From: David Lawrence <dkl@mozilla.com>
Date: Mon, 8 Sep 2014 13:43:00 +0000 (+0000)
Subject: Bug 1046126: Do not generate a new API token every time you access a bug-related... 
X-Git-Tag: bugzilla-4.5.6~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e181022c27b291b845f029f0e8f25748cad8495f;p=thirdparty%2Fbugzilla.git

Bug 1046126: Do not generate a new API token every time you access a bug-related page
r=sgreen,a=glob
---

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 670f5a661a..24ffad3c34 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -34,9 +34,16 @@ use parent qw(Exporter);
 
 # Create a token used for internal API authentication
 sub issue_api_token {
-    # Generates a random token, adds it to the tokens table, and returns
-    # the token to the caller.
-    return _create_token(Bugzilla->user->id, 'api_token', '');
+    # Generates a random token, adds it to the tokens table if one does not
+    # already exist, and returns the token to the caller.
+    my $dbh  = Bugzilla->dbh;
+    my $user = Bugzilla->user;
+    my ($token) = $dbh->selectrow_array("
+        SELECT token FROM tokens
+         WHERE userid = ? AND tokentype = 'api_token'
+               AND (" . $dbh->sql_date_math('issuedate', '+', (MAX_TOKEN_AGE * 24 - 12), 'HOUR') . ") > NOW()",
+        undef, $user->id);
+    return $token // _create_token($user->id, 'api_token', '');
 }
 
 # Creates and sends a token to create a new user account.