summaryrefslogtreecommitdiffstats
path: root/extensions/BrowserID/template/en
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-04-10 20:35:59 +0200
committerDave Lawrence <dlawrence@mozilla.com>2012-04-10 20:35:59 +0200
commiteec1169f0db5257c50ebbe7a51dab9846173b3bc (patch)
treec2b511c0c89f77d197dadd0d35621abdc8c95549 /extensions/BrowserID/template/en
parentb8b57b2c41fd39d4c4791699759d2b68a3a2215a (diff)
downloadbugzilla-eec1169f0db5257c50ebbe7a51dab9846173b3bc.tar.gz
bugzilla-eec1169f0db5257c50ebbe7a51dab9846173b3bc.tar.xz
Bug 743735 - use POST instead of GET to pass assertion to bugzilla for verification
r=glob
Diffstat (limited to 'extensions/BrowserID/template/en')
-rw-r--r--extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl41
-rw-r--r--extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl23
2 files changed, 58 insertions, 6 deletions
diff --git a/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl b/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
index d16a84142..2b6f4b85a 100644
--- a/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
+++ b/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
@@ -1,4 +1,8 @@
[% IF Param('user_info_class').split(',').contains('BrowserID') %]
+
+[% USE Bugzilla %]
+[% cgi = Bugzilla.cgi %]
+
<script src="https://browserid.org/include.js" type="text/javascript"></script>
<script type="text/javascript">
@@ -7,9 +11,40 @@ function browserid_sign_in() {
if (assertion) {
// This code will be invoked once the user has successfully
// selected an email address they control to sign in with.
- var token = "[% issue_hash_token(['login']) FILTER html %]";
- window.location.href = "[% login_target FILTER none %]?token="
- + token + "&browserid_assertion=" + assertion;
+ var browseridForm = document.createElement('form');
+ browseridForm.action = '[% target FILTER js %]';
+ browseridForm.method = 'POST';
+ browseridForm.style.display = 'none';
+
+ var tokenField = document.createElement('input');
+ tokenField.type = 'hidden';
+ tokenField.name = 'token';
+ tokenField.value = '[% issue_hash_token(['login']) FILTER js %]';
+ browseridForm.appendChild(tokenField);
+
+ var assertionField = document.createElement('input');
+ assertionField.type = 'hidden';
+ assertionField.name = 'browserid_assertion';
+ assertionField.value = assertion;
+ browseridForm.appendChild(assertionField);
+
+ var hidden_fields =[];
+ var field_count = 0;
+ [% FOREACH field = cgi.param() %]
+ [% NEXT IF field.search("^(Bugzilla_(login|password|restrictlogin)|token|browserid_assertion)$") %]
+ [% FOREACH mvalue = cgi.param(field).slice(0) %]
+ hidden_fields[field_count] = document.createElement('input');
+ hidden_fields[field_count].type = 'hidden';
+ hidden_fields[field_count].name = '[% field FILTER js %]';
+ hidden_fields[field_count].value = '[% mvalue FILTER html_linebreak FILTER js %]';
+ browseridForm.appendChild(hidden_fields[field_count]);
+ [% END %]
+ field_count++;
+ [% END %]
+
+ document.body.appendChild(browseridForm);
+ browseridForm.submit();
+ return true;
}
});
}
diff --git a/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl b/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
index 9871d585d..26d5ff609 100644
--- a/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
+++ b/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
@@ -7,9 +7,26 @@ function browserid_sign_in() {
if (assertion) {
// This code will be invoked once the user has successfully
// selected an email address they control to sign in with.
- var token = "[% issue_hash_token(['login']) FILTER html %]";
- window.location.href = "[% login_target FILTER none %]?token="
- + token + "&browserid_assertion=" + assertion;
+ var browseridForm = document.createElement('form');
+ browseridForm.action = '[% login_target FILTER js %]';
+ browseridForm.method = 'POST';
+ browseridForm.style.display = 'none';
+
+ var tokenField = document.createElement('input');
+ tokenField.type = 'hidden';
+ tokenField.name = 'token';
+ tokenField.value = '[% issue_hash_token(['login']) FILTER js %]';
+ browseridForm.appendChild(tokenField);
+
+ var assertionField = document.createElement('input');
+ assertionField.type = 'hidden';
+ assertionField.name = 'browserid_assertion';
+ assertionField.value = assertion;
+ browseridForm.appendChild(assertionField);
+
+ document.body.appendChild(browseridForm);
+ browseridForm.submit();
+ return true;
}
});
}