From 94d888356469f2d920835f9c6d4eba944e429f62 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Mon, 25 Sep 2017 14:14:31 -0400 Subject: Bug 1401463 - In bugzilla "you must reset password" state, all bug pages are force-redirected to password reset page, which loses "to-do" information that I have encoded as open tabs viewing particular bug pages --- Bugzilla/Token.pm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'Bugzilla/Token.pm') diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index c6288f491..4b12f836b 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -32,6 +32,7 @@ use base qw(Exporter); issue_auth_delegation_token check_auth_delegation_token check_token_data delete_token issue_hash_token check_hash_token + issue_hash_sig check_hash_sig set_token_extra_data get_token_extra_data); # 128 bits password: @@ -221,6 +222,27 @@ sub issue_short_lived_session_token { return _create_token($user->id ? $user->id : undef, 'session.short', $data); } +sub issue_hash_sig { + my ($type, $data, $salt) = @_; + $data //= ""; + $salt //= generate_random_password(16); + + my $hmac = hmac_sha256_base64( + $salt, + $type, + $data, + Bugzilla->localconfig->{site_wide_secret} + ); + return sprintf("%s|%s|%x", $salt, $hmac, length($data)); +} + +sub check_hash_sig { + my ($type, $sig, $data) = @_; + return 0 unless defined $sig && defined $data; + my ($salt, undef, $len) = split(/\|/, $sig, 3); + return length($data) == hex($len) && $sig eq issue_hash_sig($type, $data, $salt); +} + sub issue_hash_token { my ($data, $time) = @_; $data ||= []; -- cgit v1.2.3-24-g4f1b