summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-03-09 07:22:42 +0100
committerByron Jones <glob@mozilla.com>2015-03-09 07:22:42 +0100
commit66a30b69f73012e64cfe1f78710cf095ddab2a3d (patch)
tree9d4ea8c968185852bdab5592746f0d68cc826de1 /Bugzilla/Auth/Login
parentcf463a5e14da2b1c58686ff6b63e0e419ad644fe (diff)
downloadbugzilla-66a30b69f73012e64cfe1f78710cf095ddab2a3d.tar.gz
bugzilla-66a30b69f73012e64cfe1f78710cf095ddab2a3d.tar.xz
Bug 1140966: backport bug 1139257 to bmo (allow cookie+api-token GET REST requests)
Diffstat (limited to 'Bugzilla/Auth/Login')
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm26
1 files changed, 18 insertions, 8 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 11d9012b8..e1faa52d0 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -61,15 +61,25 @@ sub get_login_info {
# If the call is for a web service, and an api token is provided, check
# it is valid.
- if (i_am_webservice() && Bugzilla->input_params->{Bugzilla_api_token}) {
- my $api_token = Bugzilla->input_params->{Bugzilla_api_token};
- my ($token_user_id, undef, undef, $token_type)
- = Bugzilla::Token::GetTokenData($api_token);
- if (!defined $token_type
- || $token_type ne 'api_token'
- || $user_id != $token_user_id)
+ if (i_am_webservice()) {
+ if ($login_cookie
+ && Bugzilla->usage_mode == USAGE_MODE_REST
+ && !exists Bugzilla->input_params->{Bugzilla_api_token})
{
- ThrowUserError('auth_invalid_token', { token => $api_token });
+ # REST requires an api-token when using cookie authentication
+ # fall back to a non-authenticated request
+ $login_cookie = '';
+
+ } elsif (Bugzilla->input_params->{Bugzilla_api_token}) {
+ my $api_token = Bugzilla->input_params->{Bugzilla_api_token};
+ my ($token_user_id, undef, undef, $token_type)
+ = Bugzilla::Token::GetTokenData($api_token);
+ if (!defined $token_type
+ || $token_type ne 'api_token'
+ || $user_id != $token_user_id)
+ {
+ ThrowUserError('auth_invalid_token', { token => $api_token });
+ }
}
}
}