diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-09-27 18:07:51 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-09-27 18:07:51 +0200 |
commit | 0048909dbe4141af69eaf930562c3e8f653dbe0d (patch) | |
tree | 3e24f8d9db7e83846db69d66c64d1261186270ad /Bugzilla | |
parent | 0228e2ab199a9b2b0287f3aa02a0f607e22e4054 (diff) | |
download | bugzilla-0048909dbe4141af69eaf930562c3e8f653dbe0d.tar.gz bugzilla-0048909dbe4141af69eaf930562c3e8f653dbe0d.tar.xz |
Revert Bug 917669 - invalid or expired authentication tokens and cookies should throw errors, not be silently ignored
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Auth/Login/Cookie.pm | 21 | ||||
-rw-r--r-- | Bugzilla/Template.pm | 5 | ||||
-rw-r--r-- | Bugzilla/Util.pm | 17 | ||||
-rw-r--r-- | Bugzilla/WebService.pm | 7 |
4 files changed, 14 insertions, 36 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index 4f4ef80ab..88c48e236 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -21,7 +21,6 @@ use base qw(Bugzilla::Auth::Login); use Bugzilla::Constants; use Bugzilla::Util; -use Bugzilla::Error; use List::Util qw(first); @@ -81,9 +80,7 @@ sub get_login_info { AND (ipaddr = ? OR ipaddr IS NULL)', undef, ($login_cookie, $user_id, $ip_addr)); - # If the cookie or token is valid, return a valid username. - # If they were not valid and we are using a webservice, then - # throw an error notifying the client. + # If the cookie is valid, return a valid username. if ($is_valid) { # If we logged in successfully, then update the lastused # time on the login cookie @@ -91,16 +88,12 @@ sub get_login_info { WHERE cookie = ?", undef, $login_cookie); return { user_id => $user_id }; } - elsif (i_am_webservice()) { - ThrowUserError('invalid_cookies_or_token'); - } } - # Either the cookie or token is invalid and we are not authenticating - # via a webservice, or we did not receive a cookie or token. We don't - # want to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to - # actually throw an error when it gets a bad cookie or token. It should just - # look like there was no cookie or token to begin with. + # Either the he cookie is invalid, or we got no cookie. We don't want + # to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to + # actually throw an error when it gets a bad cookie. It should just + # look like there was no cookie to begin with. return { failure => AUTH_NODATA }; } @@ -111,7 +104,9 @@ sub login_token { return $self->{'_login_token'} if exists $self->{'_login_token'}; - if (!i_am_webservice()) { + if ($usage_mode ne USAGE_MODE_XMLRPC + && $usage_mode ne USAGE_MODE_JSON + && $usage_mode ne USAGE_MODE_REST) { return $self->{'_login_token'} = undef; } diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 81202965c..434e49da5 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -824,7 +824,10 @@ sub create { # (Wrapping the message in the WebService is unnecessary # and causes awkward things like \n's appearing in error # messages in JSON-RPC.) - unless (i_am_webservice()) { + unless (Bugzilla->usage_mode == USAGE_MODE_JSON + or Bugzilla->usage_mode == USAGE_MODE_XMLRPC + or Bugzilla->usage_mode == USAGE_MODE_REST) + { $var = wrap_comment($var, 72); } $var =~ s/\ / /g; diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 51bfdb1d3..96dad8327 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -36,8 +36,8 @@ use base qw(Exporter); detaint_signed html_quote url_quote xml_quote css_class_quote html_light_quote - i_am_cgi i_am_webservice correct_urlbase remote_ip - validate_ip do_ssl_redirect_if_required use_attachbase + i_am_cgi correct_urlbase remote_ip validate_ip + do_ssl_redirect_if_required use_attachbase diff_arrays on_main_db trim wrap_hard wrap_comment find_wrap_point format_time validate_date validate_time datetime_from @@ -259,13 +259,6 @@ sub i_am_cgi { return exists $ENV{'SERVER_SOFTWARE'} ? 1 : 0; } -sub i_am_webservice { - my $usage_mode = Bugzilla->usage_mode; - return $usage_mode == USAGE_MODE_XMLRPC - || $usage_mode == USAGE_MODE_JSON - || $usage_mode == USAGE_MODE_REST; -} - # This exists as a separate function from Bugzilla::CGI::redirect_to_https # because we don't want to create a CGI object during XML-RPC calls # (doing so can mess up XML-RPC). @@ -856,7 +849,6 @@ Bugzilla::Util - Generic utility functions for bugzilla # Functions that tell you about your environment my $is_cgi = i_am_cgi(); - my $is_webservice = i_am_webservice(); my $urlbase = correct_urlbase(); # Data manipulation @@ -986,11 +978,6 @@ Tells you whether or not you are being run as a CGI script in a web server. For example, it would return false if the caller is running in a command-line script. -=item C<i_am_webservice()> - -Tells you whether or not the current usage mode is WebServices related -such as JSONRPC, XMLRPC, or REST. - =item C<correct_urlbase()> Returns either the C<sslbase> or C<urlbase> parameter, depending on the diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index a53c45261..8f97a3a2f 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -188,13 +188,6 @@ For REST, you may also use the C<username> and C<password> variable names instead of C<Bugzilla_login> and C<Bugzilla_password> as a convenience. -=item B<Added in Bugzilla 5.0> - -An error is now thrown if you pass invalid cookies or an invalid token. -You will need to log in again to get new cookies or a new token. Previous -releases simply ignored invalid cookies and token support was added in -Bugzilla B<5.0>. - =back =head1 STABLE, EXPERIMENTAL, and UNSTABLE |