summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Auth.pm108
-rw-r--r--Bugzilla/Auth/CGI.pm (renamed from Bugzilla/Auth/Login/CGI.pm)15
-rw-r--r--Bugzilla/Auth/Cookie.pm (renamed from Bugzilla/Auth/Login/CGI/Cookie.pm)8
-rw-r--r--Bugzilla/Auth/DB.pm (renamed from Bugzilla/Auth/Verify/DB.pm)16
-rw-r--r--Bugzilla/Auth/LDAP.pm (renamed from Bugzilla/Auth/Verify/LDAP.pm)16
-rw-r--r--Bugzilla/Config.pm7
6 files changed, 44 insertions, 126 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e6cf27963..dcea8189a 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -18,7 +18,6 @@
# Rights Reserved.
#
# Contributor(s): Bradley Baetz <bbaetz@acm.org>
-# Erik Stambaugh <erik@dasbistro.com>
package Bugzilla::Auth;
@@ -27,25 +26,19 @@ use strict;
use Bugzilla::Config;
use Bugzilla::Constants;
-# This is here for lack of a better place for it. I considered making it
-# part of the user object, but that object doesn't necessarily point to a
-# currently authenticated user.
-#
-# I'm willing to accept suggestions for somewhere else to put it.
-my $current_verify_method = undef;
-
-# 'inherit' from the main verify method
+# 'inherit' from the main loginmethod
BEGIN {
- for my $verifymethod (split /,\s*/, Param("user_verify_method")) {
- if ($verifymethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
- $verifymethod = $1;
+ my $loginmethod = Param("loginmethod");
+ if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
+ $loginmethod = $1;
}
else {
- die "Badly-named user_verify_method '$verifymethod'";
+ die "Badly-named loginmethod '$loginmethod'";
}
- require "Bugzilla/Auth/Verify/" . $verifymethod . ".pm";
+ require "Bugzilla/Auth/" . $loginmethod . ".pm";
- }
+ our @ISA;
+ push (@ISA, "Bugzilla::Auth::" . $loginmethod);
}
# PRIVATE
@@ -68,46 +61,6 @@ sub get_netaddr {
return join(".", unpack("CCCC", pack("N", $addr)));
}
-# This is a replacement for the inherited authenticate function
-# go through each of the available methods for each function
-sub authenticate {
- my $self = shift;
- my @args = @_;
- my @firstresult = ();
- my @result = ();
- for my $method (split /,\s*/, Param("user_verify_method")) {
- $method = "Bugzilla::Auth::Verify::" . $method;
- @result = $method->authenticate(@args);
- @firstresult = @result unless @firstresult;
-
- if (($result[0] != AUTH_NODATA)&&($result[0] != AUTH_LOGINFAILED)) {
- $current_verify_method = $method;
- return @result;
- }
- }
- @result = @firstresult;
- # no auth match
-
- # see if we can set $current to the first verify method that
- # will allow a new login
-
- for my $method (split /,\s*/, Param("user_verify_method")) {
- $method = "Bugzilla::Auth::Verify::" . $method;
- if ($method::can_edit->{'new'}) {
- $current_verify_method = $method;
- }
- }
-
- return @result;
-}
-
-sub can_edit {
- if ($current_verify_method) {
- return $current_verify_method->{'can_edit'};
- }
- return {};
-}
-
1;
__END__
@@ -125,8 +78,16 @@ used to obtain the data (from CGI, email, etc), and the other set uses
this data to authenticate against the datasource (the Bugzilla DB, LDAP,
cookies, etc).
-Modules for obtaining the data are located under L<Bugzilla::Auth::Login>, and
-modules for authenticating are located in L<Bugzilla::Auth::Verify>.
+The handlers for the various types of authentication
+(DB/LDAP/cookies/etc) provide the actual code for each specific method
+of authentication.
+
+The source modules (currently, only
+L<Bugzilla::Auth::CGI|Bugzilla::Auth::CGI>) then use those methods to do
+the authentication.
+
+I<Bugzilla::Auth> itself inherits from the default authentication handler,
+identified by the I<loginmethod> param.
=head1 METHODS
@@ -147,9 +108,7 @@ only some addresses.
=head1 AUTHENTICATION
Authentication modules check a user's credentials (username, password,
-etc) to verify who the user is. The methods that C<Bugzilla::Auth> uses for
-authentication are wrappers that check all configured modules (via the
-C<Param('user_info_method')> and C<Param('user_verify_method')>) in sequence.
+etc) to verify who the user is.
=head2 METHODS
@@ -216,36 +175,19 @@ Note that this argument is a string, not a tag.
=back
-=item C<current_verify_method>
-
-This scalar gets populated with the full name (eg.,
-C<Bugzilla::Auth::Verify::DB>) of the verification method being used by the
-current user. If no user is logged in, it will contain the name of the first
-method that allows new users, if any. Otherwise, it carries an undefined
-value.
-
=item C<can_edit>
-This determines if the user's account details can be modified. It returns a
-reference to a hash with the keys C<userid>, C<login_name>, and C<realname>,
-which determine whether their respective profile values may be altered, and
-C<new>, which determines if new accounts may be created.
-
-Each user verification method (chosen with C<Param('user_verify_method')> has
-its own set of can_edit values. Calls to can_edit return the appropriate
-values for the current user's login method.
-
-If a user is not logged in, C<can_edit> will contain the values of the first
-verify method that allows new users to be created, if available. Otherwise it
-returns an empty hash.
+This determines if the user's account details can be modified. If this
+method returns a C<true> value, then accounts can be created and
+modified through the Bugzilla user interface. Forgotten passwords can
+also be retrieved through the L<Token interface|Bugzilla::Token>.
=back
=head1 LOGINS
A login module can be used to try to log in a Bugzilla user in a
-particular way. For example,
-L<Bugzilla::Auth::Login::CGI|Bugzilla::Auth::Login::CGI>
+particular way. For example, L<Bugzilla::Auth::CGI|Bugzilla::Auth::CGI>
logs in users from CGI scripts, first by using form variables, and then
by trying cookies as a fallback.
@@ -308,5 +250,5 @@ user-performed password changes.
=head1 SEE ALSO
-L<Bugzilla::Auth::Login::CGI>, L<Bugzilla::Auth::Login::CGI::Cookie>, L<Bugzilla::Auth::Verify::DB>
+L<Bugzilla::Auth::CGI>, L<Bugzilla::Auth::Cookie>, L<Bugzilla::Auth::DB>
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/CGI.pm
index 2f8ca071d..471e538e9 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/CGI.pm
@@ -25,9 +25,8 @@
# Gervase Markham <gerv@gerv.net>
# Christian Reis <kiko@async.com.br>
# Bradley Baetz <bbaetz@acm.org>
-# Erik Stambaugh <erik@dasbistro.com>
-package Bugzilla::Auth::Login::CGI;
+package Bugzilla::Auth::CGI;
use strict;
@@ -50,7 +49,7 @@ sub login {
my $username = $cgi->param("Bugzilla_login");
my $passwd = $cgi->param("Bugzilla_password");
- my $authmethod = Param("user_verify_method");
+ my $authmethod = Param("loginmethod");
my ($authres, $userid, $extra, $info) =
Bugzilla::Auth->authenticate($username, $passwd);
@@ -99,11 +98,11 @@ sub login {
$username = $cgi->cookie("Bugzilla_login");
$passwd = $cgi->cookie("Bugzilla_logincookie");
- require Bugzilla::Auth::Login::CGI::Cookie;
+ require Bugzilla::Auth::Cookie;
my $authmethod = "Cookie";
($authres, $userid, $extra) =
- Bugzilla::Auth::Login::CGI::Cookie->authenticate($username, $passwd);
+ Bugzilla::Auth::Cookie->authenticate($username, $passwd);
# If the data for the cookie was incorrect, then treat that as
# NODATA. This could occur if the user's IP changed, for example.
@@ -144,7 +143,7 @@ sub login {
{ 'target' => $cgi->url(-relative=>1),
'form' => \%::FORM,
'mform' => \%::MFORM,
- 'caneditaccount' => Bugzilla::Auth->can_edit->{'new'},
+ 'caneditaccount' => Bugzilla::Auth->can_edit,
}
)
|| ThrowTemplateError($template->error());
@@ -234,7 +233,7 @@ __END__
=head1 NAME
-Bugzilla::Auth::Login::CGI - CGI-based logins for Bugzilla
+Bugzilla::Auth::CGI - CGI-based logins for Bugzilla
=head1 SUMMARY
@@ -247,7 +246,7 @@ Users are first authenticated against the default authentication handler,
using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>.
If no data is present for that, then cookies are tried, using
-L<Bugzilla::Auth::Login::CGI::Cookie>.
+L<Bugzilla::Auth::Cookie>.
=head1 SEE ALSO
diff --git a/Bugzilla/Auth/Login/CGI/Cookie.pm b/Bugzilla/Auth/Cookie.pm
index 9c0e2e566..b50acbe24 100644
--- a/Bugzilla/Auth/Login/CGI/Cookie.pm
+++ b/Bugzilla/Auth/Cookie.pm
@@ -26,7 +26,7 @@
# Christian Reis <kiko@async.com.br>
# Bradley Baetz <bbaetz@acm.org>
-package Bugzilla::Auth::Login::CGI::Cookie;
+package Bugzilla::Auth::Cookie;
use strict;
@@ -93,7 +93,7 @@ __END__
=head1 NAME
-Bugzilla::Auth::Login::CGI::Cookie - cookie authentication for Bugzilla
+Bugzilla::Cookie - cookie authentication for Bugzilla
=head1 SUMMARY
@@ -108,8 +108,8 @@ restricted to certain IP addresses as a security meaure. The exact
restriction can be specified by the admin via the C<loginnetmask> parameter.
This module does not ever send a cookie (It has no way of knowing when a user
-is successfully logged in). Instead L<Bugzilla::Auth::Login::CGI> handles this.
+is successfully logged in). Instead L<Bugzilla::Auth::CGI> handles this.
=head1 SEE ALSO
-L<Bugzilla::Auth>, L<Bugzilla::Auth::Login::CGI>
+L<Bugzilla::Auth>, L<Bugzilla::Auth::CGI>
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/DB.pm
index 4db34b5cf..dee3b5db9 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/DB.pm
@@ -25,9 +25,8 @@
# Gervase Markham <gerv@gerv.net>
# Christian Reis <kiko@async.com.br>
# Bradley Baetz <bbaetz@acm.org>
-# Erik Stambaugh <erik@dasbistro.com>
-package Bugzilla::Auth::Verify::DB;
+package Bugzilla::Auth::DB;
use strict;
@@ -35,15 +34,6 @@ use Bugzilla::Config;
use Bugzilla::Constants;
use Bugzilla::Util;
-# can_edit is now a hash.
-
-my $can_edit = {
- 'new' => 1,
- 'userid' => 0,
- 'login_name' => 1,
- 'realname' => 1,
-};
-
sub authenticate {
my ($class, $username, $passwd) = @_;
@@ -71,6 +61,8 @@ sub authenticate {
return (AUTH_OK, $userid);
}
+sub can_edit { return 1; }
+
sub get_id_from_username {
my ($class, $username) = @_;
my $dbh = Bugzilla->dbh;
@@ -119,7 +111,7 @@ __END__
=head1 NAME
-Bugzilla::Auth::Verify::DB - database authentication for Bugzilla
+Bugzilla::Auth::DB - database authentication for Bugzilla
=head1 SUMMARY
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/LDAP.pm
index 737827ee0..c34c3698f 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/LDAP.pm
@@ -25,9 +25,8 @@
# Gervase Markham <gerv@gerv.net>
# Christian Reis <kiko@async.com.br>
# Bradley Baetz <bbaetz@acm.org>
-# Erik Stambaugh <erik@dasbistro.com>
-package Bugzilla::Auth::Verify::LDAP;
+package Bugzilla::Auth::LDAP;
use strict;
@@ -36,15 +35,6 @@ use Bugzilla::Constants;
use Net::LDAP;
-# can_edit is now a hash.
-
-my $can_edit = {
- 'new' => 0,
- 'userid' => 0,
- 'login_name' => 0,
- 'realname' => 0,
-};
-
sub authenticate {
my ($class, $username, $passwd) = @_;
@@ -166,13 +156,15 @@ sub authenticate {
return (AUTH_OK, $userid);
}
+sub can_edit { return 0; }
+
1;
__END__
=head1 NAME
-Bugzilla::Auth::Verify::LDAP - LDAP based authentication for Bugzilla
+Bugzilla::Auth::LDAP - LDAP based authentication for Bugzilla
This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
Bugzilla, which logs the user in using an LDAP directory.
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm
index d73f22875..b568918e3 100644
--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -25,7 +25,6 @@
# J. Paul Reed <preed@sigkill.com>
# Bradley Baetz <bbaetz@student.usyd.edu.au>
# Christopher Aillon <christopher@aillon.com>
-# Erik Stambaugh <erik@dasbistro.com>
package Bugzilla::Config;
@@ -218,12 +217,6 @@ sub UpdateParams {
$param{'loginmethod'} = $param{'useLDAP'} ? "LDAP" : "DB";
}
- # set verify method to whatever loginmethod was
- if (exists $param{'loginmethod'} && !exists $param{'user_verify_method'}) {
- $param{'user_verify_method'} = $param{'loginmethod'};
- delete $param{'loginmethod'};
- }
-
# --- DEFAULTS FOR NEW PARAMS ---
foreach my $item (@param_list) {