diff options
author | Dylan William Hardison <dylan@hardison.net> | 2015-08-24 20:50:16 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-08-24 20:50:16 +0200 |
commit | 07a68c6d4fa62432c9668176b4876133d45cce0e (patch) | |
tree | 9052bb9e238c10ba1fd803474d94a6e37d555f29 | |
parent | 5fd2b62a573eb1eaef834367008be0e24e1fca57 (diff) | |
download | bugzilla-07a68c6d4fa62432c9668176b4876133d45cce0e.tar.gz bugzilla-07a68c6d4fa62432c9668176b4876133d45cce0e.tar.xz |
Bug 1175643 - Rewrite auth delegation to use a server-side POST instead of a client-side GET to delegate API Key
r/a=dkl
-rwxr-xr-x | auth.cgi | 39 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 9 |
2 files changed, 44 insertions, 4 deletions
@@ -23,6 +23,8 @@ use Bugzilla::Mailer qw(MessageToMTA); use URI; use URI::QueryParam; use Digest::SHA qw(sha256_hex); +use LWP::UserAgent (); +use JSON qw(decode_json encode_json); Bugzilla->login(LOGIN_REQUIRED); @@ -88,10 +90,39 @@ if ($confirmed || $skip_confirmation) { MessageToMTA($message); } - $callback_uri->query_param(client_api_key => $api_key->api_key); - $callback_uri->query_param(client_api_login => $user->login); - - print $cgi->redirect($callback_uri); + my $ua = LWP::UserAgent->new(); + $ua->timeout(2); + $ua->protocols_allowed(['http', 'https']); + # If the URL of the proxy is given, use it, else get this information + # from the environment variable. + my $proxy_url = Bugzilla->params->{'proxy_url'}; + if ($proxy_url) { + $ua->proxy(['http', 'https'], $proxy_url); + } + else { + $ua->env_proxy; + } + my $content = encode_json({ client_api_key => $api_key->api_key, + client_api_login => $user->login }); + my $resp = $ua->post($callback_uri, + 'Content-Type' => 'application/json', + Content => $content); + if ($resp->code == 200) { + $callback_uri->query_param(client_api_login => $user->login); + eval { + my $data = decode_json($resp->content); + $callback_uri->query_param(callback_result => $data->{result}); + }; + if ($@) { + ThrowUserError('auth_delegation_json_error', { json_text => $resp->content }); + } + else { + print $cgi->redirect($callback_uri); + } + } + else { + ThrowUserError('auth_delegation_post_error', { code => $resp->code }); + } } else { $args{token} = issue_auth_delegation_token($callback); diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 710928562..81d5055c6 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -140,6 +140,15 @@ [% title = "Auth delegation can't be confirmed" %] Auth delegation cannot be confirmed due to missing or invalid token. + [% ELSIF error == "auth_delegation_json_error" %] + [% title = "Auth delegation received invalid JSON" %] + Auth delegation received an invalid JSON response from auth consumer: + <pre>[% json_text FILTER html %]</pre> + + [% ELSIF error == "auth_delegation_post_error" %] + [% title = "Auth delegation received invalid status code" %] + Auth delegation received an HTTP response other than 200 OK from auth consumer. Code: [% code FILTER html %] + [% ELSIF error == "auth_failure" %] [% title = "Authorization Required" %] [% admindocslinks = {'groups.html' => 'Group Security'} %] |