}); &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata ) - VALUES ( $userid , NOW() , $quotedtoken , 'password' , $quotedipaddr )"); + VALUES ( $userid , '$issuedate' , $quotedtoken , 'password' , $quotedipaddr )"); &::SendSQL("UNLOCK TABLES"); # Mail the user the token along with instructions for using it. @@ -121,6 +139,9 @@ sub IssuePasswordToken { $vars->{'token'} = $token; $vars->{'emailaddress'} = $loginname . &::Param('emailsuffix'); + $vars->{'max_token_age'} = $maxtokenage; + $vars->{'token_ts'} = $token_ts; + my $message = ""; $template->process("account/password/forgotten-password.txt.tmpl", $vars, \$message) @@ -136,7 +157,7 @@ sub IssuePasswordToken { sub CleanTokenTable { &::SendSQL("LOCK TABLES tokens WRITE"); &::SendSQL("DELETE FROM tokens - WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3"); + WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= " . $maxtokenage); &::SendSQL("UNLOCK TABLES"); } diff --git a/template/en/default/account/email/change-new.txt.tmpl b/template/en/default/account/email/change-new.txt.tmpl index 4739c50e7..b07be609c 100644 --- a/template/en/default/account/email/change-new.txt.tmpl +++ b/template/en/default/account/email/change-new.txt.tmpl @@ -18,6 +18,7 @@ # # Contributor(s): John Vandenberg <zeroj@null.net> #%] +[% expiration_ts = token_ts + (max_token_age * 86400) %] From: bugzilla-admin-daemon To: [% emailaddress %] Subject: Bugzilla Change Email Address Request @@ -34,3 +35,5 @@ this request, visit the following link: [% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %] +If you do nothing, the request will lapse after +[%- max_token_age %] days ([% time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]). diff --git a/template/en/default/account/email/change-old.txt.tmpl b/template/en/default/account/email/change-old.txt.tmpl index ac42cccb0..d50a958c6 100644 --- a/template/en/default/account/email/change-old.txt.tmpl +++ b/template/en/default/account/email/change-old.txt.tmpl @@ -18,6 +18,7 @@ # # Contributor(s): John Vandenberg <zeroj@null.net> #%] +[% expiration_ts = token_ts + (max_token_age * 86400) %] From: bugzilla-admin-daemon To: [% emailaddress %] Subject: Bugzilla Change Email Address Request @@ -33,3 +34,6 @@ this request, visit the following link: [% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %] +If you do nothing, and [% newemailaddress %] confirms this request, the +change will be made permanent after +[%- max_token_age %] days ([% time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]). diff --git a/template/en/default/account/password/forgotten-password.txt.tmpl b/template/en/default/account/password/forgotten-password.txt.tmpl index 155b83b08..bf3242c08 100644 --- a/template/en/default/account/password/forgotten-password.txt.tmpl +++ b/template/en/default/account/password/forgotten-password.txt.tmpl @@ -18,6 +18,7 @@ # # Contributor(s): John Vandenberg <zeroj@null.net> #%] +[% expiration_ts = token_ts + (max_token_age * 86400) %] From: bugzilla-admin-daemon To: [% emailaddress %] Subject: Bugzilla Change Password Request @@ -32,3 +33,6 @@ this request, visit the following link: [%+ Param('urlbase') %]token.cgi?a=cxlpw&t=[% token FILTER url_quote %] +If you do nothing, the request will lapse after +[%- max_token_age %] days +([% time2str("%H:%M on the %o of %B, %Y", expiration_ts) -%]) or when you log in successfully. |