summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-10-16 23:25:00 +0200
committerDave Lawrence <dlawrence@mozilla.com>2012-10-16 23:25:00 +0200
commitbb85be28137ca2a822eb8164421072d8a088661e (patch)
tree15c1f039e982760c4708c950c76b8f378646d375
parent7d0b9d75d0c57661729ff931ee283675016b53f2 (diff)
downloadbugzilla-bb85be28137ca2a822eb8164421072d8a088661e.tar.gz
bugzilla-bb85be28137ca2a822eb8164421072d8a088661e.tar.xz
Bug 577329 - WebServices should filter email addresses same as the web UI as users are not always required to login
-rw-r--r--Bugzilla/Config/Auth.pm6
-rw-r--r--Bugzilla/Util.pm2
-rw-r--r--Bugzilla/WebService.pm5
-rw-r--r--Bugzilla/WebService/Bug.pm16
-rw-r--r--Bugzilla/WebService/Product.pm6
-rw-r--r--Bugzilla/WebService/Server/JSONRPC.pm5
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm7
-rw-r--r--Bugzilla/WebService/User.pm14
-rw-r--r--extensions/ComponentWatching/Extension.pm12
-rw-r--r--template/en/default/admin/params/auth.html.tmpl6
10 files changed, 53 insertions, 26 deletions
diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm
index a61cab5a2..d70c1f81e 100644
--- a/Bugzilla/Config/Auth.pm
+++ b/Bugzilla/Config/Auth.pm
@@ -97,6 +97,12 @@ sub get_param_list {
},
{
+ name => 'webservice_email_filter',
+ type => 'b',
+ default => 0
+ },
+
+ {
name => 'emailregexp',
type => 't',
default => q:^[\\w\\.\\+\\-=]+@[\\w\\.\\-]+\\.[\\w\\-]+$:,
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index c754f4081..9c8f80dcf 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -44,7 +44,7 @@ use base qw(Exporter);
bz_crypt generate_random_password
validate_email_syntax clean_text
get_text template_var disable_utf8
- detect_encoding);
+ detect_encoding email_filter);
use Bugzilla::Constants;
use Bugzilla::RNG qw(irand);
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm
index 166707626..8e0bfd9c9 100644
--- a/Bugzilla/WebService.pm
+++ b/Bugzilla/WebService.pm
@@ -79,6 +79,11 @@ A floating-point number. May be null.
A string. May be null.
+=item C<email>
+
+A string representing an email address. This value, when returned,
+may be filtered based on if the user is logged in or not. May be null.
+
=item C<dateTime>
A date/time. Represented differently in different interfaces to this API.
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index e62ad0570..1722086cd 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -309,8 +309,8 @@ sub _translate_comment {
return filter $filters, {
id => $self->type('int', $comment->id),
bug_id => $self->type('int', $comment->bug_id),
- creator => $self->type('string', $comment->author->login),
- author => $self->type('string', $comment->author->login),
+ creator => $self->type('email', $comment->author->login),
+ author => $self->type('email', $comment->author->login),
time => $self->type('dateTime', $comment->creation_ts),
creation_time => $self->type('dateTime', $comment->creation_ts),
is_private => $self->type('boolean', $comment->is_private),
@@ -908,18 +908,18 @@ sub _bug_to_hash {
# We don't do the SQL calls at all if the filter would just
# eliminate them anyway.
if (filter_wants $params, 'assigned_to') {
- $item{'assigned_to'} = $self->type('string', $bug->assigned_to->login);
+ $item{'assigned_to'} = $self->type('email', $bug->assigned_to->login);
}
if (filter_wants $params, 'blocks') {
my @blocks = map { $self->type('int', $_) } @{ $bug->blocked };
$item{'blocks'} = \@blocks;
}
if (filter_wants $params, 'cc') {
- my @cc = map { $self->type('string', $_) } @{ $bug->cc || [] };
+ my @cc = map { $self->type('email', $_) } @{ $bug->cc || [] };
$item{'cc'} = \@cc;
}
if (filter_wants $params, 'creator') {
- $item{'creator'} = $self->type('string', $bug->reporter->login);
+ $item{'creator'} = $self->type('email', $bug->reporter->login);
}
if (filter_wants $params, 'depends_on') {
my @depends_on = map { $self->type('int', $_) } @{ $bug->dependson };
@@ -943,7 +943,7 @@ sub _bug_to_hash {
}
if (filter_wants $params, 'qa_contact') {
my $qa_login = $bug->qa_contact ? $bug->qa_contact->login : '';
- $item{'qa_contact'} = $self->type('string', $qa_login);
+ $item{'qa_contact'} = $self->type('email', $qa_login);
}
if (filter_wants $params, 'see_also') {
my @see_also = map { $self->type('string', $_->name) }
@@ -1020,7 +1020,7 @@ sub _attachment_to_hash {
# the filter wants them.
foreach my $field (qw(creator attacher)) {
if (filter_wants $filters, $field) {
- $item->{$field} = $self->type('string', $attach->attacher->login);
+ $item->{$field} = $self->type('email', $attach->attacher->login);
}
}
@@ -1049,7 +1049,7 @@ sub _flag_to_hash {
foreach my $field (qw(setter requestee)) {
my $field_id = $field . "_id";
- $item->{$field} = $self->type('string', $flag->$field->login)
+ $item->{$field} = $self->type('email', $flag->$field->login)
if $flag->$field_id;
}
diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm
index c705ece28..7d31f2c38 100644
--- a/Bugzilla/WebService/Product.pm
+++ b/Bugzilla/WebService/Product.pm
@@ -172,11 +172,11 @@ sub _component_to_hash {
name =>
$self->type('string', $component->name),
description =>
- $self->type('string' , $component->description),
+ $self->type('string', $component->description),
default_assigned_to =>
- $self->type('string' , $component->default_assignee->login),
+ $self->type('email', $component->default_assignee->login),
default_qa_contact =>
- $self->type('string' , $component->default_qa_contact->login),
+ $self->type('email', $component->default_qa_contact->login),
sort_key => # sort_key is returned to match Bug.fields
0,
is_active =>
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index cec1c29ea..63e9ca335 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -38,7 +38,7 @@ BEGIN {
use Bugzilla::Error;
use Bugzilla::WebService::Constants;
use Bugzilla::WebService::Util qw(taint_data);
-use Bugzilla::Util qw(correct_urlbase trim disable_utf8);
+use Bugzilla::Util;
use HTTP::Message;
use MIME::Base64 qw(decode_base64 encode_base64);
@@ -221,6 +221,9 @@ sub type {
utf8::encode($value) if utf8::is_utf8($value);
$retval = encode_base64($value, '');
}
+ elsif ($type eq 'email' && Bugzilla->params->{'webservice_email_filter'}) {
+ $retval = email_filter($value);
+ }
return $retval;
}
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 025fb8f19..824f6ee2d 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -30,6 +30,7 @@ if ($ENV{MOD_PERL}) {
}
use Bugzilla::WebService::Constants;
+use Bugzilla::Util;
# Allow WebService methods to call XMLRPC::Lite's type method directly
BEGIN {
@@ -41,6 +42,12 @@ BEGIN {
$value = Bugzilla::WebService::Server->datetime_format_outbound($value);
$value =~ s/-//g;
}
+ elsif ($type eq 'email') {
+ $type = 'string';
+ if (Bugzilla->params->{'webservice_email_filter'}) {
+ $value = email_filter($value);
+ }
+ }
return XMLRPC::Data->type($type)->value($value);
};
}
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index 93c0881cb..d9fc890f7 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -157,8 +157,8 @@ sub get {
\@user_objects, $params);
@users = map {filter $params, {
id => $self->type('int', $_->id),
- real_name => $self->type('string', $_->name),
- name => $self->type('string', $_->login),
+ real_name => $self->type('string', $_->name),
+ name => $self->type('email', $_->login),
}} @$in_group;
return { users => \@users };
@@ -199,7 +199,7 @@ sub get {
}
}
}
-
+
my $in_group = $self->_filter_users_by_group(
\@user_objects, $params);
if (Bugzilla->user->in_group('editusers')) {
@@ -207,8 +207,8 @@ sub get {
map {filter $params, {
id => $self->type('int', $_->id),
real_name => $self->type('string', $_->name),
- name => $self->type('string', $_->login),
- email => $self->type('string', $_->email),
+ name => $self->type('email', $_->login),
+ email => $self->type('email', $_->email),
can_login => $self->type('boolean', $_->is_enabled ? 1 : 0),
groups => $self->_filter_bless_groups($_->groups),
email_enabled => $self->type('boolean', $_->email_enabled),
@@ -221,8 +221,8 @@ sub get {
map {filter $params, {
id => $self->type('int', $_->id),
real_name => $self->type('string', $_->name),
- name => $self->type('string', $_->login),
- email => $self->type('string', $_->email),
+ name => $self->type('email', $_->login),
+ email => $self->type('email', $_->email),
can_login => $self->type('boolean', $_->is_enabled ? 1 : 0),
groups => $self->_filter_bless_groups($_->groups),
saved_searches => [map { $self->_query_to_hash($_) } @{ $_->queries }],
diff --git a/extensions/ComponentWatching/Extension.pm b/extensions/ComponentWatching/Extension.pm
index 00c0e49d3..e8e62b8b6 100644
--- a/extensions/ComponentWatching/Extension.pm
+++ b/extensions/ComponentWatching/Extension.pm
@@ -66,11 +66,11 @@ sub install_update_db {
'watch_user',
{
TYPE => 'INT3',
- REFERENCES => {
- TABLE => 'profiles',
- COLUMN => 'userid',
- DELETE => 'SET NULL',
- }
+ #REFERENCES => {
+ # TABLE => 'profiles',
+ # COLUMN => 'userid',
+ # DELETE => 'SET NULL',
+ #}
}
);
}
@@ -158,7 +158,7 @@ sub object_end_of_update {
sub _check_watch_user {
my ($self, $value, $field) = @_;
-
+ return 0;
$value = trim($value || '');
if ($value eq '') {
ThrowUserError('component_watch_missing_watch_user');
diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl
index 2e11dffbc..7a8d34791 100644
--- a/template/en/default/admin/params/auth.html.tmpl
+++ b/template/en/default/admin/params/auth.html.tmpl
@@ -107,6 +107,12 @@
"front page will require a login. No anonymous users will " _
"be permitted.",
+ webservice_email_filter => "Filter email addresses returned by the WebService API depending on " _
+ "if the user is logged in or not. This works similarly to how the " _
+ "web UI currently filters email addresses. If <tt>requirelogin</tt> " _
+ "is enabled, then this parameter has no effect as users must be logged " _
+ "in to use Bugzilla.",
+
emailregexp => "This defines the regexp to use for legal email addresses. The " _
"default tries to match fully qualified email addresses. Another " _
"popular value to put here is <tt>^[^@]+$</tt>, which means " _