Merge branch 'master' of git://github.com/mantisbt/mantisbt into sync…

…guru-modern-ui-2 # Conflicts: # core/html_api.php # css/default.css # library/README.libs # library/securimage # manage_config_workflow_page.php
mantisbt · Dec 8, 2015 · 6d91468 · 6d91468
2 parents f4c08e7 + a74669a
commit 6d91468
Show file tree

Hide file tree

Showing 27 changed files with 783 additions and 244 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -8,6 +8,13 @@ language: php
 # Environment setup and test scripts execution
 #
 
+before_install:
+  # Workaround for failing PHP 5.5 builds, per https://github.com/travis-ci/travis-ci/issues/5206
+  - if [[ ${TRAVIS_PHP_VERSION:0:3} == "5.5" ]]; then
+        curl -s -o $HOME/.phpenv/versions/5.5/bin/phpunit https://phar.phpunit.de/phpunit-old.phar;
+        chmod +x $HOME/.phpenv/versions/5.5/bin/phpunit;
+    fi
+
 before_script:
   - ./scripts/travis_before_script.sh
 

diff --git a/account_page.php b/account_page.php
@@ -59,6 +59,7 @@
  */
 
 require_once( 'core.php' );
+require_api( 'api_token_api.php' );
 require_api( 'authentication_api.php' );
 require_api( 'config_api.php' );
 require_api( 'constant_inc.php' );
@@ -306,6 +307,7 @@
 
 	</form>
 </div>
+
 <?php # check if users can't delete their own accounts
 if( ON == config_get( 'allow_account_delete' ) ) { ?>
 

diff --git a/admin/schema.php b/admin/schema.php
@@ -728,7 +728,7 @@ function installer_db_now() {
 
 # Release marker: 1.2.1 - 1.2.15
 
-$g_upgrade[184] = array( 'UpdateFunction', 'do_nothing' );
+$g_upgrade[184] = null;
 $g_upgrade[185] = array( 'AddColumnSQL', array( db_get_table( 'custom_field_string' ), '
 	text		XL  			NULL DEFAULT NULL ' ) );
 $g_upgrade[186] = array( 'UpdateFunction', 'update_history_long_custom_fields' );
@@ -750,5 +750,24 @@ function installer_db_now() {
 $g_upgrade[198] = array( 'AlterColumnSQL', array( db_get_table( 'user' ), "password C(64) $t_notnull DEFAULT \" '' \"" ) );
 $g_upgrade[199] = array( 'AlterColumnSQL', array( db_get_table( 'user' ), "email C(255) $t_notnull DEFAULT \" '' \"" ) );
 
-# Release marker: 1.3.0-beta.1
+# Release marker: 1.3.0-beta.1 - 1.3.0-beta.3
+
+# ----------------------------------------------------------------------------
+# Schema version: 200
+#
+$g_upgrade[200] = array(
+		'CreateTableSQL',array( db_get_table( 'api_token' ), '
+			  id           I UNSIGNED NOTNULL PRIMARY AUTOINCREMENT,
+			  user_id      I DEFAULT \'0\',
+			  name         C(128) NOTNULL,
+			  hash         C(128) NOTNULL,
+			  date_created I UNSIGNED NOTNULL DEFAULT \'0\',
+			  date_used    I UNSIGNED NOTNULL DEFAULT \'0\''
+		) );
+$g_upgrade[201] = array( 'CreateIndexSQL',
+			array( 'idx_user_id_name', db_get_table( 'api_token' ), 'user_id, name', array( 'UNIQUE' ) )
+		);
+
+# Release marker: 1.3.0-rc.1
+
 # Release marker: 1.3.0
diff --git a/api/soap/mc_api.php b/api/soap/mc_api.php
@@ -26,6 +26,14 @@
 # set up error_handler() as the new default error handling function
 set_error_handler( 'mc_error_handler' );
 
+/**
+ * Webservice APIs
+ *
+ * @uses api_token_api.php
+ */
+
+require_api( 'api_token_api.php' );
+
 /**
  * A factory class that can abstract away operations that can behave differently based
  * on the underlying soap implementation.
@@ -178,11 +186,21 @@ function mci_check_login( $p_username, $p_password ) {
 		return false;
 	}
 
-	# Must not pass in password, otherwise, authentication will be by-passed.
+	# Must not pass in null password, otherwise, authentication will be by-passed
+	# by auth_attempt_script_login().
 	$t_password = ( $p_password === null ) ? '' : $p_password;
 
-	if( false === auth_attempt_script_login( $p_username, $t_password ) ) {
-		return false;
+	# Validate the token
+	if( api_token_validate( $p_username, $t_password ) ) {
+		# Token is valid, then login the user without worrying about a password.
+		if( auth_attempt_script_login( $p_username, null ) === false ) {
+			return false;
+		}
+	} else {
+		# Not a valid token, validate as username + password.
+		if( auth_attempt_script_login( $p_username, $t_password ) === false ) {
+			return false;
+		}
 	}
 
 	return auth_get_current_user_id();

diff --git a/api_token_create.php b/api_token_create.php
@@ -0,0 +1,66 @@
+<?php
+# MantisBT - A PHP based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * This page stores the reported bug
+ *
+ * @package MantisBT
+ * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+ * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+ * @link http://www.mantisbt.org
+ *
+ * @uses core.php
+ * @uses api_token_api.php
+ * @uses string_api.php
+ */
+
+require_once( 'core.php' );
+require_api( 'api_token_api.php' );
+require_api( 'string_api.php' );
+
+form_security_validate( 'create_api_token_form' );
+
+auth_ensure_user_authenticated();
+auth_reauthenticate();
+
+$f_token_name = gpc_get_string( 'token_name' );
+
+$t_user_id = auth_get_current_user_id();
+
+user_ensure_unprotected( $t_user_id );
+
+$t_token = api_token_create( $f_token_name, $t_user_id );
+$t_disclose_message = lang_get( 'api_token_disclose_message' );
+$t_display_once_message = lang_get( 'api_token_displayed_once' );
+
+html_page_top();
+?>
+
+<div align="center">
+<br /><br />
+<?php echo $t_disclose_message ?>
+<br />
+<span class="important-msg"><?php echo $t_display_once_message ?></span>
+<br /><br />
+<span class="api-token"><?php echo string_display_line( $t_token ) ?></span>
+<br /><br />
+<?php print_bracket_link( 'api_tokens_page.php', lang_get( 'api_tokens_link' ) ) ?>
+<br />
+</div>
+
+<?php
+html_page_bottom();
+
diff --git a/api_token_revoke.php b/api_token_revoke.php
@@ -0,0 +1,56 @@
+<?php
+# MantisBT - A PHP based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * This page stores the reported bug
+ *
+ * @package MantisBT
+ * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+ * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+ * @link http://www.mantisbt.org
+ *
+ * @uses core.php
+ * @uses api_token_api.php
+ */
+
+require_once( 'core.php' );
+require_api( 'api_token_api.php' );
+
+form_security_validate( 'revoke_api_token_form' );
+
+auth_ensure_user_authenticated();
+auth_reauthenticate();
+
+$f_token_id = gpc_get_int( 'token_id' );
+$f_token_name = gpc_get_string( 'token_name' );
+
+$t_user_id = auth_get_current_user_id();
+
+user_ensure_unprotected( $t_user_id );
+
+api_token_revoke( $f_token_id, $t_user_id );
+
+html_page_top1();
+html_meta_redirect( 'api_tokens_page.php' );
+html_page_top2();
+
+echo '<div align="center">';
+echo '<br /><br />' . sprintf( lang_get( 'api_token_revoked' ), string_display_line( $f_token_name ) ) . '<br /><br />';
+print_bracket_link( 'api_tokens_page.php', lang_get( 'api_tokens_link' ) );
+echo '</div>';
+
+html_page_bottom();
+
diff --git a/api_tokens_page.php b/api_tokens_page.php
@@ -0,0 +1,117 @@
+<?php
+# MantisBT - A PHP based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * @package MantisBT
+ * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+ * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+ * @link http://www.mantisbt.org
+ *
+ * @uses core.php
+ * @uses api_token_api.php
+ * @uses authentication_api.php
+ * @uses current_user_api.php
+ * @uses database_api.php
+ * @uses html_api.php
+ */
+
+require_once( 'core.php' );
+require_api( 'api_token_api.php' );
+require_api( 'authentication_api.php' );
+require_api( 'current_user_api.php' );
+require_api( 'database_api.php' );
+require_api( 'html_api.php' );
+
+auth_ensure_user_authenticated();
+auth_reauthenticate();
+
+current_user_ensure_unprotected();
+
+html_page_top( lang_get( 'api_tokens_link' ) );
+?>
+
+<div id="api-token-create-div" class="form-container">
+	<form id="account-create-api-token-form" method="post" action="api_token_create.php">
+		<fieldset>
+			<legend><span><?php echo lang_get( 'api_token_create_form_title' ); ?></span></legend>
+<?php echo form_security_field( 'create_api_token_form' ); ?>
+
+<div class="field-container">
+	<label for="token_name"><span><?php echo lang_get( 'api_token_name' ) ?></span></label>
+	<span class="input"><input id="token_name" type="text" name="token_name" size="64" maxlength="<?php echo DB_FIELD_SIZE_API_TOKEN_NAME; ?>" /></span>
+	<span class="label-style"></span>
+</div>
+
+<span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'api_token_create_button' ) ?>" /></span>
+</fieldset>
+</form>
+</div>
+<?php
+$t_user_id = auth_get_current_user_id();
+$t_tokens = api_token_get_all( $t_user_id );
+$t_date_format = config_get( 'normal_date_format' );
+
+if ( count( $t_tokens ) > 0 ) {
+?>
+	<div id="api-tokens-list-div" class="form-container">
+	<fieldset>
+		<legend><span><?php echo lang_get( 'api_tokens_title' ); ?></span></legend>
+	</fieldset>
+
+	<table>
+		<thead>
+			<tr class="row-category">
+				<th><?php echo lang_get( 'api_token_name' ); ?></th>
+				<th><?php echo lang_get( 'date_created' ); ?></th>
+				<th><?php echo lang_get( 'last_used' ); ?></th>
+				<th><?php echo lang_get( 'actions' ); ?></th>
+			</tr>
+		</thead>
+		<tbody>
+	<?php foreach( $t_tokens as $t_token ) {
+			extract( $t_token, EXTR_PREFIX_ALL, 'u' );
+
+			$u_date_created  = date( $t_date_format, $u_date_created );
+
+			if ( (int)$u_date_used === 0 ) {
+				$u_date_used = lang_get( 'api_token_never_used' );
+			} else {
+				$u_date_used = date( $t_date_format, $u_date_used );
+			}
+		?>
+			<tr>
+				<td><?php echo string_display_line( $u_name ) ?></td>
+				<td><?php echo string_display_line( $u_date_created ) ?></td>
+				<td><?php echo string_display_line( $u_date_used ) ?></td>
+				<td>
+					<form id="revoke-api-token-form" method="post" action="api_token_revoke.php">
+						<?php echo form_security_field( 'revoke_api_token_form' ); ?>
+						<fieldset>
+							<input id="token_id" type="hidden" name="token_id" value="<?php echo $u_id ; ?>" />
+							<input id="token_name" type="hidden" name="token_name" value="<?php echo string_attribute( $u_name ); ?>" />
+							<input type="submit" class="button" value="<?php echo lang_get( 'api_token_revoke_button' ) ?>" />
+						</fieldset>
+					</form>
+				</td>
+			</tr>
+		<?php } ?>
+		</tbody>
+	</table>
+</div>
+<?php
+}
+
+html_page_bottom();
diff --git a/bug_update.php b/bug_update.php
@@ -424,9 +424,8 @@
 	email_relationship_child_closed( $f_bug_id );
 } else if( $t_reopen_issue ) {
 	email_bug_reopened( $f_bug_id );
-} else if( $t_existing_bug->handler_id === NO_USER &&
-           $t_updated_bug->handler_id !== NO_USER ) {
-	email_bug_assigned( $f_bug_id );
+} else if( $t_existing_bug->handler_id !== $t_updated_bug->handler_id ) {
+	email_owner_changed( $f_bug_id, $t_existing_bug->handler_id, $t_updated_bug->handler_id );
 } else if( $t_existing_bug->status !== $t_updated_bug->status ) {
 	$t_new_status_label = MantisEnum::getLabel( config_get( 'status_enum_string' ), $t_updated_bug->status );
 	$t_new_status_label = str_replace( ' ', '_', $t_new_status_label );