diff options
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Config/Auth.pm | 5 | ||||
-rw-r--r-- | Bugzilla/Token.pm | 49 |
2 files changed, 54 insertions, 0 deletions
diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm index 78d719b15..3c9ee31f2 100644 --- a/Bugzilla/Config/Auth.pm +++ b/Bugzilla/Config/Auth.pm @@ -121,6 +121,11 @@ sub get_param_list { type => 'b', default => '1' }, + { + name => 'auth_delegation', + type => 'b', + default => 0, + }, ); return @param_list; } diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index a8358d4a7..c43ba9f07 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -25,6 +25,7 @@ use Digest::SHA qw(hmac_sha256_base64); use parent qw(Exporter); @Bugzilla::Token::EXPORT = qw(issue_api_token issue_session_token + issue_auth_delegation_token check_auth_delegation_token check_token_data delete_token issue_hash_token check_hash_token); @@ -46,6 +47,37 @@ sub issue_api_token { return $token // _create_token($user->id, 'api_token', ''); } +sub issue_auth_delegation_token { + my ($uri) = @_; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + my $checksum = hmac_sha256_base64($user->id, $uri, Bugzilla->localconfig->{'site_wide_secret'}); + + return _create_token($user->id, 'auth_delegation', $checksum); +} + +sub check_auth_delegation_token { + my ($token, $uri) = @_; + my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + + my ($eventdata) = $dbh->selectrow_array(" + SELECT eventdata FROM tokens + WHERE token = ? AND tokentype = 'auth_delegation' + AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()", + undef, $token); + + if ($eventdata) { + my $checksum = hmac_sha256_base64($user->id, $uri, Bugzilla->localconfig->{'site_wide_secret'}); + if ($eventdata eq $checksum) { + delete_token($token); + return 1; + } + } + + return 0; +} + # Creates and sends a token to create a new user account. # It assumes that the login has the correct format and is not already in use. sub issue_new_user_account_token { @@ -608,6 +640,23 @@ although they can be used separately. Returns: A unique token. +=item C<issue_auth_delegation_token($uri)> + + Description: Creates and returns a token used to validate auth delegation confirmations. + + Params: $uri - The uri that auth will be delegated to. + + Returns: A unique token. + +=item C<check_auth_delegation_token($token, $uri)> + + Description: Checks if a token $token is a confirmation token for $uri. + + Params: $token - The token returned by issue_auth_delegation_token() + $uri - The uri that auth will be delegated to. + + Returns: a boolean value + =item C<check_token_data($token, $event)> Description: Makes sure the $token has been created by the currently logged in |