diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-09-25 20:14:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-25 20:14:31 +0200 |
| commit | 94d888356469f2d920835f9c6d4eba944e429f62 (patch) | |
| tree | a4a123f21ae538261bf53d3593e12fb8d1a3d26b /Bugzilla | |
| parent | d827379894e2a5415cdbbb6b30aad0448ba82fb0 (diff) | |
| download | bugzilla-94d888356469f2d920835f9c6d4eba944e429f62.tar.gz bugzilla-94d888356469f2d920835f9c6d4eba944e429f62.tar.xz | |
Bug 1401463 - In bugzilla "you must reset password" state, all bug pages are force-redirected to password reset page, which loses "to-do" information that I have encoded as open tabs viewing particular bug pages
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Token.pm | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index c6288f491..4b12f836b 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -32,6 +32,7 @@ use base qw(Exporter); issue_auth_delegation_token check_auth_delegation_token check_token_data delete_token issue_hash_token check_hash_token + issue_hash_sig check_hash_sig set_token_extra_data get_token_extra_data); # 128 bits password: @@ -221,6 +222,27 @@ sub issue_short_lived_session_token { return _create_token($user->id ? $user->id : undef, 'session.short', $data); } +sub issue_hash_sig { + my ($type, $data, $salt) = @_; + $data //= ""; + $salt //= generate_random_password(16); + + my $hmac = hmac_sha256_base64( + $salt, + $type, + $data, + Bugzilla->localconfig->{site_wide_secret} + ); + return sprintf("%s|%s|%x", $salt, $hmac, length($data)); +} + +sub check_hash_sig { + my ($type, $sig, $data) = @_; + return 0 unless defined $sig && defined $data; + my ($salt, undef, $len) = split(/\|/, $sig, 3); + return length($data) == hex($len) && $sig eq issue_hash_sig($type, $data, $salt); +} + sub issue_hash_token { my ($data, $time) = @_; $data ||= []; |