summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Config/Auth.pm5
-rw-r--r--Bugzilla/Token.pm49
2 files changed, 54 insertions, 0 deletions
diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm
index 78d719b15..3c9ee31f2 100644
--- a/Bugzilla/Config/Auth.pm
+++ b/Bugzilla/Config/Auth.pm
@@ -121,6 +121,11 @@ sub get_param_list {
type => 'b',
default => '1'
},
+ {
+ name => 'auth_delegation',
+ type => 'b',
+ default => 0,
+ },
);
return @param_list;
}
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index a8358d4a7..c43ba9f07 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -25,6 +25,7 @@ use Digest::SHA qw(hmac_sha256_base64);
use parent qw(Exporter);
@Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token
+ issue_auth_delegation_token check_auth_delegation_token
check_token_data delete_token
issue_hash_token check_hash_token);
@@ -46,6 +47,37 @@ sub issue_api_token {
return $token // _create_token($user->id, 'api_token', '');
}
+sub issue_auth_delegation_token {
+ my ($uri) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+ my $checksum = hmac_sha256_base64($user->id, $uri, Bugzilla->localconfig->{'site_wide_secret'});
+
+ return _create_token($user->id, 'auth_delegation', $checksum);
+}
+
+sub check_auth_delegation_token {
+ my ($token, $uri) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+
+ my ($eventdata) = $dbh->selectrow_array("
+ SELECT eventdata FROM tokens
+ WHERE token = ? AND tokentype = 'auth_delegation'
+ AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()",
+ undef, $token);
+
+ if ($eventdata) {
+ my $checksum = hmac_sha256_base64($user->id, $uri, Bugzilla->localconfig->{'site_wide_secret'});
+ if ($eventdata eq $checksum) {
+ delete_token($token);
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
# Creates and sends a token to create a new user account.
# It assumes that the login has the correct format and is not already in use.
sub issue_new_user_account_token {
@@ -608,6 +640,23 @@ although they can be used separately.
Returns: A unique token.
+=item C<issue_auth_delegation_token($uri)>
+
+ Description: Creates and returns a token used to validate auth delegation confirmations.
+
+ Params: $uri - The uri that auth will be delegated to.
+
+ Returns: A unique token.
+
+=item C<check_auth_delegation_token($token, $uri)>
+
+ Description: Checks if a token $token is a confirmation token for $uri.
+
+ Params: $token - The token returned by issue_auth_delegation_token()
+ $uri - The uri that auth will be delegated to.
+
+ Returns: a boolean value
+
=item C<check_token_data($token, $event)>
Description: Makes sure the $token has been created by the currently logged in