diff options
Diffstat (limited to 'Bugzilla/Token.pm')
-rw-r--r-- | Bugzilla/Token.pm | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 24df470ac..769cb8800 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -43,13 +43,28 @@ use Digest::MD5 qw(md5_hex); use base qw(Exporter); -@Bugzilla::Token::EXPORT = qw(issue_session_token check_token_data delete_token +@Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token + check_token_data delete_token issue_hash_token check_hash_token); ################################################################################ # Public Functions ################################################################################ +# Create a token used for internal API authentication +sub issue_api_token { + # Generates a random token, adds it to the tokens table if one does not + # already exist, and returns the token to the caller. + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + my ($token) = $dbh->selectrow_array(" + SELECT token FROM tokens + WHERE userid = ? AND tokentype = 'api_token' + AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()", + undef, $user->id); + return $token // _create_token($user->id, 'api_token', ''); +} + # Creates and sends a token to create a new user account. # It assumes that the login has the correct format and is not already in use. sub issue_new_user_account_token { @@ -233,10 +248,9 @@ sub check_hash_token { sub CleanTokenTable { my $dbh = Bugzilla->dbh; - $dbh->do('DELETE FROM tokens - WHERE ' . $dbh->sql_to_days('NOW()') . ' - ' . - $dbh->sql_to_days('issuedate') . ' >= ?', - undef, MAX_TOKEN_AGE); + $dbh->do("DELETE FROM tokens WHERE " . + $dbh->sql_date_math('issuedate', '+', '?', 'HOUR') . " <= NOW()", + undef, MAX_TOKEN_AGE * 24); } sub GenerateUniqueToken { @@ -354,7 +368,7 @@ sub GetTokenData { trick_taint($token); my @token_data = $dbh->selectrow_array( - "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata + "SELECT token, userid, " . $dbh->sql_date_format('issuedate') . ", eventdata, tokentype FROM tokens WHERE token = ?", undef, $token); @@ -486,6 +500,14 @@ Bugzilla::Token - Provides different routines to manage tokens. =over +=item C<issue_api_token($login_name)> + + Description: Creates a token that can be used for API calls on the web page. + + Params: None. + + Returns: The token. + =item C<issue_new_user_account_token($login_name)> Description: Creates and sends a token per email to the email address |