From d6649d2aa6be0328d7a605a76655923781d147da Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Mon, 2 Apr 2018 16:36:44 -0400 Subject: Bug 1450283 - JobQueue should treat "no jobs" as a trace-level message, and all other logs as info --- Bugzilla/JobQueue.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Bugzilla/JobQueue.pm b/Bugzilla/JobQueue.pm index 53b088c6e..afb36673f 100644 --- a/Bugzilla/JobQueue.pm +++ b/Bugzilla/JobQueue.pm @@ -101,7 +101,12 @@ sub debug { my $caller_pkg = caller; local $Log::Log4perl::caller_depth = $Log::Log4perl::caller_depth + 1; my $logger = Log::Log4perl->get_logger($caller_pkg); - $logger->info(@args); + if ($args[0] && $args[0] eq "TheSchwartz::work_once found no jobs") { + $logger->trace(@args); + } + else { + $logger->info(@args); + } } sub work { -- cgit v1.2.3-24-g4f1b From 956abd838811d93329ad5e3eee030d1f43a81652 Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Tue, 3 Apr 2018 21:40:18 +0300 Subject: Bug 1450920 - Don't pass blank API token to JSON-PRC in instant search When an API token is seen by JSON-RPC, it will attempt to authenticate it, including blank tokens (empty strings). Thus, avoid passing an empty string in the first place. The pattern to pass an empty string if the absence of BUGZILLA.api_token is the most common way to include the Bugzilla_api_token in the JSON-PRC requests. However, most places which pass a token to JSON-RPC in JavaScript are in contexts where a user is expected to be logged in, and this is not the case for instant search. Although this could have been fixed by patching Bugzilla::Auth::Login::Cookie::get_login_info to treat empty API tokens as if none were given, this method was chosen, as this is also the approach used in the ProdCompSearch extension (where a login session also does not need to be required), and to avoid possible breakage in JSON-RPC consumers. --- js/instant-search.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/js/instant-search.js b/js/instant-search.js index 946f8ccfc..6e8f104f2 100644 --- a/js/instant-search.js +++ b/js/instant-search.js @@ -150,10 +150,12 @@ YAHOO.bugzilla.instantSearch = { product: YAHOO.bugzilla.instantSearch.getProduct(), summary: query, limit: 20, - include_fields: [ "id", "summary", "status", "resolution", "component" ], - Bugzilla_api_token : (BUGZILLA.api_token ? BUGZILLA.api_token : '') + include_fields: [ "id", "summary", "status", "resolution", "component" ] } }; + if (BUGZILLA.api_token) { + jsonObject.params.Bugzilla_api_token = BUGZILLA.api_token; + } YAHOO.bugzilla.instantSearch.dataTable.getDataSource().sendRequest( YAHOO.lang.JSON.stringify(jsonObject), -- cgit v1.2.3-24-g4f1b From 0d820e69bc52f5ee1f9f1ea89eb83b82d83550db Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Wed, 4 Apr 2018 09:57:20 -0400 Subject: no bug - circleci config tweaks --- .circleci/config.yml | 29 +++++++++++++++++++++-------- conf/log4perl-test.conf | 9 +++++++-- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f5c761af4..1283d573b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,13 +5,6 @@ version: 2 -main_filters: &main_filters - branches: - ignore: - - /^(?:release|test)-20\d\d\d\d\d\d\.\d+/ - - /\// - - production - defaults: bmo_slim_image: &bmo_slim_image image: mozillabteam/bmo-slim:20180330.1 @@ -20,6 +13,18 @@ defaults: mysql_image: &mysql_image image: mozillabteam/bmo-mysql:5.6 + store_log: &store_log + store_artifacts: + path: /app/bugzilla.log + destination: bugzilla.log + + main_filters: &main_filters + branches: + ignore: + - /^(?:release|test)-20\d\d\d\d\d\d\.\d+/ + - /\// + - production + bmo_env: &bmo_env PORT: 8000 LOGGING_PORT: 5880 @@ -81,6 +86,8 @@ jobs: name: build push data command: | mv /opt/bmo/local /app/local + perl Makefile.PL + perl -I/app -I/app/local/lib/perl5 -MBugzilla -e 1 perl checksetup.pl --no-database --no-templates --no-permissions perl scripts/build-bmo-push-data.pl - run: @@ -115,6 +122,7 @@ jobs: paths: ["*.txt"] - store_artifacts: path: /app/build_info + - *store_log build: working_directory: /app @@ -138,6 +146,7 @@ jobs: - run: "docker cp bmo:/app/version.json build_info/version.json" - store_artifacts: path: /app/build_info + - *store_log - deploy: command: | TAG="$(cat /app/build_info/tag.txt)" @@ -158,7 +167,7 @@ jobs: docker push "$DOCKERHUB_REPO:latest" test_sanity: - parallelism: 2 + parallelism: 1 working_directory: /app docker: - <<: *bmo_slim_image @@ -181,6 +190,7 @@ jobs: /app/scripts/entrypoint.pl prove -qf $(circleci tests glob 't/*.t' | circleci tests split) | tee artifacts/$CIRCLE_JOB.txt - store_artifacts: path: /app/artifacts + - *store_log test_webservices: parallelism: 1 @@ -199,6 +209,7 @@ jobs: /app/scripts/entrypoint.pl test_webservices | tee artifacts/$CIRCLE_JOB.txt - store_artifacts: path: /app/artifacts + - *store_log test_selenium: parallelism: 1 @@ -217,6 +228,7 @@ jobs: /app/scripts/entrypoint.pl test_selenium | tee artifacts/$CIRCLE_JOB.txt - store_artifacts: path: /app/artifacts + - *store_log test_bmo: parallelism: 1 @@ -246,6 +258,7 @@ jobs: - run: | [[ -f build_info/only_version_changed.txt ]] && exit 0 /app/scripts/entrypoint.pl test_bmo -q -f t/bmo/*.t + - *store_log workflows: version: 2 diff --git a/conf/log4perl-test.conf b/conf/log4perl-test.conf index eda81d31b..65558ba4f 100644 --- a/conf/log4perl-test.conf +++ b/conf/log4perl-test.conf @@ -1,4 +1,4 @@ -log4perl.rootLogger = DEBUG, Cereal, Screen +log4perl.rootLogger = DEBUG, Cereal, Screen, File log4perl.appender.Cereal = Log::Log4perl::Appender::Socket log4perl.appender.Cereal.PeerAddr=127.0.0.1 log4perl.appender.Cereal.PeerPort=5880 @@ -10,4 +10,9 @@ log4perl.filter.IS_INTERACTIVE = sub { Bugzilla::Logging::is_interactive() } log4perl.appender.Screen = Log::Log4perl::Appender::Screen log4perl.appender.Screen.Filter = IS_INTERACTIVE log4perl.appender.Screen.layout = Log::Log4perl::Layout::PatternLayout -log4perl.appender.Screen.layout.ConversionPattern = %-5.5p [%d] [%c] %m{chomp} at %F line %L (%M)%n \ No newline at end of file +log4perl.appender.Screen.layout.ConversionPattern = %-5.5p [%d] [%c] %m{chomp} at %F line %L (%M)%n + +log4perl.appender.File = Log::Log4perl::Appender::File +log4perl.appender.File.layout = Log::Log4perl::Layout::Mozilla +log4perl.appender.File.filename = /app/bugzilla.log +log4perl.appender.File.mode = append -- cgit v1.2.3-24-g4f1b From 85a2490e1e696c8d62562f8752fc486c02578ec3 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Wed, 4 Apr 2018 10:37:09 -0400 Subject: no bug - add dev build pipeline to circleci --- .circleci/build.sh | 12 ++++++++++++ .circleci/deploy.sh | 25 +++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 .circleci/build.sh create mode 100644 .circleci/deploy.sh diff --git a/.circleci/build.sh b/.circleci/build.sh new file mode 100644 index 000000000..7d476c85d --- /dev/null +++ b/.circleci/build.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -euf -o pipefail + +docker build \ + --build-arg CI="$CI" \ + --build-arg CIRCLE_SHA1="$CIRCLE_SHA1" \ + --build-arg CIRCLE_BUILD_URL="$CIRCLE_BUILD_URL" \ + -t bmo . + +docker run --name bmo --entrypoint true bmo +docker cp bmo:/app/version.json build_info/version.json diff --git a/.circleci/deploy.sh b/.circleci/deploy.sh new file mode 100644 index 000000000..3d8a3852f --- /dev/null +++ b/.circleci/deploy.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -euf -o pipefail + +[[ -n "$DOCKERHUB_REPO" && -n "$DOCKER_USER" && -n "$DOCKER_PASS" ]] || exit 0 +docker login -u "$DOCKER_USER" -p "$DOCKER_PASS" + +if [[ "$CIRCLE_BRANCH" == "master" ]]; then + TAG="$(cat /app/build_info/tag.txt)" + [[ -n "$GITHUB_PERSONAL_TOKEN" ]] || exit 0 + if [[ -n "$TAG" && -f build_info/publish.txt ]]; then + git config credential.helper "cache --timeout 120" + git config user.email "$GITHUB_EMAIL" + git config user.name "$GITHUB_NAME" + git tag $TAG + git push https://${GITHUB_PERSONAL_TOKEN}:x-oauth-basic@github.com/$GITHUB_REPO.git $TAG + docker tag bmo "$DOCKERHUB_REPO:$TAG" + docker push "$DOCKERHUB_REPO:$TAG" + fi + docker tag bmo "$DOCKERHUB_REPO:latest" + docker push "$DOCKERHUB_REPO:latest" +elif [[ "$CIRCLE_BRANCH" == "development" ]]; then + docker tag bmo "$DOCKERHUB_REPO:build-${CIRCLE_BUILD_NUM}" + docker push "$DOCKERHUB_REPO:build-${CIRCLE_BUILD_NUM}" +fi -- cgit v1.2.3-24-g4f1b From 3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Wed, 4 Apr 2018 10:58:06 -0400 Subject: Bug 1447028 - Add auth delegation test script --- README.rst | 16 +++++++++++ scripts/auth-test-app | 72 +++++++++++++++++++++++++++++++++++++++++++++++ vagrant_support/apache.j2 | 1 + 3 files changed, 89 insertions(+) create mode 100755 scripts/auth-test-app diff --git a/README.rst b/README.rst index 64fae335b..adeb1a18e 100644 --- a/README.rst +++ b/README.rst @@ -80,6 +80,22 @@ or db is changed, do a full provision: vagrant rsync && vagrant provision +Testing Auth delegation +----------------------- + +For testing auth-delegation there is included an `scripts/auth-test-app` +script that runs a webserver and implements the auth delegation protocol. + +Provided you have `Mojolicious`_ installed: + +.. code-block:: bash + perl auth-test-app daemon + +Then just browse to `localhost:3000`_ to test creating API keys. + +.. _`Mojolicious`: https://metacpan.org/pod/Mojolicious +.. _`localhost:3000`: http://localhost:3000 + Technical Details ----------------- diff --git a/scripts/auth-test-app b/scripts/auth-test-app new file mode 100755 index 000000000..3df56796c --- /dev/null +++ b/scripts/auth-test-app @@ -0,0 +1,72 @@ +#!/usr/bin/perl +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +use 5.10.1; +use strict; +use warnings; +use Mojolicious::Lite; +use Digest::SHA qw(sha256_hex); + +my $BUGZILLA_URL = $ENV{AUTH_TEST_BUGZILLA_URL} // 'http://bmo-web.vm/auth.cgi'; +my $APP_DESC = $ENV{AUTH_TEST_APP_DESC} // 'AuthTest'; +my %SECRETS; + +get '/' => sub { + my $c = shift; + my $callback_url = $c->url_for->to_abs->path('/callback'); + my $app_id = sha256_hex($callback_url, $APP_DESC); + $c->render( + template => 'index', + app_id => $app_id, + callback_url => $callback_url, + bugzilla_url => $BUGZILLA_URL, + app_desc => $APP_DESC, + ); +}; + +post '/callback' => sub { + my $c = shift; + %SECRETS = %{ $c->req->json }; + $c->render( json => { result => 'SECRETS' } ); +}; + +get '/callback' => sub { + my $c = shift; + my $store_key = $c->param('callback_result'); + $c->render( template => 'callback', %SECRETS ); +}; + +app->start; +__DATA__ + +@@ index.html.ep +% layout 'default'; +% title 'Configure'; + +

Test auth delegation. $app_id = <%= $app_id %>

+ +
+ + + + +
+ +@@ callback.html.ep +% layout 'default'; +% title 'Login Result'; + +
Login <%= $client_api_login %>
+
API Key <%= $client_api_key %>
+ +@@ layouts/default.html.ep + + + <%= title %> + <%= content %> + diff --git a/vagrant_support/apache.j2 b/vagrant_support/apache.j2 index 722ebad92..773672fa1 100644 --- a/vagrant_support/apache.j2 +++ b/vagrant_support/apache.j2 @@ -1,5 +1,6 @@ PerlSwitches -wT PerlSetEnv USE_NYTPROF 0 +PerlSetEnv BUGZILLA_UNSAFE_AUTH_DELEGATION 1 PerlConfigRequire /vagrant/mod_perl.pl -- cgit v1.2.3-24-g4f1b From fe259aba572e08df22557251ca9279f512f6862c Mon Sep 17 00:00:00 2001 From: Simon Bennetts Date: Wed, 4 Apr 2018 18:21:33 +0100 Subject: Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF Tokens The data-no-csrf attribute is used to signify that a form is 'safe' (ie doesn't actually make any permanent changes) and so doesn't need an anti-csrf token. --- template/en/default/bug/choose.html.tmpl | 2 +- template/en/default/global/header.html.tmpl | 2 +- template/en/default/index.html.tmpl | 2 +- template/en/default/list/change-columns.html.tmpl | 2 +- template/en/default/list/list.html.tmpl | 6 +++--- template/en/default/pages/quicksearch.html.tmpl | 2 +- template/en/default/reports/duplicates.html.tmpl | 4 ++-- template/en/default/reports/old-charts.html.tmpl | 2 +- template/en/default/search/search-advanced.html.tmpl | 2 +- template/en/default/search/search-google.html.tmpl | 2 +- template/en/default/search/search-specific.html.tmpl | 2 +- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/template/en/default/bug/choose.html.tmpl b/template/en/default/bug/choose.html.tmpl index 9009d3873..16a76ff02 100644 --- a/template/en/default/bug/choose.html.tmpl +++ b/template/en/default/bug/choose.html.tmpl @@ -24,7 +24,7 @@ title = "Search by $terms.bug number" %] -
+

You may find a single [% terms.bug %] by entering its [% terms.bug %] id here: diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index ded28d186..1d304ad04 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -244,7 +244,7 @@