diff options
author | Dylan William Hardison <dylan@hardison.net> | 2015-08-24 20:04:19 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-08-24 20:04:48 +0200 |
commit | d03b432557e0422d5b0dbd32e82d36d3f9a5b68a (patch) | |
tree | 062a315373e97c80804ffcdfde989612a50003fe /userprefs.cgi | |
parent | 59f96419500ae8c1b87b06abb0a5cca9f165b030 (diff) | |
download | bugzilla-d03b432557e0422d5b0dbd32e82d36d3f9a5b68a.tar.gz bugzilla-d03b432557e0422d5b0dbd32e82d36d3f9a5b68a.tar.xz |
Bug 1192687 - add the ability for users to view and revoke existing sessions
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-x | userprefs.cgi | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 8f18de8c4..72a8dfb69 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -35,9 +35,12 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; use Bugzilla::User::Setting qw(clear_settings_cache); +use Bugzilla::User::Session; use Bugzilla::User::APIKey; use Bugzilla::Token; +use constant SESSION_MAX => 20; + my $template = Bugzilla->template; local our $vars = {}; @@ -539,6 +542,51 @@ sub SaveSavedSearches { Bugzilla->memcached->clear({ table => 'profiles', id => $user->id }); } +sub SaveSessions { + my $cgi = Bugzilla->cgi; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + + # Do it in a transaction. + $dbh->bz_start_transaction; + if ($cgi->param("session_logout_all")) { + my $info_getter = $user->authorizer && $user->authorizer->successful_info_getter(); + if ($info_getter->cookie) { + $dbh->do("DELETE FROM logincookies WHERE userid = ? AND cookie != ?", undef, + $user->id, $info_getter->cookie); + } + } + else { + my @logout_ids = $cgi->param('session_logout_id'); + my $sessions = Bugzilla::User::Session->new_from_list(\@logout_ids); + foreach my $session (@$sessions) { + $session->remove_from_db if $session->userid == $user->id; + } + } + + $dbh->bz_commit_transaction; +} + +sub DoSessions { + my $user = Bugzilla->user; + my $dbh = Bugzilla->dbh; + my $sessions = Bugzilla::User::Session->match({ userid => $user->id, LIMIT => SESSION_MAX + 1 }); + my $info_getter = $user->authorizer && $user->authorizer->successful_info_getter(); + + if ($info_getter) { + foreach my $session (@$sessions) { + $session->{current} = $info_getter->cookie eq $session->{cookie}; + } + } + my ($count) = $dbh->selectrow_array("SELECT count(*) FROM logincookies WHERE userid = ?", undef, + $user->id); + + $vars->{too_many_sessions} = @$sessions == SESSION_MAX + 1; + $vars->{sessions} = $sessions; + $vars->{session_count} = $count; + $vars->{session_max} = SESSION_MAX; + pop @$sessions if $vars->{too_many_sessions}; +} sub DoApiKey { my $user = Bugzilla->user; @@ -669,6 +717,11 @@ SWITCH: for ($current_tab_name) { DoApiKey(); last SWITCH; }; + /^sessions$/ && do { + SaveSessions() if $save_changes; + DoSessions(); + last SWITCH; + }; ThrowUserError("unknown_tab", { current_tab_name => $current_tab_name }); |