diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2013-08-27 05:54:32 +0200 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-08-27 05:54:32 +0200 |
| commit | 7450b47683d0aa972a522f5b70353e14269a95e6 (patch) | |
| tree | 1c7908ede712092ac91b1508079e0b8dfebf67ec /Bugzilla/WebService/User.pm | |
| parent | 95aadcd21c9a56ef7d3478a2504980ea44f1bd9c (diff) | |
| download | bugzilla-7450b47683d0aa972a522f5b70353e14269a95e6.tar.gz bugzilla-7450b47683d0aa972a522f5b70353e14269a95e6.tar.xz | |
Bug 893195 - Allow token based authentication for webservices
r=glob,a=sgreen
Diffstat (limited to 'Bugzilla/WebService/User.pm')
| -rw-r--r-- | Bugzilla/WebService/User.pm | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 44938a97a..ba8640f3d 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -19,6 +19,8 @@ use Bugzilla::User; use Bugzilla::Util qw(trim); use Bugzilla::WebService::Util qw(filter validate translate params_to_objects); +use List::Util qw(first); + # Don't need auth to login use constant LOGIN_EXEMPT => { login => 1, @@ -73,14 +75,25 @@ sub login { $input_params->{'Bugzilla_password'} = $params->{password}; $input_params->{'Bugzilla_remember'} = $remember; - Bugzilla->login(); - return { id => $self->type('int', Bugzilla->user->id) }; + my $user = Bugzilla->login(); + + my $result = { id => $self->type('int', $user->id) }; + + # We will use the stored cookie value combined with the user id + # to create a token that can be used with future requests in the + # query parameters + my $login_cookie = first { $_->name eq 'Bugzilla_logincookie' } + @{ Bugzilla->cgi->{'Bugzilla_cookie_list'} }; + if ($login_cookie) { + $result->{'token'} = $user->id . "-" . $login_cookie->value; + } + + return $result; } sub logout { my $self = shift; Bugzilla->logout; - return undef; } sub valid_login { @@ -448,10 +461,12 @@ management of cookies across sessions. =item B<Returns> -On success, a hash containing one item, C<id>, the numeric id of the -user that was logged in. A set of http cookies is also sent with the -response. These cookies must be sent along with any future requests -to the webservice, for the duration of the session. +On success, a hash containing two items, C<id>, the numeric id of the +user that was logged in, and a C<token> which can be passed in +the parameters as authentication in other calls. A set of http cookies +is also sent with the response. These cookies *or* the token can be sent +along with any future requests to the webservice, for the duration of the +session. =item B<Errors> |