diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2012-10-16 23:25:00 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-10-16 23:25:00 +0200 |
commit | bb85be28137ca2a822eb8164421072d8a088661e (patch) | |
tree | 15c1f039e982760c4708c950c76b8f378646d375 | |
parent | 7d0b9d75d0c57661729ff931ee283675016b53f2 (diff) | |
download | bugzilla-bb85be28137ca2a822eb8164421072d8a088661e.tar.gz bugzilla-bb85be28137ca2a822eb8164421072d8a088661e.tar.xz |
Bug 577329 - WebServices should filter email addresses same as the web UI as users are not always required to login
-rw-r--r-- | Bugzilla/Config/Auth.pm | 6 | ||||
-rw-r--r-- | Bugzilla/Util.pm | 2 | ||||
-rw-r--r-- | Bugzilla/WebService.pm | 5 | ||||
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 16 | ||||
-rw-r--r-- | Bugzilla/WebService/Product.pm | 6 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 5 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 7 | ||||
-rw-r--r-- | Bugzilla/WebService/User.pm | 14 | ||||
-rw-r--r-- | extensions/ComponentWatching/Extension.pm | 12 | ||||
-rw-r--r-- | template/en/default/admin/params/auth.html.tmpl | 6 |
10 files changed, 53 insertions, 26 deletions
diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm index a61cab5a2..d70c1f81e 100644 --- a/Bugzilla/Config/Auth.pm +++ b/Bugzilla/Config/Auth.pm @@ -97,6 +97,12 @@ sub get_param_list { }, { + name => 'webservice_email_filter', + type => 'b', + default => 0 + }, + + { name => 'emailregexp', type => 't', default => q:^[\\w\\.\\+\\-=]+@[\\w\\.\\-]+\\.[\\w\\-]+$:, diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index c754f4081..9c8f80dcf 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -44,7 +44,7 @@ use base qw(Exporter); bz_crypt generate_random_password validate_email_syntax clean_text get_text template_var disable_utf8 - detect_encoding); + detect_encoding email_filter); use Bugzilla::Constants; use Bugzilla::RNG qw(irand); diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 166707626..8e0bfd9c9 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -79,6 +79,11 @@ A floating-point number. May be null. A string. May be null. +=item C<email> + +A string representing an email address. This value, when returned, +may be filtered based on if the user is logged in or not. May be null. + =item C<dateTime> A date/time. Represented differently in different interfaces to this API. diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index e62ad0570..1722086cd 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -309,8 +309,8 @@ sub _translate_comment { return filter $filters, { id => $self->type('int', $comment->id), bug_id => $self->type('int', $comment->bug_id), - creator => $self->type('string', $comment->author->login), - author => $self->type('string', $comment->author->login), + creator => $self->type('email', $comment->author->login), + author => $self->type('email', $comment->author->login), time => $self->type('dateTime', $comment->creation_ts), creation_time => $self->type('dateTime', $comment->creation_ts), is_private => $self->type('boolean', $comment->is_private), @@ -908,18 +908,18 @@ sub _bug_to_hash { # We don't do the SQL calls at all if the filter would just # eliminate them anyway. if (filter_wants $params, 'assigned_to') { - $item{'assigned_to'} = $self->type('string', $bug->assigned_to->login); + $item{'assigned_to'} = $self->type('email', $bug->assigned_to->login); } if (filter_wants $params, 'blocks') { my @blocks = map { $self->type('int', $_) } @{ $bug->blocked }; $item{'blocks'} = \@blocks; } if (filter_wants $params, 'cc') { - my @cc = map { $self->type('string', $_) } @{ $bug->cc || [] }; + my @cc = map { $self->type('email', $_) } @{ $bug->cc || [] }; $item{'cc'} = \@cc; } if (filter_wants $params, 'creator') { - $item{'creator'} = $self->type('string', $bug->reporter->login); + $item{'creator'} = $self->type('email', $bug->reporter->login); } if (filter_wants $params, 'depends_on') { my @depends_on = map { $self->type('int', $_) } @{ $bug->dependson }; @@ -943,7 +943,7 @@ sub _bug_to_hash { } if (filter_wants $params, 'qa_contact') { my $qa_login = $bug->qa_contact ? $bug->qa_contact->login : ''; - $item{'qa_contact'} = $self->type('string', $qa_login); + $item{'qa_contact'} = $self->type('email', $qa_login); } if (filter_wants $params, 'see_also') { my @see_also = map { $self->type('string', $_->name) } @@ -1020,7 +1020,7 @@ sub _attachment_to_hash { # the filter wants them. foreach my $field (qw(creator attacher)) { if (filter_wants $filters, $field) { - $item->{$field} = $self->type('string', $attach->attacher->login); + $item->{$field} = $self->type('email', $attach->attacher->login); } } @@ -1049,7 +1049,7 @@ sub _flag_to_hash { foreach my $field (qw(setter requestee)) { my $field_id = $field . "_id"; - $item->{$field} = $self->type('string', $flag->$field->login) + $item->{$field} = $self->type('email', $flag->$field->login) if $flag->$field_id; } diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm index c705ece28..7d31f2c38 100644 --- a/Bugzilla/WebService/Product.pm +++ b/Bugzilla/WebService/Product.pm @@ -172,11 +172,11 @@ sub _component_to_hash { name => $self->type('string', $component->name), description => - $self->type('string' , $component->description), + $self->type('string', $component->description), default_assigned_to => - $self->type('string' , $component->default_assignee->login), + $self->type('email', $component->default_assignee->login), default_qa_contact => - $self->type('string' , $component->default_qa_contact->login), + $self->type('email', $component->default_qa_contact->login), sort_key => # sort_key is returned to match Bug.fields 0, is_active => diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index cec1c29ea..63e9ca335 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -38,7 +38,7 @@ BEGIN { use Bugzilla::Error; use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(taint_data); -use Bugzilla::Util qw(correct_urlbase trim disable_utf8); +use Bugzilla::Util; use HTTP::Message; use MIME::Base64 qw(decode_base64 encode_base64); @@ -221,6 +221,9 @@ sub type { utf8::encode($value) if utf8::is_utf8($value); $retval = encode_base64($value, ''); } + elsif ($type eq 'email' && Bugzilla->params->{'webservice_email_filter'}) { + $retval = email_filter($value); + } return $retval; } diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 025fb8f19..824f6ee2d 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -30,6 +30,7 @@ if ($ENV{MOD_PERL}) { } use Bugzilla::WebService::Constants; +use Bugzilla::Util; # Allow WebService methods to call XMLRPC::Lite's type method directly BEGIN { @@ -41,6 +42,12 @@ BEGIN { $value = Bugzilla::WebService::Server->datetime_format_outbound($value); $value =~ s/-//g; } + elsif ($type eq 'email') { + $type = 'string'; + if (Bugzilla->params->{'webservice_email_filter'}) { + $value = email_filter($value); + } + } return XMLRPC::Data->type($type)->value($value); }; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 93c0881cb..d9fc890f7 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -157,8 +157,8 @@ sub get { \@user_objects, $params); @users = map {filter $params, { id => $self->type('int', $_->id), - real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), + real_name => $self->type('string', $_->name), + name => $self->type('email', $_->login), }} @$in_group; return { users => \@users }; @@ -199,7 +199,7 @@ sub get { } } } - + my $in_group = $self->_filter_users_by_group( \@user_objects, $params); if (Bugzilla->user->in_group('editusers')) { @@ -207,8 +207,8 @@ sub get { map {filter $params, { id => $self->type('int', $_->id), real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), - email => $self->type('string', $_->email), + name => $self->type('email', $_->login), + email => $self->type('email', $_->email), can_login => $self->type('boolean', $_->is_enabled ? 1 : 0), groups => $self->_filter_bless_groups($_->groups), email_enabled => $self->type('boolean', $_->email_enabled), @@ -221,8 +221,8 @@ sub get { map {filter $params, { id => $self->type('int', $_->id), real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), - email => $self->type('string', $_->email), + name => $self->type('email', $_->login), + email => $self->type('email', $_->email), can_login => $self->type('boolean', $_->is_enabled ? 1 : 0), groups => $self->_filter_bless_groups($_->groups), saved_searches => [map { $self->_query_to_hash($_) } @{ $_->queries }], diff --git a/extensions/ComponentWatching/Extension.pm b/extensions/ComponentWatching/Extension.pm index 00c0e49d3..e8e62b8b6 100644 --- a/extensions/ComponentWatching/Extension.pm +++ b/extensions/ComponentWatching/Extension.pm @@ -66,11 +66,11 @@ sub install_update_db { 'watch_user', { TYPE => 'INT3', - REFERENCES => { - TABLE => 'profiles', - COLUMN => 'userid', - DELETE => 'SET NULL', - } + #REFERENCES => { + # TABLE => 'profiles', + # COLUMN => 'userid', + # DELETE => 'SET NULL', + #} } ); } @@ -158,7 +158,7 @@ sub object_end_of_update { sub _check_watch_user { my ($self, $value, $field) = @_; - + return 0; $value = trim($value || ''); if ($value eq '') { ThrowUserError('component_watch_missing_watch_user'); diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl index 2e11dffbc..7a8d34791 100644 --- a/template/en/default/admin/params/auth.html.tmpl +++ b/template/en/default/admin/params/auth.html.tmpl @@ -107,6 +107,12 @@ "front page will require a login. No anonymous users will " _ "be permitted.", + webservice_email_filter => "Filter email addresses returned by the WebService API depending on " _ + "if the user is logged in or not. This works similarly to how the " _ + "web UI currently filters email addresses. If <tt>requirelogin</tt> " _ + "is enabled, then this parameter has no effect as users must be logged " _ + "in to use Bugzilla.", + emailregexp => "This defines the regexp to use for legal email addresses. The " _ "default tries to match fully qualified email addresses. Another " _ "popular value to put here is <tt>^[^@]+$</tt>, which means " _ |