From 59285f71c6ed0d4db7d4b0455902130a2d7c83bd Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 20 Aug 2006 01:11:59 +0000
Subject: Bug 87795: Creating an account should send token and wait for
 confirmation (prevent user account abuse) - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat r=bkor a=myk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 token.cgi | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index 44e456710..6b72dfa36 100755
--- a/token.cgi
+++ b/token.cgi
@@ -19,6 +19,7 @@
 # Rights Reserved.
 #
 # Contributor(s): Myk Melez <myk@mozilla.org>
+#                 Frédéric Buclin <LpSolit@gmail.com>
 
 ############################################################################
 # Script Initialization
@@ -36,6 +37,8 @@ use Bugzilla::Error;
 use Bugzilla::Token;
 use Bugzilla::User;
 
+use Date::Parse;
+
 my $dbh = Bugzilla->dbh;
 local our $cgi = Bugzilla->cgi;
 local our $template = Bugzilla->template;
@@ -87,6 +90,12 @@ if ($cgi->param('t')) {
     Bugzilla::Token::Cancel($::token, "wrong_token_for_confirming_email_change");
     ThrowUserError("wrong_token_for_confirming_email_change");
   }
+  if (($::action =~ /^(request|confirm|cancel)_new_account$/)
+      && ($tokentype ne 'account'))
+  {
+      Bugzilla::Token::Cancel($::token, 'wrong_token_for_creating_account');
+      ThrowUserError('wrong_token_for_creating_account');
+  }
 }
 
 
@@ -147,6 +156,12 @@ if ($::action eq 'reqpw') {
     cancelChangeEmail();
 } elsif ($::action eq 'chgem') {
     changeEmail();
+} elsif ($::action eq 'request_new_account') {
+    request_create_account();
+} elsif ($::action eq 'confirm_new_account') {
+    confirm_create_account();
+} elsif ($::action eq 'cancel_new_account') {
+    cancel_create_account();
 } else { 
     # If the action that the user wants to take (specified in the "a" form field)
     # is none of the above listed actions, display an error telling the user 
@@ -333,3 +348,75 @@ sub cancelChangeEmail {
       || ThrowTemplateError($template->error());
 }
 
+sub request_create_account {
+    my (undef, $date, $login_name) = Bugzilla::Token::GetTokenData($::token);
+    $vars->{'token'} = $::token;
+    $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
+    $vars->{'date'} = str2time($date);
+
+    # We require a HTTPS connection if possible.
+    if (Bugzilla->params->{'sslbase'} ne ''
+        && Bugzilla->params->{'ssl'} ne 'never')
+    {
+        $cgi->require_https(Bugzilla->params->{'sslbase'});
+    }
+    print $cgi->header();
+
+    $template->process('account/email/confirm-new.html.tmpl', $vars)
+      || ThrowTemplateError($template->error());
+}
+
+sub confirm_create_account {
+    my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($::token);
+
+    (defined $cgi->param('passwd1') && defined $cgi->param('passwd2'))
+      || ThrowUserError('new_password_missing');
+    validate_password($cgi->param('passwd1'), $cgi->param('passwd2'));
+
+    my $realname = $cgi->param('realname');
+    my $password = $cgi->param('passwd1');
+
+    $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
+                         'email_setting WRITE', 'user_group_map WRITE',
+                         'groups READ', 'tokens READ', 'fielddefs READ');
+
+    # The email syntax may have changed since the initial creation request.
+    validate_email_syntax($login_name)
+      || ThrowUserError('illegal_email_address', {addr => $login_name});
+    # Also, maybe that this user account has already been created meanwhile.
+    is_available_username($login_name)
+      || ThrowUserError('account_exists', {email => $login_name});
+
+    # Login and password are validated now, and realname is allowed to
+    # contain anything.
+    trick_taint($realname);
+    trick_taint($password);
+
+    my $otheruser = insert_new_user($login_name, $realname, $password);
+    $dbh->bz_unlock_tables();
+
+    # Now delete this token.
+    Bugzilla::Token::DeleteToken($::token);
+
+    # Let the user know that his user account has been successfully created.
+    $vars->{'message'} = 'account_created';
+    $vars->{'otheruser'} = $otheruser;
+    $vars->{'login_info'} = 1;
+
+    print $cgi->header();
+
+    $template->process('global/message.html.tmpl', $vars)
+      || ThrowTemplateError($template->error());
+}
+
+sub cancel_create_account {
+    my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($::token);
+
+    $vars->{'message'} = 'account_creation_cancelled';
+    $vars->{'account'} = $login_name;
+    Bugzilla::Token::Cancel($::token, $vars->{'message'});
+
+    print $cgi->header();
+    $template->process('global/message.html.tmpl', $vars)
+      || ThrowTemplateError($template->error());
+}
-- 
cgit v1.2.3-24-g4f1b