1 files changed, 12 insertions, 11 deletions

diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 8e66a9b53..bba6122e5 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -261,17 +261,18 @@ sub params_to_objects {
 
 sub fix_credentials {
     my ($params) = @_;
-
-    # Allow user to pass in login, password, restrict_login, and
-    # token as short-cuts to the longer versions.
-    $params->{'Bugzilla_login'} = delete $params->{'login'}
-        if exists $params->{'login'};
-    $params->{'Bugzilla_password'} = delete $params->{'password'}
-        if exists $params->{'password'};
-    $params->{'Bugzilla_restrictlogin'} = delete $params->{'restrict_login'}
-        if exists $params->{'restrict_login'};
-    $params->{'Bugzilla_token'} = delete $params->{'token'}
-        if exists $params->{'token'};
+    # Allow user to pass in login=foo&password=bar as a convenience
+    # even if not calling GET /login. We also do not delete them as
+    # GET /login requires "login" and "password".
+    if (exists $params->{'login'} && exists $params->{'password'}) {
+        $params->{'Bugzilla_login'}    = $params->{'login'};
+        $params->{'Bugzilla_password'} = $params->{'password'};
+    }
+    # Allow user to pass token=12345678 as a convenience which becomes
+    # "Bugzilla_token" which is what the auth code looks for.
+    if (exists $params->{'token'}) {
+        $params->{'Bugzilla_token'} = $params->{'token'};
+    }
 
     # Allow extensions to modify the credential data before login
     Bugzilla::Hook::process('webservice_fix_credentials', { params => $params });