summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Auth/Verify.pm9
-rw-r--r--Bugzilla/DB/Schema.pm6
-rw-r--r--Bugzilla/Install/DB.pm6
-rw-r--r--Bugzilla/Object.pm4
-rw-r--r--Bugzilla/User.pm133
-rwxr-xr-xchecksetup.pl6
-rwxr-xr-xcontrib/syncLDAP.pl5
-rwxr-xr-xcreateaccount.cgi11
-rwxr-xr-xeditusers.cgi38
-rwxr-xr-xtoken.cgi32
10 files changed, 125 insertions, 125 deletions
diff --git a/Bugzilla/Auth/Verify.pm b/Bugzilla/Auth/Verify.pm
index 952998caf..52cebb5ea 100644
--- a/Bugzilla/Auth/Verify.pm
+++ b/Bugzilla/Auth/Verify.pm
@@ -77,8 +77,13 @@ sub create_or_update_user {
|| return { failure => AUTH_ERROR,
error => 'auth_invalid_email',
details => {addr => $username} };
- insert_new_user($username, $real_name, $password);
- $username_user_id = login_to_id($username);
+ # XXX Theoretically this could fail with an error, but the fix for
+ # that is too involved to be done right now.
+ my $user = Bugzilla::User->create({
+ login_name => $username,
+ cryptpassword => $password,
+ realname => $real_name});
+ $username_user_id = $user->id;
}
# If we have a valid username id and an extern_id, but no valid
diff --git a/Bugzilla/DB/Schema.pm b/Bugzilla/DB/Schema.pm
index adac0c6d8..3967c8282 100644
--- a/Bugzilla/DB/Schema.pm
+++ b/Bugzilla/DB/Schema.pm
@@ -611,8 +611,10 @@ use constant ABSTRACT_SCHEMA => {
PRIMARYKEY => 1},
login_name => {TYPE => 'varchar(255)', NOTNULL => 1},
cryptpassword => {TYPE => 'varchar(128)'},
- realname => {TYPE => 'varchar(255)'},
- disabledtext => {TYPE => 'MEDIUMTEXT', NOTNULL => 1},
+ realname => {TYPE => 'varchar(255)', NOTNULL => 1,
+ DEFAULT => "''"},
+ disabledtext => {TYPE => 'MEDIUMTEXT', NOTNULL => 1,
+ DEFAULT => "''"},
disable_mail => {TYPE => 'BOOLEAN', NOTNULL => 1,
DEFAULT => 'FALSE'},
mybugslink => {TYPE => 'BOOLEAN', NOTNULL => 1,
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index bf1fbcccf..06c46e1ec 100644
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -485,6 +485,12 @@ sub update_table_definitions {
$dbh->bz_add_index('bugs', 'bugs_short_desc_idx', [qw(short_desc)]);
}
+ # The profiles table was missing some defaults.
+ $dbh->bz_alter_column('profiles', 'disabledtext',
+ {TYPE => 'MEDIUMTEXT', NOTNULL => 1, DEFAULT => "''"});
+ $dbh->bz_alter_column('profiles', 'realname',
+ {TYPE => 'varchar(255)', NOTNULL => 1, DEFAULT => "''"});
+
################################################################
# New --TABLE-- changes should go *** A B O V E *** this point #
################################################################
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index fa6c4e9cb..219658a92 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -153,7 +153,7 @@ sub create {
chop($qmarks);
$dbh->do("INSERT INTO $table (" . join(', ', @field_names)
. ") VALUES ($qmarks)", undef, @values);
- my $id = $dbh->bz_last_key($table, 'id');
+ my $id = $dbh->bz_last_key($table, $class->ID_FIELD);
return $class->new($id);
}
@@ -303,7 +303,7 @@ Params: C<$params> - hashref - A value to put in each database
Returns: The Object just created in the database.
Notes: In order for this function to work in your subclass,
- your subclass's C<id> field must be of C<SERIAL>
+ your subclass's L</ID_FIELD> must be of C<SERIAL>
type in the database. Your subclass also must
define L</REQUIRED_CREATE_FIELDS> and L</VALIDATORS>.
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 54d84020f..c037f317a 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -49,7 +49,7 @@ use Bugzilla::Classification;
use Bugzilla::Field;
use base qw(Bugzilla::Object Exporter);
-@Bugzilla::User::EXPORT = qw(insert_new_user is_available_username
+@Bugzilla::User::EXPORT = qw(is_available_username
login_to_id user_id_to_login validate_password
UserInGroup
USER_MATCH_MULTIPLE USER_MATCH_FAILED USER_MATCH_SUCCESS
@@ -92,6 +92,16 @@ use constant DB_COLUMNS => (
use constant NAME_FIELD => 'login_name';
use constant ID_FIELD => 'userid';
+use constant REQUIRED_CREATE_FIELDS => qw(login_name cryptpassword);
+
+use constant VALIDATORS => {
+ cryptpassword => \&_check_password,
+ disable_mail => \&_check_disable_mail,
+ disabledtext => \&_check_disabledtext,
+ login_name => \&check_login_name_for_creation,
+ realname => \&_check_realname,
+};
+
################################################################################
# Functions
################################################################################
@@ -108,6 +118,45 @@ sub new {
return $class->SUPER::new(@_);
}
+################################################################################
+# Validators
+################################################################################
+
+sub _check_disable_mail { return $_[0] ? 1 : 0; }
+sub _check_disabledtext { return trim($_[0]) || ''; }
+
+# This is public since createaccount.cgi needs to use it before issuing
+# a token for account creation.
+sub check_login_name_for_creation {
+ my ($name) = @_;
+ $name = trim($name);
+ $name || ThrowUserError('user_login_required');
+ validate_email_syntax($name)
+ || ThrowUserError('illegal_email_address', { addr => $name });
+ is_available_username($name)
+ || ThrowUserError('account_exists', { email => $name });
+ return $name;
+}
+
+sub _check_password {
+ my ($pass) = @_;
+
+ # If the password is '*', do not encrypt it or validate it further--we
+ # are creating a user who should not be able to log in using DB
+ # authentication.
+ return $pass if $pass eq '*';
+
+ validate_password($pass);
+ my $cryptpassword = bz_crypt($pass);
+ return $cryptpassword;
+}
+
+sub _check_realname { return trim($_[0]) || ''; }
+
+################################################################################
+# Methods
+################################################################################
+
# Accessors for user attributes
sub login { $_[0]->{login}; }
sub email { $_[0]->{login} . Bugzilla->params->{'emailsuffix'}; }
@@ -1292,36 +1341,18 @@ sub get_userlist {
return $self->{'userlist'};
}
-sub insert_new_user {
- my ($username, $realname, $password, $disabledtext, $disable_mail) = (@_);
+sub create {
+ my $invocant = shift;
+ my $class = ref($invocant) || $invocant;
my $dbh = Bugzilla->dbh;
- $disabledtext ||= '';
- $disable_mail ||= 0;
+ $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
+ 'user_group_map WRITE', 'email_setting WRITE', 'groups READ',
+ 'tokens READ', 'fielddefs READ');
- # If not specified, generate a new random password for the user.
- # If the password is '*', do not encrypt it; we are creating a user
- # based on the ENV auth method.
- $password ||= generate_random_password();
- my $cryptpassword = ($password ne '*') ? bz_crypt($password) : $password;
-
- # XXX - These should be moved into is_available_username or validate_email_syntax
- # At the least, they shouldn't be here. They're safe for now, though.
- trick_taint($username);
- trick_taint($realname);
-
- # Insert the new user record into the database.
- $dbh->do("INSERT INTO profiles
- (login_name, realname, cryptpassword, disabledtext,
- disable_mail)
- VALUES (?, ?, ?, ?, ?)",
- undef,
- ($username, $realname, $cryptpassword, $disabledtext,
- $disable_mail));
+ my $user = $class->SUPER::create(@_);
# Turn on all email for the new user
- my $new_userid = $dbh->bz_last_key('profiles', 'userid');
-
foreach my $rel (RELATIONSHIPS) {
foreach my $event (POS_EVENTS, NEG_EVENTS) {
# These "exceptions" define the default email preferences.
@@ -1332,16 +1363,15 @@ sub insert_new_user {
next if (($event == EVT_CC) && ($rel != REL_REPORTER));
$dbh->do('INSERT INTO email_setting (user_id, relationship, event)
- VALUES (?, ?, ?)', undef, ($new_userid, $rel, $event));
+ VALUES (?, ?, ?)', undef, ($user->id, $rel, $event));
}
}
foreach my $event (GLOBAL_EVENTS) {
$dbh->do('INSERT INTO email_setting (user_id, relationship, event)
- VALUES (?, ?, ?)', undef, ($new_userid, REL_ANY, $event));
+ VALUES (?, ?, ?)', undef, ($user->id, REL_ANY, $event));
}
- my $user = new Bugzilla::User($new_userid);
$user->derive_regexp_groups();
# Add the creation date to the profiles_activity table.
@@ -1355,6 +1385,8 @@ sub insert_new_user {
VALUES (?, ?, NOW(), ?, NOW())',
undef, ($user->id, $who, $creation_date_fieldid));
+ $dbh->bz_unlock_tables();
+
# Return the newly created user account.
return $user;
}
@@ -1461,7 +1493,12 @@ Bugzilla::User - Object for a Bugzilla user
$user->get_selectable_classifications;
# Class Functions
- $user = insert_new_user($username, $realname, $password, $disabledtext);
+ $user = Bugzilla::User->create({
+ login_name => $username,
+ realname => $realname,
+ cryptpassword => $plaintext_password,
+ disabledtext => $disabledtext,
+ disable_mail => 0});
=head1 DESCRIPTION
@@ -1797,27 +1834,21 @@ called "statically," just like a normal procedural function.
=over 4
-=item C<insert_new_user>
-
-Creates a new user in the database.
-
-Params: $username (scalar, string) - The login name for the new user.
- $realname (scalar, string) - The full name for the new user.
- $password (scalar, string) - Optional. The password for the new user;
- if not given, a random password will be
- generated.
- $disabledtext (scalar, string) - Optional. The disable text for the new
- user; if not given, it will be empty.
- If given, the user will be disabled,
- meaning the account will be
- unavailable for login.
- $disable_mail (scalar, boolean) - Optional, defaults to 0.
- If 1, bug-related mail will not be
- sent to this user; if 0, mail will
- be sent depending on the user's
- email preferences.
-
-Returns: The Bugzilla::User object representing the new user account.
+=item C<create>
+
+The same as L<Bugzilla::Object/create>.
+
+Params: login_name - B<Required> The login name for the new user.
+ realname - The full name for the new user.
+ cryptpassword - B<Required> The password for the new user.
+ Even though the name says "crypt", you should just specify
+ a plain-text password. If you specify '*', the user will not
+ be able to log in using DB authentication.
+ disabledtext - The disable-text for the new user. If given, the user
+ will be disabled, meaning he cannot log in. Defaults to an
+ empty string.
+ disable_mail - If 1, bug-related mail will not be sent to this user;
+ if 0, mail will be sent depending on the user's email preferences.
=item C<is_available_username>
diff --git a/checksetup.pl b/checksetup.pl
index c0b206bed..7f3c6783f 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -326,7 +326,6 @@ import Bugzilla::Util qw(bz_crypt trim html_quote is_7bit_clean
clean_text url_quote);
require Bugzilla::User;
-import Bugzilla::User qw(insert_new_user);
require Bugzilla::Bug;
import Bugzilla::Bug qw(is_open_state);
@@ -756,7 +755,10 @@ if ($sth->rows == 0) {
$SIG{QUIT} = 'DEFAULT';
$SIG{TERM} = 'DEFAULT';
- insert_new_user($login, $realname, $pass1);
+ Bugzilla::User->create({
+ login_name => $login,
+ realname => $realname,
+ cryptpassword => $pass1});
}
# Put the admin in each group if not already
diff --git a/contrib/syncLDAP.pl b/contrib/syncLDAP.pl
index 32d01f150..72ea91798 100755
--- a/contrib/syncLDAP.pl
+++ b/contrib/syncLDAP.pl
@@ -273,7 +273,10 @@ if($readonly == 0) {
print "Phase 3: creating new users... " unless $quiet;
if($nocreate == 0) {
while( my ($key, $value) = each(%create_users) ) {
- insert_new_user($key, @$value{'realname'});
+ Bugzilla::User->create({
+ login_name => $key,
+ realname => @$value{'realname'},
+ password => '*'});
}
print "done!\n" unless $quiet;
}
diff --git a/createaccount.cgi b/createaccount.cgi
index 6f325347e..f58b8402b 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -60,18 +60,9 @@ unless ($createexp) {
my $login = $cgi->param('login');
if (defined($login)) {
- validate_email_syntax($login)
- || ThrowUserError('illegal_email_address', {addr => $login});
-
+ $login = Bugzilla::User::check_login_name_for_creation($login);
$vars->{'login'} = $login;
- if (!is_available_username($login)) {
- # Account already exists
- $template->process("account/exists.html.tmpl", $vars)
- || ThrowTemplateError($template->error());
- exit;
- }
-
if ($login !~ /$createexp/) {
ThrowUserError("account_creation_disabled");
}
diff --git a/editusers.cgi b/editusers.cgi
index 0ce3a95ce..4663b18ee 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -191,36 +191,14 @@ if ($action eq 'search') {
action => "add",
object => "users"});
- my $login = $cgi->param('login');
- my $password = $cgi->param('password');
- my $realname = trim($cgi->param('name') || '');
- my $disabledtext = trim($cgi->param('disabledtext') || '');
- my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
-
- # Lock tables during the check+creation session.
- $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
- 'email_setting WRITE', 'user_group_map WRITE',
- 'groups READ', 'tokens READ', 'fielddefs READ');
-
- # Validity checks
- $login || ThrowUserError('user_login_required');
- validate_email_syntax($login)
- || ThrowUserError('illegal_email_address', {addr => $login});
- is_available_username($login)
- || ThrowUserError('account_exists', {email => $login});
- validate_password($password);
-
- # Login and password are validated now, and realname and disabledtext
- # are allowed to contain anything
- trick_taint($login);
- trick_taint($realname);
- trick_taint($password);
- trick_taint($disabledtext);
-
- insert_new_user($login, $realname, $password, $disabledtext, $disable_mail);
- my $new_user_id = $dbh->bz_last_key('profiles', 'userid');
- $dbh->bz_unlock_tables();
- userDataToVars($new_user_id);
+ my $new_user = Bugzilla::User->create({
+ login_name => $cgi->param('login'),
+ cryptpassword => $cgi->param('password'),
+ realname => $cgi->param('name'),
+ disabledtext => $cgi->param('disabledtext'),
+ disable_mail => $cgi->param('disable_mail')});
+
+ userDataToVars($new_user->id);
$vars->{'message'} = 'account_created';
$template->process('admin/users/edit.html.tmpl', $vars)
diff --git a/token.cgi b/token.cgi
index 6b72dfa36..30913642e 100755
--- a/token.cgi
+++ b/token.cgi
@@ -369,31 +369,13 @@ sub request_create_account {
sub confirm_create_account {
my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($::token);
- (defined $cgi->param('passwd1') && defined $cgi->param('passwd2'))
- || ThrowUserError('new_password_missing');
- validate_password($cgi->param('passwd1'), $cgi->param('passwd2'));
-
- my $realname = $cgi->param('realname');
- my $password = $cgi->param('passwd1');
-
- $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
- 'email_setting WRITE', 'user_group_map WRITE',
- 'groups READ', 'tokens READ', 'fielddefs READ');
-
- # The email syntax may have changed since the initial creation request.
- validate_email_syntax($login_name)
- || ThrowUserError('illegal_email_address', {addr => $login_name});
- # Also, maybe that this user account has already been created meanwhile.
- is_available_username($login_name)
- || ThrowUserError('account_exists', {email => $login_name});
-
- # Login and password are validated now, and realname is allowed to
- # contain anything.
- trick_taint($realname);
- trick_taint($password);
-
- my $otheruser = insert_new_user($login_name, $realname, $password);
- $dbh->bz_unlock_tables();
+ validate_password($cgi->param('passwd1') || '',
+ $cgi->param('passwd2') || '');
+
+ my $otheruser = Bugzilla::User->create({
+ login_name => $login_name,
+ realname => $cgi->param('realname'),
+ cryptpassword => $cgi->param('passwd1')});
# Now delete this token.
Bugzilla::Token::DeleteToken($::token);