Bug 1001462: Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token'

r=glob,a=glob

3 files changed, 28 insertions, 19 deletions

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 8f9070ae7..56b31ffef 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -117,6 +117,7 @@ our @ISA = qw(XMLRPC::Deserializer);
 
 use Bugzilla::Error;
 use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
+use Bugzilla::WebService::Util qw(fix_credentials);
 use Scalar::Util qw(tainted);
 
 sub deserialize {
@@ -140,7 +141,13 @@ sub deserialize {
     my $params = $som->paramsin;
     # This allows positional parameters for Testopia.
     $params = {} if ref $params ne 'HASH';
+
+    # Update the params to allow for several convenience key/values
+    # use for authentication
+    fix_credentials($params);
+
     Bugzilla->input_params($params);
+
     return $som;
 }
 
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index 4c8af7f6c..f3b8bf703 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -53,27 +53,20 @@ use constant MAPPED_RETURNS => {
 sub login {
     my ($self, $params) = @_;
 
+    # Check to see if we are already logged in
+    my $user = Bugzilla->user;
+    if ($user->id) {
+        return $self->_login_to_hash($user);
+    }
+
     # Username and password params are required 
     foreach my $param ("login", "password") {
-        defined $params->{$param} 
+        (defined $params->{$param} || defined $params->{'Bugzilla_' . $param})
             || ThrowCodeError('param_required', { param => $param });
     }
 
-    # Make sure the CGI user info class works if necessary.
-    my $input_params = Bugzilla->input_params;
-    $input_params->{'Bugzilla_login'} =  $params->{login};
-    $input_params->{'Bugzilla_password'} = $params->{password};
-    $input_params->{'Bugzilla_restrictlogin'} = $params->{restrict_login};
-
-    my $user = Bugzilla->login();
-
-    my $result = { id => $self->type('int', $user->id) };
-
-    if ($user->{_login_token}) {
-        $result->{'token'} = $user->id . "-" . $user->{_login_token};
-    }
-
-    return $result;
+    $user = Bugzilla->login();
+    return $self->_login_to_hash($user);
 }
 
 sub logout {
@@ -409,6 +402,15 @@ sub _report_to_hash {
     return $item;
 }
 
+sub _login_to_hash {
+    my ($self, $user) = @_;
+    my $item = { id => $self->type('int', $user->id) };
+    if ($user->{_login_token}) {
+        $item->{'token'} = $user->id . "-" . $user->{_login_token};
+    }
+    return $item;
+}
+
 1;
 
 __END__
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index e2bc78002..a0a51a8de 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -266,8 +266,8 @@ sub fix_credentials {
     # even if not calling GET /login. We also do not delete them as
     # GET /login requires "login" and "password".
     if (exists $params->{'login'} && exists $params->{'password'}) {
-        $params->{'Bugzilla_login'}    = $params->{'login'};
-        $params->{'Bugzilla_password'} = $params->{'password'};
+        $params->{'Bugzilla_login'}    = delete $params->{'login'};
+        $params->{'Bugzilla_password'} = delete $params->{'password'};
     }
     # Allow user to pass api_key=12345678 as a convenience which becomes
     # "Bugzilla_api_key" which is what the auth code looks for.
@@ -277,7 +277,7 @@ sub fix_credentials {
     # Allow user to pass token=12345678 as a convenience which becomes
     # "Bugzilla_token" which is what the auth code looks for.
     if (exists $params->{'token'}) {
-        $params->{'Bugzilla_token'} = $params->{'token'};
+        $params->{'Bugzilla_token'} = delete $params->{'token'};
     }
 
     # Allow extensions to modify the credential data before login