diff options
-rw-r--r-- | Bugzilla/Auth.pm | 79 |
1 files changed, 34 insertions, 45 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 40a0917ef..74678afa8 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -36,8 +36,6 @@ use Bugzilla::Auth::Login::Stack; use Bugzilla::Auth::Verify::Stack; use Bugzilla::Auth::Persist::Cookie; -use Switch; - sub new { my ($class, $params) = @_; my $self = fields::new($class); @@ -149,50 +147,41 @@ sub _handle_login_result { $self->{_persister}->persist_login($user); } } - else { - switch ($fail_code) { - case AUTH_ERROR { - ThrowCodeError($result->{error}, $result->{details}); - } - case AUTH_NODATA { - if ($login_type == LOGIN_REQUIRED) { - # This seems like as good as time as any to get rid of - # old crufty junk in the logincookies table. Get rid - # of any entry that hasn't been used in a month. - $dbh->do("DELETE FROM logincookies WHERE " . - $dbh->sql_to_days('NOW()') . " - " . - $dbh->sql_to_days('lastused') . " > 30"); - $self->{_info_getter}->fail_nodata($self); - } - # Otherwise, we just return the "default" user. - $user = Bugzilla->user; - } - - # The username/password may be wrong - # Don't let the user know whether the username exists or whether - # the password was just wrong. (This makes it harder for a cracker - # to find account names by brute force) - case [AUTH_LOGINFAILED, AUTH_NO_SUCH_USER] { - ThrowUserError("invalid_username_or_password"); - } - - # The account may be disabled - case AUTH_DISABLED { - $self->{_persister}->logout(); - # XXX This is NOT a good way to do this, architecturally. - $self->{_persister}->clear_browser_cookies(); - # and throw a user error - ThrowUserError("account_disabled", - {'disabled_reason' => $result->{user}->disabledtext}); - } - - # If we get here, then we've run out of options, which - # shouldn't happen. - else { - ThrowCodeError("authres_unhandled", - { value => $fail_code }); - } + elsif ($fail_code == AUTH_ERROR) { + ThrowCodeError($result->{error}, $result->{details}); + } + elsif ($fail_code == AUTH_NODATA) { + if ($login_type == LOGIN_REQUIRED) { + # This seems like as good as time as any to get rid of + # old crufty junk in the logincookies table. Get rid + # of any entry that hasn't been used in a month. + $dbh->do("DELETE FROM logincookies WHERE " . + $dbh->sql_to_days('NOW()') . " - " . + $dbh->sql_to_days('lastused') . " > 30"); + $self->{_info_getter}->fail_nodata($self); } + # Otherwise, we just return the "default" user. + $user = Bugzilla->user; + } + # The username/password may be wrong + # Don't let the user know whether the username exists or whether + # the password was just wrong. (This makes it harder for a cracker + # to find account names by brute force) + elsif (($fail_code == AUTH_LOGINFAILED) || ($fail_code == AUTH_NO_SUCH_USER)) { + ThrowUserError("invalid_username_or_password"); + } + # The account may be disabled + elsif ($fail_code == AUTH_DISABLED) { + $self->{_persister}->logout(); + # XXX This is NOT a good way to do this, architecturally. + $self->{_persister}->clear_browser_cookies(); + # and throw a user error + ThrowUserError("account_disabled", + {'disabled_reason' => $result->{user}->disabledtext}); + } + # If we get here, then we've run out of options, which shouldn't happen. + else { + ThrowCodeError("authres_unhandled", { value => $fail_code }); } return $user; |