diff options
author | Dylan William Hardison <dylan@mozilla.com> | 2015-05-26 15:40:39 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-05-26 15:40:39 +0200 |
commit | 07e47c4b4436a8ab9414d64894ccada36c8d124a (patch) | |
tree | ceb62ad30ff9678f362d356cdd1c36580755d3bc /extensions/GitHubAuth/lib | |
parent | d85abfea5c720cd07d4a7358138b55f34af98c8d (diff) | |
download | bugzilla-07e47c4b4436a8ab9414d64894ccada36c8d124a.tar.gz bugzilla-07e47c4b4436a8ab9414d64894ccada36c8d124a.tar.xz |
Bug 1162302: Bugzilla to Github 0auth CSRF
Diffstat (limited to 'extensions/GitHubAuth/lib')
-rw-r--r-- | extensions/GitHubAuth/lib/Client.pm | 4 | ||||
-rw-r--r-- | extensions/GitHubAuth/lib/Login.pm | 12 |
2 files changed, 15 insertions, 1 deletions
diff --git a/extensions/GitHubAuth/lib/Client.pm b/extensions/GitHubAuth/lib/Client.pm index 896e82eff..bcd5e462e 100644 --- a/extensions/GitHubAuth/lib/Client.pm +++ b/extensions/GitHubAuth/lib/Client.pm @@ -56,9 +56,11 @@ sub login_uri { sub get_email_key { my ($class, $email) = @_; + my $cgi = Bugzilla->cgi; my $digest = Digest->new(DIGEST_HASH); $digest->add($email); $digest->add(remote_ip()); + $digest->add($cgi->cookie('Bugzilla_github_token') // ''); $digest->add(Bugzilla->localconfig->{site_wide_secret}); return $digest->hexdigest; } @@ -79,9 +81,11 @@ sub get_state { $sorted_target->query_param_delete('GoAheadAndLogIn'); $sorted_target->query_param_delete('github_login'); + my $cgi = Bugzilla->cgi; my $digest = Digest->new(DIGEST_HASH); $digest->add($sorted_target->as_string); $digest->add(remote_ip()); + $digest->add($cgi->cookie('Bugzilla_github_token') // ''); $digest->add(Bugzilla->localconfig->{site_wide_secret}); return $digest->hexdigest; } diff --git a/extensions/GitHubAuth/lib/Login.pm b/extensions/GitHubAuth/lib/Login.pm index cdf3eaa61..5f1ad4a77 100644 --- a/extensions/GitHubAuth/lib/Login.pm +++ b/extensions/GitHubAuth/lib/Login.pm @@ -14,7 +14,7 @@ use fields qw(github_failure); use Scalar::Util qw(blessed); use Bugzilla::Constants qw(AUTH_NODATA AUTH_ERROR USAGE_MODE_BROWSER ); -use Bugzilla::Util qw(trick_taint correct_urlbase); +use Bugzilla::Util qw(trick_taint correct_urlbase generate_random_password); use Bugzilla::Extension::GitHubAuth::Client; use Bugzilla::Extension::GitHubAuth::Client::Error (); use Bugzilla::Extension::GitHubAuth::Util qw(target_uri); @@ -31,6 +31,14 @@ sub get_login_info { my $github_email = $cgi->param('github_email'); my $github_email_key = $cgi->param('github_email_key'); + my $cookie = $cgi->cookie('Bugzilla_github_token'); + unless ($cookie) { + $cgi->send_cookie(-name => 'Bugzilla_github_token', + -value => generate_random_password(), + Bugzilla->params->{'ssl_redirect'} ? ( -secure => 1 ) : (), + -httponly => 1); + } + return { failure => AUTH_NODATA } unless $github_login; if ($github_email_key && $github_email) { @@ -105,6 +113,7 @@ sub _get_login_info_from_github { if (@allowed_bugzilla_users == 1) { my ($user) = @allowed_bugzilla_users; + $cgi->remove_cookie('Bugzilla_github_token'); return { username => $user->login, user_id => $user->id, github_auth => 1 }; } elsif (@allowed_bugzilla_users > 1) { @@ -151,6 +160,7 @@ sub _get_login_info_from_email { return { failure => AUTH_ERROR, user_error => 'github_auth_account_too_powerful' } if $user && $user->in_group('no-github-auth'); + $cgi->remove_cookie('Bugzilla_github_token'); return { username => $github_email, github_auth => 1 }; } |