summaryrefslogtreecommitdiffstats
path: root/auth.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'auth.cgi')
-rwxr-xr-xauth.cgi174
1 files changed, 91 insertions, 83 deletions
diff --git a/auth.cgi b/auth.cgi
index adf5d3475..dbb4629d9 100755
--- a/auth.cgi
+++ b/auth.cgi
@@ -28,13 +28,16 @@ use JSON qw(decode_json encode_json);
Bugzilla->login(LOGIN_REQUIRED);
-ThrowUserError('auth_delegation_disabled') unless Bugzilla->params->{auth_delegation};
+ThrowUserError('auth_delegation_disabled')
+ unless Bugzilla->params->{auth_delegation};
-my $cgi = Bugzilla->cgi;
-my $template = Bugzilla->template;
-my $user = Bugzilla->user;
-my $callback = $cgi->param('callback') or ThrowUserError("auth_delegation_missing_callback");
-my $description = $cgi->param('description') or ThrowUserError("auth_delegation_missing_description");
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
+my $user = Bugzilla->user;
+my $callback = $cgi->param('callback')
+ or ThrowUserError("auth_delegation_missing_callback");
+my $description = $cgi->param('description')
+ or ThrowUserError("auth_delegation_missing_description");
trick_taint($callback);
trick_taint($description);
@@ -42,100 +45,105 @@ trick_taint($description);
ThrowUserError("auth_delegation_invalid_description")
unless $description =~ /^[\w\s]{3,255}$/;
-my $callback_uri = URI->new($callback);
+my $callback_uri = URI->new($callback);
-my $legal_protocol
- = $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION}
- ? qr/^https?$/i # http or https
- : qr/^https$/i; # https only
+my $legal_protocol = $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION}
+ ? qr/^https?$/i # http or https
+ : qr/^https$/i; # https only
-ThrowUserError('auth_delegation_illegal_protocol', { protocol => scalar $callback_uri->scheme })
- unless $callback_uri->scheme =~ $legal_protocol;
+ThrowUserError(
+ 'auth_delegation_illegal_protocol',
+ {protocol => scalar $callback_uri->scheme}
+) unless $callback_uri->scheme =~ $legal_protocol;
my $callback_base = $callback_uri->clone;
$callback_base->query(undef);
-my $app_id = sha256_hex($callback_base, $description);
+my $app_id = sha256_hex($callback_base, $description);
my $skip_confirmation = 0;
-my %args = ( skip_confirmation => \$skip_confirmation,
- callback => $callback_uri,
- description => $description,
- app_id => $app_id,
- callback_base => $callback_base );
+my %args = (
+ skip_confirmation => \$skip_confirmation,
+ callback => $callback_uri,
+ description => $description,
+ app_id => $app_id,
+ callback_base => $callback_base
+);
Bugzilla::Hook::process('auth_delegation_confirm', \%args);
my $confirmed = lc($cgi->request_method) eq 'post' && $cgi->param('confirm');
if ($confirmed || $skip_confirmation) {
- my $token = $cgi->param('token');
- unless ($skip_confirmation) {
- ThrowUserError("auth_delegation_missing_token") unless $token;
- trick_taint($token);
-
- unless (check_auth_delegation_token($token, $callback)) {
- ThrowUserError('auth_delegation_invalid_token',
- { token => $token, callback => $callback });
- }
+ my $token = $cgi->param('token');
+ unless ($skip_confirmation) {
+ ThrowUserError("auth_delegation_missing_token") unless $token;
+ trick_taint($token);
+
+ unless (check_auth_delegation_token($token, $callback)) {
+ ThrowUserError('auth_delegation_invalid_token',
+ {token => $token, callback => $callback});
}
- my $keys = Bugzilla::User::APIKey->match({
- user_id => $user->id,
- app_id => $app_id,
- revoked => 0,
+ }
+ my $keys
+ = Bugzilla::User::APIKey->match({
+ user_id => $user->id, app_id => $app_id, revoked => 0,
});
- my $api_key;
- if (@$keys) {
- $api_key = $keys->[0];
- }
- else {
- $api_key = Bugzilla::User::APIKey->create({
- user_id => $user->id,
- description => $description,
- app_id => $app_id,
- });
- my $template = Bugzilla->template_inner($user->setting('lang'));
- my $vars = { user => $user, new_key => $api_key };
- my $message;
- $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
- or ThrowTemplateError($template->error());
-
- MessageToMTA($message);
- }
+ my $api_key;
+ if (@$keys) {
+ $api_key = $keys->[0];
+ }
+ else {
+ $api_key
+ = Bugzilla::User::APIKey->create({
+ user_id => $user->id, description => $description, app_id => $app_id,
+ });
+ my $template = Bugzilla->template_inner($user->setting('lang'));
+ my $vars = {user => $user, new_key => $api_key};
+ my $message;
+ $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
+ or ThrowTemplateError($template->error());
- my $ua = LWP::UserAgent->new();
- $ua->timeout(2);
- $ua->protocols_allowed(['http', 'https']);
- # If the URL of the proxy is given, use it, else get this information
- # from the environment variable.
- if (my $proxy_url = Bugzilla->params->{'proxy_url'}) {
- $ua->proxy(['http', 'https'], $proxy_url);
- }
- else {
- $ua->env_proxy;
- }
- my $content = encode_json({ client_api_key => $api_key->api_key,
- client_api_login => $user->login });
- my $resp = $ua->post($callback_uri,
- 'Content-Type' => 'application/json',
- Content => $content);
- if ($resp->code == 200) {
- $callback_uri->query_param(client_api_login => $user->login);
- eval {
- my $data = decode_json($resp->content);
- $callback_uri->query_param(callback_result => $data->{result});
- };
- ThrowUserError('auth_delegation_json_error', { json_text => $resp->content }) if $@;
-
- print $cgi->redirect($callback_uri);
- }
- else {
- ThrowUserError('auth_delegation_post_error', { code => $resp->code });
- }
+ MessageToMTA($message);
+ }
+
+ my $ua = LWP::UserAgent->new();
+ $ua->timeout(2);
+ $ua->protocols_allowed(['http', 'https']);
+
+ # If the URL of the proxy is given, use it, else get this information
+ # from the environment variable.
+ if (my $proxy_url = Bugzilla->params->{'proxy_url'}) {
+ $ua->proxy(['http', 'https'], $proxy_url);
+ }
+ else {
+ $ua->env_proxy;
+ }
+ my $content = encode_json(
+ {client_api_key => $api_key->api_key, client_api_login => $user->login});
+ my $resp = $ua->post(
+ $callback_uri,
+ 'Content-Type' => 'application/json',
+ Content => $content
+ );
+ if ($resp->code == 200) {
+ $callback_uri->query_param(client_api_login => $user->login);
+ eval {
+ my $data = decode_json($resp->content);
+ $callback_uri->query_param(callback_result => $data->{result});
+ };
+ ThrowUserError('auth_delegation_json_error', {json_text => $resp->content})
+ if $@;
+
+ print $cgi->redirect($callback_uri);
+ }
+ else {
+ ThrowUserError('auth_delegation_post_error', {code => $resp->code});
+ }
}
else {
- $args{token} = issue_auth_delegation_token($callback);
+ $args{token} = issue_auth_delegation_token($callback);
- print $cgi->header();
- $template->process("account/auth/delegation.html.tmpl", \%args)
- or ThrowTemplateError($template->error());
+ print $cgi->header();
+ $template->process("account/auth/delegation.html.tmpl", \%args)
+ or ThrowTemplateError($template->error());
}