summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2015-08-24 20:04:19 +0200
committerDylan William Hardison <dylan@hardison.net>2015-08-24 20:04:48 +0200
commitd03b432557e0422d5b0dbd32e82d36d3f9a5b68a (patch)
tree062a315373e97c80804ffcdfde989612a50003fe /userprefs.cgi
parent59f96419500ae8c1b87b06abb0a5cca9f165b030 (diff)
downloadbugzilla-d03b432557e0422d5b0dbd32e82d36d3f9a5b68a.tar.gz
bugzilla-d03b432557e0422d5b0dbd32e82d36d3f9a5b68a.tar.xz
Bug 1192687 - add the ability for users to view and revoke existing sessions
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi53
1 files changed, 53 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index 8f18de8c4..72a8dfb69 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -35,9 +35,12 @@ use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
use Bugzilla::User::Setting qw(clear_settings_cache);
+use Bugzilla::User::Session;
use Bugzilla::User::APIKey;
use Bugzilla::Token;
+use constant SESSION_MAX => 20;
+
my $template = Bugzilla->template;
local our $vars = {};
@@ -539,6 +542,51 @@ sub SaveSavedSearches {
Bugzilla->memcached->clear({ table => 'profiles', id => $user->id });
}
+sub SaveSessions {
+ my $cgi = Bugzilla->cgi;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+
+ # Do it in a transaction.
+ $dbh->bz_start_transaction;
+ if ($cgi->param("session_logout_all")) {
+ my $info_getter = $user->authorizer && $user->authorizer->successful_info_getter();
+ if ($info_getter->cookie) {
+ $dbh->do("DELETE FROM logincookies WHERE userid = ? AND cookie != ?", undef,
+ $user->id, $info_getter->cookie);
+ }
+ }
+ else {
+ my @logout_ids = $cgi->param('session_logout_id');
+ my $sessions = Bugzilla::User::Session->new_from_list(\@logout_ids);
+ foreach my $session (@$sessions) {
+ $session->remove_from_db if $session->userid == $user->id;
+ }
+ }
+
+ $dbh->bz_commit_transaction;
+}
+
+sub DoSessions {
+ my $user = Bugzilla->user;
+ my $dbh = Bugzilla->dbh;
+ my $sessions = Bugzilla::User::Session->match({ userid => $user->id, LIMIT => SESSION_MAX + 1 });
+ my $info_getter = $user->authorizer && $user->authorizer->successful_info_getter();
+
+ if ($info_getter) {
+ foreach my $session (@$sessions) {
+ $session->{current} = $info_getter->cookie eq $session->{cookie};
+ }
+ }
+ my ($count) = $dbh->selectrow_array("SELECT count(*) FROM logincookies WHERE userid = ?", undef,
+ $user->id);
+
+ $vars->{too_many_sessions} = @$sessions == SESSION_MAX + 1;
+ $vars->{sessions} = $sessions;
+ $vars->{session_count} = $count;
+ $vars->{session_max} = SESSION_MAX;
+ pop @$sessions if $vars->{too_many_sessions};
+}
sub DoApiKey {
my $user = Bugzilla->user;
@@ -669,6 +717,11 @@ SWITCH: for ($current_tab_name) {
DoApiKey();
last SWITCH;
};
+ /^sessions$/ && do {
+ SaveSessions() if $save_changes;
+ DoSessions();
+ last SWITCH;
+ };
ThrowUserError("unknown_tab",
{ current_tab_name => $current_tab_name });