2010-07-09 20:14:23 +04:00
|
|
|
|
#!/usr/bin/perl -wT
|
2010-12-09 20:16:43 +03:00
|
|
|
|
# CustIS Bug 63447 - Сервер глобальной авторизации
|
2010-07-09 20:09:06 +04:00
|
|
|
|
|
|
|
|
|
|
use utf8;
|
|
|
|
|
|
use strict;
|
|
|
|
|
|
use lib qw(. lib);
|
|
|
|
|
|
|
|
|
|
|
|
use Bugzilla;
|
|
|
|
|
|
use Bugzilla::User;
|
2010-07-09 20:14:23 +04:00
|
|
|
|
use Bugzilla::Util;
|
2010-07-09 20:09:06 +04:00
|
|
|
|
use Bugzilla::Constants;
|
|
|
|
|
|
|
2012-02-21 22:43:54 +04:00
|
|
|
|
use Encode;
|
2010-07-09 20:09:06 +04:00
|
|
|
|
use HTTP::Request::Common;
|
|
|
|
|
|
use LWP::Simple qw($ua);
|
|
|
|
|
|
use URI;
|
|
|
|
|
|
use URI::QueryParam;
|
|
|
|
|
|
use URI::Escape;
|
|
|
|
|
|
use JSON;
|
|
|
|
|
|
|
2010-10-28 16:02:57 +04:00
|
|
|
|
my $gc_prob = 0.01;
|
|
|
|
|
|
|
2014-07-30 16:02:24 +04:00
|
|
|
|
my $args = Bugzilla->input_params;
|
2010-07-09 20:09:06 +04:00
|
|
|
|
my $check = $args->{ga_check} ? 1 : 0; # если 1 и пользователь не вошёл, входа не требовать
|
|
|
|
|
|
|
|
|
|
|
|
# требуем входа, если пришёл пользователь (в запросе нет ключа) и в запросе не сказано "не требовать входа"
|
|
|
|
|
|
my $user = Bugzilla->login(!$args->{ga_key} && !$check ? LOGIN_REQUIRED : !LOGIN_REQUIRED);
|
|
|
|
|
|
my $dbh = Bugzilla->dbh;
|
|
|
|
|
|
|
|
|
|
|
|
my $expire = Bugzilla->params->{globalauth_expire} || 86400;
|
|
|
|
|
|
|
|
|
|
|
|
my $id;
|
|
|
|
|
|
# только серверная сторона
|
|
|
|
|
|
if (($id = $args->{ga_id}) && !$args->{ga_client})
|
|
|
|
|
|
{
|
2010-10-28 16:02:57 +04:00
|
|
|
|
if (rand() < $gc_prob)
|
|
|
|
|
|
{
|
|
|
|
|
|
$dbh->do("DELETE FROM globalauth WHERE expire < UNIX_TIMESTAMP()");
|
|
|
|
|
|
}
|
2010-07-09 20:14:23 +04:00
|
|
|
|
trick_taint($id);
|
2010-07-09 20:09:06 +04:00
|
|
|
|
# приём ID и ключа от клиента
|
|
|
|
|
|
my $key = $args->{ga_key};
|
|
|
|
|
|
if ($key)
|
|
|
|
|
|
{
|
2010-07-09 20:14:23 +04:00
|
|
|
|
trick_taint($key);
|
2010-07-09 20:09:06 +04:00
|
|
|
|
$dbh->do("REPLACE INTO globalauth SET id=?, secret=?, expire=?", undef, $id, $key, time+$expire);
|
2014-07-30 16:02:24 +04:00
|
|
|
|
Bugzilla->cgi->send_header;
|
2010-07-09 20:09:06 +04:00
|
|
|
|
print "1"; # потенциально здесь любой JSON
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
# передача данных авторизации клиенту
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
my $tm;
|
|
|
|
|
|
($key, $tm) = $dbh->selectrow_array("SELECT secret, expire FROM globalauth WHERE id=?", undef, $id);
|
2013-08-12 18:56:49 +04:00
|
|
|
|
if ($key && time > $tm)
|
2010-07-09 20:09:06 +04:00
|
|
|
|
{
|
|
|
|
|
|
$key = undef;
|
|
|
|
|
|
$dbh->do("DELETE FROM globalauth WHERE id=?", undef, $id);
|
2013-08-12 18:56:49 +04:00
|
|
|
|
die "GlobalAuth key expired";
|
2010-07-09 20:09:06 +04:00
|
|
|
|
}
|
|
|
|
|
|
if ($key)
|
|
|
|
|
|
{
|
|
|
|
|
|
my $url = $args->{ga_url};
|
|
|
|
|
|
if (!$url)
|
|
|
|
|
|
{
|
|
|
|
|
|
# ошибко :(
|
2014-07-30 16:02:24 +04:00
|
|
|
|
Bugzilla->cgi->send_header;
|
2010-07-09 20:09:06 +04:00
|
|
|
|
print "Global Auth: No ga_url in request for ID=$id";
|
|
|
|
|
|
warn "Global Auth: No ga_url in request for ID=$id";
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
$url = URI->new($url);
|
|
|
|
|
|
my $authdata;
|
|
|
|
|
|
if ($user && $user->id)
|
|
|
|
|
|
{
|
2010-07-15 21:36:12 +04:00
|
|
|
|
# почтовые алиасы
|
2010-07-09 20:09:06 +04:00
|
|
|
|
my $rows = $dbh->selectall_arrayref("SELECT * FROM emailin_aliases WHERE userid=?", {Slice=>{}}, $user->id);
|
|
|
|
|
|
my $aliases = {};
|
|
|
|
|
|
my $primary_email;
|
|
|
|
|
|
for (@$rows)
|
|
|
|
|
|
{
|
|
|
|
|
|
if ($_->{isprimary})
|
|
|
|
|
|
{
|
|
|
|
|
|
$primary_email = $_->{address};
|
|
|
|
|
|
}
|
|
|
|
|
|
$aliases->{$_->{address}} = 1;
|
|
|
|
|
|
}
|
|
|
|
|
|
$aliases->{$user->email} = 1;
|
|
|
|
|
|
$primary_email ||= $user->email;
|
2010-07-15 21:36:12 +04:00
|
|
|
|
# собираем данные
|
2010-07-09 20:09:06 +04:00
|
|
|
|
$authdata = {
|
2010-07-15 21:36:12 +04:00
|
|
|
|
user_email => $primary_email,
|
|
|
|
|
|
user_real_name => $user->name,
|
|
|
|
|
|
user_name => $user->login,
|
|
|
|
|
|
user_email_aliases => [ sort keys %$aliases ],
|
|
|
|
|
|
# включаем также информацию о правах пользователя
|
|
|
|
|
|
user_groups => [ map { $_->name } @{ $user->groups } ],
|
2010-07-22 16:22:27 +04:00
|
|
|
|
#selectable_products => [ map { $_->name } @{ $user->get_selectable_products } ], # пока не нужно
|
|
|
|
|
|
#editable_products => [ map { $_->name } @{ $user->get_editable_products } ], # пока не нужно
|
2010-07-20 16:28:07 +04:00
|
|
|
|
# информация об источнике данных
|
2010-07-22 16:22:27 +04:00
|
|
|
|
auth_source => 'Bugzilla',
|
2010-07-20 16:28:07 +04:00
|
|
|
|
auth_server => correct_urlbase().'/globalauth.cgi',
|
2010-07-22 16:22:27 +04:00
|
|
|
|
auth_site => correct_urlbase(),
|
2010-07-09 20:09:06 +04:00
|
|
|
|
};
|
2010-07-15 21:36:12 +04:00
|
|
|
|
# кодируем данные в JSON
|
2010-07-09 20:09:06 +04:00
|
|
|
|
$authdata = { ga_data => encode_json($authdata) };
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
$authdata = { ga_nologin => 1 };
|
|
|
|
|
|
}
|
|
|
|
|
|
$authdata->{ga_id} = $id;
|
|
|
|
|
|
$authdata->{ga_key} = $key;
|
|
|
|
|
|
# TODO LWPx::ParanoidAgent
|
|
|
|
|
|
$ua->timeout(Bugzilla->params->{globalauth_timeout} || 30);
|
|
|
|
|
|
# отправляем запрос серверу клиента
|
|
|
|
|
|
my $res = $ua->request(POST "$url", Content => $authdata);
|
|
|
|
|
|
# и делаем перенаправление в браузере
|
2012-02-21 22:43:54 +04:00
|
|
|
|
{
|
|
|
|
|
|
no utf8;
|
|
|
|
|
|
# URI::QueryParam имеет проблемы с утф'ом...
|
|
|
|
|
|
$url->query_param(ga_id => $id);
|
|
|
|
|
|
$url->query_param(ga_res => $res->code);
|
|
|
|
|
|
}
|
2010-07-09 20:09:06 +04:00
|
|
|
|
$dbh->do("DELETE FROM globalauth WHERE id=?", undef, $id);
|
2014-07-30 16:02:24 +04:00
|
|
|
|
print Bugzilla->cgi->redirect(-location => "$url");
|
2010-07-09 20:09:06 +04:00
|
|
|
|
exit;
|
|
|
|
|
|
}
|
2013-08-12 18:56:49 +04:00
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
die "Global Auth key not found";
|
|
|
|
|
|
}
|
2010-07-09 20:09:06 +04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2013-08-12 18:56:49 +04:00
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
die("Global Auth client mode disabled in Bugzilla");
|
|
|
|
|
|
}
|
2010-07-09 20:09:06 +04:00
|
|
|
|
|
|
|
|
|
|
1;
|
|
|
|
|
|
__END__
|
