Bug 1001462 - Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token'

r/a=glob

3 files changed, 18 insertions, 19 deletions

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 40c66a8f9..48ab27a5e 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -115,6 +115,7 @@ our @ISA = qw(XMLRPC::Deserializer);
 
 use Bugzilla::Error;
 use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
+use Bugzilla::WebService::Util qw(fix_credentials);
 use Scalar::Util qw(tainted);
 
 sub deserialize {
@@ -138,6 +139,11 @@ sub deserialize {
     my $params = $som->paramsin;
     # This allows positional parameters for Testopia.
     $params = {} if ref $params ne 'HASH';
+
+    # Update the params to allow for several convenience key/values
+    # use for authentication
+    fix_credentials($params);
+
     Bugzilla->input_params($params);
     return $som;
 }
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index f8358f78d..112d336d7 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -54,16 +54,10 @@ sub login {
 
     # Username and password params are required 
     foreach my $param ("login", "password") {
-        defined $params->{$param} 
+        (!defined $params->{$param} && !defined $params->{'Bugzilla_' . $param})
             || ThrowCodeError('param_required', { param => $param });
     }
 
-    # Make sure the CGI user info class works if necessary.
-    my $input_params = Bugzilla->input_params;
-    $input_params->{'Bugzilla_login'} =  $params->{login};
-    $input_params->{'Bugzilla_password'} = $params->{password};
-    $input_params->{'Bugzilla_restrictlogin'} = $params->{restrict_login};
-
     my $user = Bugzilla->login();
 
     my $result = { id => $self->type('int', $user->id) };
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index bba6122e5..8e66a9b53 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -261,18 +261,17 @@ sub params_to_objects {
 
 sub fix_credentials {
     my ($params) = @_;
-    # Allow user to pass in login=foo&password=bar as a convenience
-    # even if not calling GET /login. We also do not delete them as
-    # GET /login requires "login" and "password".
-    if (exists $params->{'login'} && exists $params->{'password'}) {
-        $params->{'Bugzilla_login'}    = $params->{'login'};
-        $params->{'Bugzilla_password'} = $params->{'password'};
-    }
-    # Allow user to pass token=12345678 as a convenience which becomes
-    # "Bugzilla_token" which is what the auth code looks for.
-    if (exists $params->{'token'}) {
-        $params->{'Bugzilla_token'} = $params->{'token'};
-    }
+
+    # Allow user to pass in login, password, restrict_login, and
+    # token as short-cuts to the longer versions.
+    $params->{'Bugzilla_login'} = delete $params->{'login'}
+        if exists $params->{'login'};
+    $params->{'Bugzilla_password'} = delete $params->{'password'}
+        if exists $params->{'password'};
+    $params->{'Bugzilla_restrictlogin'} = delete $params->{'restrict_login'}
+        if exists $params->{'restrict_login'};
+    $params->{'Bugzilla_token'} = delete $params->{'token'}
+        if exists $params->{'token'};
 
     # Allow extensions to modify the credential data before login
     Bugzilla::Hook::process('webservice_fix_credentials', { params => $params });