summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2015-01-29 18:33:12 +0100
committerDavid Lawrence <dkl@mozilla.com>2015-01-29 18:33:12 +0100
commitc8447e9f4b7c17ab0e04af34dbd5583e78b23677 (patch)
tree573093df276637e98796717c325c3fc5c040263d /userprefs.cgi
parent89d319922df1160f346321acfa6a9c5d69b5ed43 (diff)
downloadbugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.gz
bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.xz
Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api keys for authentication
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi60
1 files changed, 60 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index d33de74ad..1764bb2dd 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -29,11 +29,13 @@ use lib qw(. lib);
use Bugzilla;
use Bugzilla::BugMail;
use Bugzilla::Constants;
+use Bugzilla::Mailer;
use Bugzilla::Search;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
use Bugzilla::User::Setting qw(clear_settings_cache);
+use Bugzilla::User::APIKey;
use Bugzilla::Token;
my $template = Bugzilla->template;
@@ -520,6 +522,59 @@ sub SaveSavedSearches {
}
+sub DoApiKey {
+ my $user = Bugzilla->user;
+
+ my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id });
+ $vars->{api_keys} = $api_keys;
+ $vars->{any_revoked} = grep { $_->revoked } @$api_keys;
+}
+
+sub SaveApiKey {
+ my $cgi = Bugzilla->cgi;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+
+ # Do it in a transaction.
+ $dbh->bz_start_transaction;
+
+ # Update any existing keys
+ my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id });
+ foreach my $api_key (@$api_keys) {
+ my $description = $cgi->param('description_' . $api_key->id);
+ my $revoked = $cgi->param('revoked_' . $api_key->id);
+
+ if ($description ne $api_key->description
+ || $revoked != $api_key->revoked)
+ {
+ $api_key->set_all({
+ description => $description,
+ revoked => $revoked,
+ });
+ $api_key->update();
+ }
+ }
+
+ # Create a new API key if requested.
+ if ($cgi->param('new_key')) {
+ $vars->{new_key} = Bugzilla::User::APIKey->create({
+ user_id => $user->id,
+ description => scalar $cgi->param('new_description'),
+ });
+
+ # As a security precaution, we always sent out an e-mail when
+ # an API key is created
+ my $template = Bugzilla->template_inner($user->setting('lang'));
+ my $message;
+ $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
+ || ThrowTemplateError($template->error());
+
+ MessageToMTA($message);
+ }
+
+ $dbh->bz_commit_transaction;
+}
+
###############################################################################
# Live code (not subroutine definitions) starts here
###############################################################################
@@ -589,6 +644,11 @@ SWITCH: for ($current_tab_name) {
DoSavedSearches();
last SWITCH;
};
+ /^apikey$/ && do {
+ SaveApiKey() if $save_changes;
+ DoApiKey();
+ last SWITCH;
+ };
ThrowUserError("unknown_tab",
{ current_tab_name => $current_tab_name });