summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla.pm36
-rw-r--r--Bugzilla/Auth/Login/CGI.pm8
-rw-r--r--Bugzilla/Auth/Persist/Cookie.pm7
-rw-r--r--Bugzilla/CGI.pm33
-rw-r--r--Bugzilla/Hook.pm3
-rw-r--r--[-rwxr-xr-x]Bugzilla/WebService.pm40
-rw-r--r--Bugzilla/WebService/Server.pm3
-rw-r--r--Bugzilla/WebService/Server/JSONRPC.pm11
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm5
-rw-r--r--Bugzilla/WebService/User.pm10
10 files changed, 135 insertions, 21 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm
index a373aa801..666b1ec15 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -234,6 +234,22 @@ sub cgi {
return $class->request_cache->{cgi};
}
+sub input_params {
+ my ($class, $params) = @_;
+ my $cache = $class->request_cache;
+ # This is how the WebService and other places set input_params.
+ if (defined $params) {
+ $cache->{input_params} = $params;
+ }
+ return $cache->{input_params} if defined $cache->{input_params};
+
+ # Making this scalar makes it a tied hash to the internals of $cgi,
+ # so if a variable is changed, then it actually changes the $cgi object
+ # as well.
+ $cache->{input_params} = $class->cgi->Vars;
+ return $cache->{input_params};
+}
+
sub localconfig {
my $class = shift;
$class->request_cache->{localconfig} ||= read_localconfig();
@@ -647,6 +663,26 @@ The current C<cgi> object. Note that modules should B<not> be using this in
general. Not all Bugzilla actions are cgi requests. Its useful as a convenience
method for those scripts/templates which are only use via CGI, though.
+=item C<input_params>
+
+When running under the WebService, this is a hashref containing the arguments
+passed to the WebService method that was called. When running in a normal
+script, this is a hashref containing the contents of the CGI parameters.
+
+Modifying this hashref will modify the CGI parameters or the WebService
+arguments (depending on what C<input_params> currently represents).
+
+This should be used instead of L</cgi> in situations where your code
+could be being called by either a normal CGI script or a WebService method,
+such as during a code hook.
+
+B<Note:> When C<input_params> represents the CGI parameters, any
+parameter specified more than once (like C<foo=bar&foo=baz>) will appear
+as an arrayref in the hash, but any value specified only once will appear
+as a scalar. This means that even if a value I<can> appear multiple times,
+if it only I<does> appear once, then it will be a scalar in C<input_params>,
+not an arrayref.
+
=item C<user>
C<undef> if there is no currently logged in user or if the login code has not
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm
index a93bc3d3a..407582af4 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/Login/CGI.pm
@@ -40,12 +40,10 @@ use Bugzilla::Error;
sub get_login_info {
my ($self) = @_;
- my $cgi = Bugzilla->cgi;
-
- my $username = trim($cgi->param("Bugzilla_login"));
- my $password = $cgi->param("Bugzilla_password");
+ my $params = Bugzilla->input_params;
- $cgi->delete('Bugzilla_login', 'Bugzilla_password');
+ my $username = trim(delete $params->{"Bugzilla_login"});
+ my $password = delete $params->{"Bugzilla_password"};
if (!defined $username || !defined $password) {
return { failure => AUTH_NODATA };
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 4458e31b5..1e1b3a871 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -48,9 +48,10 @@ sub persist_login {
my ($self, $user) = @_;
my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
+ my $input_params = Bugzilla->input_params;
my $ip_addr;
- if ($cgi->param('Bugzilla_restrictlogin')) {
+ if ($input_params->{'Bugzilla_restrictlogin'}) {
$ip_addr = $cgi->remote_addr;
# The IP address is valid, at least for comparing with itself in a
# subsequent login
@@ -80,8 +81,8 @@ sub persist_login {
# or admin didn't forbid it and user told to remember.
if ( Bugzilla->params->{'rememberlogin'} eq 'on' ||
(Bugzilla->params->{'rememberlogin'} ne 'off' &&
- $cgi->param('Bugzilla_remember') &&
- $cgi->param('Bugzilla_remember') eq 'on') )
+ $input_params->{'Bugzilla_remember'} &&
+ $input_params->{'Bugzilla_remember'} eq 'on') )
{
# Not a session cookie, so set an infinite expiry
$cookieargs{'-expires'} = 'Fri, 01-Jan-2038 00:00:00 GMT';
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 8c68f996c..bebff2d63 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -416,6 +416,39 @@ sub url_is_attachment_base {
return ($self->self_url =~ $regex) ? 1 : 0;
}
+##########################
+# Vars TIEHASH Interface #
+##########################
+
+# Fix the TIEHASH interface (scalar $cgi->Vars) to return and accept
+# arrayrefs.
+sub STORE {
+ my $self = shift;
+ my ($param, $value) = @_;
+ if (defined $value and ref $value eq 'ARRAY') {
+ return $self->param(-name => $param, -value => $value);
+ }
+ return $self->SUPER::STORE(@_);
+}
+
+sub FETCH {
+ my ($self, $param) = @_;
+ return $self if $param eq 'CGI'; # CGI.pm did this, so we do too.
+ my @result = $self->param($param);
+ return undef if !scalar(@result);
+ return $result[0] if scalar(@result) == 1;
+ return \@result;
+}
+
+# For the Vars TIEHASH interface: the normal CGI.pm DELETE doesn't return
+# the value deleted, but Perl's "delete" expects that value.
+sub DELETE {
+ my ($self, $param) = @_;
+ my $value = $self->FETCH($param);
+ $self->delete($param);
+ return $value;
+}
+
1;
__END__
diff --git a/Bugzilla/Hook.pm b/Bugzilla/Hook.pm
index 51bce7fbe..69fa2f654 100644
--- a/Bugzilla/Hook.pm
+++ b/Bugzilla/Hook.pm
@@ -144,6 +144,9 @@ These params are accessible through L<Bugzilla/hook_args>.
That returns a hashref. Very frequently, if you want your
hook to do anything, you have to modify these variables.
+You may also want to use L<Bugzilla/input_params> to get parameters
+that were passed to the current CGI script or WebService method.
+
=head2 Versioning Extensions
Every extension must have a file in its root called F<info.pl>.
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm
index 75fcf6bc9..222923e70 100755..100644
--- a/Bugzilla/WebService.pm
+++ b/Bugzilla/WebService.pm
@@ -142,11 +142,51 @@ how this is implemented for those frontends.
=head1 LOGGING IN
+There are various ways to log in:
+
+=over
+
+=item C<User.login>
+
You can use L<Bugzilla::WebService::User/login> to log in as a Bugzilla
user. This issues standard HTTP cookies that you must then use in future
calls, so your client must be capable of receiving and transmitting
cookies.
+=item C<Bugzilla_login> and C<Bugzilla_password>
+
+B<Added in Bugzilla 3.6>
+
+You can specify C<Bugzilla_login> and C<Bugzilla_password> as arguments
+to any WebService method, and you will be logged in as that user if your
+credentials are correct. Here are the arguments you can specify to any
+WebService method to perform a login:
+
+=over
+
+=item C<Bugzilla_login> (string) - A user's login name.
+
+=item C<Bugzilla_password> (string) - That user's password.
+
+=item C<Bugzilla_restrictlogin> (boolean) - Optional. If true,
+then your login will only be valid for your IP address.
+
+=item C<Bugzilla_rememberlogin> (boolean) - Optional. If true,
+then the cookie sent back to you with the method response will
+not expire.
+
+=back
+
+The C<Bugzilla_restrictlogin> and C<Bugzilla_rememberlogin> options
+are only used when you have also specified C<Bugzilla_login> and
+C<Bugzilla_password>.
+
+Note that Bugzilla will return HTTP cookies along with the method
+response when you use these arguments (just like the C<User.login> method
+above).
+
+=back
+
=head1 STABLE, EXPERIMENTAL, and UNSTABLE
Methods are marked B<STABLE> if you can expect their parameters and
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm
index 2db182fd4..115c7df89 100644
--- a/Bugzilla/WebService/Server.pm
+++ b/Bugzilla/WebService/Server.pm
@@ -21,7 +21,8 @@ use strict;
sub handle_login {
my ($self, $class, $method, $full_method) = @_;
eval "require $class";
- return if $class->login_exempt($method);
+ return if ($class->login_exempt($method)
+ and !defined Bugzilla->input_params->{Bugzilla_login});
Bugzilla->login();
}
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index e54387a6d..919370a2a 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -112,12 +112,6 @@ sub _argument_type_check {
my $self = shift;
my $params = $self->SUPER::_argument_type_check(@_);
- # This is the best time to do login checks.
- $self->handle_login();
-
- # If there are no parameters, we don't need to parse them.
- return $params if !ref $params;
-
# JSON-RPC 1.0 requires all parameters to be passed as an array, so
# we just pull out the first item and assume it's an object.
if (ref $params eq 'ARRAY') {
@@ -144,6 +138,11 @@ sub _argument_type_check {
}
}
+ Bugzilla->input_params($params);
+
+ # This is the best time to do login checks.
+ $self->handle_login();
+
# Bugzilla::WebService packages call internal methods like
# $self->_some_private_method. So we have to inherit from
# that class as well as this Server class.
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index b2a50712a..cbfb1b7f2 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -78,6 +78,7 @@ sub deserialize {
$som->{_bz_do_taint} = 1;
}
bless $som, 'Bugzilla::XMLRPC::SOM';
+ Bugzilla->input_params($som->paramsin);
return $som;
}
@@ -146,11 +147,13 @@ use Bugzilla::WebService::Util qw(taint_data);
sub paramsin {
my $self = shift;
+ return $self->{bz_params_in} if $self->{bz_params_in};
my $params = $self->SUPER::paramsin(@_);
if ($self->{_bz_do_taint}) {
taint_data($params);
}
- return $params;
+ $self->{bz_params_in} = $params;
+ return $self->{bz_params_in};
}
1;
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index ba899cd4d..67a4720de 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -61,12 +61,12 @@ sub login {
}
# Make sure the CGI user info class works if necessary.
- my $cgi = Bugzilla->cgi;
- $cgi->param('Bugzilla_login', $params->{login});
- $cgi->param('Bugzilla_password', $params->{password});
- $cgi->param('Bugzilla_remember', $remember);
+ my $input_params = Bugzilla->input_params;
+ $input_params->{'Bugzilla_login'} = $params->{login};
+ $input_params->{'Bugzilla_password'} = $params->{password};
+ $input_params->{'Bugzilla_remember'} = $remember;
- Bugzilla->login;
+ Bugzilla->login();
return { id => $self->type('int', Bugzilla->user->id) };
}