diff options
| author | Byron Jones <glob@mozilla.com> | 2015-09-23 05:54:41 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-09-23 05:54:41 +0200 |
| commit | 043c7523acd6af5288191b15f746fc360b73ab40 (patch) | |
| tree | 536980970ca7ae13ce29d4cf9e9f69fb0669a972 /Bugzilla/Token.pm | |
| parent | 2e425408eeb1065eacb4bcded2cc88d05a689e1c (diff) | |
| download | bugzilla-043c7523acd6af5288191b15f746fc360b73ab40.tar.gz bugzilla-043c7523acd6af5288191b15f746fc360b73ab40.tar.xz | |
Bug 1199087 - extend 2fa protection beyond login
Diffstat (limited to 'Bugzilla/Token.pm')
| -rw-r--r-- | Bugzilla/Token.pm | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 6e1414db6..3c5261821 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -41,13 +41,17 @@ use Date::Parse; use File::Basename; use Digest::MD5 qw(md5_hex); use Digest::SHA qw(hmac_sha256_base64); +use Encode; +use JSON qw(encode_json decode_json); use base qw(Exporter); @Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token + issue_short_lived_session_token issue_auth_delegation_token check_auth_delegation_token check_token_data delete_token - issue_hash_token check_hash_token); + issue_hash_token check_hash_token + set_token_extra_data get_token_extra_data); # 128 bits password: # 128 * log10(2) / log10(62) = 21.49, round up to 22. @@ -227,6 +231,15 @@ sub issue_session_token { return _create_token($user->id, 'session', $data); } +sub issue_short_lived_session_token { + my ($data, $user) = @_; + # Generates a random token, adds it to the tokens table, and returns + # the token to the caller. + + $user //= Bugzilla->user; + return _create_token($user->id, 'session.short', $data); +} + sub issue_hash_token { my ($data, $time) = @_; $data ||= []; @@ -290,6 +303,9 @@ sub CleanTokenTable { $dbh->do("DELETE FROM tokens WHERE " . $dbh->sql_date_math('issuedate', '+', '?', 'HOUR') . " <= NOW()", undef, MAX_TOKEN_AGE * 24); + $dbh->do("DELETE FROM tokens WHERE tokentype = ? AND " . + $dbh->sql_date_math('issuedate', '+', '?', 'HOUR') . " <= NOW()", + undef, 'session.short', MAX_SHORT_TOKEN_HOURS); } sub GenerateUniqueToken { @@ -475,6 +491,35 @@ sub check_token_data { return 1; } +sub set_token_extra_data { + my ($token, $data) = @_; + + $data = encode_json($data) if ref($data); + + # extra_data is MEDIUMTEXT, max 16M + if (length($data) > 16_777_215) { + ThrowCodeError('token_data_too_big'); + } + + Bugzilla->dbh->do( + "INSERT INTO token_data (token, extra_data) VALUES (?, ?) ON DUPLICATE KEY UPDATE extra_data = ?", + undef, $token, $data, $data); +} + +sub get_token_extra_data { + my ($token) = @_; + trick_taint($token); + my ($data) = Bugzilla->dbh->selectrow_array( + "SELECT extra_data FROM token_data WHERE token = ?", + undef, $token); + return undef unless defined $data; + $data = encode('UTF-8', $data); + eval { + $data = decode_json($data); + }; + return $data; +} + ################################################################################ # Internal Functions ################################################################################ |