diff options
author | Simon Green <sgreen@redhat.com> | 2014-07-27 10:47:21 +0200 |
---|---|---|
committer | Simon Green <sgreen@redhat.com> | 2014-07-27 10:47:21 +0200 |
commit | fd29ee56c4678749c00e7698ef245f7e2967ee10 (patch) | |
tree | 9d0696c9a89b8df8a6d46e2be6602a449b7354c3 /Bugzilla/WebService.pm | |
parent | 9f0f44b7fb73e9af0cdaefe8f5ff617f14fec2ed (diff) | |
download | bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.gz bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.xz |
Bug 726696 - All authenticated WebServices methods should require username/pass, token or a valid API key for authentication
r=dkl, a=sgreen
Diffstat (limited to 'Bugzilla/WebService.pm')
-rw-r--r-- | Bugzilla/WebService.pm | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 1dc04c1f6..d12d4dbac 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -134,14 +134,22 @@ how this is implemented for those frontends. =head1 LOGGING IN -There are various ways to log in: +Some methods do not require you to log in. An example of this is Bug.get. +However, authenticating yourself allows you to see non public information. For +example, a bug that is not publicly visible. + +There are two ways to authenticate yourself: =over -=item C<User.login> +=item C<Bugzilla_api_key> -You can use L<Bugzilla::WebService::User/login> to log in as a Bugzilla -user. This issues a token that you must then use in future calls. +B<Added in Bugzilla 5.0> + +You can specify C<Bugzilla_api_key> as an argument to any WebService method, and +you will be logged in as that user if the key is correct, and has not been +revoked. You can set up an API key by using the 'API Key' tab in the +Preferences pages. =item C<Bugzilla_login> and C<Bugzilla_password> @@ -164,15 +172,29 @@ then your login will only be valid for your IP address. =back The C<Bugzilla_restrictlogin> option is only used when you have also -specified C<Bugzilla_login> and C<Bugzilla_password>. +specified C<Bugzilla_login> and C<Bugzilla_password>. This value will be +deprecated in the release after Bugzilla 5.0 and you will be required to +pass the Bugzilla_login and Bugzilla_password for every call. For REST, you may also use the C<login> and C<password> variable names instead of C<Bugzilla_login> and C<Bugzilla_password> as a convenience. You may also use C<token> instead of C<Bugzilla_token>. +=back + +There are also two deprecreated methods of authentications. This will be +removed in the version after Bugzilla 5.0. + +=over + +=item C<User.login> + +You can use L<Bugzilla::WebService::User/login> to log in as a Bugzilla +user. This issues a token that you must then use in future calls. + =item C<Bugzilla_token> -B<Added in Bugzilla 5.0> +B<Added in Bugzilla 4.4.3> You can specify C<Bugzilla_token> as argument to any WebService method, and you will be logged in as that user if the token is correct. This is |