From 5bb84b3c6efc503652a14e59efbe2b7c548608dd Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Thu, 22 Apr 2010 11:52:45 -0700
Subject: Bug 550732: Allow read-only JSON-RPC methods to be called with GET
 r=dkl, a=mkanat

---
 Bugzilla/Auth/Login.pm        | 9 +++++++++
 Bugzilla/Auth/Login/Cookie.pm | 1 +
 Bugzilla/Auth/Login/Env.pm    | 1 +
 Bugzilla/Auth/Login/Stack.pm  | 5 +++++
 4 files changed, 16 insertions(+)

(limited to 'Bugzilla/Auth')

diff --git a/Bugzilla/Auth/Login.pm b/Bugzilla/Auth/Login.pm
index 4a4c5f26d..b3add7365 100644
--- a/Bugzilla/Auth/Login.pm
+++ b/Bugzilla/Auth/Login.pm
@@ -27,6 +27,7 @@ use constant can_login  => 1;
 use constant requires_persistence  => 1;
 use constant requires_verification => 1;
 use constant user_can_create_account => 0;
+use constant is_automatic => 0;
 
 sub new {
     my ($class) = @_;
@@ -122,4 +123,12 @@ got from this login method. Defaults to C<true>.
 Whether or not users can create accounts, if this login method is
 currently being used by the system. Defaults to C<false>.
 
+=item C<is_automatic>
+
+True if this login method requires no interaction from the user within
+Bugzilla. (For example, C<Env> auth is "automatic" because the webserver
+just passes us an environment variable on most page requests, and does not
+ask the user for authentication information directly in Bugzilla.) Defaults
+to C<false>.
+
 =back
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 570988f7e..91fb820fb 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -27,6 +27,7 @@ use List::Util qw(first);
 use constant requires_persistence  => 0;
 use constant requires_verification => 0;
 use constant can_login => 0;
+use constant is_automatic => 1;
 
 # Note that Cookie never consults the Verifier, it always assumes
 # it has a valid DB account or it fails.
diff --git a/Bugzilla/Auth/Login/Env.pm b/Bugzilla/Auth/Login/Env.pm
index 1f2739a88..f93034ef3 100644
--- a/Bugzilla/Auth/Login/Env.pm
+++ b/Bugzilla/Auth/Login/Env.pm
@@ -31,6 +31,7 @@ use constant can_logout => 0;
 use constant can_login  => 0;
 use constant requires_persistence  => 0;
 use constant requires_verification => 0;
+use constant is_automatic => 1;
 
 sub get_login_info {
     my ($self) = @_;
diff --git a/Bugzilla/Auth/Login/Stack.pm b/Bugzilla/Auth/Login/Stack.pm
index bef9171c9..f490d243b 100644
--- a/Bugzilla/Auth/Login/Stack.pm
+++ b/Bugzilla/Auth/Login/Stack.pm
@@ -52,6 +52,11 @@ sub get_login_info {
     my $self = shift;
     my $result;
     foreach my $object (@{$self->{_stack}}) {
+        # See Bugzilla::WebService::Server::JSONRPC for where and why
+        # auth_no_automatic_login is used.
+        if (Bugzilla->request_cache->{auth_no_automatic_login}) {
+            next if $object->is_automatic;
+        }
         $result = $object->get_login_info(@_);
         $self->{successful} = $object;
         last if !$result->{failure};
-- 
cgit v1.2.3-24-g4f1b