diff options
| author | David Lawrence <dkl@mozilla.com> | 2015-01-29 18:33:12 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-01-29 18:33:12 +0100 |
| commit | c8447e9f4b7c17ab0e04af34dbd5583e78b23677 (patch) | |
| tree | 573093df276637e98796717c325c3fc5c040263d /Bugzilla/Token.pm | |
| parent | 89d319922df1160f346321acfa6a9c5d69b5ed43 (diff) | |
| download | bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.gz bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.xz | |
Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api keys for authentication
Diffstat (limited to 'Bugzilla/Token.pm')
| -rw-r--r-- | Bugzilla/Token.pm | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 24df470ac..769cb8800 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -43,13 +43,28 @@ use Digest::MD5 qw(md5_hex); use base qw(Exporter); -@Bugzilla::Token::EXPORT = qw(issue_session_token check_token_data delete_token +@Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token + check_token_data delete_token issue_hash_token check_hash_token); ################################################################################ # Public Functions ################################################################################ +# Create a token used for internal API authentication +sub issue_api_token { + # Generates a random token, adds it to the tokens table if one does not + # already exist, and returns the token to the caller. + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + my ($token) = $dbh->selectrow_array(" + SELECT token FROM tokens + WHERE userid = ? AND tokentype = 'api_token' + AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()", + undef, $user->id); + return $token // _create_token($user->id, 'api_token', ''); +} + # Creates and sends a token to create a new user account. # It assumes that the login has the correct format and is not already in use. sub issue_new_user_account_token { @@ -233,10 +248,9 @@ sub check_hash_token { sub CleanTokenTable { my $dbh = Bugzilla->dbh; - $dbh->do('DELETE FROM tokens - WHERE ' . $dbh->sql_to_days('NOW()') . ' - ' . - $dbh->sql_to_days('issuedate') . ' >= ?', - undef, MAX_TOKEN_AGE); + $dbh->do("DELETE FROM tokens WHERE " . + $dbh->sql_date_math('issuedate', '+', '?', 'HOUR') . " <= NOW()", + undef, MAX_TOKEN_AGE * 24); } sub GenerateUniqueToken { @@ -354,7 +368,7 @@ sub GetTokenData { trick_taint($token); my @token_data = $dbh->selectrow_array( - "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata + "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata, tokentype FROM tokens WHERE token = ?", undef, $token); @@ -486,6 +500,14 @@ Bugzilla::Token - Provides different routines to manage tokens. =over +=item C<issue_api_token($login_name)> + + Description: Creates a token that can be used for API calls on the web page. + + Params: None. + + Returns: The token. + =item C<issue_new_user_account_token($login_name)> Description: Creates and sends a token per email to the email address |