my $login_cookie = $c->cookie("Bugzilla_logincookie");
my $user_id = $c->cookie("Bugzilla_login");
- my $ip_addr = $c->tx->remote_address;
return $c->bugzilla->login_redirect_if_required($type)
unless ($login_cookie && $user_id);
my $db_cookie = Bugzilla->dbh->selectrow_array(
- q{
- SELECT cookie
- FROM logincookies
- WHERE cookie = ?
- AND userid = ?
- AND (restrict_ipaddr = 0 OR ipaddr = ?)
- }, undef, ($login_cookie, $user_id, $ip_addr)
+ 'SELECT cookie FROM logincookies WHERE cookie = ? AND userid = ?',
+ undef, ($login_cookie, $user_id)
);
if (defined $db_cookie && secure_compare($login_cookie, $db_cookie)) {
my $cgi = Bugzilla->cgi;
my $uri = URI->new($cgi->self_url);
foreach
- my $param (qw( Bugzilla_remember Bugzilla_restrictlogin GoAheadAndLogIn ))
+ my $param (qw( Bugzilla_remember GoAheadAndLogIn ))
{
$uri->query_param_delete($param);
}
user => $user,
type => $type,
reason => 'Logging in as ' . $user->identity,
- restrictlogin => $params->{Bugzilla_restrictlogin},
remember => $params->{Bugzilla_remember},
url => $uri->as_string,
postback =>
my $params = Bugzilla->input_params;
$self->{_info_getter}->{successful} = Bugzilla::Auth::Login::CGI->new();
- $params->{Bugzilla_restrictlogin} = $event->{restrictlogin}
- if defined $event->{restrictlogin};
$params->{Bugzilla_remember} = $event->{remember} if defined $event->{remember};
$self->_handle_login_result({user => $user}, $event->{type});
($user_id, $login_cookie) = ($token->{'user_id'}, $token->{'login_token'});
}
- my $ip_addr = remote_ip();
-
if ($login_cookie && $user_id) {
# Anything goes for these params - they're just strings which
# we're going to verify against the db
- trick_taint($ip_addr);
trick_taint($login_cookie);
detaint_natural($user_id);
my $db_cookie = $dbh->selectrow_array(
- 'SELECT cookie
- FROM logincookies
- WHERE cookie = ?
- AND userid = ?
- AND (restrict_ipaddr = 0 OR ipaddr = ?)',
- undef, ($login_cookie, $user_id, $ip_addr)
+ 'SELECT cookie FROM logincookies WHERE cookie = ? AND userid = ?',
+ undef, ($login_cookie, $user_id)
);
# If the cookie is valid, return a valid username.
my $ip_addr = remote_ip();
trick_taint($ip_addr);
- my $restrict = $input_params->{Bugzilla_restrictlogin} ? 1 : 0;
- $dbh->do(
- "INSERT INTO logincookies (cookie, userid, ipaddr, lastused, restrict_ipaddr)
- VALUES (?, ?, ?, NOW(), ?)", undef, $login_cookie, $user->id,
- $ip_addr, $restrict
- );
+ $dbh->do('INSERT INTO logincookies (cookie, userid, ipaddr, lastused)
+ VALUES (?, ?, ?, NOW())', undef, $login_cookie, $user->id, $ip_addr);
# Issuing a new cookie is a good time to clean up the old
# cookies.
ipaddr => {TYPE => 'varchar(40)'},
lastused => {TYPE => 'DATETIME', NOTNULL => 1},
id => {TYPE => 'INTSERIAL', NOTNULL => 1, PRIMARYKEY => 1},
- restrict_ipaddr => {TYPE => 'BOOLEAN', NOTNULL => 1, DEFAULT => 0},
],
INDEXES => [
logincookies_lastused_idx => ['lastused'],
$dbh->bz_add_column('user_api_keys', 'last_used_ip', {TYPE => 'varchar(40)'});
- _add_restrict_ipaddr();
-
$dbh->bz_add_column('profiles', 'password_change_required',
{TYPE => 'BOOLEAN', NOTNULL => 1, DEFAULT => 'FALSE'});
$dbh->bz_add_column('profiles', 'password_change_reason',
_add_oauth2_jwt_support();
+ # Bug 1402894 - kohei.yoshino@gmail.com
+ $dbh->bz_drop_column('logincookies', 'restrict_ipaddr');
+
################################################################
# New --TABLE-- changes should go *** A B O V E *** this point #
################################################################
Bugzilla->dbh->do("UPDATE profiles SET disable_mail = 1 WHERE is_enabled = 0");
}
-sub _add_restrict_ipaddr {
- my $dbh = Bugzilla->dbh;
- return if $dbh->bz_column_info('logincookies', 'restrict_ipaddr');
-
- $dbh->bz_add_column('logincookies', 'restrict_ipaddr',
- {TYPE => 'BOOLEAN', NOTNULL => 1, DEFAULT => 0});
- $dbh->do(
- "UPDATE logincookies SET restrict_ipaddr = 1 WHERE ipaddr IS NOT NULL");
-}
-
sub _migrate_group_owners {
my $dbh = Bugzilla->dbh;
return if $dbh->bz_column_info('groups', 'owner_user_id');
lastused
ipaddr
id
- restrict_ipaddr
);
use constant UPDATE_COLUMNS => qw();
sub cookie { return $_[0]->{cookie} }
sub lastused { return $_[0]->{lastused} }
sub ipaddr { return $_[0]->{ipaddr} }
-sub restrict_ipaddr { return $_[0]->{restrict_ipaddr} }
1;
=item C<Bugzilla_password> (string) - That user's password.
-=item C<Bugzilla_restrictlogin> (boolean) - Optional. If true,
-then your login will only be valid for your IP address.
-
=item C<Bugzilla_rememberlogin> (boolean) - Optional. If true,
then the cookie sent back to you with the method response will
not expire.
=back
-The C<Bugzilla_restrictlogin> and C<Bugzilla_rememberlogin> options
-are only used when you have also specified C<Bugzilla_login> and
-C<Bugzilla_password>. This value will be deprecated in the release
-after Bugzilla 5.0 and you will be required to pass the Bugzilla_login
+The C<Bugzilla_rememberlogin> option is only used when you have also specified
+C<Bugzilla_login> and C<Bugzilla_password>. This value will be deprecated in the
+release after Bugzilla 5.0 and you will be required to pass the Bugzilla_login
and Bugzilla_password for every call.
Note that Bugzilla will return HTTP cookies along with the method
====================== ======= ==============================================
**Bugzilla_login** string A user's login name.
**Bugzilla_password** string That user's password.
-Bugzilla_restrictlogin boolean If true, then your login will only be
- valid for your IP address.
====================== ======= ==============================================
-The ``Bugzilla_restrictlogin`` option is only used when you have also
-specified ``Bugzilla_login`` and ``Bugzilla_password``.
-
There is also a deprecated method of authentication described below that will be
removed in the version after Bugzilla 5.0.
============== ======= ========================================================
**login** string The user's login name.
**password** string The user's password.
-restrict_login boolean If set to a true value, the token returned by this
- method will only be valid from the IP address which
- called this method.
============== ======= ========================================================
**Response**
# Only check the token if we are running this script from the
# web browser and a parameter is passed to the script.
# XXX - Maybe these two parameters should be deleted once logged in?
- $cgi->delete('GoAheadAndLogIn', 'Bugzilla_restrictlogin', 'hooks_only');
+ $cgi->delete('GoAheadAndLogIn', 'hooks_only');
if (scalar($cgi->param())) {
my $token = $cgi->param('token');
check_hash_token($token, ['sanitycheck']);
font-weight: bold;
}
-#login .field-restrict, #login .field-remember {
+#login .field-remember {
margin-left: 7em;
}
padding-bottom: 0px;
}
- #login .field-restrict, #login .field-remember {
+ #login .field-remember {
margin-left: 0px;
}
#login .field-submit {
'/login' => {Referer => $referer} => form => {
Bugzilla_login => $oauth_login,
Bugzilla_password => $oauth_password,
- Bugzilla_restrictlogin => 1,
GoAheadAndLogIn => 1,
client_id => $oauth_client->{client_id},
response_type => 'code',
[% END %]
[% PROCESS "global/hidden-fields.html.tmpl"
- exclude="^Bugzilla_(login|password|restrictlogin)$" %]
-
- <div class="field-restrict">
- <input type="checkbox" id="Bugzilla_restrictlogin" name="Bugzilla_restrictlogin"
- checked="checked">
- <label for="Bugzilla_restrictlogin" class="checkbox-note">
- Restrict this session to this IP address
- (using this option improves security)</label>
- </div>
+ exclude="^Bugzilla_(login|password)$" %]
<div class="field-submit">
<input type="hidden" name="Bugzilla_login_token"
<tr class="column_header">
<th>Last used</th>
<th>IP Address</th>
- <th>IP Restriction</th>
<th>Logout</th>
</tr>
<tr>
<td>[% session.lastused FILTER time %]</td>
<td>[% session.ipaddr OR "Unknown" FILTER html %]</td>
- <td>[% session.restrict_ipaddr ? "Restricted" : "Unrestricted" FILTER html %]
<td>
[% IF session.current %]
<b>(current)</b>
[% END %]
</tr>
[% END %]
-</table>
\ No newline at end of file
+</table>
projects / thirdparty / bugzilla.git / commitdiff
