diff options
author | Dylan William Hardison <dylan@mozilla.com> | 2015-06-12 05:29:15 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-06-12 05:29:15 +0200 |
commit | a8675e3f1ef10a84f36b06e8ffd25e7b3033baef (patch) | |
tree | 1d0b8c2b1c7682db27ece4f81cf57f41e657f68c /auth.cgi | |
parent | 7186b647fb8c3f482a302863538c5cb68a7ff50a (diff) | |
download | bugzilla-a8675e3f1ef10a84f36b06e8ffd25e7b3033baef.tar.gz bugzilla-a8675e3f1ef10a84f36b06e8ffd25e7b3033baef.tar.xz |
Bug 1170722: Authentication Delegation should add an App ID column to associate api keys with specific callbacks
r=dkl,a=glob
Diffstat (limited to 'auth.cgi')
-rwxr-xr-x | auth.cgi | 36 |
1 files changed, 25 insertions, 11 deletions
@@ -22,6 +22,7 @@ use Bugzilla::Mailer qw(MessageToMTA); use URI; use URI::QueryParam; +use Digest::SHA qw(sha256_hex); Bugzilla->login(LOGIN_REQUIRED); @@ -61,20 +62,33 @@ if ($confirmed || $skip_confirmation) { { token => $token, callback => $callback }); } } - - my $new_key = Bugzilla::User::APIKey->create({ - user_id => $user->id, - description => $description, + my $app_id = sha256_hex($callback_uri, $description); + my $keys = Bugzilla::User::APIKey->match({ + user_id => $user->id, + app_id => $app_id, + revoked => 0, }); - my $template = Bugzilla->template_inner($user->setting('lang')); - my $vars = { user => $user, new_key => $new_key }; - my $message; - $template->process('email/new-api-key.txt.tmpl', $vars, \$message) - or ThrowTemplateError($template->error()); - MessageToMTA($message); + my $api_key; + if (@$keys) { + $api_key = $keys->[0]; + } + else { + $api_key = Bugzilla::User::APIKey->create({ + user_id => $user->id, + description => $description, + app_id => $app_id, + }); + my $template = Bugzilla->template_inner($user->setting('lang')); + my $vars = { user => $user, new_key => $api_key }; + my $message; + $template->process('email/new-api-key.txt.tmpl', $vars, \$message) + or ThrowTemplateError($template->error()); + + MessageToMTA($message); + } - $callback_uri->query_param(client_api_key => $new_key->api_key); + $callback_uri->query_param(client_api_key => $api_key->api_key); $callback_uri->query_param(client_api_login => $user->login); print $cgi->redirect($callback_uri); |