summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2013-10-25 21:00:45 +0200
committerDave Lawrence <dlawrence@mozilla.com>2013-10-25 21:00:45 +0200
commit9c5c3b20f521097f106b37fa9fa1c67ecd50f167 (patch)
treeabda009ec13da7749f887f3ad4efef19ff8ee14e /Bugzilla/Auth/Login
parentbc3208378008a78c3cc2494eecd7f5144c7c79fa (diff)
downloadbugzilla-9c5c3b20f521097f106b37fa9fa1c67ecd50f167.tar.gz
bugzilla-9c5c3b20f521097f106b37fa9fa1c67ecd50f167.tar.xz
Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when invalid cookies/tokens are used with webservices
Diffstat (limited to 'Bugzilla/Auth/Login')
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm17
1 files changed, 10 insertions, 7 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 4db486a8f..62a6c58a9 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -21,6 +21,7 @@ use base qw(Bugzilla::Auth::Login);
use Bugzilla::Constants;
use Bugzilla::Util;
+use Bugzilla::Error;
use List::Util qw(first);
@@ -88,12 +89,16 @@ sub get_login_info {
WHERE cookie = ?", undef, $login_cookie);
return { user_id => $user_id };
}
+ elsif (i_am_webservice()) {
+ ThrowUserError('invalid_cookies_or_token');
+ }
}
- # Either the he cookie is invalid, or we got no cookie. We don't want
- # to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to
- # actually throw an error when it gets a bad cookie. It should just
- # look like there was no cookie to begin with.
+ # Either the cookie or token is invalid and we are not authenticating
+ # via a webservice, or we did not receive a cookie or token. We don't
+ # want to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to
+ # actually throw an error when it gets a bad cookie or token. It should just
+ # look like there was no cookie or token to begin with.
return { failure => AUTH_NODATA };
}
@@ -104,9 +109,7 @@ sub login_token {
return $self->{'_login_token'} if exists $self->{'_login_token'};
- if ($usage_mode ne USAGE_MODE_XMLRPC
- && $usage_mode ne USAGE_MODE_JSON
- && $usage_mode ne USAGE_MODE_REST) {
+ if (!i_am_webservice()) {
return $self->{'_login_token'} = undef;
}