diff options
| author | bbaetz%acm.org <> | 2003-03-22 13:47:09 +0100 |
|---|---|---|
| committer | bbaetz%acm.org <> | 2003-03-22 13:47:09 +0100 |
| commit | 681ce77bc0dc5828eae2bb48471db9e373437e4b (patch) | |
| tree | a7c8ba0b1e070ea489c96246eca65fc7c36f6235 /Bugzilla.pm | |
| parent | 3f1f4e57809b2e3f42e637a86646e806470faec5 (diff) | |
| download | bugzilla-681ce77bc0dc5828eae2bb48471db9e373437e4b.tar.gz bugzilla-681ce77bc0dc5828eae2bb48471db9e373437e4b.tar.xz | |
Bug 180642 - Move authentication code into a module
r=gerv, justdave
a=justdave
Diffstat (limited to 'Bugzilla.pm')
| -rw-r--r-- | Bugzilla.pm | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index 366acb163..cded650d7 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -24,10 +24,13 @@ package Bugzilla; use strict; +use Bugzilla::Auth; use Bugzilla::CGI; use Bugzilla::Config; +use Bugzilla::Constants; use Bugzilla::DB; use Bugzilla::Template; +use Bugzilla::User; my $_template; sub template { @@ -43,6 +46,60 @@ sub cgi { return $_cgi; } +my $_user; +sub user { + my $class = shift; + return $_user; +} + +sub login { + my ($class, $type) = @_; + + # Avoid double-logins, which may confuse the auth code + # (double cookies, odd compat code settings, etc) + # This is particularly important given the munging for + # $::COOKIE{'Bugzilla_login'} from a userid to a loginname + # (for backwards compat) + if (defined $_user) { + return $_user->{id}; + } + + $type = LOGIN_NORMAL unless defined $type; + + # For now, we can only log in from a cgi + # One day, we'll be able to log in via apache auth, an email message's + # PGP signature, and so on + + use Bugzilla::Auth::CGI; + my $userid = Bugzilla::Auth::CGI->login($type); + if ($userid) { + $_user = new Bugzilla::User($userid); + + # Compat stuff + $::userid = $userid; + &::ConfirmGroup($userid); + + # Evil compat hack. The cookie stores the id now, not the name, but + # old code still looks at this to get the current user's email + # so it needs to be set. + $::COOKIE{'Bugzilla_login'} = $_user->{email}; + + $::vars->{'user'} = &::GetUserInfo($userid); + } else { + # Old compat stuff + + $::userid = 0; + delete $::COOKIE{'Bugzilla_login'}; + delete $::COOKIE{'Bugzilla_logincookie'}; + # NB - Can't delete from $cgi->cookie, so the cookie data will + # remain there + # People shouldn't rely on the cookie param for the username + # - use Bugzilla->user instead! + } + + return $userid || 0; +} + my $_dbh; my $_dbh_main; my $_dbh_shadow; @@ -93,6 +150,7 @@ sub switch_to_main_db { # Per process cleanup sub _cleanup { undef $_cgi; + undef $_user; # See bug 192531. If we don't clear the possibly active statement handles, # then when this is called from the END block, it happens _before_ the @@ -192,6 +250,16 @@ The current C<cgi> object. Note that modules should B<not> be using this in general. Not all Bugzilla actions are cgi requests. Its useful as a convenience method for those scripts/templates which are only use via CGI, though. +=item C<user> + +The current L<Bugzilla::User>. C<undef> if there is no currently logged in user +or if the login code has not yet been run. + +=item C<login> + +Logs in a user, returning the userid, or C<0> if there is no logged in user. +See L<Bugzilla::Auth>. + =item C<dbh> The current database handle. See L<DBI>. |