Bug 1170722: Authentication Delegation should add an App ID column to associate api...

r=dkl,a=glob

diff --git a/Bugzilla/DB/Schema.pm b/Bugzilla/DB/Schema.pm
index c089513e303ef4db26e6453efdbcb539abe85165..3d904ba8b8fbdcaa0d948f50dfe7c6190b1817c1 100644 (file)
--- a/Bugzilla/DB/Schema.pm
+++ b/Bugzilla/DB/Schema.pm
@@ -1779,15 +1779,17 @@ use constant ABSTRACT_SCHEMA => {
                               REFERENCES => {TABLE  => 'profiles',
                                              COLUMN => 'userid',
                                              DELETE => 'CASCADE'}},
-            api_key       => {TYPE => 'VARCHAR(40)', NOTNULL => 1},
-            description   => {TYPE => 'VARCHAR(255)'},
+            api_key       => {TYPE => 'varchar(40)', NOTNULL => 1},
+            description   => {TYPE => 'varchar(255)'},
             revoked       => {TYPE => 'BOOLEAN', NOTNULL => 1,
                               DEFAULT => 'FALSE'},
             last_used     => {TYPE => 'DATETIME'},
+            app_id        => {TYPE => 'varchar(64)'},
         ],
         INDEXES => [
             user_api_keys_api_key_idx => {FIELDS => ['api_key'], TYPE => 'UNIQUE'},
             user_api_keys_user_id_idx => ['user_id'],
+            user_api_keys_user_id_app_id_idx  => ['user_id', 'app_id'],
         ],
     },
 };

diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index ddd127be2ee49bf5e4dea05b6c5d0bf864d9cd70..5761d1963c78e880300bf937032b38d1c3ae7a49 100644 (file)
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -122,6 +122,11 @@ sub update_fielddefs_definition {
     $dbh->bz_add_column('fielddefs', 'long_desc',
                         {TYPE => 'varchar(255)', NOTNULL => 1, DEFAULT => "''"}, '');
 
+    $dbh->bz_add_column('user_api_keys', 'app_id',
+                        {TYPE => 'varchar(64)'});
+    $dbh->bz_add_index('user_api_keys', 'user_api_keys_user_id_app_id_idx',
+                       [qw(user_id app_id)]);
+
     Bugzilla::Hook::process('install_update_db_fielddefs');
 
     # Remember, this is not the function for adding general table changes.

diff --git a/auth.cgi b/auth.cgi
index 4bbb03c66cf7d7150a11131d04ddc06b20985872..5da16a914a073712e1828d805d54c526992cd3d1 100755 (executable)
--- a/auth.cgi
+++ b/auth.cgi
@@ -22,6 +22,7 @@ use Bugzilla::Mailer qw(MessageToMTA);
 
 use URI;
 use URI::QueryParam;
+use Digest::SHA qw(sha256_hex);
 
 Bugzilla->login(LOGIN_REQUIRED);
 
@@ -61,20 +62,33 @@ if ($confirmed || $skip_confirmation) {
                            { token => $token, callback => $callback });
         }
     }
-
-    my $new_key = Bugzilla::User::APIKey->create({
-        user_id     => $user->id,
-        description => $description,
+    my $app_id = sha256_hex($callback_uri, $description);
+    my $keys = Bugzilla::User::APIKey->match({
+        user_id => $user->id,
+        app_id  => $app_id,
+        revoked => 0,
     });
-    my $template = Bugzilla->template_inner($user->setting('lang'));
-    my $vars = { user => $user, new_key => $new_key };
-    my $message;
-    $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
-      or ThrowTemplateError($template->error());
 
-    MessageToMTA($message);
+    my $api_key;
+    if (@$keys) {
+        $api_key = $keys->[0];
+    }
+    else {
+        $api_key = Bugzilla::User::APIKey->create({
+            user_id     => $user->id,
+            description => $description,
+            app_id      => $app_id,
+        });
+        my $template = Bugzilla->template_inner($user->setting('lang'));
+        my $vars = { user => $user, new_key => $api_key };
+        my $message;
+        $template->process('email/new-api-key.txt.tmpl', $vars, \$message)
+          or ThrowTemplateError($template->error());
+
+        MessageToMTA($message);
+    }
 
-    $callback_uri->query_param(client_api_key   => $new_key->api_key);
+    $callback_uri->query_param(client_api_key   => $api_key->api_key);
     $callback_uri->query_param(client_api_login => $user->login);
 
     print $cgi->redirect($callback_uri);