summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xauth.cgi35
-rw-r--r--template/en/default/global/user-error.html.tmpl9
2 files changed, 40 insertions, 4 deletions
diff --git a/auth.cgi b/auth.cgi
index dcce5c458..c5dae77de 100755
--- a/auth.cgi
+++ b/auth.cgi
@@ -23,6 +23,8 @@ use Bugzilla::Mailer qw(MessageToMTA);
use URI;
use URI::QueryParam;
use Digest::SHA qw(sha256_hex);
+use LWP::UserAgent ();
+use JSON qw(decode_json encode_json);
Bugzilla->login(LOGIN_REQUIRED);
@@ -88,10 +90,35 @@ if ($confirmed || $skip_confirmation) {
MessageToMTA($message);
}
- $callback_uri->query_param(client_api_key => $api_key->api_key);
- $callback_uri->query_param(client_api_login => $user->login);
-
- print $cgi->redirect($callback_uri);
+ my $ua = LWP::UserAgent->new();
+ $ua->timeout(2);
+ $ua->protocols_allowed(['http', 'https']);
+ # If the URL of the proxy is given, use it, else get this information
+ # from the environment variable.
+ if (my $proxy_url = Bugzilla->params->{'proxy_url'}) {
+ $ua->proxy(['http', 'https'], $proxy_url);
+ }
+ else {
+ $ua->env_proxy;
+ }
+ my $content = encode_json({ client_api_key => $api_key->api_key,
+ client_api_login => $user->login });
+ my $resp = $ua->post($callback_uri,
+ 'Content-Type' => 'application/json',
+ Content => $content);
+ if ($resp->code == 200) {
+ $callback_uri->query_param(client_api_login => $user->login);
+ eval {
+ my $data = decode_json($resp->content);
+ $callback_uri->query_param(callback_result => $data->{result});
+ };
+ ThrowUserError('auth_delegation_json_error', { json_text => $resp->content }) if $@;
+
+ print $cgi->redirect($callback_uri);
+ }
+ else {
+ ThrowUserError('auth_delegation_post_error', { code => $resp->code });
+ }
}
else {
$args{token} = issue_auth_delegation_token($callback);
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 4de3845d4..ffe1b6fa4 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -152,6 +152,15 @@
[% title = "Auth delegation can't be confirmed" %]
Auth delegation cannot be confirmed due to missing or invalid token.
+ [% ELSIF error == "auth_delegation_json_error" %]
+ [% title = "Auth delegation received invalid JSON" %]
+ Auth delegation received an invalid JSON response from auth consumer:
+ <pre>[% json_text FILTER html %]</pre>
+
+ [% ELSIF error == "auth_delegation_post_error" %]
+ [% title = "Auth delegation received invalid status code" %]
+ Auth delegation received an HTTP response other than 200 OK from auth consumer. Code: [% code FILTER html %]
+
[% ELSIF error == "auth_failure" %]
[% title = "Authorization Required" %]
[% admindocslinks = {'groups.html' => 'Group Security'} %]