From 94d888356469f2d920835f9c6d4eba944e429f62 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 25 Sep 2017 14:14:31 -0400
Subject: Bug 1401463 - In bugzilla "you must reset password" state, all bug
 pages are force-redirected to password reset page, which loses "to-do"
 information that I have encoded as open tabs viewing particular bug pages

---
 Bugzilla/Token.pm | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index c6288f491..4b12f836b 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -32,6 +32,7 @@ use base qw(Exporter);
                               issue_auth_delegation_token check_auth_delegation_token
                               check_token_data delete_token
                               issue_hash_token check_hash_token
+                              issue_hash_sig   check_hash_sig
                               set_token_extra_data get_token_extra_data);
 
 # 128 bits password:
@@ -221,6 +222,27 @@ sub issue_short_lived_session_token {
     return _create_token($user->id ? $user->id : undef, 'session.short', $data);
 }
 
+sub issue_hash_sig {
+    my ($type, $data, $salt) = @_;
+    $data //= "";
+    $salt //= generate_random_password(16);
+
+    my $hmac = hmac_sha256_base64(
+        $salt,
+        $type,
+        $data,
+        Bugzilla->localconfig->{site_wide_secret}
+    );
+    return sprintf("%s|%s|%x", $salt, $hmac, length($data));
+}
+
+sub check_hash_sig {
+    my ($type, $sig, $data) = @_;
+    return 0 unless defined $sig && defined $data;
+    my ($salt, undef, $len) = split(/\|/, $sig, 3);
+    return length($data) == hex($len) && $sig eq issue_hash_sig($type, $data, $salt);
+}
+
 sub issue_hash_token {
     my ($data, $time) = @_;
     $data ||= [];
-- 
cgit v1.2.3-24-g4f1b