diff options
author | Dylan William Hardison <dylan@mozilla.com> | 2015-06-02 03:08:19 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-06-02 03:08:19 +0200 |
commit | 3cf3faf600249981e3903978b1501fffaabf7e0f (patch) | |
tree | 2f7c8a127f869d3b5d1f9011751c47e3ce334483 /Bugzilla/Token.pm | |
parent | f2c52dff2711d6b61d7879f5f9384390873f52cc (diff) | |
download | bugzilla-3cf3faf600249981e3903978b1501fffaabf7e0f.tar.gz bugzilla-3cf3faf600249981e3903978b1501fffaabf7e0f.tar.xz |
Bug 1163760: Backport upstream bug 1144468 to bmo to add authentication delegation
Diffstat (limited to 'Bugzilla/Token.pm')
-rw-r--r-- | Bugzilla/Token.pm | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 750c36435..7edcd4226 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -40,10 +40,12 @@ use Date::Format; use Date::Parse; use File::Basename; use Digest::MD5 qw(md5_hex); +use Digest::SHA qw(hmac_sha256_base64); use base qw(Exporter); @Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token + issue_auth_delegation_token check_auth_delegation_token check_token_data delete_token issue_hash_token check_hash_token); @@ -65,6 +67,37 @@ sub issue_api_token { return $token // _create_token($user->id, 'api_token', ''); } +sub issue_auth_delegation_token { + my ($uri) = @_; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + my $checksum = hmac_sha256_base64($user->id, $uri, Bugzilla->localconfig->{'site_wide_secret'}); + + return _create_token($user->id, 'auth_delegation', $checksum); +} + +sub check_auth_delegation_token { + my ($token, $uri) = @_; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + + my ($eventdata) = $dbh->selectrow_array(" + SELECT eventdata FROM tokens + WHERE token = ? AND tokentype = 'auth_delegation' + AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()", + undef, $token); + + if ($eventdata) { + my $checksum = hmac_sha256_base64($user->id, $uri, Bugzilla->localconfig->{'site_wide_secret'}); + if ($eventdata eq $checksum) { + delete_token($token); + return 1; + } + } + + return 0; +} + # Creates and sends a token to create a new user account. # It assumes that the login has the correct format and is not already in use. sub issue_new_user_account_token { @@ -628,6 +661,23 @@ although they can be used separately. Returns: A unique token. +=item C<issue_auth_delegation_token($uri)> + + Description: Creates and returns a token used to validate auth delegation confirmations. + + Params: $uri - The uri that auth will be delegated to. + + Returns: A unique token. + +=item C<check_auth_delegation_token($token, $uri)> + + Description: Checks if a token $token is a confirmation token for $uri. + + Params: $token - The token returned by issue_auth_delegation_token() + $uri - The uri that auth will be delegated to. + + Returns: a boolean value + =item C<check_token_data($token, $event)> Description: Makes sure the $token has been created by the currently logged in |