diff options
author | David Lawrence <dkl@mozilla.com> | 2015-01-29 18:33:12 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-29 18:33:12 +0100 |
commit | c8447e9f4b7c17ab0e04af34dbd5583e78b23677 (patch) | |
tree | 573093df276637e98796717c325c3fc5c040263d /Bugzilla/Auth/Login/Cookie.pm | |
parent | 89d319922df1160f346321acfa6a9c5d69b5ed43 (diff) | |
download | bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.gz bugzilla-c8447e9f4b7c17ab0e04af34dbd5583e78b23677.tar.xz |
Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api keys for authentication
Diffstat (limited to 'Bugzilla/Auth/Login/Cookie.pm')
-rw-r--r-- | Bugzilla/Auth/Login/Cookie.pm | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index e3b86d384..11d9012b8 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -22,8 +22,9 @@ use base qw(Bugzilla::Auth::Login); use fields qw(_login_token); use Bugzilla::Constants; -use Bugzilla::Util; use Bugzilla::Error; +use Bugzilla::Token; +use Bugzilla::Util; use List::Util qw(first); @@ -57,6 +58,20 @@ sub get_login_info { @{$cgi->{'Bugzilla_cookie_list'}}; $user_id = $cookie->value if $cookie; } + + # If the call is for a web service, and an api token is provided, check + # it is valid. + if (i_am_webservice() && Bugzilla->input_params->{Bugzilla_api_token}) { + my $api_token = Bugzilla->input_params->{Bugzilla_api_token}; + my ($token_user_id, undef, undef, $token_type) + = Bugzilla::Token::GetTokenData($api_token); + if (!defined $token_type + || $token_type ne 'api_token' + || $user_id != $token_user_id) + { + ThrowUserError('auth_invalid_token', { token => $api_token }); + } + } } # If no cookies were provided, we also look for a login token |