Bug 743735 - use POST instead of GET to pass assertion to bugzilla for verification

r=glob
author: Dave Lawrence <dlawrence@mozilla.com> 2012-04-10 20:35:59 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2012-04-10 20:35:59 +0200
commit: eec1169f0db5257c50ebbe7a51dab9846173b3bc (patch)
tree: c2b511c0c89f77d197dadd0d35621abdc8c95549 /extensions/BrowserID/template/en/default/hook/account
parent: b8b57b2c41fd39d4c4791699759d2b68a3a2215a (diff)
download: bugzilla-eec1169f0db5257c50ebbe7a51dab9846173b3bc.tar.gz
bugzilla-eec1169f0db5257c50ebbe7a51dab9846173b3bc.tar.xz
2 files changed, 58 insertions, 6 deletions
diff --git a/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl b/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
index d16a84142..2b6f4b85a 100644
--- a/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
+++ b/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
@@ -1,4 +1,8 @@
 [% IF Param('user_info_class').split(',').contains('BrowserID') %]
+
+[% USE Bugzilla %]
+[% cgi = Bugzilla.cgi %]
+
 <script src="https://browserid.org/include.js" type="text/javascript"></script>
 
 <script type="text/javascript">
@@ -7,9 +11,40 @@ function browserid_sign_in() {
         if (assertion) {
             // This code will be invoked once the user has successfully
             // selected an email address they control to sign in with.
-            var token = "[% issue_hash_token(['login']) FILTER html %]";
-            window.location.href = "[% login_target FILTER none %]?token="
-                + token + "&browserid_assertion=" + assertion;
+            var browseridForm = document.createElement('form');
+            browseridForm.action = '[% target FILTER js %]';
+            browseridForm.method = 'POST';
+            browseridForm.style.display = 'none';
+            
+            var tokenField = document.createElement('input');
+            tokenField.type = 'hidden';
+            tokenField.name = 'token';
+            tokenField.value = '[% issue_hash_token(['login']) FILTER js %]';
+            browseridForm.appendChild(tokenField);
+
+            var assertionField = document.createElement('input');
+            assertionField.type = 'hidden';
+            assertionField.name = 'browserid_assertion';
+            assertionField.value = assertion;
+            browseridForm.appendChild(assertionField);
+
+            var hidden_fields =[];
+            var field_count = 0;
+            [% FOREACH field = cgi.param() %]
+              [% NEXT IF field.search("^(Bugzilla_(login|password|restrictlogin)|token|browserid_assertion)$") %]
+              [% FOREACH mvalue = cgi.param(field).slice(0) %]
+                hidden_fields[field_count] = document.createElement('input');
+                hidden_fields[field_count].type = 'hidden';
+                hidden_fields[field_count].name = '[% field FILTER js %]';
+                hidden_fields[field_count].value = '[% mvalue FILTER html_linebreak FILTER js %]';
+                browseridForm.appendChild(hidden_fields[field_count]);
+              [% END %]
+              field_count++;
+            [% END %]
+
+            document.body.appendChild(browseridForm);
+            browseridForm.submit();
+            return true;
         }
     });
 }
diff --git a/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl b/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
index 9871d585d..26d5ff609 100644
--- a/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
+++ b/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
@@ -7,9 +7,26 @@ function browserid_sign_in() {
         if (assertion) {
             // This code will be invoked once the user has successfully
             // selected an email address they control to sign in with.
-            var token = "[% issue_hash_token(['login']) FILTER html %]";
-            window.location.href = "[% login_target FILTER none %]?token="
-                + token + "&browserid_assertion=" + assertion;
+            var browseridForm = document.createElement('form');
+            browseridForm.action = '[% login_target FILTER js %]';
+            browseridForm.method = 'POST';
+            browseridForm.style.display = 'none';
+            
+            var tokenField = document.createElement('input');
+            tokenField.type = 'hidden';
+            tokenField.name = 'token';
+            tokenField.value = '[% issue_hash_token(['login']) FILTER js %]';
+            browseridForm.appendChild(tokenField);
+
+            var assertionField = document.createElement('input');
+            assertionField.type = 'hidden';
+            assertionField.name = 'browserid_assertion';
+            assertionField.value = assertion;
+            browseridForm.appendChild(assertionField);
+
+            document.body.appendChild(browseridForm);
+            browseridForm.submit();
+            return true;
         }
     });
 }
author	Dave Lawrence <dlawrence@mozilla.com>	2012-04-10 20:35:59 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2012-04-10 20:35:59 +0200
commit	eec1169f0db5257c50ebbe7a51dab9846173b3bc (patch)
tree	c2b511c0c89f77d197dadd0d35621abdc8c95549 /extensions/BrowserID/template/en/default/hook/account
parent	b8b57b2c41fd39d4c4791699759d2b68a3a2215a (diff)
download	bugzilla-eec1169f0db5257c50ebbe7a51dab9846173b3bc.tar.gz bugzilla-eec1169f0db5257c50ebbe7a51dab9846173b3bc.tar.xz