Merge remote-tracking branch 'origin/master' into bg-bulk-edits

Bugzilla.pm

@@ -13,7 +13,7 @@ use warnings;
 
 use Bugzilla::Logging;
 
-our $VERSION = '20181207.1';
+our $VERSION = '20181213.1';
 
 use Bugzilla::Auth;
 use Bugzilla::Auth::Persist::Cookie;
@@ -395,7 +395,7 @@ sub login {
   }
 
   # If Mojo native app is requesting login, we need to possibly redirect
-  my $C = $Bugzilla::Quantum::CGI::C;
+  my $C = $Bugzilla::App::CGI::C;
   if ($C->session->{override_login_target}) {
     my $mojo_url = Mojo::URL->new($C->session->{override_login_target});
     $mojo_url->query($C->session->{cgi_params});
@@ -788,7 +788,7 @@ sub check_rate_limit {
       Bugzilla->audit(
         "[rate_limit] action=$action, ip=$ip, limit=$limit, name=$name");
       if ($action eq 'block') {
-        $Bugzilla::Quantum::CGI::C->block_ip($ip);
+        $Bugzilla::App::CGI::C->block_ip($ip);
         ThrowUserError("rate_limit");
       }
     }

Bugzilla/Quantum.pm → Bugzilla/App.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum;
+package Bugzilla::App;
 use Mojo::Base 'Mojolicious';
 
 # Needed for its exit() overload, must happen early in execution.
@@ -20,34 +20,60 @@ use Bugzilla::Constants qw(bz_locations);
 use Bugzilla::Extension             ();
 use Bugzilla::Install::Requirements ();
 use Bugzilla::Logging;
-use Bugzilla::Quantum::CGI;
-use Bugzilla::Quantum::OAuth2::Clients;
-use Bugzilla::Quantum::SES;
-use Bugzilla::Quantum::Home;
-use Bugzilla::Quantum::API;
-use Bugzilla::Quantum::Static;
+use Bugzilla::App::CGI;
+use Bugzilla::App::OAuth2::Clients;
+use Bugzilla::App::SES;
+use Bugzilla::App::Home;
+use Bugzilla::App::API;
+use Bugzilla::App::Static;
 use Mojo::Loader qw( find_modules );
 use Module::Runtime qw( require_module );
 use Bugzilla::Util ();
 use Cwd qw(realpath);
 use MojoX::Log::Log4perl::Tiny;
 use Bugzilla::WebService::Server::REST;
+use Try::Tiny;
 
-has 'static' => sub { Bugzilla::Quantum::Static->new };
+has 'static' => sub { Bugzilla::App::Static->new };
 
 sub startup {
   my ($self) = @_;
 
-  DEBUG('Starting up');
-  $self->plugin('Bugzilla::Quantum::Plugin::BlockIP');
-  $self->plugin('Bugzilla::Quantum::Plugin::Glue');
-  $self->plugin('Bugzilla::Quantum::Plugin::Hostage')
+  TRACE('Starting up');
+  $self->plugin('Bugzilla::App::Plugin::BlockIP');
+  $self->plugin('Bugzilla::App::Plugin::Glue');
+  $self->plugin('Bugzilla::App::Plugin::Hostage')
     unless $ENV{BUGZILLA_DISABLE_HOSTAGE};
-  $self->plugin('Bugzilla::Quantum::Plugin::SizeLimit')
+  $self->plugin('Bugzilla::App::Plugin::SizeLimit')
     unless $ENV{BUGZILLA_DISABLE_SIZELIMIT};
   $self->plugin('ForwardedFor') if Bugzilla->has_feature('better_xff');
-  $self->plugin('Bugzilla::Quantum::Plugin::Helpers');
-  $self->plugin('Bugzilla::Quantum::Plugin::OAuth2');
+  $self->plugin('Bugzilla::App::Plugin::Helpers');
+  $self->plugin('Bugzilla::App::Plugin::OAuth2');
+
+  push @{ $self->commands->namespaces }, 'Bugzilla::App::Command';
+
+  $self->hook(
+    before_routes => sub {
+      my ($c) = @_;
+      return if $c->stash->{'mojo.static'};
+
+      # It is possible the regexp is bad.
+      # If that is the case, we just log the error and continue on.
+      try {
+        my $regexp = Bugzilla->params->{block_user_agent};
+        if ($regexp && $c->req->headers->user_agent =~ /$regexp/) {
+          my $msg = "Contact " . Bugzilla->params->{maintainer};
+          $c->respond_to(
+            json => {json => {error => $msg}, status => 400},
+            any  => {text => "$msg\n",        status => 400},
+          );
+        }
+      }
+      catch {
+        ERROR($_);
+      };
+    }
+  );
 
   # hypnotoad is weird and doesn't look for MOJO_LISTEN itself.
   $self->config(
@@ -101,8 +127,8 @@ sub setup_routes {
   my ($self) = @_;
 
   my $r = $self->routes;
-  Bugzilla::Quantum::CGI->setup_routes($r);
-  Bugzilla::Quantum::CGI->load_one('bzapi_cgi', 'extensions/BzAPI/bin/rest.cgi');
+  Bugzilla::App::CGI->setup_routes($r);
+  Bugzilla::App::CGI->load_one('bzapi_cgi', 'extensions/BzAPI/bin/rest.cgi');
 
   $r->get('/home')->to('Home#index');
   $r->any('/')->to('CGI#index_cgi');
@@ -137,9 +163,9 @@ sub setup_routes {
   $r->any('/login')->to('CGI#index_cgi' => {'GoAheadAndLogIn' => '1'});
   $r->any('/:new_bug' => [new_bug => qr{new[-_]bug}])->to('CGI#new_bug_cgi');
 
-  Bugzilla::Quantum::API->setup_routes($r);
-  Bugzilla::Quantum::SES->setup_routes($r);
-  Bugzilla::Quantum::OAuth2::Clients->setup_routes($r);
+  Bugzilla::App::API->setup_routes($r);
+  Bugzilla::App::SES->setup_routes($r);
+  Bugzilla::App::OAuth2::Clients->setup_routes($r);
 }
 
 1;

Bugzilla/Quantum/API.pm → Bugzilla/App/API.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::API;
+package Bugzilla::App::API;
 use 5.10.1;
 use Mojo::Base qw( Mojolicious::Controller );
 use Mojo::JSON qw( true false );

Bugzilla/Quantum/CGI.pm → Bugzilla/App/CGI.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::CGI;
+package Bugzilla::App::CGI;
 use Mojo::Base 'Mojolicious::Controller';
 
 use CGI::Compile;
@@ -17,7 +17,7 @@ use Sub::Name;
 use Socket qw(AF_INET inet_aton);
 use Mojo::File qw(path);
 use English qw(-no_match_vars);
-use Bugzilla::Quantum::Stdout;
+use Bugzilla::App::Stdout;
 use Bugzilla::Constants qw(bz_locations USAGE_MODE_BROWSER);
 
 our $C;
@@ -53,7 +53,7 @@ sub load_one {
     open STDIN, '<', $stdin->path
       or die "STDIN @{[$stdin->path]}: $!"
       if -s $stdin->path;
-    tie *STDOUT, 'Bugzilla::Quantum::Stdout', controller => $c;   ## no critic (tie)
+    tie *STDOUT, 'Bugzilla::App::Stdout', controller => $c;   ## no critic (tie)
 
     # the finally block calls cleanup.
     $c->stash->{cleanup_guard}->dismiss;

Bugzilla/App/Command/revoke_api_keys.pm

@@ -0,0 +1,96 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::App::Command::revoke_api_keys; ## no critic (Capitalization)
+use 5.10.1;
+use Mojo::Base 'Mojolicious::Command';
+
+use Bugzilla::Constants;
+use Bugzilla::User::APIKey;
+use Mojo::File 'path';
+use Mojo::Util 'getopt';
+use PerlX::Maybe 'maybe';
+
+has description => 'Revoke api keys';
+has usage => sub { shift->extract_usage };
+
+sub run {
+  my ($self, @args) = @_;
+  my ($app_id, $description);
+
+  Bugzilla->usage_mode(USAGE_MODE_CMDLINE);
+  getopt \@args,
+    'a|app-id=s'         => \$app_id,
+    'd|description-id=s' => \$description;
+  die $self->usage unless $app_id || $description;
+
+  my $query = {
+    revoked => 0,
+    maybe(app_id => $app_id), maybe(description => $description)
+  };
+  my $keys = Bugzilla::User::APIKey->match($query);
+  foreach my $key (@$keys) {
+    say 'Updating ', $key->id;
+    $key->set_revoked(1);
+    $key->update();
+  }
+}
+
+1;
+__END__
+=encoding utf8
+
+=head1 NAME
+
+Bugzilla::App::Command::revoke_api_keys - revoke API keys command
+
+=head1 SYNOPSIS
+
+  Usage: APPLICATION revoke_api_keys [OPTIONS]
+
+    mojo revoke_api_keys -a deadbeef
+
+  Options:
+    -h, --help                  Show this summary of available options
+    -a, --app-id app_id         Match against a specific app_id
+    -d, --description desc      Match against a specific description
+
+=head1 DESCRIPTION
+
+L<Bugzilla::App::Command::revoke_api_keys> revokes API keys.
+
+=head1 ATTRIBUTES
+
+L<Bugzilla::App::Command::revoke_api_keys> inherits all attributes from
+L<Mojolicious::Command> and implements the following new ones.
+
+=head2 description
+
+  my $description = $revoke_api_keys->description;
+  $revoke_api_keys        = $revoke_api_keys->description('Foo');
+
+Short description of this command, used for the command list.
+
+=head2 usage
+
+  my $usage = $revoke_api_keys->usage;
+  $revoke_api_keys  = $revoke_api_keys->usage('Foo');
+
+Usage information for this command, used for the help screen.
+
+=head1 METHODS
+
+L<Bugzilla::App::Command::revoke_api_keys> inherits all methods from
+L<Mojolicious::Command> and implements the following new ones.
+
+=head2 run
+
+  $revoke_api_keys->run(@ARGV);
+
+Run this command.
+
+=cut

Bugzilla/Quantum/Home.pm → Bugzilla/App/Home.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::Home;
+package Bugzilla::App::Home;
 use Mojo::Base 'Mojolicious::Controller';
 
 use Bugzilla::Error;

Bugzilla/Quantum/OAuth2/Clients.pm → Bugzilla/App/OAuth2/Clients.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::OAuth2::Clients;
+package Bugzilla::App::OAuth2::Clients;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Controller';
 

Bugzilla/Quantum/Plugin/BlockIP.pm → Bugzilla/App/Plugin/BlockIP.pm

@@ -1,4 +1,4 @@
-package Bugzilla::Quantum::Plugin::BlockIP;
+package Bugzilla::App::Plugin::BlockIP;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Plugin';
 

Bugzilla/Quantum/Plugin/Glue.pm → Bugzilla/App/Plugin/Glue.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::Plugin::Glue;
+package Bugzilla::App::Plugin::Glue;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Plugin';
 

Bugzilla/Quantum/Plugin/Helpers.pm → Bugzilla/App/Plugin/Helpers.pm

@@ -4,7 +4,7 @@
 #
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
-package Bugzilla::Quantum::Plugin::Helpers;
+package Bugzilla::App::Plugin::Helpers;
 use 5.10.1;
 use Mojo::Base qw(Mojolicious::Plugin);
 

Bugzilla/Quantum/Plugin/Hostage.pm → Bugzilla/App/Plugin/Hostage.pm

@@ -1,4 +1,4 @@
-package Bugzilla::Quantum::Plugin::Hostage;
+package Bugzilla::App::Plugin::Hostage;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Plugin';
 use Bugzilla::Logging;

Bugzilla/Quantum/Plugin/OAuth2.pm → Bugzilla/App/Plugin/OAuth2.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::Plugin::OAuth2;
+package Bugzilla::App::Plugin::OAuth2;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Plugin::OAuth2::Server';
 

Bugzilla/Quantum/Plugin/SizeLimit.pm → Bugzilla/App/Plugin/SizeLimit.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::Plugin::SizeLimit;
+package Bugzilla::App::Plugin::SizeLimit;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Plugin';
 use Mojo::JSON qw(decode_json);

Bugzilla/Quantum/SES.pm → Bugzilla/App/SES.pm

@@ -1,4 +1,4 @@
-package Bugzilla::Quantum::SES;
+package Bugzilla::App::SES;
 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this

Bugzilla/Quantum/Static.pm → Bugzilla/App/Static.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::Static;
+package Bugzilla::App::Static;
 use Mojo::Base 'Mojolicious::Static';
 use Bugzilla::Constants qw(bz_locations);
 

Bugzilla/Quantum/Stdout.pm → Bugzilla/App/Stdout.pm

@@ -5,7 +5,7 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-package Bugzilla::Quantum::Stdout;
+package Bugzilla::App::Stdout;
 use 5.10.1;
 use Moo;
 

Bugzilla/CGI.pm

@@ -47,6 +47,9 @@ sub DEFAULT_CSP {
     connect_src => [
       'self',
 
+      # This is for extensions/BMO/web/js/firefox-crash-table.js
+      'https://product-details.mozilla.org',
+
       # This is for extensions/GoogleAnalytics using beacon or XHR
       'https://www.google-analytics.com',
 
@@ -86,6 +89,9 @@ sub SHOW_BUG_MODAL_CSP {
     connect_src => [
       'self',
 
+      # This is for extensions/BMO/web/js/firefox-crash-table.js
+      'https://product-details.mozilla.org',
+
       # This is for extensions/GoogleAnalytics using beacon or XHR
       'https://www.google-analytics.com',
 
@@ -641,8 +647,8 @@ sub header {
     }
   }
   my $headers = $self->SUPER::header(%headers) || '';
-  if ($self->server_software eq 'Bugzilla::Quantum::CGI') {
-    my $c = $Bugzilla::Quantum::CGI::C;
+  if ($self->server_software eq 'Bugzilla::App::CGI') {
+    my $c = $Bugzilla::App::CGI::C;
     $c->res->headers->parse($headers);
     my $status = $c->res->headers->status;
     if ($status && $status =~ /^([0-9]+)/) {
@@ -658,7 +664,7 @@ sub header {
   }
   else {
     LOGDIE(
-      "Bugzilla::CGI->header() should only be called from inside Bugzilla::Quantum::CGI!"
+      "Bugzilla::CGI->header() should only be called from inside Bugzilla::App::CGI!"
     );
   }
 }