summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Token.pm
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/Token.pm')
-rw-r--r--Bugzilla/Token.pm34
1 files changed, 28 insertions, 6 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 24df470ac..769cb8800 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -43,13 +43,28 @@ use Digest::MD5 qw(md5_hex);
use base qw(Exporter);
-@Bugzilla::Token::EXPORT = qw(issue_session_token check_token_data delete_token
+@Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token
+ check_token_data delete_token
issue_hash_token check_hash_token);
################################################################################
# Public Functions
################################################################################
+# Create a token used for internal API authentication
+sub issue_api_token {
+ # Generates a random token, adds it to the tokens table if one does not
+ # already exist, and returns the token to the caller.
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+ my ($token) = $dbh->selectrow_array("
+ SELECT token FROM tokens
+ WHERE userid = ? AND tokentype = 'api_token'
+ AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()",
+ undef, $user->id);
+ return $token // _create_token($user->id, 'api_token', '');
+}
+
# Creates and sends a token to create a new user account.
# It assumes that the login has the correct format and is not already in use.
sub issue_new_user_account_token {
@@ -233,10 +248,9 @@ sub check_hash_token {
sub CleanTokenTable {
my $dbh = Bugzilla->dbh;
- $dbh->do('DELETE FROM tokens
- WHERE ' . $dbh->sql_to_days('NOW()') . ' - ' .
- $dbh->sql_to_days('issuedate') . ' >= ?',
- undef, MAX_TOKEN_AGE);
+ $dbh->do("DELETE FROM tokens WHERE " .
+ $dbh->sql_date_math('issuedate', '+', '?', 'HOUR') . " <= NOW()",
+ undef, MAX_TOKEN_AGE * 24);
}
sub GenerateUniqueToken {
@@ -354,7 +368,7 @@ sub GetTokenData {
trick_taint($token);
my @token_data = $dbh->selectrow_array(
- "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata
+ "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata, tokentype
FROM tokens
WHERE token = ?", undef, $token);
@@ -486,6 +500,14 @@ Bugzilla::Token - Provides different routines to manage tokens.
=over
+=item C<issue_api_token($login_name)>
+
+ Description: Creates a token that can be used for API calls on the web page.
+
+ Params: None.
+
+ Returns: The token.
+
=item C<issue_new_user_account_token($login_name)>
Description: Creates and sends a token per email to the email address