diff options
| author | Dylan William Hardison <dylan@mozilla.com> | 2015-05-22 18:54:38 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2015-05-22 18:55:10 +0200 |
| commit | d8cbd5b5c59f0c66772df100a4b28d4e26450771 (patch) | |
| tree | c328d1a5b84989ab0c98d9975d8eefa51e1a477a /auth.cgi | |
| parent | 42d961c8712af7cbbb08d5eff1e55aa2c81c01a8 (diff) | |
| download | bugzilla-d8cbd5b5c59f0c66772df100a4b28d4e26450771.tar.gz bugzilla-d8cbd5b5c59f0c66772df100a4b28d4e26450771.tar.xz | |
Bug 1144468: Bugzilla Auth Delegation via API Keys
r=dkl,a=glob
Diffstat (limited to 'auth.cgi')
| -rwxr-xr-x | auth.cgi | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/auth.cgi b/auth.cgi new file mode 100755 index 000000000..4bbb03c66 --- /dev/null +++ b/auth.cgi @@ -0,0 +1,88 @@ +#!/usr/bin/perl -T +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +use 5.10.1; +use strict; +use warnings; + +use lib qw(. lib); + +use Bugzilla; +use Bugzilla::Constants; +use Bugzilla::Error; +use Bugzilla::Hook; +use Bugzilla::Util qw(trick_taint); +use Bugzilla::Token qw(issue_auth_delegation_token check_auth_delegation_token); +use Bugzilla::Mailer qw(MessageToMTA); + +use URI; +use URI::QueryParam; + +Bugzilla->login(LOGIN_REQUIRED); + +ThrowUserError('auth_delegation_disabled') unless Bugzilla->params->{auth_delegation}; + +my $cgi = Bugzilla->cgi; +my $template = Bugzilla->template; +my $user = Bugzilla->user; +my $callback = $cgi->param('callback') or ThrowUserError("auth_delegation_missing_callback"); +my $description = $cgi->param('description') or ThrowUserError("auth_delegation_missing_description"); + +trick_taint($callback); +trick_taint($description); + +my $callback_uri = URI->new($callback); +my $callback_base = $callback_uri->clone; +$callback_base->query(undef); + +my $skip_confirmation = 0; +my %args = ( skip_confirmation => \$skip_confirmation, + callback => $callback_uri, + description => $description, + callback_base => $callback_base ); + +Bugzilla::Hook::process('auth_delegation_confirm', \%args); + +my $confirmed = lc($cgi->request_method) eq 'post' && $cgi->param('confirm'); + +if ($confirmed || $skip_confirmation) { + my $token = $cgi->param('token'); + unless ($skip_confirmation) { + ThrowUserError("auth_delegation_missing_token") unless $token; + trick_taint($token); + + unless (check_auth_delegation_token($token, $callback)) { + ThrowUserError('auth_delegation_invalid_token', + { token => $token, callback => $callback }); + } + } + + my $new_key = Bugzilla::User::APIKey->create({ + user_id => $user->id, + description => $description, + }); + my $template = Bugzilla->template_inner($user->setting('lang')); + my $vars = { user => $user, new_key => $new_key }; + my $message; + $template->process('email/new-api-key.txt.tmpl', $vars, \$message) + or ThrowTemplateError($template->error()); + + MessageToMTA($message); + + $callback_uri->query_param(client_api_key => $new_key->api_key); + $callback_uri->query_param(client_api_login => $user->login); + + print $cgi->redirect($callback_uri); +} +else { + $args{token} = issue_auth_delegation_token($callback); + + print $cgi->header(); + $template->process("account/auth/delegation.html.tmpl", \%args) + or ThrowTemplateError($template->error()); +} |