From e377a5b02799540d3a9df0fbb1f6fae90f8d9a5c Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Tue, 16 Oct 2012 16:57:15 -0400 Subject: Bug 577329 - WebServices should filter email addresses same as the web UI as users are not always required to login r/a=LpSolit --- Bugzilla/Config/Auth.pm | 6 ++++++ Bugzilla/Util.pm | 2 +- Bugzilla/WebService.pm | 5 +++++ Bugzilla/WebService/Bug.pm | 16 ++++++++-------- Bugzilla/WebService/Product.pm | 8 ++++---- Bugzilla/WebService/Server/JSONRPC.pm | 5 ++++- Bugzilla/WebService/Server/XMLRPC.pm | 7 +++++++ Bugzilla/WebService/User.pm | 16 ++++++++-------- template/en/default/admin/params/auth.html.tmpl | 7 +++++++ 9 files changed, 50 insertions(+), 22 deletions(-) diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm index 579f86ad8..289536bbd 100644 --- a/Bugzilla/Config/Auth.pm +++ b/Bugzilla/Config/Auth.pm @@ -73,6 +73,12 @@ sub get_param_list { default => '0' }, + { + name => 'webservice_email_filter', + type => 'b', + default => 0 + }, + { name => 'emailregexp', type => 't', diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 125b2445f..7fc9ca6d8 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -22,7 +22,7 @@ use base qw(Exporter); is_7bit_clean bz_crypt generate_random_password validate_email_syntax check_email_syntax clean_text get_text template_var disable_utf8 - detect_encoding); + detect_encoding email_filter); use Bugzilla::Constants; use Bugzilla::RNG qw(irand); diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 38e0f510f..0b28cfaec 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -72,6 +72,11 @@ A floating-point number. May be null. A string. May be null. +=item C + +A string representing an email address. This value, when returned, +may be filtered based on if the user is logged in or not. May be null. + =item C A date/time. Represented differently in different interfaces to this API. diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 1c8811b65..f8a1f48ec 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -302,8 +302,8 @@ sub _translate_comment { return filter $filters, { id => $self->type('int', $comment->id), bug_id => $self->type('int', $comment->bug_id), - creator => $self->type('string', $comment->author->login), - author => $self->type('string', $comment->author->login), + creator => $self->type('email', $comment->author->login), + author => $self->type('email', $comment->author->login), time => $self->type('dateTime', $comment->creation_ts), creation_time => $self->type('dateTime', $comment->creation_ts), is_private => $self->type('boolean', $comment->is_private), @@ -873,18 +873,18 @@ sub _bug_to_hash { # We don't do the SQL calls at all if the filter would just # eliminate them anyway. if (filter_wants $params, 'assigned_to') { - $item{'assigned_to'} = $self->type('string', $bug->assigned_to->login); + $item{'assigned_to'} = $self->type('email', $bug->assigned_to->login); } if (filter_wants $params, 'blocks') { my @blocks = map { $self->type('int', $_) } @{ $bug->blocked }; $item{'blocks'} = \@blocks; } if (filter_wants $params, 'cc') { - my @cc = map { $self->type('string', $_) } @{ $bug->cc || [] }; + my @cc = map { $self->type('email', $_) } @{ $bug->cc || [] }; $item{'cc'} = \@cc; } if (filter_wants $params, 'creator') { - $item{'creator'} = $self->type('string', $bug->reporter->login); + $item{'creator'} = $self->type('email', $bug->reporter->login); } if (filter_wants $params, 'depends_on') { my @depends_on = map { $self->type('int', $_) } @{ $bug->dependson }; @@ -908,7 +908,7 @@ sub _bug_to_hash { } if (filter_wants $params, 'qa_contact') { my $qa_login = $bug->qa_contact ? $bug->qa_contact->login : ''; - $item{'qa_contact'} = $self->type('string', $qa_login); + $item{'qa_contact'} = $self->type('email', $qa_login); } if (filter_wants $params, 'see_also') { my @see_also = map { $self->type('string', $_->name) } @@ -985,7 +985,7 @@ sub _attachment_to_hash { # the filter wants them. foreach my $field (qw(creator attacher)) { if (filter_wants $filters, $field) { - $item->{$field} = $self->type('string', $attach->attacher->login); + $item->{$field} = $self->type('email', $attach->attacher->login); } } @@ -1018,7 +1018,7 @@ sub _flag_to_hash { foreach my $field (qw(setter requestee)) { my $field_id = $field . "_id"; - $item->{$field} = $self->type('string', $flag->$field->login) + $item->{$field} = $self->type('email', $flag->$field->login) if $flag->$field_id; } diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm index 2dcbe9de9..c1308bedc 100644 --- a/Bugzilla/WebService/Product.pm +++ b/Bugzilla/WebService/Product.pm @@ -235,10 +235,10 @@ sub _component_to_hash { description => $self->type('string' , $component->description), default_assigned_to => - $self->type('string' , $component->default_assignee->login), - default_qa_contact => - $self->type('string' , $component->default_qa_contact ? - $component->default_qa_contact->login : ''), + $self->type('email', $component->default_assignee->login), + default_qa_contact => + $self->type('email', $component->default_qa_contact ? + $component->default_qa_contact->login : ""), sort_key => # sort_key is returned to match Bug.fields 0, is_active => diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 46dd6b8da..a0de6af77 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -26,7 +26,7 @@ BEGIN { use Bugzilla::Error; use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(taint_data); -use Bugzilla::Util qw(correct_urlbase trim disable_utf8); +use Bugzilla::Util; use HTTP::Message; use MIME::Base64 qw(decode_base64 encode_base64); @@ -209,6 +209,9 @@ sub type { utf8::encode($value) if utf8::is_utf8($value); $retval = encode_base64($value, ''); } + elsif ($type eq 'email' && Bugzilla->params->{'webservice_email_filter'}) { + $retval = email_filter($value); + } return $retval; } diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 22396bce1..a888382b7 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -19,6 +19,7 @@ if ($ENV{MOD_PERL}) { } use Bugzilla::WebService::Constants; +use Bugzilla::Util; # Allow WebService methods to call XMLRPC::Lite's type method directly BEGIN { @@ -30,6 +31,12 @@ BEGIN { $value = Bugzilla::WebService::Server->datetime_format_outbound($value); $value =~ s/-//g; } + elsif ($type eq 'email') { + $type = 'string'; + if (Bugzilla->params->{'webservice_email_filter'}) { + $value = email_filter($value); + } + } return XMLRPC::Data->type($type)->value($value); }; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index d49ad24a0..4dc209277 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -159,8 +159,8 @@ sub get { \@user_objects, $params); @users = map {filter $params, { id => $self->type('int', $_->id), - real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), + real_name => $self->type('string', $_->name), + name => $self->type('email', $_->login), }} @$in_group; return { users => \@users }; @@ -201,7 +201,7 @@ sub get { } } } - + my $in_group = $self->_filter_users_by_group( \@user_objects, $params); @@ -209,22 +209,22 @@ sub get { my $user_info = { id => $self->type('int', $user->id), real_name => $self->type('string', $user->name), - name => $self->type('string', $user->login), - email => $self->type('string', $user->email), + name => $self->type('email', $user->login), + email => $self->type('email', $user->email), can_login => $self->type('boolean', $user->is_enabled ? 1 : 0), groups => $self->_filter_bless_groups($user->groups), }; - + if (Bugzilla->user->in_group('editusers')) { $user_info->{email_enabled} = $self->type('boolean', $user->email_enabled); $user_info->{login_denied_text} = $self->type('string', $user->disabledtext); } - + if (Bugzilla->user->id == $user->id) { $user_info->{saved_searches} = [map { $self->_query_to_hash($_) } @{ $user->queries }]; $user_info->{saved_reports} = [map { $self->_report_to_hash($_) } @{ $user->reports }]; } - + push(@users, filter($params, $user_info)); } diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl index 96aba3c1d..99e2a6b1c 100644 --- a/template/en/default/admin/params/auth.html.tmpl +++ b/template/en/default/admin/params/auth.html.tmpl @@ -93,6 +93,13 @@ "front page will require a login. No anonymous users will " _ "be permitted.", + webservice_email_filter => + "Filter email addresses returned by the WebService API depending on " _ + "if the user is logged in or not. This works similarly to how the " _ + "web UI currently filters email addresses. If requirelogin " _ + "is enabled, then this parameter has no effect as users must be logged " _ + "in to use Bugzilla.", + emailregexp => "This defines the regular expression to use for legal email addresses. " _ "The default tries to match fully qualified email addresses. " _ -- cgit v1.2.3-24-g4f1b