summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2014-11-14 20:45:46 +0100
committerDavid Lawrence <dkl@mozilla.com>2014-11-14 20:45:46 +0100
commit987611195db12b9c42cdfdbb383811f99322cdd7 (patch)
tree5c4fe3e26f87b225753a9c70892416fe514e07e7
parentae3093fa0de16ffd653f8c4c55e4311e9264ab08 (diff)
downloadbugzilla-987611195db12b9c42cdfdbb383811f99322cdd7.tar.gz
bugzilla-987611195db12b9c42cdfdbb383811f99322cdd7.tar.xz
Bug 1097813: backport upstream bug 1001462 to bmo/4.2 to fix issue with using tokens with webservice rest api
-rw-r--r--Bugzilla/Auth.pm2
-rw-r--r--Bugzilla/Auth/Login.pm1
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm2
-rw-r--r--Bugzilla/Auth/Persist/Cookie.pm4
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm7
-rw-r--r--Bugzilla/WebService/User.pm50
-rw-r--r--Bugzilla/WebService/Util.pm6
7 files changed, 33 insertions, 39 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 2c58b52a8..9f4fb8fa3 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -168,7 +168,7 @@ sub _handle_login_result {
if ($self->{_info_getter}->{successful}->requires_persistence
and !Bugzilla->request_cache->{auth_no_automatic_login})
{
- $self->{_persister}->persist_login($user);
+ $user->{_login_token} = $self->{_persister}->persist_login($user);
}
}
elsif ($fail_code == AUTH_ERROR) {
diff --git a/Bugzilla/Auth/Login.pm b/Bugzilla/Auth/Login.pm
index 7e03778b3..09830da25 100644
--- a/Bugzilla/Auth/Login.pm
+++ b/Bugzilla/Auth/Login.pm
@@ -17,7 +17,6 @@
package Bugzilla::Auth::Login;
use strict;
-use fields qw(_login_token);
# Determines whether or not a user can logout. It's really a subroutine,
# but we implement it here as a constant. Override it in subclasses if
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 62a6c58a9..e3b86d384 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -17,7 +17,9 @@
package Bugzilla::Auth::Login::Cookie;
use strict;
+
use base qw(Bugzilla::Auth::Login);
+use fields qw(_login_token);
use Bugzilla::Constants;
use Bugzilla::Util;
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index c1d133772..a064a231a 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -36,8 +36,6 @@ use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Token;
-use Bugzilla::Auth::Login::Cookie qw(login_token);
-
use List::Util qw(first);
sub new {
@@ -102,6 +100,8 @@ sub persist_login {
$cgi->send_cookie(-name => 'Bugzilla_logincookie',
-value => $login_cookie,
%cookieargs);
+
+ return $login_cookie;
}
sub logout {
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 8d9108122..f56fa3439 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -123,6 +123,7 @@ our @ISA = qw(XMLRPC::Deserializer);
use Bugzilla::Error;
use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
+use Bugzilla::WebService::Util qw(fix_credentials);
use Scalar::Util qw(tainted);
sub deserialize {
@@ -146,7 +147,13 @@ sub deserialize {
my $params = $som->paramsin;
# This allows positional parameters for Testopia.
$params = {} if ref $params ne 'HASH';
+
+ # Update the params to allow for several convenience key/values
+ # use for authentication
+ fix_credentials($params);
+
Bugzilla->input_params($params);
+
return $som;
}
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index 1e6de143c..b6351635c 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -64,44 +64,21 @@ use constant MAPPED_RETURNS => {
sub login {
my ($self, $params) = @_;
- my $remember = $params->{remember};
+
+ # Check to see if we are already logged in
+ my $user = Bugzilla->user;
+ if ($user->id) {
+ return $self->_login_to_hash($user);
+ }
# Username and password params are required
foreach my $param ("login", "password") {
- defined $params->{$param}
+ (defined $params->{$param} || defined $params->{'Bugzilla_' . $param})
|| ThrowCodeError('param_required', { param => $param });
}
- # Convert $remember from a boolean 0/1 value to a CGI-compatible one.
- if (defined($remember)) {
- $remember = $remember? 'on': '';
- }
- else {
- # Use Bugzilla's default if $remember is not supplied.
- $remember =
- Bugzilla->params->{'rememberlogin'} eq 'defaulton'? 'on': '';
- }
-
- # Make sure the CGI user info class works if necessary.
- my $input_params = Bugzilla->input_params;
- $input_params->{'Bugzilla_login'} = $params->{login};
- $input_params->{'Bugzilla_password'} = $params->{password};
- $input_params->{'Bugzilla_remember'} = $remember;
-
- my $user = Bugzilla->login();
-
- my $result = { id => $self->type('int', $user->id) };
-
- # We will use the stored cookie value combined with the user id
- # to create a token that can be used with future requests in the
- # query parameters
- my $login_cookie = first { $_->name eq 'Bugzilla_logincookie' }
- @{ Bugzilla->cgi->{'Bugzilla_cookie_list'} };
- if ($login_cookie) {
- $result->{'token'} = $user->id . "-" . $login_cookie->value;
- }
-
- return $result;
+ $user = Bugzilla->login();
+ return $self->_login_to_hash($user);
}
sub logout {
@@ -419,6 +396,15 @@ sub _query_to_hash {
return $item;
}
+sub _login_to_hash {
+ my ($self, $user) = @_;
+ my $item = { id => $self->type('int', $user->id) };
+ if (my $login_token = $user->{_login_token}) {
+ $item->{'token'} = $user->id . "-" . $login_token;
+ }
+ return $item;
+}
+
1;
__END__
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 856fd3481..c21bcd344 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -276,13 +276,13 @@ sub fix_credentials {
# even if not calling GET /login. We also do not delete them as
# GET /login requires "login" and "password".
if (exists $params->{'login'} && exists $params->{'password'}) {
- $params->{'Bugzilla_login'} = $params->{'login'};
- $params->{'Bugzilla_password'} = $params->{'password'};
+ $params->{'Bugzilla_login'} = delete $params->{'login'};
+ $params->{'Bugzilla_password'} = delete $params->{'password'};
}
# Allow user to pass token=12345678 as a convenience which becomes
# "Bugzilla_token" which is what the auth code looks for.
if (exists $params->{'token'}) {
- $params->{'Bugzilla_token'} = $params->{'token'};
+ $params->{'Bugzilla_token'} = delete $params->{'token'};
}
# Allow extensions to modify the credential data before login