diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-09-25 20:14:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-25 20:14:31 +0200 |
| commit | 94d888356469f2d920835f9c6d4eba944e429f62 (patch) | |
| tree | a4a123f21ae538261bf53d3593e12fb8d1a3d26b /reset_password.cgi | |
| parent | d827379894e2a5415cdbbb6b30aad0448ba82fb0 (diff) | |
| download | bugzilla-94d888356469f2d920835f9c6d4eba944e429f62.tar.gz bugzilla-94d888356469f2d920835f9c6d4eba944e429f62.tar.xz | |
Bug 1401463 - In bugzilla "you must reset password" state, all bug pages are force-redirected to password reset page, which loses "to-do" information that I have encoded as open tabs viewing particular bug pages
Diffstat (limited to 'reset_password.cgi')
| -rwxr-xr-x | reset_password.cgi | 58 |
1 files changed, 48 insertions, 10 deletions
diff --git a/reset_password.cgi b/reset_password.cgi index 86ace9e12..a79fea063 100755 --- a/reset_password.cgi +++ b/reset_password.cgi @@ -17,14 +17,34 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Token; -use Bugzilla::Util qw( bz_crypt ); +use Bugzilla::Util qw( bz_crypt trim ); +use Data::Dumper; -my $cgi = Bugzilla->cgi; -my $user = Bugzilla->login(LOGIN_REQUIRED); -my $template = Bugzilla->template; -my $dbh = Bugzilla->dbh; +my $cgi = Bugzilla->cgi; +my $user = Bugzilla->login(LOGIN_REQUIRED); +my $template = Bugzilla->template; +my $dbh = Bugzilla->dbh; +my $prev_url = $cgi->param('prev_url'); +my $prev_url_sig = $cgi->param('prev_url_sig'); +my $sig_type = 'prev_url:' . $user->id; +my $prev_url_ok = check_hash_sig($sig_type, $prev_url_sig, $prev_url ); -ThrowUserError('reset_password_denied') unless $user->password_change_required; +unless ($prev_url_ok) { + open my $fh, '>', '/tmp/dump.pl' or die $!; + print $fh Dumper([$prev_url, $prev_url_sig]); + close $fh or die $!; +} + +unless ($user->password_change_required) { + ThrowUserError( + 'reset_password_denied', + { + prev_url_ok => $prev_url_ok, + prev_url => $prev_url, + } + ); + +} if ($cgi->param('do_save')) { my $token = $cgi->param('token'); @@ -64,14 +84,32 @@ if ($cgi->param('do_save')) { # done print $cgi->header(); - $template->process('index.html.tmpl', { message => 'password_changed' }) - || ThrowTemplateError($template->error()); + $template->process( + 'account/reset-password.html.tmpl', + { + message => 'password_changed', + prev_url => $prev_url, + prev_url_ok => $prev_url_ok, + password_changed => 1 + } + ) || ThrowTemplateError( $template->error() ); + } else { my $token = issue_session_token('reset_password'); print $cgi->header(); - $template->process('account/reset-password.html.tmpl', { token => $token }) - || ThrowTemplateError($template->error()); + $template->process( + 'account/reset-password.html.tmpl', + { + token => $token, + prev_url => $prev_url, + prev_url_ok => $prev_url_ok, + prev_url_sig => $prev_url_sig, + sig_type => $sig_type, + } + ) || ThrowTemplateError( $template->error() ); + + } |