summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@mozilla.com>2015-05-26 15:40:39 +0200
committerByron Jones <glob@mozilla.com>2015-05-26 15:40:39 +0200
commit07e47c4b4436a8ab9414d64894ccada36c8d124a (patch)
treeceb62ad30ff9678f362d356cdd1c36580755d3bc /extensions
parentd85abfea5c720cd07d4a7358138b55f34af98c8d (diff)
downloadbugzilla-07e47c4b4436a8ab9414d64894ccada36c8d124a.tar.gz
bugzilla-07e47c4b4436a8ab9414d64894ccada36c8d124a.tar.xz
Bug 1162302: Bugzilla to Github 0auth CSRF
Diffstat (limited to 'extensions')
-rw-r--r--extensions/GitHubAuth/lib/Client.pm4
-rw-r--r--extensions/GitHubAuth/lib/Login.pm12
2 files changed, 15 insertions, 1 deletions
diff --git a/extensions/GitHubAuth/lib/Client.pm b/extensions/GitHubAuth/lib/Client.pm
index 896e82eff..bcd5e462e 100644
--- a/extensions/GitHubAuth/lib/Client.pm
+++ b/extensions/GitHubAuth/lib/Client.pm
@@ -56,9 +56,11 @@ sub login_uri {
sub get_email_key {
my ($class, $email) = @_;
+ my $cgi = Bugzilla->cgi;
my $digest = Digest->new(DIGEST_HASH);
$digest->add($email);
$digest->add(remote_ip());
+ $digest->add($cgi->cookie('Bugzilla_github_token') // '');
$digest->add(Bugzilla->localconfig->{site_wide_secret});
return $digest->hexdigest;
}
@@ -79,9 +81,11 @@ sub get_state {
$sorted_target->query_param_delete('GoAheadAndLogIn');
$sorted_target->query_param_delete('github_login');
+ my $cgi = Bugzilla->cgi;
my $digest = Digest->new(DIGEST_HASH);
$digest->add($sorted_target->as_string);
$digest->add(remote_ip());
+ $digest->add($cgi->cookie('Bugzilla_github_token') // '');
$digest->add(Bugzilla->localconfig->{site_wide_secret});
return $digest->hexdigest;
}
diff --git a/extensions/GitHubAuth/lib/Login.pm b/extensions/GitHubAuth/lib/Login.pm
index cdf3eaa61..5f1ad4a77 100644
--- a/extensions/GitHubAuth/lib/Login.pm
+++ b/extensions/GitHubAuth/lib/Login.pm
@@ -14,7 +14,7 @@ use fields qw(github_failure);
use Scalar::Util qw(blessed);
use Bugzilla::Constants qw(AUTH_NODATA AUTH_ERROR USAGE_MODE_BROWSER );
-use Bugzilla::Util qw(trick_taint correct_urlbase);
+use Bugzilla::Util qw(trick_taint correct_urlbase generate_random_password);
use Bugzilla::Extension::GitHubAuth::Client;
use Bugzilla::Extension::GitHubAuth::Client::Error ();
use Bugzilla::Extension::GitHubAuth::Util qw(target_uri);
@@ -31,6 +31,14 @@ sub get_login_info {
my $github_email = $cgi->param('github_email');
my $github_email_key = $cgi->param('github_email_key');
+ my $cookie = $cgi->cookie('Bugzilla_github_token');
+ unless ($cookie) {
+ $cgi->send_cookie(-name => 'Bugzilla_github_token',
+ -value => generate_random_password(),
+ Bugzilla->params->{'ssl_redirect'} ? ( -secure => 1 ) : (),
+ -httponly => 1);
+ }
+
return { failure => AUTH_NODATA } unless $github_login;
if ($github_email_key && $github_email) {
@@ -105,6 +113,7 @@ sub _get_login_info_from_github {
if (@allowed_bugzilla_users == 1) {
my ($user) = @allowed_bugzilla_users;
+ $cgi->remove_cookie('Bugzilla_github_token');
return { username => $user->login, user_id => $user->id, github_auth => 1 };
}
elsif (@allowed_bugzilla_users > 1) {
@@ -151,6 +160,7 @@ sub _get_login_info_from_email {
return { failure => AUTH_ERROR,
user_error => 'github_auth_account_too_powerful' } if $user && $user->in_group('no-github-auth');
+ $cgi->remove_cookie('Bugzilla_github_token');
return { username => $github_email, github_auth => 1 };
}