diff options
author | Dylan William Hardison <dylan@hardison.net> | 2015-08-11 19:31:49 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-08-11 19:31:49 +0200 |
commit | fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63 (patch) | |
tree | 85d583e196cce1c85a9c985e3f6ce7f39269819b /Bugzilla | |
parent | 589ec37a32d8687d612eedd107748b7afadd07fd (diff) | |
download | bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.gz bugzilla-fa7ae98d1b2e83e88b2861f0826dc89e5b3bbd63.tar.xz |
Bug 1184332 - Add Restricted API calls for MozReview
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Auth.pm | 6 | ||||
-rw-r--r-- | Bugzilla/Auth/Login/APIKey.pm | 13 | ||||
-rw-r--r-- | Bugzilla/User/APIKey.pm | 11 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 1 |
4 files changed, 31 insertions, 0 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index c502ffc35..6583d4e8b 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -96,6 +96,12 @@ sub login { return $self->_handle_login_result($login_info, $type); } +sub successful_info_getter { + my ($self) = @_; + + return $self->{_info_getter}->{successful}; +} + sub can_change_password { my ($self) = @_; my $verifier = $self->{_verifier}->{successful}; diff --git a/Bugzilla/Auth/Login/APIKey.pm b/Bugzilla/Auth/Login/APIKey.pm index 902ce4da7..4038cc8b9 100644 --- a/Bugzilla/Auth/Login/APIKey.pm +++ b/Bugzilla/Auth/Login/APIKey.pm @@ -22,6 +22,18 @@ use constant requires_verification => 0; use constant can_login => 0; use constant can_logout => 0; +use fields qw(app_id); + +sub set_app_id { + my ($self, $app_id) = @_; + $self->{app_id} = $app_id; +} + +sub app_id { + my ($self) = @_; + return $self->{app_id}; +} + # This method is only available to web services. An API key can never # be used to authenticate a Web request. sub get_login_info { @@ -45,6 +57,7 @@ sub get_login_info { } $api_key->update_last_used(); + $self->set_app_id($api_key->app_id); return { user_id => $api_key->user_id }; } diff --git a/Bugzilla/User/APIKey.pm b/Bugzilla/User/APIKey.pm index 75a4a6beb..c37cccb92 100644 --- a/Bugzilla/User/APIKey.pm +++ b/Bugzilla/User/APIKey.pm @@ -14,6 +14,7 @@ use parent qw(Bugzilla::Object); use Bugzilla::User; use Bugzilla::Util qw(generate_random_password trim); +use Bugzilla::Error; ##################################################################### # Overriden Constants that are used as methods @@ -24,6 +25,7 @@ use constant DB_COLUMNS => qw( id user_id api_key + app_id description revoked last_used @@ -32,6 +34,7 @@ use constant DB_COLUMNS => qw( use constant UPDATE_COLUMNS => qw(description revoked last_used); use constant VALIDATORS => { api_key => \&_check_api_key, + app_id => \&_check_app_id, description => \&_check_description, revoked => \&Bugzilla::Object::check_boolean, }; @@ -48,6 +51,7 @@ use constant { AUDIT_CREATES => 0, sub id { return $_[0]->{id} } sub user_id { return $_[0]->{user_id} } sub api_key { return $_[0]->{api_key} } +sub app_id { return $_[0]->{app_id} } sub description { return $_[0]->{description} } sub revoked { return $_[0]->{revoked} } sub last_used { return $_[0]->{last_used} } @@ -74,6 +78,13 @@ sub set_revoked { $_[0]->set('revoked', $_[1]); } # Validators sub _check_api_key { return generate_random_password(40); } sub _check_description { return trim($_[1]) || ''; } +sub _check_app_id { + my ($invocant, $app_id) = @_; + + ThrowCodeError("invalid_app_id", { app_id => $app_id }) unless $app_id =~ /^[[:xdigit:]]+$/; + + return $app_id; +} 1; __END__ diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 1af41fe16..858375247 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -187,6 +187,7 @@ sub handle_login { my $class = $self->bz_class_name; my $method = $self->bz_method_name; my $full_method = $class . "." . $method; + $full_method =~ s/^Bugzilla::WebService:://; # Bypass JSONRPC::handle_login Bugzilla::WebService::Server->handle_login($class, $method, $full_method); |