From 0048909dbe4141af69eaf930562c3e8f653dbe0d Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Fri, 27 Sep 2013 12:07:51 -0400
Subject: Revert Bug 917669 - invalid or expired authentication tokens and
 cookies should throw errors, not be silently ignored

---
 Bugzilla/Auth/Login/Cookie.pm | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

(limited to 'Bugzilla/Auth')

diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 4f4ef80ab..88c48e236 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -21,7 +21,6 @@ use base qw(Bugzilla::Auth::Login);
 
 use Bugzilla::Constants;
 use Bugzilla::Util;
-use Bugzilla::Error;
 
 use List::Util qw(first);
 
@@ -81,9 +80,7 @@ sub get_login_info {
                                         AND (ipaddr = ? OR ipaddr IS NULL)',
                                  undef, ($login_cookie, $user_id, $ip_addr));
 
-        # If the cookie or token is valid, return a valid username.
-        # If they were not valid and we are using a webservice, then
-        # throw an error notifying the client.
+        # If the cookie is valid, return a valid username.
         if ($is_valid) {
             # If we logged in successfully, then update the lastused 
             # time on the login cookie
@@ -91,16 +88,12 @@ sub get_login_info {
                        WHERE cookie = ?", undef, $login_cookie);
             return { user_id => $user_id };
         }
-        elsif (i_am_webservice()) {
-            ThrowUserError('invalid_cookies_or_token');
-        }
     }
 
-    # Either the cookie or token is invalid and we are not authenticating
-    # via a webservice, or we did not receive a cookie or token. We don't
-    # want to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to
-    # actually throw an error when it gets a bad cookie or token. It should just
-    # look like there was no cookie or token to begin with.
+    # Either the he cookie is invalid, or we got no cookie. We don't want 
+    # to ever return AUTH_LOGINFAILED, because we don't want Bugzilla to 
+    # actually throw an error when it gets a bad cookie. It should just 
+    # look like there was no cookie to begin with.
     return { failure => AUTH_NODATA };
 }
 
@@ -111,7 +104,9 @@ sub login_token {
 
     return $self->{'_login_token'} if exists $self->{'_login_token'};
 
-    if (!i_am_webservice()) {
+    if ($usage_mode ne USAGE_MODE_XMLRPC
+        && $usage_mode ne USAGE_MODE_JSON
+        && $usage_mode ne USAGE_MODE_REST) {
         return $self->{'_login_token'} = undef;
     }
 
-- 
cgit v1.2.3-24-g4f1b