From d03b432557e0422d5b0dbd32e82d36d3f9a5b68a Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 24 Aug 2015 14:04:19 -0400
Subject: Bug 1192687 - add the ability for users to view and revoke existing
 sessions

---
 Bugzilla/Auth/Login/Cookie.pm | 11 +++++++++-
 Bugzilla/User/Session.pm      | 48 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 Bugzilla/User/Session.pm

(limited to 'Bugzilla')

diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index e1faa52d0..46024bca4 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -19,7 +19,7 @@ package Bugzilla::Auth::Login::Cookie;
 use strict;
 
 use base qw(Bugzilla::Auth::Login);
-use fields qw(_login_token);
+use fields qw(_login_token _cookie);
 
 use Bugzilla::Constants;
 use Bugzilla::Error;
@@ -58,6 +58,8 @@ sub get_login_info {
                                 @{$cgi->{'Bugzilla_cookie_list'}};
             $user_id = $cookie->value if $cookie;
         }
+        trick_taint($login_cookie) if $login_cookie;
+        $self->cookie($login_cookie);
 
         # If the call is for a web service, and an api token is provided, check
         # it is valid.
@@ -155,4 +157,11 @@ sub login_token {
     };
 }
 
+sub cookie {
+    my ($self, $val) = @_;
+    $self->{_cookie} = $val if @_ > 1;
+
+    return $self->{_cookie};
+}
+
 1;
diff --git a/Bugzilla/User/Session.pm b/Bugzilla/User/Session.pm
new file mode 100644
index 000000000..c547867d1
--- /dev/null
+++ b/Bugzilla/User/Session.pm
@@ -0,0 +1,48 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::User::Session;
+
+use 5.10.1;
+use strict;
+
+use parent qw(Bugzilla::Object);
+
+#####################################################################
+# Overriden Constants that are used as methods
+#####################################################################
+
+use constant DB_TABLE       => 'logincookies';
+use constant DB_COLUMNS     => qw(
+    cookie
+    userid
+    lastused
+    ipaddr
+    id
+    restrict_ipaddr
+);
+
+use constant UPDATE_COLUMNS => qw();
+use constant VALIDATORS     => {};
+use constant LIST_ORDER     => 'lastused DESC';
+use constant NAME_FIELD     => 'cookie';
+
+# turn off auditing and exclude these objects from memcached
+use constant { AUDIT_CREATES => 0,
+               AUDIT_UPDATES => 0,
+               AUDIT_REMOVES => 0,
+               USE_MEMCACHED => 0 };
+
+# Accessors
+sub id              { return $_[0]->{id}              }
+sub userid          { return $_[0]->{userid}          }
+sub cookie          { return $_[0]->{cookie}          }
+sub lastused        { return $_[0]->{lastused}        }
+sub ipaddr          { return $_[0]->{ipaddr}          }
+sub restrict_ipaddr { return $_[0]->{restrict_ipaddr} }
+
+1;
-- 
cgit v1.2.3-24-g4f1b