From 7450b47683d0aa972a522f5b70353e14269a95e6 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Mon, 26 Aug 2013 23:54:32 -0400 Subject: Bug 893195 - Allow token based authentication for webservices r=glob,a=sgreen --- Bugzilla/WebService/User.pm | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'Bugzilla/WebService/User.pm') diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 44938a97a..ba8640f3d 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -19,6 +19,8 @@ use Bugzilla::User; use Bugzilla::Util qw(trim); use Bugzilla::WebService::Util qw(filter validate translate params_to_objects); +use List::Util qw(first); + # Don't need auth to login use constant LOGIN_EXEMPT => { login => 1, @@ -73,14 +75,25 @@ sub login { $input_params->{'Bugzilla_password'} = $params->{password}; $input_params->{'Bugzilla_remember'} = $remember; - Bugzilla->login(); - return { id => $self->type('int', Bugzilla->user->id) }; + my $user = Bugzilla->login(); + + my $result = { id => $self->type('int', $user->id) }; + + # We will use the stored cookie value combined with the user id + # to create a token that can be used with future requests in the + # query parameters + my $login_cookie = first { $_->name eq 'Bugzilla_logincookie' } + @{ Bugzilla->cgi->{'Bugzilla_cookie_list'} }; + if ($login_cookie) { + $result->{'token'} = $user->id . "-" . $login_cookie->value; + } + + return $result; } sub logout { my $self = shift; Bugzilla->logout; - return undef; } sub valid_login { @@ -448,10 +461,12 @@ management of cookies across sessions. =item B -On success, a hash containing one item, C, the numeric id of the -user that was logged in. A set of http cookies is also sent with the -response. These cookies must be sent along with any future requests -to the webservice, for the duration of the session. +On success, a hash containing two items, C, the numeric id of the +user that was logged in, and a C which can be passed in +the parameters as authentication in other calls. A set of http cookies +is also sent with the response. These cookies *or* the token can be sent +along with any future requests to the webservice, for the duration of the +session. =item B -- cgit v1.2.3-24-g4f1b