diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2016-04-27 18:50:13 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-04-27 18:50:13 +0200 |
| commit | 3891b63a1eb52076337885487f251a10580a4a85 (patch) | |
| tree | db1463894b756a6bb5114644feeec704ec886eb5 /Bugzilla/Token.pm | |
| parent | c44470a368465adfe329fcfc32492829a21878da (diff) | |
| download | bugzilla-3891b63a1eb52076337885487f251a10580a4a85.tar.gz bugzilla-3891b63a1eb52076337885487f251a10580a4a85.tar.xz | |
Bug 218917 - Allow the login name to be different from the email address
Original patch by Gervase Markham
r=gerv a=dkl
Diffstat (limited to 'Bugzilla/Token.pm')
| -rw-r--r-- | Bugzilla/Token.pm | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index b6f07468e..4f522bda9 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -89,30 +89,32 @@ sub check_auth_delegation_token { # Creates and sends a token to create a new user account. # It assumes that the login has the correct format and is not already in use. sub issue_new_user_account_token { - my $login_name = shift; + my ($login, $email) = @_; my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; - # Is there already a pending request for this login name? If yes, do not throw + # Is there already a pending request for this email? If yes, do not throw # an error because the user may have lost their email with the token inside. # But to prevent using this way to mailbomb an email address, make sure # the last request is old enough before sending a new email (default: 10 minutes). + my $regexp = "^$email:"; my $pending_requests = $dbh->selectrow_array( 'SELECT COUNT(*) FROM tokens WHERE tokentype = ? - AND ' . $dbh->sql_istrcmp('eventdata', '?') . ' + AND ' . $dbh->sql_regexp('eventdata', $dbh->quote($regexp)) . ' AND issuedate > ' . $dbh->sql_date_math('NOW()', '-', ACCOUNT_CHANGE_INTERVAL, 'MINUTE'), - undef, ('account', $login_name)); + undef, 'account'); ThrowUserError('too_soon_for_new_token', {'type' => 'account'}) if $pending_requests; - my ($token, $token_ts) = _create_token(undef, 'account', $login_name); + my ($token, $token_ts) = _create_token(undef, 'account', "$email:$login"); - $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'}; + $vars->{'login'} = $login; + $vars->{'email'} = $email; $vars->{'expiration_ts'} = ctime($token_ts + MAX_TOKEN_AGE * 86400); $vars->{'token'} = $token; @@ -131,15 +133,15 @@ sub IssueEmailChangeToken { my $new_email = shift; my $user = Bugzilla->user; - my ($token, $token_ts) = _create_token($user->id, 'emailold', $user->login . ":$new_email"); - my $newtoken = _create_token($user->id, 'emailnew', $user->login . ":$new_email"); + my ($token, $token_ts) = _create_token($user->id, 'emailold', $user->email . ":$new_email"); + my $newtoken = _create_token($user->id, 'emailnew', $user->email . ":$new_email"); # Mail the user the token along with instructions for using it. my $template = Bugzilla->template_inner($user->setting('lang')); my $vars = {}; - $vars->{'newemailaddress'} = $new_email . Bugzilla->params->{'emailsuffix'}; + $vars->{'newemailaddress'} = $new_email; $vars->{'expiration_ts'} = ctime($token_ts + MAX_TOKEN_AGE * 86400); # First send an email to the new address. If this one doesn't exist, @@ -335,7 +337,17 @@ sub Cancel { # is no entry in the 'profiles' table. my $user = new Bugzilla::User($userid); - $vars->{'emailaddress'} = $userid ? $user->email : $eventdata; + if ($userid) { + $vars->{'emailaddress'} = $user->email; + $vars->{'login'} = $user->login; + } + else { + # Be careful! Some logins may contain ":" in them. + my ($email, $login) = split(':', $eventdata, 2); + $vars->{'emailaddress'} = $email; + $vars->{'login'} = $login; + } + $vars->{'remoteaddress'} = remote_ip(); $vars->{'token'} = $token; $vars->{'tokentype'} = $tokentype; @@ -511,7 +523,7 @@ Bugzilla::Token - Provides different routines to manage tokens. use Bugzilla::Token; - Bugzilla::Token::issue_new_user_account_token($login_name); + Bugzilla::Token::issue_new_user_account_token($login, $email); Bugzilla::Token::IssueEmailChangeToken($user, $new_email); Bugzilla::Token::IssuePasswordToken($user); Bugzilla::Token::DeletePasswordTokens($user_id, $reason); @@ -539,14 +551,15 @@ Bugzilla::Token - Provides different routines to manage tokens. Returns: The token. -=item C<issue_new_user_account_token($login_name)> +=item C<issue_new_user_account_token($login, $email)> Description: Creates and sends a token per email to the email address requesting a new user account. It doesn't check whether the user account already exists. The user will have to use this token to confirm the creation of their user account. - Params: $login_name - The new login name requested by the user. + Params: $login - The new login name requested by the user. + $email - The email address to be associated with the account. Returns: Nothing. It throws an error if the same user made the same request in the last few minutes. |