diff options
author | Byron Jones <glob@mozilla.com> | 2015-03-09 07:10:36 +0100 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-03-09 07:10:36 +0100 |
commit | 243d66a36e96729452b031b0cf67eed53c221782 (patch) | |
tree | 5f85fc14b1c2e5050282a7dba2be60296460200f /Bugzilla/Auth/Login/Cookie.pm | |
parent | 4a900ca342a9a61e190397ce41346109a866a1dc (diff) | |
download | bugzilla-243d66a36e96729452b031b0cf67eed53c221782.tar.gz bugzilla-243d66a36e96729452b031b0cf67eed53c221782.tar.xz |
Bug 1139257: allow cookie+api-token GET REST requests
r=dkl,a=glob
Diffstat (limited to 'Bugzilla/Auth/Login/Cookie.pm')
-rw-r--r-- | Bugzilla/Auth/Login/Cookie.pm | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index c09f08d24..3139e127b 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -54,15 +54,25 @@ sub get_login_info { # If the call is for a web service, and an api token is provided, check # it is valid. - if (i_am_webservice() && Bugzilla->input_params->{Bugzilla_api_token}) { - my $api_token = Bugzilla->input_params->{Bugzilla_api_token}; - my ($token_user_id, undef, undef, $token_type) - = Bugzilla::Token::GetTokenData($api_token); - if (!defined $token_type - || $token_type ne 'api_token' - || $user_id != $token_user_id) + if (i_am_webservice()) { + if ($login_cookie + && Bugzilla->usage_mode == USAGE_MODE_REST + && !exists Bugzilla->input_params->{Bugzilla_api_token}) { - ThrowUserError('auth_invalid_token', { token => $api_token }); + # REST requires an api-token when using cookie authentication + # fall back to a non-authenticated request + $login_cookie = ''; + + } elsif (Bugzilla->input_params->{Bugzilla_api_token}) { + my $api_token = Bugzilla->input_params->{Bugzilla_api_token}; + my ($token_user_id, undef, undef, $token_type) + = Bugzilla::Token::GetTokenData($api_token); + if (!defined $token_type + || $token_type ne 'api_token' + || $user_id != $token_user_id) + { + ThrowUserError('auth_invalid_token', { token => $api_token }); + } } } } |