diff options
author | Gervase Markham <gerv@mozilla.org> | 2012-11-20 15:50:48 +0100 |
---|---|---|
committer | Byron Jones <bjones@mozilla.com> | 2012-11-20 15:50:48 +0100 |
commit | 6feee28184b9eda5a5d83423af99c35bf17864f4 (patch) | |
tree | cae6e304eae8c7edc3261cb157481e78ec0e7ac5 /extensions | |
parent | c32d40fa6b8484341e61a144cbe9283d57f51ce0 (diff) | |
download | bugzilla-6feee28184b9eda5a5d83423af99c35bf17864f4.tar.gz bugzilla-6feee28184b9eda5a5d83423af99c35bf17864f4.tar.xz |
Bug 791035: Cookie lifetime should extend beyond session when authenticated via Persona login
Diffstat (limited to 'extensions')
2 files changed, 52 insertions, 44 deletions
diff --git a/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl b/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl index 2b6f4b85a..3a0ecb1cc 100644 --- a/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl +++ b/extensions/BrowserID/template/en/default/hook/account/auth/login-additional_methods.html.tmpl @@ -6,44 +6,39 @@ <script src="https://browserid.org/include.js" type="text/javascript"></script> <script type="text/javascript"> +function createHidden(name, value, form) { + var field = document.createElement('input'); + field.type = 'hidden'; + field.name = name; + field.value = value;; + form.appendChild(field); +} + function browserid_sign_in() { navigator.id.getVerifiedEmail(function(assertion) { if (assertion) { // This code will be invoked once the user has successfully // selected an email address they control to sign in with. - var browseridForm = document.createElement('form'); - browseridForm.action = '[% target FILTER js %]'; - browseridForm.method = 'POST'; - browseridForm.style.display = 'none'; - - var tokenField = document.createElement('input'); - tokenField.type = 'hidden'; - tokenField.name = 'token'; - tokenField.value = '[% issue_hash_token(['login']) FILTER js %]'; - browseridForm.appendChild(tokenField); - - var assertionField = document.createElement('input'); - assertionField.type = 'hidden'; - assertionField.name = 'browserid_assertion'; - assertionField.value = assertion; - browseridForm.appendChild(assertionField); - - var hidden_fields =[]; - var field_count = 0; + var form = document.createElement('form'); + form.action = '[% target FILTER js %]'; + form.method = 'POST'; + form.style.display = 'none'; + + createHidden('token', '[% issue_hash_token(['login']) FILTER js %]', form); + createHidden('Bugzilla_remember', 'on', form); + createHidden('browserid_assertion', assertion, form); + [% FOREACH field = cgi.param() %] [% NEXT IF field.search("^(Bugzilla_(login|password|restrictlogin)|token|browserid_assertion)$") %] [% FOREACH mvalue = cgi.param(field).slice(0) %] - hidden_fields[field_count] = document.createElement('input'); - hidden_fields[field_count].type = 'hidden'; - hidden_fields[field_count].name = '[% field FILTER js %]'; - hidden_fields[field_count].value = '[% mvalue FILTER html_linebreak FILTER js %]'; - browseridForm.appendChild(hidden_fields[field_count]); + createHidden('[% field FILTER js %]', + '[% mvalue FILTER html_linebreak FILTER js %]', + form); [% END %] - field_count++; [% END %] - document.body.appendChild(browseridForm); - browseridForm.submit(); + document.body.appendChild(form); + form.submit(); return true; } }); diff --git a/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl b/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl index 444bc1d14..08e68a690 100644 --- a/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl +++ b/extensions/BrowserID/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl @@ -1,31 +1,44 @@ [% IF Param('user_info_class').split(',').contains('BrowserID') %] <script src="https://browserid.org/include.js" type="text/javascript"></script> +[%# Note this code is a tiny bit different from the other copy; the name of + # the variable containing the login url is 'login_target' rather than + # 'target' #%] + <script type="text/javascript"> +function createHidden(name, value, form) { + var field = document.createElement('input'); + field.type = 'hidden'; + field.name = name; + field.value = value;; + form.appendChild(field); +} + function browserid_sign_in() { navigator.id.getVerifiedEmail(function(assertion) { if (assertion) { // This code will be invoked once the user has successfully // selected an email address they control to sign in with. - var browseridForm = document.createElement('form'); - browseridForm.action = '[% login_target FILTER js %]'; - browseridForm.method = 'POST'; - browseridForm.style.display = 'none'; - - var tokenField = document.createElement('input'); - tokenField.type = 'hidden'; - tokenField.name = 'token'; - tokenField.value = '[% issue_hash_token(['login']) FILTER js %]'; - browseridForm.appendChild(tokenField); + var form = document.createElement('form'); + form.action = '[% login_target FILTER js %]'; + form.method = 'POST'; + form.style.display = 'none'; + + createHidden('token', '[% issue_hash_token(['login']) FILTER js %]', form); + createHidden('Bugzilla_remember', 'on', form); + createHidden('browserid_assertion', assertion, form); - var assertionField = document.createElement('input'); - assertionField.type = 'hidden'; - assertionField.name = 'browserid_assertion'; - assertionField.value = assertion; - browseridForm.appendChild(assertionField); + [% FOREACH field = cgi.param() %] + [% NEXT IF field.search("^(Bugzilla_(login|password|restrictlogin)|token|browserid_assertion)$") %] + [% FOREACH mvalue = cgi.param(field).slice(0) %] + createHidden('[% field FILTER js %]', + '[% mvalue FILTER html_linebreak FILTER js %]', + form); + [% END %] + [% END %] - document.body.appendChild(browseridForm); - browseridForm.submit(); + document.body.appendChild(form); + form.submit(); return true; } }); |