From c8447e9f4b7c17ab0e04af34dbd5583e78b23677 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Thu, 29 Jan 2015 17:33:12 +0000
Subject: Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of
 api keys for authentication

---
 userprefs.cgi | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

(limited to 'userprefs.cgi')

diff --git a/userprefs.cgi b/userprefs.cgi
index d33de74ad..1764bb2dd 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -29,11 +29,13 @@ use lib qw(. lib);
 use Bugzilla;
 use Bugzilla::BugMail;
 use Bugzilla::Constants;
+use Bugzilla::Mailer;
 use Bugzilla::Search;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::User;
 use Bugzilla::User::Setting qw(clear_settings_cache);
+use Bugzilla::User::APIKey;
 use Bugzilla::Token;
 
 my $template = Bugzilla->template;
@@ -520,6 +522,59 @@ sub SaveSavedSearches {
 }
 
 
+sub DoApiKey {
+    my $user = Bugzilla->user;
+
+    my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id });
+    $vars->{api_keys} = $api_keys;
+    $vars->{any_revoked} = grep { $_->revoked } @$api_keys;
+}
+
+sub SaveApiKey {
+    my $cgi = Bugzilla->cgi;
+    my $dbh = Bugzilla->dbh;
+    my $user = Bugzilla->user;
+
+    # Do it in a transaction.
+    $dbh->bz_start_transaction;
+
+    # Update any existing keys
+    my $api_keys = Bugzilla::User::APIKey->match({ user_id => $user->id });
+    foreach my $api_key (@$api_keys) {
+        my $description = $cgi->param('description_' . $api_key->id);
+        my $revoked = $cgi->param('revoked_' . $api_key->id);
+
+        if ($description ne $api_key->description
+            || $revoked != $api_key->revoked)
+        {
+            $api_key->set_all({
+                description => $description,
+                revoked     => $revoked,
+            });
+            $api_key->update();
+        }
+    }
+
+    # Create a new API key if requested.
+    if ($cgi->param('new_key')) {
+        $vars->{new_key} = Bugzilla::User::APIKey->create({
+            user_id     => $user->id,
+            description => scalar $cgi->param('new_description'),
+        });
+
+        # As a security precaution, we always sent out an e-mail when
+        # an API key is created
+        my $template = Bugzilla->template_inner($user->setting('lang'));
+        my $message;
+        $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
+          || ThrowTemplateError($template->error());
+
+        MessageToMTA($message);
+    }
+
+    $dbh->bz_commit_transaction;
+}
+
 ###############################################################################
 # Live code (not subroutine definitions) starts here
 ###############################################################################
@@ -589,6 +644,11 @@ SWITCH: for ($current_tab_name) {
         DoSavedSearches();
         last SWITCH;
     };
+    /^apikey$/ && do {
+        SaveApiKey() if $save_changes;
+        DoApiKey();
+        last SWITCH;
+    };
 
     ThrowUserError("unknown_tab",
                    { current_tab_name => $current_tab_name });
-- 
cgit v1.2.3-24-g4f1b