summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2013-10-25 21:00:45 +0200
committerDave Lawrence <dlawrence@mozilla.com>2013-10-25 21:00:45 +0200
commit9c5c3b20f521097f106b37fa9fa1c67ecd50f167 (patch)
treeabda009ec13da7749f887f3ad4efef19ff8ee14e /Bugzilla
parentbc3208378008a78c3cc2494eecd7f5144c7c79fa (diff)
downloadbugzilla-9c5c3b20f521097f106b37fa9fa1c67ecd50f167.tar.gz
bugzilla-9c5c3b20f521097f106b37fa9fa1c67ecd50f167.tar.xz
Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when invalid cookies/tokens are used with webservices
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm17
-rw-r--r--Bugzilla/Template.pm5
-rw-r--r--Bugzilla/WebService.pm7
3 files changed, 18 insertions, 11 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 4db486a8f..62a6c58a9 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -21,6 +21,7 @@ use base qw(Bugzilla::Auth::Login);
use Bugzilla::Constants;
use Bugzilla::Util;
+use Bugzilla::Error;
use List::Util qw(first);
@@ -88,12 +89,16 @@ sub get_login_info {
WHERE cookie = ?", undef, $login_cookie);
return { user_id => $user_id };
}
+ elsif (i_am_webservice()) {
+ ThrowUserError('invalid_cookies_or_token');
+ }
}
- # Either the he cookie is invalid, or we got no cookie. We don't want
- # to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to
- # actually throw an error when it gets a bad cookie. It should just
- # look like there was no cookie to begin with.
+ # Either the cookie or token is invalid and we are not authenticating
+ # via a webservice, or we did not receive a cookie or token. We don't
+ # want to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to
+ # actually throw an error when it gets a bad cookie or token. It should just
+ # look like there was no cookie or token to begin with.
return { failure => AUTH_NODATA };
}
@@ -104,9 +109,7 @@ sub login_token {
return $self->{'_login_token'} if exists $self->{'_login_token'};
- if ($usage_mode ne USAGE_MODE_XMLRPC
- && $usage_mode ne USAGE_MODE_JSON
- && $usage_mode ne USAGE_MODE_REST) {
+ if (!i_am_webservice()) {
return $self->{'_login_token'} = undef;
}
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index b529caf89..c3839b11b 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -832,10 +832,7 @@ sub create {
# (Wrapping the message in the WebService is unnecessary
# and causes awkward things like \n's appearing in error
# messages in JSON-RPC.)
- unless (Bugzilla->usage_mode == USAGE_MODE_JSON
- or Bugzilla->usage_mode == USAGE_MODE_XMLRPC
- or Bugzilla->usage_mode == USAGE_MODE_REST)
- {
+ unless (i_am_webservice()) {
$var = wrap_comment($var, 72);
}
$var =~ s/\&nbsp;/ /g;
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm
index c930b02dc..60642c5e8 100644
--- a/Bugzilla/WebService.pm
+++ b/Bugzilla/WebService.pm
@@ -188,6 +188,13 @@ For REST, you may also use the C<username> and C<password> variable
names instead of C<Bugzilla_login> and C<Bugzilla_password> as a
convenience.
+=item B<Added in Bugzilla 5.0>
+
+An error is now thrown if you pass invalid cookies or an invalid token.
+You will need to log in again to get new cookies or a new token. Previous
+releases simply ignored invalid cookies and token support was added in
+Bugzilla B<5.0>.
+
=back
=head1 STABLE, EXPERIMENTAL, and UNSTABLE