summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-05-03 15:30:48 +0200
committerDylan Hardison <dylan@mozilla.com>2016-05-03 15:30:59 +0200
commit3484d7553d36b38a884619188a160fb6351c0374 (patch)
treec224d87d983abebfe78f81866dc531266d16bc40
parentfb321b50db1850f6b3a9a3ababa5913c504acfdf (diff)
downloadbugzilla-3484d7553d36b38a884619188a160fb6351c0374.tar.gz
bugzilla-3484d7553d36b38a884619188a160fb6351c0374.tar.xz
Bug 1269236 - Incorrect checking of API tokens possibly leads to CSRF and data disclosure vulnerability for insecure accounts
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm15
1 files changed, 6 insertions, 9 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 0b5842523..0a2386ee9 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -64,15 +64,7 @@ sub get_login_info {
# If the call is for a web service, and an api token is provided, check
# it is valid.
if (i_am_webservice()) {
- if ($login_cookie
- && Bugzilla->usage_mode == USAGE_MODE_REST
- && !exists Bugzilla->input_params->{Bugzilla_api_token})
- {
- # REST requires an api-token when using cookie authentication
- # fall back to a non-authenticated request
- $login_cookie = '';
-
- } elsif (Bugzilla->input_params->{Bugzilla_api_token}) {
+ if (exists Bugzilla->input_params->{Bugzilla_api_token}) {
my $api_token = Bugzilla->input_params->{Bugzilla_api_token};
my ($token_user_id, undef, undef, $token_type)
= Bugzilla::Token::GetTokenData($api_token);
@@ -84,6 +76,11 @@ sub get_login_info {
}
$is_internal = 1;
}
+ elsif ($login_cookie && Bugzilla->usage_mode == USAGE_MODE_REST) {
+ # REST requires an api-token when using cookie authentication
+ # fall back to a non-authenticated request
+ $login_cookie = '';
+ }
}
}