diff options
| author | Simon Green <sgreen@redhat.com> | 2014-07-27 10:47:21 +0200 |
|---|---|---|
| committer | Simon Green <sgreen@redhat.com> | 2014-07-27 10:47:21 +0200 |
| commit | fd29ee56c4678749c00e7698ef245f7e2967ee10 (patch) | |
| tree | 9d0696c9a89b8df8a6d46e2be6602a449b7354c3 /Bugzilla/WebService | |
| parent | 9f0f44b7fb73e9af0cdaefe8f5ff617f14fec2ed (diff) | |
| download | bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.gz bugzilla-fd29ee56c4678749c00e7698ef245f7e2967ee10.tar.xz | |
Bug 726696 - All authenticated WebServices methods should require username/pass, token or a valid API key for authentication
r=dkl, a=sgreen
Diffstat (limited to 'Bugzilla/WebService')
| -rw-r--r-- | Bugzilla/WebService/Constants.pm | 3 | ||||
| -rw-r--r-- | Bugzilla/WebService/User.pm | 16 | ||||
| -rw-r--r-- | Bugzilla/WebService/Util.pm | 5 |
3 files changed, 20 insertions, 4 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 2c21de15e..2fa1bdc28 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -142,6 +142,9 @@ use constant WS_ERROR_CODE => { extern_id_conflict => -303, auth_failure => 304, password_current_too_short => 305, + api_key_not_valid => 306, + api_key_revoked => 306, + auth_invalid_token => 307, # Except, historically, AUTH_NODATA, which is 410. login_required => 410, diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index f05b2b247..32d6f28ec 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -432,9 +432,13 @@ where applicable. =head1 Logging In and Out +These method are now deprecated, and will be removed in the release after +Bugzilla 5.0. The correct way of use these REST and RPC calls is noted in +L<Bugzilla::WebService> + =head2 login -B<STABLE> +B<DEPRECATED> =over @@ -499,7 +503,9 @@ creates a login cookie. =item C<restrict_login> was added in Bugzilla B<5.0>. -=item C<token> was added in Bugzilla B<5.0>. +=item C<token> was added in Bugzilla B<4.4.3>. + +=item This function will be removed in the release after Bugzilla 5.0, in favour of API keys. =back @@ -507,7 +513,7 @@ creates a login cookie. =head2 logout -B<STABLE> +B<DEPRECATED> =over @@ -525,7 +531,7 @@ Log out the user. Does nothing if there is no user logged in. =head2 valid_login -B<UNSTABLE> +B<DEPRECATED> =over @@ -563,6 +569,8 @@ for the provided username. =item Added in Bugzilla B<5.0>. +=item This function will be removed in the release after Bugzilla 5.0, in favour of API keys. + =back =back diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 26558fc6a..6290139a3 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -268,6 +268,11 @@ sub fix_credentials { $params->{'Bugzilla_login'} = $params->{'login'}; $params->{'Bugzilla_password'} = $params->{'password'}; } + # Allow user to pass api_key=12345678 as a convenience which becomes + # "Bugzilla_api_key" which is what the auth code looks for. + if (exists $params->{api_key}) { + $params->{Bugzilla_api_key} = delete $params->{api_key}; + } # Allow user to pass token=12345678 as a convenience which becomes # "Bugzilla_token" which is what the auth code looks for. if (exists $params->{'token'}) { |