diff options
Diffstat (limited to 'Token.pm')
-rw-r--r-- | Token.pm | 118 |
1 files changed, 100 insertions, 18 deletions
@@ -37,6 +37,62 @@ package Token; # Functions ################################################################################ +sub IssueEmailChangeToken { + my ($userid, $old_email, $new_email) = @_; + + # Generate a unique token and insert it into the tokens table. + # We have to lock the tokens table before generating the token, + # since the database must be queried for token uniqueness. + &::SendSQL("LOCK TABLES tokens WRITE"); + my $token = GenerateUniqueToken(); + my $quotedtoken = &::SqlQuote($token); + my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email); + &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , + tokentype , eventdata ) + VALUES ( $userid , NOW() , $quotedtoken , + 'emailold' , $quoted_emails )"); + my $newtoken = GenerateUniqueToken(); + $quotedtoken = &::SqlQuote($newtoken); + &::SendSQL("INSERT INTO tokens ( userid , issuedate , token , + tokentype , eventdata ) + VALUES ( $userid , NOW() , $quotedtoken , + 'emailnew' , $quoted_emails )"); + &::SendSQL("UNLOCK TABLES"); + + # Mail the user the token along with instructions for using it. + + my $template = $::template; + my $vars = $::vars; + + $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); + $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); + + $vars->{'token'} = &::url_quote($token); + $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); + + my $message; + $template->process("token/emailchangeold.txt.tmpl", $vars, \$message) + || &::DisplayError("Template process failed: " . $template->error()) + && exit; + + open SENDMAIL, "|/usr/lib/sendmail -t -i"; + print SENDMAIL $message; + close SENDMAIL; + + $vars->{'token'} = &::url_quote($newtoken); + $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix'); + + $message = ""; + $template->process("token/emailchangenew.txt.tmpl", $vars, \$message) + || &::DisplayError("Template process failed: " . $template->error()) + && exit; + + open SENDMAIL, "|/usr/lib/sendmail -t -i"; + print SENDMAIL $message; + close SENDMAIL; + +} + sub IssuePasswordToken { # Generates a random token, adds it to the tokens table, and sends it # to the user with instructions for using it to change their password. @@ -65,6 +121,14 @@ sub IssuePasswordToken { } +sub CleanTokenTable { + &::SendSQL("LOCK TABLES tokens WRITE"); + &::SendSQL("DELETE FROM tokens + WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3"); + &::SendSQL("UNLOCK TABLES"); +} + + sub GenerateUniqueToken { # Generates a unique random token. Uses &GenerateRandomPassword # for the tokens themselves and checks uniqueness by searching for @@ -143,25 +207,27 @@ sub Cancel { # Format the user's real name and email address into a single string. my $username = $realname ? $realname . " <" . $loginname . ">" : $loginname; - # Notify the user via email about the cancellation. - open SENDMAIL, "|/usr/lib/sendmail -t -i"; - print SENDMAIL qq|From: bugzilla-daemon -To: $username -Subject: "$tokentype" token cancelled + my $template = $::template; + my $vars = $::vars; -A token was cancelled from $::ENV{'REMOTE_ADDR'}. This is either -an honest mistake or the result of a malicious hack attempt. -Take a look at the information below and forward this email -to $maintainer if you suspect foul play. + $vars->{'emailaddress'} = $username; + $vars->{'maintainer'} = $maintainer; + $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'}; + $vars->{'token'} = &::url_quote($token); + $vars->{'tokentype'} = $tokentype; + $vars->{'issuedate'} = $issuedate; + $vars->{'eventdata'} = $eventdata; + $vars->{'cancelaction'} = $cancelaction; - Token: $token - Token Type: $tokentype - User: $username - Issue Date: $issuedate - Event Data: $eventdata + # Notify the user via email about the cancellation. -Cancelled Because: $cancelaction -|; + my $message; + $template->process("token/tokencancel.txt.tmpl", $vars, \$message) + || &::DisplayError("Template process failed: " . $template->error()) + && exit; + + open SENDMAIL, "|/usr/lib/sendmail -t -i"; + print SENDMAIL $message; close SENDMAIL; # Delete the token from the database. @@ -171,14 +237,30 @@ Cancelled Because: $cancelaction } sub HasPasswordToken { - # Returns a password token if the user has one. Otherwise returns 0 (false). + # Returns a password token if the user has one. my ($userid) = @_; - &::SendSQL("SELECT token FROM tokens WHERE userid = $userid LIMIT 1"); + &::SendSQL("SELECT token FROM tokens + WHERE userid = $userid AND tokentype = 'password' LIMIT 1"); my ($token) = &::FetchSQLData(); return $token; } +sub HasEmailChangeToken { + # Returns an email change token if the user has one. + + my ($userid) = @_; + + &::SendSQL("SELECT token FROM tokens + WHERE userid = $userid + AND tokentype = 'emailnew' + OR tokentype = 'emailold' LIMIT 1"); + my ($token) = &::FetchSQLData(); + + return $token; +} + + 1; |