summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-09-01 07:01:20 +0200
committerByron Jones <glob@mozilla.com>2015-09-01 07:01:20 +0200
commit421ff7f194875db9634ea783d9dd5b6111f19df3 (patch)
tree5806e9f3001fa4f33ba85aa94856b70a7f878cf8 /Bugzilla/Auth/Login
parentbcc93f83a64a76cd73501eaefaf5fd073fbc3f0d (diff)
downloadbugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.gz
bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.xz
Bug 1197073 - add support for 2fa using totp (eg. google authenticator)
Diffstat (limited to 'Bugzilla/Auth/Login')
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm12
1 files changed, 11 insertions, 1 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 738d26b21..0b5842523 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -40,7 +40,7 @@ sub get_login_info {
my ($self) = @_;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
- my ($user_id, $login_cookie);
+ my ($user_id, $login_cookie, $is_internal);
if (!Bugzilla->request_cache->{auth_no_automatic_login}) {
$login_cookie = $cgi->cookie("Bugzilla_logincookie");
@@ -82,6 +82,7 @@ sub get_login_info {
{
ThrowUserError('auth_invalid_token', { token => $api_token });
}
+ $is_internal = 1;
}
}
}
@@ -112,6 +113,15 @@ sub get_login_info {
# If the cookie is valid, return a valid username.
if (defined $db_cookie && $login_cookie eq $db_cookie) {
+
+ # forbid logging in with a cookie if only api-keys are allowed
+ if (i_am_webservice() && !$is_internal) {
+ my $user = Bugzilla::User->new({ id => $user_id, cache => 1 });
+ if ($user->settings->{api_key_only}->{value} eq 'on') {
+ ThrowUserError('invalid_cookies_or_token');
+ }
+ }
+
# If we logged in successfully, then update the lastused
# time on the login cookie
$dbh->do("UPDATE logincookies SET lastused = NOW()