From: Dylan William Hardison Date: Thu, 6 Dec 2018 21:30:41 +0000 (-0500) Subject: Bug 1511490 - add Bugzilla method for handling jwts X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c108e60a5a2c0e984c42dae06092e0f6ad85fb37;p=thirdparty%2Fbugzilla.git Bug 1511490 - add Bugzilla method for handling jwts --- diff --git a/Bugzilla.pm b/Bugzilla.pm index d728f91ec..d35ede8da 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -446,6 +446,12 @@ sub job_queue { return request_cache->{job_queue} ||= Bugzilla::JobQueue->new(); } +sub jwt { + my ($class, @args) = @_; + require Mojo::JWT; + return Mojo::JWT->new(@args, secret => $class->localconfig->{jwt_secret}); +} + sub dbh { my ($class) = @_; @@ -1198,4 +1204,11 @@ information. =back +=item C + +Returns a L object, configured with the Bugzilla localconfig jwt_secret set. + + my $payload_hash = Bugzilla->jwt->decode($jwt); + my $new_jwt = Bugzilla->jwt(claims => $payload_hash)->encode; + =back diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index 1195c2106..02c51ec98 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -80,6 +80,7 @@ use constant LOCALCONFIG_VARS => ( # is larger than anybody would ever be able to brute-force. default => sub { generate_random_password(64) }, }, + {name => 'jwt_secret', default => sub { generate_random_password(64) },}, { name => 'param_override', default => { diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl index da28cc89c..58c10f555 100644 --- a/template/en/default/setup/strings.txt.pl +++ b/template/en/default/setup/strings.txt.pl @@ -224,6 +224,10 @@ validation of encrypted tokens. These tokens are used to implement security features in Bugzilla, to protect against certain types of attacks. A random string is generated by default. It's very important that this key is kept secret. It also must be very long. +END + localconfig_jwt_secret => <<'END', +This secret key is used to generate JWTs. It should be a long unique value. +It should not be the same as the site_wide_secret. END localconfig_param_override => <<'END', This hash is used by BMO to override select data/params values on a per-webhead