diff options
author | David Lawrence <dkl@mozilla.com> | 2015-01-29 18:33:12 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-29 18:33:12 +0100 |
commit | c8447e9f4b7c17ab0e04af34dbd5583e78b23677 (patch) | |
tree | 573093df276637e98796717c325c3fc5c040263d /userprefs.cgi | |
parent | 89d319922df1160f346321acfa6a9c5d69b5ed43 (diff) | |
download | bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.gz bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.xz |
Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api keys for authentication
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-x | userprefs.cgi | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index d33de74ad..1764bb2dd 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -29,11 +29,13 @@ use lib qw(. lib); use Bugzilla; use Bugzilla::BugMail; use Bugzilla::Constants; +use Bugzilla::Mailer; use Bugzilla::Search; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; use Bugzilla::User::Setting qw(clear_settings_cache); +use Bugzilla::User::APIKey; use Bugzilla::Token; my $template = Bugzilla->template; @@ -520,6 +522,59 @@ sub SaveSavedSearches { } +sub DoApiKey { + my $user = Bugzilla->user; + + my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id }); + $vars->{api_keys} = $api_keys; + $vars->{any_revoked} = grep { $_->revoked } @$api_keys; +} + +sub SaveApiKey { + my $cgi = Bugzilla->cgi; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + + # Do it in a transaction. + $dbh->bz_start_transaction; + + # Update any existing keys + my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id }); + foreach my $api_key (@$api_keys) { + my $description = $cgi->param('description_' . $api_key->id); + my $revoked = $cgi->param('revoked_' . $api_key->id); + + if ($description ne $api_key->description + || $revoked != $api_key->revoked) + { + $api_key->set_all({ + description => $description, + revoked => $revoked, + }); + $api_key->update(); + } + } + + # Create a new API key if requested. + if ($cgi->param('new_key')) { + $vars->{new_key} = Bugzilla::User::APIKey->create({ + user_id => $user->id, + description => scalar $cgi->param('new_description'), + }); + + # As a security precaution, we always sent out an e-mail when + # an API key is created + my $template = Bugzilla->template_inner($user->setting('lang')); + my $message; + $template->process('email/new-api-key.txt.tmpl', $vars, \$message) + || ThrowTemplateError($template->error()); + + MessageToMTA($message); + } + + $dbh->bz_commit_transaction; +} + ############################################################################### # Live code (not subroutine definitions) starts here ############################################################################### @@ -589,6 +644,11 @@ SWITCH: for ($current_tab_name) { DoSavedSearches(); last SWITCH; }; + /^apikey$/ && do { + SaveApiKey() if $save_changes; + DoApiKey(); + last SWITCH; + }; ThrowUserError("unknown_tab", { current_tab_name => $current_tab_name }); |