Remaining pieces of Bug 23067 from yesterday... no idea why the first commit didn't pick these up.

1 files changed, 100 insertions, 18 deletions

diff --git a/Token.pm b/Token.pm
index 4f7f61882..9c136184b 100644
--- a/Token.pm
+++ b/Token.pm
@@ -37,6 +37,62 @@ package Token;
 # Functions
 ################################################################################
 
+sub IssueEmailChangeToken {
+    my ($userid, $old_email, $new_email) = @_;
+
+    # Generate a unique token and insert it into the tokens table.
+    # We have to lock the tokens table before generating the token, 
+    # since the database must be queried for token uniqueness.
+    &::SendSQL("LOCK TABLES tokens WRITE");
+    my $token = GenerateUniqueToken();
+    my $quotedtoken = &::SqlQuote($token);
+    my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email);
+    &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , 
+                                     tokentype , eventdata )
+                VALUES             ( $userid , NOW() , $quotedtoken , 
+                                     'emailold' , $quoted_emails )");
+    my $newtoken = GenerateUniqueToken();
+    $quotedtoken = &::SqlQuote($newtoken);
+    &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , 
+                                     tokentype , eventdata )
+                VALUES             ( $userid , NOW() , $quotedtoken , 
+                                     'emailnew' , $quoted_emails )");
+    &::SendSQL("UNLOCK TABLES");
+
+    # Mail the user the token along with instructions for using it.
+
+    my $template = $::template;
+    my $vars = $::vars;
+
+    $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix');
+    $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix');
+
+    $vars->{'token'} = &::url_quote($token);
+    $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix');
+
+    my $message;
+    $template->process("token/emailchangeold.txt.tmpl", $vars, \$message)
+      || &::DisplayError("Template process failed: " . $template->error())
+      && exit;
+
+    open SENDMAIL, "|/usr/lib/sendmail -t -i";
+    print SENDMAIL $message;
+    close SENDMAIL;
+
+    $vars->{'token'} = &::url_quote($newtoken);
+    $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix');
+
+    $message = "";
+    $template->process("token/emailchangenew.txt.tmpl", $vars, \$message)
+      || &::DisplayError("Template process failed: " . $template->error())
+      && exit;
+
+    open SENDMAIL, "|/usr/lib/sendmail -t -i";
+    print SENDMAIL $message;
+    close SENDMAIL;
+
+}
+
 sub IssuePasswordToken {
     # Generates a random token, adds it to the tokens table, and sends it
     # to the user with instructions for using it to change their password.
@@ -65,6 +121,14 @@ sub IssuePasswordToken {
 }
 
 
+sub CleanTokenTable {
+    &::SendSQL("LOCK TABLES tokens WRITE");
+    &::SendSQL("DELETE FROM tokens 
+                WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3");
+    &::SendSQL("UNLOCK TABLES");
+}
+
+
 sub GenerateUniqueToken {
     # Generates a unique random token.  Uses &GenerateRandomPassword 
     # for the tokens themselves and checks uniqueness by searching for
@@ -143,25 +207,27 @@ sub Cancel {
     # Format the user's real name and email address into a single string.
     my $username = $realname ? $realname . " <" . $loginname . ">" : $loginname;
 
-    # Notify the user via email about the cancellation.
-    open SENDMAIL, "|/usr/lib/sendmail -t -i";
-    print SENDMAIL qq|From: bugzilla-daemon
-To: $username
-Subject: "$tokentype" token cancelled
+    my $template = $::template;
+    my $vars = $::vars;
 
-A token was cancelled from $::ENV{'REMOTE_ADDR'}.  This is either 
-an honest mistake or the result of a malicious hack attempt.  
-Take a look at the information below and forward this email 
-to $maintainer if you suspect foul play.
+    $vars->{'emailaddress'} = $username;
+    $vars->{'maintainer'} = $maintainer;
+    $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'};
+    $vars->{'token'} = &::url_quote($token);
+    $vars->{'tokentype'} = $tokentype;
+    $vars->{'issuedate'} = $issuedate;
+    $vars->{'eventdata'} = $eventdata;
+    $vars->{'cancelaction'} = $cancelaction;
 
-            Token: $token
-       Token Type: $tokentype
-             User: $username
-       Issue Date: $issuedate
-       Event Data: $eventdata
+    # Notify the user via email about the cancellation.
 
-Cancelled Because: $cancelaction
-|;
+    my $message;
+    $template->process("token/tokencancel.txt.tmpl", $vars, \$message)
+      || &::DisplayError("Template process failed: " . $template->error())
+      && exit;
+
+    open SENDMAIL, "|/usr/lib/sendmail -t -i";
+    print SENDMAIL $message;
     close SENDMAIL;
 
     # Delete the token from the database.
@@ -171,14 +237,30 @@ Cancelled Because: $cancelaction
 }
 
 sub HasPasswordToken {
-    # Returns a password token if the user has one.  Otherwise returns 0 (false).
+    # Returns a password token if the user has one.
     
     my ($userid) = @_;
     
-    &::SendSQL("SELECT token FROM tokens WHERE userid = $userid LIMIT 1");
+    &::SendSQL("SELECT token FROM tokens 
+                WHERE userid = $userid AND tokentype = 'password' LIMIT 1");
     my ($token) = &::FetchSQLData();
     
     return $token;
 }
 
+sub HasEmailChangeToken {
+    # Returns an email change token if the user has one. 
+    
+    my ($userid) = @_;
+    
+    &::SendSQL("SELECT token FROM tokens 
+                 WHERE userid = $userid 
+                   AND tokentype = 'emailnew' 
+                    OR tokentype = 'emailold' LIMIT 1");
+    my ($token) = &::FetchSQLData();
+    
+    return $token;
+}
+
+
 1;