diff options
Diffstat (limited to 'Bugzilla/Auth/Verify')
-rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index aaa1b6c87..ea86346e1 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -53,6 +53,7 @@ sub check_credentials { } my $password = $login_data->{password}; + return { failure => AUTH_NODATA } unless defined $login_data->{password}; my $real_password_crypted = $user->cryptpassword; # Using the internal crypted password as the salt, @@ -105,6 +106,16 @@ sub check_credentials { $user->update(); } + if (i_am_webservice() && $user->settings->{api_key_only}->{value} eq 'on') { + # api-key verification happens in Auth/Login/APIKey + # token verification happens in Auth/Login/Cookie + # if we get here from an api call then we must be using user/pass + return { + failure => AUTH_ERROR, + user_error => 'invalid_auth_method', + }; + } + return $login_data; } |