diff options
| author | Simon Green <sgreen@redhat.com> | 2014-07-27 10:47:21 +0200 |
|---|---|---|
| committer | Simon Green <sgreen@redhat.com> | 2014-07-27 10:47:21 +0200 |
| commit | fd29ee56c4678749c00e7698ef245f7e2967ee10 (patch) | |
| tree | 9d0696c9a89b8df8a6d46e2be6602a449b7354c3 /userprefs.cgi | |
| parent | 9f0f44b7fb73e9af0cdaefe8f5ff617f14fec2ed (diff) | |
| download | bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.gz bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.xz | |
Bug 726696 - All authenticated WebServices methods should require username/pass, token or a valid API key for authentication
r=dkl, a=sgreen
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 34a7249d2..13f817d53 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -13,10 +13,12 @@ use lib qw(. lib); use Bugzilla; use Bugzilla::BugMail; use Bugzilla::Constants; +use Bugzilla::Mailer; use Bugzilla::Search; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; +use Bugzilla::User::APIKey; use Bugzilla::Token; my $template = Bugzilla->template; @@ -501,6 +503,65 @@ sub SaveSavedSearches { } +sub DoApiKey { + my $user = Bugzilla->user; + + my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id }); + $vars->{api_keys} = $api_keys; + $vars->{any_revoked} = grep { $_->revoked } @$api_keys; +} + +sub SaveApiKey { + my $cgi = Bugzilla->cgi; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + + # Do it in a transaction. + $dbh->bz_start_transaction; + + # Update any existing keys + my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id }); + foreach my $api_key (@$api_keys) { + my $description = $cgi->param('description_'.$api_key->id); + my $revoked = $cgi->param('revoked_'.$api_key->id); + + if ($description ne $api_key->description + || $revoked != $api_key->revoked) + { + $api_key->set_all({ + description => $description, + revoked => $revoked, + }); + $api_key->update(); + } + } + + # Was a new api key requested + if ($cgi->param('new_key')) { + my $new_key = Bugzilla::User::APIKey->create({ + user_id => $user->id, + description => $cgi->param('new_description'), + }); + + # As a security precaution, we always sent out an e-mail when + # an API key is created + my $lang = $user->setting('lang') + // Bugzilla::User->new()->setting('lang'); + + my $template = Bugzilla->template_inner($lang); + my $message; + $template->process( + 'email/new-api-key.txt.tmpl', + { user => $user, new_key => $new_key }, + \$message + ) || ThrowTemplateError($template->error()); + + MessageToMTA($message); + } + + $dbh->bz_commit_transaction; +} + ############################################################################### # Live code (not subroutine definitions) starts here ############################################################################### @@ -570,6 +631,11 @@ SWITCH: for ($current_tab_name) { DoSavedSearches(); last SWITCH; }; + /^apikey$/ && do { + SaveApiKey() if $save_changes; + DoApiKey(); + last SWITCH; + }; ThrowUserError("unknown_tab", { current_tab_name => $current_tab_name }); |