summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Verify/DB.pm
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/Auth/Verify/DB.pm')
-rw-r--r--Bugzilla/Auth/Verify/DB.pm11
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index aaa1b6c87..ea86346e1 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -53,6 +53,7 @@ sub check_credentials {
}
my $password = $login_data->{password};
+ return { failure => AUTH_NODATA } unless defined $login_data->{password};
my $real_password_crypted = $user->cryptpassword;
# Using the internal crypted password as the salt,
@@ -105,6 +106,16 @@ sub check_credentials {
$user->update();
}
+ if (i_am_webservice() && $user->settings->{api_key_only}->{value} eq 'on') {
+ # api-key verification happens in Auth/Login/APIKey
+ # token verification happens in Auth/Login/Cookie
+ # if we get here from an api call then we must be using user/pass
+ return {
+ failure => AUTH_ERROR,
+ user_error => 'invalid_auth_method',
+ };
+ }
+
return $login_data;
}
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-28 03:09:01 +0200