From d03b432557e0422d5b0dbd32e82d36d3f9a5b68a Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Mon, 24 Aug 2015 14:04:19 -0400 Subject: Bug 1192687 - add the ability for users to view and revoke existing sessions --- Bugzilla/Auth/Login/Cookie.pm | 11 +++++++++- Bugzilla/User/Session.pm | 48 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Bugzilla/User/Session.pm (limited to 'Bugzilla') diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index e1faa52d0..46024bca4 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -19,7 +19,7 @@ package Bugzilla::Auth::Login::Cookie; use strict; use base qw(Bugzilla::Auth::Login); -use fields qw(_login_token); +use fields qw(_login_token _cookie); use Bugzilla::Constants; use Bugzilla::Error; @@ -58,6 +58,8 @@ sub get_login_info { @{$cgi->{'Bugzilla_cookie_list'}}; $user_id = $cookie->value if $cookie; } + trick_taint($login_cookie) if $login_cookie; + $self->cookie($login_cookie); # If the call is for a web service, and an api token is provided, check # it is valid. @@ -155,4 +157,11 @@ sub login_token { }; } +sub cookie { + my ($self, $val) = @_; + $self->{_cookie} = $val if @_ > 1; + + return $self->{_cookie}; +} + 1; diff --git a/Bugzilla/User/Session.pm b/Bugzilla/User/Session.pm new file mode 100644 index 000000000..c547867d1 --- /dev/null +++ b/Bugzilla/User/Session.pm @@ -0,0 +1,48 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +package Bugzilla::User::Session; + +use 5.10.1; +use strict; + +use parent qw(Bugzilla::Object); + +##################################################################### +# Overriden Constants that are used as methods +##################################################################### + +use constant DB_TABLE => 'logincookies'; +use constant DB_COLUMNS => qw( + cookie + userid + lastused + ipaddr + id + restrict_ipaddr +); + +use constant UPDATE_COLUMNS => qw(); +use constant VALIDATORS => {}; +use constant LIST_ORDER => 'lastused DESC'; +use constant NAME_FIELD => 'cookie'; + +# turn off auditing and exclude these objects from memcached +use constant { AUDIT_CREATES => 0, + AUDIT_UPDATES => 0, + AUDIT_REMOVES => 0, + USE_MEMCACHED => 0 }; + +# Accessors +sub id { return $_[0]->{id} } +sub userid { return $_[0]->{userid} } +sub cookie { return $_[0]->{cookie} } +sub lastused { return $_[0]->{lastused} } +sub ipaddr { return $_[0]->{ipaddr} } +sub restrict_ipaddr { return $_[0]->{restrict_ipaddr} } + +1; -- cgit v1.2.3-24-g4f1b