diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-08-29 23:25:24 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-08-29 23:25:24 +0200 |
commit | 99589d82d943bedcd9a8ade3d91f84d770fcd5c5 (patch) | |
tree | 25d4f8baedfe28e592a7226b4276523423132963 /Bugzilla/WebService/User.pm | |
parent | bbf877a6b1500f59988245954f40cee5ebec0a85 (diff) | |
download | bugzilla-99589d82d943bedcd9a8ade3d91f84d770fcd5c5.tar.gz bugzilla-99589d82d943bedcd9a8ade3d91f84d770fcd5c5.tar.xz |
Bug 909634 - backport upstream bug 893195 to bmo/4.2 for token auth support in webservices
Diffstat (limited to 'Bugzilla/WebService/User.pm')
-rw-r--r-- | Bugzilla/WebService/User.pm | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index c826e4f1b..78d34a209 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -31,6 +31,8 @@ use Bugzilla::Util qw(trim); use Bugzilla::WebService::Util qw(filter validate); use Bugzilla::Hook; +use List::Util qw(first); + # Don't need auth to login use constant LOGIN_EXEMPT => { login => 1, @@ -71,14 +73,25 @@ sub login { $input_params->{'Bugzilla_password'} = $params->{password}; $input_params->{'Bugzilla_remember'} = $remember; - Bugzilla->login(); - return { id => $self->type('int', Bugzilla->user->id) }; + my $user = Bugzilla->login(); + + my $result = { id => $self->type('int', $user->id) }; + + # We will use the stored cookie value combined with the user id + # to create a token that can be used with future requests in the + # query parameters + my $login_cookie = first { $_->name eq 'Bugzilla_logincookie' } + @{ Bugzilla->cgi->{'Bugzilla_cookie_list'} }; + if ($login_cookie) { + $result->{'token'} = $user->id . "-" . $login_cookie->value; + } + + return $result; } sub logout { my $self = shift; Bugzilla->logout; - return undef; } ################# @@ -358,10 +371,12 @@ management of cookies across sessions. =item B<Returns> -On success, a hash containing one item, C<id>, the numeric id of the -user that was logged in. A set of http cookies is also sent with the -response. These cookies must be sent along with any future requests -to the webservice, for the duration of the session. +On success, a hash containing two items, C<id>, the numeric id of the +user that was logged in, and a C<token> which can be passed in +the parameters as authentication in other calls. A set of http cookies +is also sent with the response. These cookies *or* the token can be sent +along with any future requests to the webservice, for the duration of the +session. =item B<Errors> |