summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorSimon Green <sgreen@redhat.com>2014-07-27 10:47:21 +0200
committerSimon Green <sgreen@redhat.com>2014-07-27 10:47:21 +0200
commitfd29ee56c4678749c00e7698ef245f7e2967ee10 (patch)
tree9d0696c9a89b8df8a6d46e2be6602a449b7354c3 /userprefs.cgi
parent9f0f44b7fb73e9af0cdaefe8f5ff617f14fec2ed (diff)
downloadbugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.gz
bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.xz
Bug 726696 - All authenticated WebServices methods should require username/pass, token or a valid API key for authentication
r=dkl, a=sgreen
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi66
1 files changed, 66 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index 34a7249d2..13f817d53 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -13,10 +13,12 @@ use lib qw(. lib);
use Bugzilla;
use Bugzilla::BugMail;
use Bugzilla::Constants;
+use Bugzilla::Mailer;
use Bugzilla::Search;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
+use Bugzilla::User::APIKey;
use Bugzilla::Token;
my $template = Bugzilla->template;
@@ -501,6 +503,65 @@ sub SaveSavedSearches {
}
+sub DoApiKey {
+ my $user = Bugzilla->user;
+
+ my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id });
+ $vars->{api_keys} = $api_keys;
+ $vars->{any_revoked} = grep { $_->revoked } @$api_keys;
+}
+
+sub SaveApiKey {
+ my $cgi = Bugzilla->cgi;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+
+ # Do it in a transaction.
+ $dbh->bz_start_transaction;
+
+ # Update any existing keys
+ my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id });
+ foreach my $api_key (@$api_keys) {
+ my $description = $cgi->param('description_'.$api_key->id);
+ my $revoked = $cgi->param('revoked_'.$api_key->id);
+
+ if ($description ne $api_key->description
+ || $revoked != $api_key->revoked)
+ {
+ $api_key->set_all({
+ description => $description,
+ revoked => $revoked,
+ });
+ $api_key->update();
+ }
+ }
+
+ # Was a new api key requested
+ if ($cgi->param('new_key')) {
+ my $new_key = Bugzilla::User::APIKey->create({
+ user_id => $user->id,
+ description => $cgi->param('new_description'),
+ });
+
+ # As a security precaution, we always sent out an e-mail when
+ # an API key is created
+ my $lang = $user->setting('lang')
+ // Bugzilla::User->new()->setting('lang');
+
+ my $template = Bugzilla->template_inner($lang);
+ my $message;
+ $template->process(
+ 'email/new-api-key.txt.tmpl',
+ { user => $user, new_key => $new_key },
+ \$message
+ ) || ThrowTemplateError($template->error());
+
+ MessageToMTA($message);
+ }
+
+ $dbh->bz_commit_transaction;
+}
+
###############################################################################
# Live code (not subroutine definitions) starts here
###############################################################################
@@ -570,6 +631,11 @@ SWITCH: for ($current_tab_name) {
DoSavedSearches();
last SWITCH;
};
+ /^apikey$/ && do {
+ SaveApiKey() if $save_changes;
+ DoApiKey();
+ last SWITCH;
+ };
ThrowUserError("unknown_tab",
{ current_tab_name => $current_tab_name });