1 files changed, 108 insertions, 35 deletions
diff --git a/Bugzilla/User/APIKey.pm b/Bugzilla/User/APIKey.pm
index d268a0a93..f267b31f1 100644
--- a/Bugzilla/User/APIKey.pm
+++ b/Bugzilla/User/APIKey.pm
@@ -13,68 +13,116 @@ use warnings;
 
 use parent qw(Bugzilla::Object);
 
+use Bugzilla::Constants;
 use Bugzilla::User;
-use Bugzilla::Util qw(generate_random_password trim);
+use Bugzilla::Util qw(generate_random_password trim bz_crypt);
 
 #####################################################################
 # Overriden Constants that are used as methods
 #####################################################################
 
-use constant DB_TABLE       => 'user_api_keys';
-use constant DB_COLUMNS     => qw(
-    id
-    user_id
-    api_key
-    description
-    revoked
-    last_used
+use constant DB_TABLE   => 'user_api_keys';
+use constant DB_COLUMNS => qw(
+  id
+  user_id
+  api_key
+  description
+  revoked
+  last_used
+  banned
 );
 
-use constant UPDATE_COLUMNS => qw(description revoked last_used);
+use constant UPDATE_COLUMNS => qw(description revoked last_used banned);
 use constant VALIDATORS     => {
-    api_key     => \&_check_api_key,
-    description => \&_check_description,
-    revoked     => \&Bugzilla::Object::check_boolean,
+  api_key     => \&_check_api_key,
+  description => \&_check_description,
+  revoked     => \&Bugzilla::Object::check_boolean,
+  banned      => \&Bugzilla::Object::check_boolean,
 };
-use constant LIST_ORDER     => 'id';
-use constant NAME_FIELD     => 'api_key';
+use constant LIST_ORDER => 'id';
+use constant NAME_FIELD => 'api_key';
 
 # turn off auditing and exclude these objects from memcached
-use constant { AUDIT_CREATES => 0,
-               AUDIT_UPDATES => 0,
-               AUDIT_REMOVES => 0,
-               USE_MEMCACHED => 0 };
+use constant {
+  AUDIT_CREATES => 0,
+  AUDIT_UPDATES => 0,
+  AUDIT_REMOVES => 0,
+  USE_MEMCACHED => 0
+};
 
 # Accessors
-sub id            { return $_[0]->{id}          }
-sub user_id       { return $_[0]->{user_id}     }
-sub api_key       { return $_[0]->{api_key}     }
-sub description   { return $_[0]->{description} }
-sub revoked       { return $_[0]->{revoked}     }
-sub last_used     { return $_[0]->{last_used}   }
+sub id          { return $_[0]->{id} }
+sub user_id     { return $_[0]->{user_id} }
+sub api_key     { return $_[0]->{api_key} }
+sub description { return $_[0]->{description} }
+sub revoked     { return $_[0]->{revoked} }
+sub last_used   { return $_[0]->{last_used} }
+sub banned      { return $_[0]->{banned} }
 
 # Helpers
 sub user {
-    my $self = shift;
-    $self->{user} //= Bugzilla::User->new({name => $self->user_id, cache => 1});
-    return $self->{user};
+  my $self = shift;
+  $self->{user} //= Bugzilla::User->new({id => $self->user_id, cache => 1});
+  return $self->{user};
 }
 
 sub update_last_used {
-    my $self = shift;
-    my $timestamp = shift
-        || Bugzilla->dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)');
-    $self->set('last_used', $timestamp);
-    $self->update;
+  my $self = shift;
+  my $timestamp
+    = shift || Bugzilla->dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)');
+
+  ## RED HAT EXTENSION START 1660438
+  # This does not need to be protected from serialization conflicts
+  my $dbh = Bugzilla->dbh;
+  $dbh->bz_start_transaction(1);
+  $self->set('last_used', $timestamp);
+  $self->update;
+  $dbh->bz_commit_transaction();
+  ## RED HAT EXTENSION END 1660438
+  return;
 }
 
 # Setters
 sub set_description { $_[0]->set('description', $_[1]); }
 sub set_revoked     { $_[0]->set('revoked',     $_[1]); }
 
+sub set_banned {
+ my($self, $input) = @_;
+
+  Bugzilla->user->in_group('admin')
+    || ThrowUserError("auth_failure",
+    {group => "admin", action => "run", object => "apikey"});
+
+  ThrowUserError("api_key_cannot_unban") if($self->banned() && !$input);
+  $self->set('banned', $input);
+}
+
 # Validators
-sub _check_api_key     { return generate_random_password(40); }
-sub _check_description { return trim($_[1]) || '';   }
+sub _check_api_key     { return $_[1]; }
+sub _check_description { return trim($_[1]) || ''; }
+
+sub create {
+  my $class = shift;
+  my $dbh   = Bugzilla->dbh;
+
+  $dbh->bz_start_transaction();
+
+  $class->check_required_create_fields(@_);
+
+  my $key = generate_random_password(40);
+  $_[0]->{api_key} = bz_crypt($key, Bugzilla->localconfig->{'site_wide_secret'},
+    PASSWORD_DIGEST_ALGORITHM);
+
+  my $params = $class->run_create_validators(@_);
+
+  my $api_key = $class->insert_create_data($params);
+
+  $api_key->{key} = $key;
+  $dbh->bz_commit_transaction();
+
+  return $api_key;
+}
+
 1;
 
 __END__
@@ -134,6 +182,10 @@ For example: "Dashboard key", "Application X key".
 
 If true, this api key cannot be used.
 
+=item C<banned>
+
+If true, this api key has been revoked by an admin and cannot be used.
+
 =item C<last_used>
 
 The date that this key was last used. undef if never used.
@@ -152,4 +204,25 @@ Sets the new description
 
 Sets the revoked flag
 
+=item C<set_banned>
+
+Sets the banned flag, you must be in the admin group to set this field.
+
+=back
+
+
+=head1 CLASS FUNCTIONS
+
+These are functions that are not called on a User object, but instead are
+called "statically," just like a normal procedural function.
+
+=over 4
+
+=item C<create>
+
+The same as L<Bugzilla::Object/create>.
+
+Params: description - What the key is used for
+        user_id - The uid of the user this key belongs to.
+
 =back