diff options
| author | Byron Jones <glob@mozilla.com> | 2015-09-01 07:01:20 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-09-01 07:01:20 +0200 |
| commit | 421ff7f194875db9634ea783d9dd5b6111f19df3 (patch) | |
| tree | 5806e9f3001fa4f33ba85aa94856b70a7f878cf8 /userprefs.cgi | |
| parent | bcc93f83a64a76cd73501eaefaf5fd073fbc3f0d (diff) | |
| download | bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.gz bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.xz | |
Bug 1197073 - add support for 2fa using totp (eg. google authenticator)
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 58 |
1 files changed, 57 insertions, 1 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 72a8dfb69..f0899f164 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -38,6 +38,7 @@ use Bugzilla::User::Setting qw(clear_settings_cache); use Bugzilla::User::Session; use Bugzilla::User::APIKey; use Bugzilla::Token; +use DateTime; use constant SESSION_MAX => 20; @@ -142,6 +143,7 @@ sub SaveAccount { } $user->set_name($cgi->param('realname')); + $user->set_mfa($cgi->param('mfa')); $user->update({ keep_session => 1, keep_tokens => 1 }); $dbh->bz_commit_transaction; } @@ -542,6 +544,55 @@ sub SaveSavedSearches { Bugzilla->memcached->clear({ table => 'profiles', id => $user->id }); } +sub SaveMFA { + my $cgi = Bugzilla->cgi; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + my $action = $cgi->param('mfa_action') // ''; + return unless $action eq 'enable' || $action eq 'disable'; + + my $crypt_password = $user->cryptpassword; + if (bz_crypt($cgi->param('password'), $crypt_password) ne $crypt_password) { + ThrowUserError('password_incorrect'); + } + + $dbh->bz_start_transaction; + if ($action eq 'enable') { + $user->set_mfa($cgi->param('mfa')); + $user->mfa_provider->check($cgi->param('mfa_enable_code') // ''); + $user->mfa_provider->enrolled(); + } + else { + $user->mfa_provider->check($cgi->param('mfa_disable_code') // ''); + $user->set_mfa(''); + } + + $user->update({ keep_session => 1, keep_tokens => 1 }); + + my $settings = Bugzilla->user->settings; + $settings->{api_key_only}->set('on'); + clear_settings_cache(Bugzilla->user->id); + + $dbh->bz_commit_transaction; +} + +sub DoMFA { + my $cgi = Bugzilla->cgi; + return unless my $provider = $cgi->param('frame'); + + print $cgi->header( + -Cache_Control => 'no-cache, no-store, must-revalidate', + -Expires => 'Thu, 01 Dec 1994 16:00:00 GMT', + -Pragma => 'no-cache', + ); + if ($provider =~ /^[a-z]+$/) { + trick_taint($provider); + $template->process("mfa/$provider/enroll.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + } + exit; +} + sub SaveSessions { my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -574,7 +625,7 @@ sub DoSessions { my $info_getter = $user->authorizer && $user->authorizer->successful_info_getter(); if ($info_getter) { - foreach my $session (@$sessions) { + foreach my $session (@$sessions) { $session->{current} = $info_getter->cookie eq $session->{cookie}; } } @@ -722,6 +773,11 @@ SWITCH: for ($current_tab_name) { DoSessions(); last SWITCH; }; + /^mfa$/ && do { + SaveMFA() if $save_changes; + DoMFA(); + last SWITCH; + }; ThrowUserError("unknown_tab", { current_tab_name => $current_tab_name }); |