summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login/CGI.pm
diff options
context:
space:
mode:
authorPerl Tidy <perltidy@bugzilla.org>2018-12-05 21:38:52 +0100
committerDylan William Hardison <dylan@hardison.net>2018-12-05 23:49:08 +0100
commit8ec8da0491ad89604700b3e29a227966f6d84ba1 (patch)
tree9d270f173330ca19700e0ba9f2ee931300646de1 /Bugzilla/Auth/Login/CGI.pm
parenta7bb5a65b71644d9efce5fed783ed545b9336548 (diff)
downloadbugzilla-8ec8da0491ad89604700b3e29a227966f6d84ba1.tar.gz
bugzilla-8ec8da0491ad89604700b3e29a227966f6d84ba1.tar.xz
no bug - reformat all the code using the new perltidy rules
Diffstat (limited to 'Bugzilla/Auth/Login/CGI.pm')
-rw-r--r--Bugzilla/Auth/Login/CGI.pm118
1 files changed, 62 insertions, 56 deletions
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm
index a813529d5..1b3b1f69e 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/Login/CGI.pm
@@ -21,65 +21,71 @@ use Bugzilla::Error;
use Bugzilla::Token;
sub get_login_info {
- my ($self) = @_;
- my $params = Bugzilla->input_params;
- my $cgi = Bugzilla->cgi;
-
- my $login = trim(delete $params->{'Bugzilla_login'});
- my $password = delete $params->{'Bugzilla_password'};
- # The token must match the cookie to authenticate the request.
- my $login_token = delete $params->{'Bugzilla_login_token'};
- my $login_cookie = $cgi->cookie('Bugzilla_login_request_cookie');
-
- my $valid = 0;
- # If the web browser accepts cookies, use them.
- if ($login_token && $login_cookie) {
- my ($time, undef) = split(/-/, $login_token);
- # Regenerate the token based on the information we have.
- my $expected_token = issue_hash_token(['login_request', $login_cookie], $time);
- $valid = 1 if $expected_token eq $login_token;
- $cgi->remove_cookie('Bugzilla_login_request_cookie');
- }
- # WebServices and other local scripts can bypass this check.
- # This is safe because we won't store a login cookie in this case.
- elsif (Bugzilla->usage_mode != USAGE_MODE_BROWSER) {
- $valid = 1;
- }
- # Else falls back to the Referer header and accept local URLs.
- # Attachments are served from a separate host (ideally), and so
- # an evil attachment cannot abuse this check with a redirect.
- elsif (my $referer = $cgi->referer) {
- my $urlbase = Bugzilla->localconfig->{urlbase};
- $valid = 1 if $referer =~ /^\Q$urlbase\E/;
- }
- # If the web browser doesn't accept cookies and the Referer header
- # is missing, we have no way to make sure that the authentication
- # request comes from the user.
- elsif ($login && $password) {
- ThrowUserError('auth_untrusted_request', { login => $login });
- }
-
- if (!defined($login) || !defined($password) || !$valid) {
- return { failure => AUTH_NODATA };
- }
-
- return { username => $login, password => $password };
+ my ($self) = @_;
+ my $params = Bugzilla->input_params;
+ my $cgi = Bugzilla->cgi;
+
+ my $login = trim(delete $params->{'Bugzilla_login'});
+ my $password = delete $params->{'Bugzilla_password'};
+
+ # The token must match the cookie to authenticate the request.
+ my $login_token = delete $params->{'Bugzilla_login_token'};
+ my $login_cookie = $cgi->cookie('Bugzilla_login_request_cookie');
+
+ my $valid = 0;
+
+ # If the web browser accepts cookies, use them.
+ if ($login_token && $login_cookie) {
+ my ($time, undef) = split(/-/, $login_token);
+
+ # Regenerate the token based on the information we have.
+ my $expected_token = issue_hash_token(['login_request', $login_cookie], $time);
+ $valid = 1 if $expected_token eq $login_token;
+ $cgi->remove_cookie('Bugzilla_login_request_cookie');
+ }
+
+ # WebServices and other local scripts can bypass this check.
+ # This is safe because we won't store a login cookie in this case.
+ elsif (Bugzilla->usage_mode != USAGE_MODE_BROWSER) {
+ $valid = 1;
+ }
+
+ # Else falls back to the Referer header and accept local URLs.
+ # Attachments are served from a separate host (ideally), and so
+ # an evil attachment cannot abuse this check with a redirect.
+ elsif (my $referer = $cgi->referer) {
+ my $urlbase = Bugzilla->localconfig->{urlbase};
+ $valid = 1 if $referer =~ /^\Q$urlbase\E/;
+ }
+
+ # If the web browser doesn't accept cookies and the Referer header
+ # is missing, we have no way to make sure that the authentication
+ # request comes from the user.
+ elsif ($login && $password) {
+ ThrowUserError('auth_untrusted_request', {login => $login});
+ }
+
+ if (!defined($login) || !defined($password) || !$valid) {
+ return {failure => AUTH_NODATA};
+ }
+
+ return {username => $login, password => $password};
}
sub fail_nodata {
- my ($self) = @_;
- my $cgi = Bugzilla->cgi;
- my $template = Bugzilla->template;
-
- if (Bugzilla->usage_mode != USAGE_MODE_BROWSER) {
- ThrowUserError('login_required');
- }
-
- print $cgi->header();
- $template->process("account/auth/login.html.tmpl",
- { 'target' => $cgi->url(-relative=>1) })
- || ThrowTemplateError($template->error());
- exit;
+ my ($self) = @_;
+ my $cgi = Bugzilla->cgi;
+ my $template = Bugzilla->template;
+
+ if (Bugzilla->usage_mode != USAGE_MODE_BROWSER) {
+ ThrowUserError('login_required');
+ }
+
+ print $cgi->header();
+ $template->process("account/auth/login.html.tmpl",
+ {'target' => $cgi->url(-relative => 1)})
+ || ThrowTemplateError($template->error());
+ exit;
}
1;