From e181022c27b291b845f029f0e8f25748cad8495f Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Mon, 8 Sep 2014 13:43:00 +0000
Subject: Bug 1046126: Do not generate a new API token every time you access a
 bug-related page r=sgreen,a=glob

---
 Bugzilla/Token.pm | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'Bugzilla/Token.pm')

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 670f5a661..24ffad3c3 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -34,9 +34,16 @@ use parent qw(Exporter);
 
 # Create a token used for internal API authentication
 sub issue_api_token {
-    # Generates a random token, adds it to the tokens table, and returns
-    # the token to the caller.
-    return _create_token(Bugzilla->user->id, 'api_token', '');
+    # Generates a random token, adds it to the tokens table if one does not
+    # already exist, and returns the token to the caller.
+    my $dbh  = Bugzilla->dbh;
+    my $user = Bugzilla->user;
+    my ($token) = $dbh->selectrow_array("
+        SELECT token FROM tokens
+         WHERE userid = ? AND tokentype = 'api_token'
+               AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()",
+        undef, $user->id);
+    return $token // _create_token($user->id, 'api_token', '');
 }
 
 # Creates and sends a token to create a new user account.
-- 
cgit v1.2.3-24-g4f1b