From d8cbd5b5c59f0c66772df100a4b28d4e26450771 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@mozilla.com>
Date: Fri, 22 May 2015 12:54:38 -0400
Subject: Bug 1144468: Bugzilla Auth Delegation via API Keys r=dkl,a=glob

---
 auth.cgi | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100755 auth.cgi

(limited to 'auth.cgi')

diff --git a/auth.cgi b/auth.cgi
new file mode 100755
index 000000000..4bbb03c66
--- /dev/null
+++ b/auth.cgi
@@ -0,0 +1,88 @@
+#!/usr/bin/perl -T
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use 5.10.1;
+use strict;
+use warnings;
+
+use lib qw(. lib);
+
+use Bugzilla;
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Hook;
+use Bugzilla::Util qw(trick_taint);
+use Bugzilla::Token qw(issue_auth_delegation_token check_auth_delegation_token);
+use Bugzilla::Mailer qw(MessageToMTA);
+
+use URI;
+use URI::QueryParam;
+
+Bugzilla->login(LOGIN_REQUIRED);
+
+ThrowUserError('auth_delegation_disabled') unless Bugzilla->params->{auth_delegation};
+
+my $cgi         = Bugzilla->cgi;
+my $template    = Bugzilla->template;
+my $user        = Bugzilla->user;
+my $callback    = $cgi->param('callback') or ThrowUserError("auth_delegation_missing_callback");
+my $description = $cgi->param('description') or ThrowUserError("auth_delegation_missing_description");
+
+trick_taint($callback);
+trick_taint($description);
+
+my $callback_uri  = URI->new($callback);
+my $callback_base = $callback_uri->clone;
+$callback_base->query(undef);
+
+my $skip_confirmation = 0;
+my %args = ( skip_confirmation => \$skip_confirmation,
+             callback          => $callback_uri,
+             description       => $description,
+             callback_base     => $callback_base );
+
+Bugzilla::Hook::process('auth_delegation_confirm', \%args);
+
+my $confirmed = lc($cgi->request_method) eq 'post' && $cgi->param('confirm');
+
+if ($confirmed || $skip_confirmation) {
+    my $token = $cgi->param('token');
+    unless ($skip_confirmation) {
+        ThrowUserError("auth_delegation_missing_token") unless $token;
+        trick_taint($token);
+
+        unless (check_auth_delegation_token($token, $callback)) {
+            ThrowUserError('auth_delegation_invalid_token',
+                           { token => $token, callback => $callback });
+        }
+    }
+
+    my $new_key = Bugzilla::User::APIKey->create({
+        user_id     => $user->id,
+        description => $description,
+    });
+    my $template = Bugzilla->template_inner($user->setting('lang'));
+    my $vars = { user => $user, new_key => $new_key };
+    my $message;
+    $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
+      or ThrowTemplateError($template->error());
+
+    MessageToMTA($message);
+
+    $callback_uri->query_param(client_api_key   => $new_key->api_key);
+    $callback_uri->query_param(client_api_login => $user->login);
+
+    print $cgi->redirect($callback_uri);
+}
+else {
+    $args{token} = issue_auth_delegation_token($callback);
+
+    print $cgi->header();
+    $template->process("account/auth/delegation.html.tmpl", \%args)
+      or ThrowTemplateError($template->error());
+}
-- 
cgit v1.2.3-24-g4f1b