diff options
| author | David Lawrence <dkl@mozilla.com> | 2014-11-14 20:45:46 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2014-11-14 20:45:46 +0100 |
| commit | 987611195db12b9c42cdfdbb383811f99322cdd7 (patch) | |
| tree | 5c4fe3e26f87b225753a9c70892416fe514e07e7 /Bugzilla/WebService | |
| parent | ae3093fa0de16ffd653f8c4c55e4311e9264ab08 (diff) | |
| download | bugzilla-987611195db12b9c42cdfdbb383811f99322cdd7.tar.gz bugzilla-987611195db12b9c42cdfdbb383811f99322cdd7.tar.xz | |
Bug 1097813: backport upstream bug 1001462 to bmo/4.2 to fix issue with using tokens with webservice rest api
Diffstat (limited to 'Bugzilla/WebService')
| -rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 7 | ||||
| -rw-r--r-- | Bugzilla/WebService/User.pm | 50 | ||||
| -rw-r--r-- | Bugzilla/WebService/Util.pm | 6 |
3 files changed, 28 insertions, 35 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 8d9108122..f56fa3439 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -123,6 +123,7 @@ our @ISA = qw(XMLRPC::Deserializer); use Bugzilla::Error; use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST); +use Bugzilla::WebService::Util qw(fix_credentials); use Scalar::Util qw(tainted); sub deserialize { @@ -146,7 +147,13 @@ sub deserialize { my $params = $som->paramsin; # This allows positional parameters for Testopia. $params = {} if ref $params ne 'HASH'; + + # Update the params to allow for several convenience key/values + # use for authentication + fix_credentials($params); + Bugzilla->input_params($params); + return $som; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 1e6de143c..b6351635c 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -64,44 +64,21 @@ use constant MAPPED_RETURNS => { sub login { my ($self, $params) = @_; - my $remember = $params->{remember}; + + # Check to see if we are already logged in + my $user = Bugzilla->user; + if ($user->id) { + return $self->_login_to_hash($user); + } # Username and password params are required foreach my $param ("login", "password") { - defined $params->{$param} + (defined $params->{$param} || defined $params->{'Bugzilla_' . $param}) || ThrowCodeError('param_required', { param => $param }); } - # Convert $remember from a boolean 0/1 value to a CGI-compatible one. - if (defined($remember)) { - $remember = $remember? 'on': ''; - } - else { - # Use Bugzilla's default if $remember is not supplied. - $remember = - Bugzilla->params->{'rememberlogin'} eq 'defaulton'? 'on': ''; - } - - # Make sure the CGI user info class works if necessary. - my $input_params = Bugzilla->input_params; - $input_params->{'Bugzilla_login'} = $params->{login}; - $input_params->{'Bugzilla_password'} = $params->{password}; - $input_params->{'Bugzilla_remember'} = $remember; - - my $user = Bugzilla->login(); - - my $result = { id => $self->type('int', $user->id) }; - - # We will use the stored cookie value combined with the user id - # to create a token that can be used with future requests in the - # query parameters - my $login_cookie = first { $_->name eq 'Bugzilla_logincookie' } - @{ Bugzilla->cgi->{'Bugzilla_cookie_list'} }; - if ($login_cookie) { - $result->{'token'} = $user->id . "-" . $login_cookie->value; - } - - return $result; + $user = Bugzilla->login(); + return $self->_login_to_hash($user); } sub logout { @@ -419,6 +396,15 @@ sub _query_to_hash { return $item; } +sub _login_to_hash { + my ($self, $user) = @_; + my $item = { id => $self->type('int', $user->id) }; + if (my $login_token = $user->{_login_token}) { + $item->{'token'} = $user->id . "-" . $login_token; + } + return $item; +} + 1; __END__ diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 856fd3481..c21bcd344 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -276,13 +276,13 @@ sub fix_credentials { # even if not calling GET /login. We also do not delete them as # GET /login requires "login" and "password". if (exists $params->{'login'} && exists $params->{'password'}) { - $params->{'Bugzilla_login'} = $params->{'login'}; - $params->{'Bugzilla_password'} = $params->{'password'}; + $params->{'Bugzilla_login'} = delete $params->{'login'}; + $params->{'Bugzilla_password'} = delete $params->{'password'}; } # Allow user to pass token=12345678 as a convenience which becomes # "Bugzilla_token" which is what the auth code looks for. if (exists $params->{'token'}) { - $params->{'Bugzilla_token'} = $params->{'token'}; + $params->{'Bugzilla_token'} = delete $params->{'token'}; } # Allow extensions to modify the credential data before login |