summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-09-25 20:14:31 +0200
committerGitHub <noreply@github.com>2017-09-25 20:14:31 +0200
commit94d888356469f2d920835f9c6d4eba944e429f62 (patch)
treea4a123f21ae538261bf53d3593e12fb8d1a3d26b /Bugzilla
parentd827379894e2a5415cdbbb6b30aad0448ba82fb0 (diff)
downloadbugzilla-94d888356469f2d920835f9c6d4eba944e429f62.tar.gz
bugzilla-94d888356469f2d920835f9c6d4eba944e429f62.tar.xz
Bug 1401463 - In bugzilla "you must reset password" state, all bug pages are force-redirected to password reset page, which loses "to-do" information that I have encoded as open tabs viewing particular bug pages
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Token.pm22
1 files changed, 22 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index c6288f491..4b12f836b 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -32,6 +32,7 @@ use base qw(Exporter);
issue_auth_delegation_token check_auth_delegation_token
check_token_data delete_token
issue_hash_token check_hash_token
+ issue_hash_sig check_hash_sig
set_token_extra_data get_token_extra_data);
# 128 bits password:
@@ -221,6 +222,27 @@ sub issue_short_lived_session_token {
return _create_token($user->id ? $user->id : undef, 'session.short', $data);
}
+sub issue_hash_sig {
+ my ($type, $data, $salt) = @_;
+ $data //= "";
+ $salt //= generate_random_password(16);
+
+ my $hmac = hmac_sha256_base64(
+ $salt,
+ $type,
+ $data,
+ Bugzilla->localconfig->{site_wide_secret}
+ );
+ return sprintf("%s|%s|%x", $salt, $hmac, length($data));
+}
+
+sub check_hash_sig {
+ my ($type, $sig, $data) = @_;
+ return 0 unless defined $sig && defined $data;
+ my ($salt, undef, $len) = split(/\|/, $sig, 3);
+ return length($data) == hex($len) && $sig eq issue_hash_sig($type, $data, $salt);
+}
+
sub issue_hash_token {
my ($data, $time) = @_;
$data ||= [];