From 4726923228d810ea0cd1800b17a9244c6f0d8eef Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Mon, 9 Nov 2009 19:15:28 +0000 Subject: Bug 525734: Allow WebService clients to authenticate using Bugzilla_login and Bugzilla_password Patch by Max Kanat-Alexander r=dkl, a=mkanat --- Bugzilla/WebService/Server.pm | 3 ++- Bugzilla/WebService/Server/JSONRPC.pm | 11 +++++------ Bugzilla/WebService/Server/XMLRPC.pm | 5 ++++- Bugzilla/WebService/User.pm | 10 +++++----- 4 files changed, 16 insertions(+), 13 deletions(-) (limited to 'Bugzilla/WebService') diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index 2db182fd4..115c7df89 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -21,7 +21,8 @@ use strict; sub handle_login { my ($self, $class, $method, $full_method) = @_; eval "require $class"; - return if $class->login_exempt($method); + return if ($class->login_exempt($method) + and !defined Bugzilla->input_params->{Bugzilla_login}); Bugzilla->login(); } diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index e54387a6d..919370a2a 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -112,12 +112,6 @@ sub _argument_type_check { my $self = shift; my $params = $self->SUPER::_argument_type_check(@_); - # This is the best time to do login checks. - $self->handle_login(); - - # If there are no parameters, we don't need to parse them. - return $params if !ref $params; - # JSON-RPC 1.0 requires all parameters to be passed as an array, so # we just pull out the first item and assume it's an object. if (ref $params eq 'ARRAY') { @@ -144,6 +138,11 @@ sub _argument_type_check { } } + Bugzilla->input_params($params); + + # This is the best time to do login checks. + $self->handle_login(); + # Bugzilla::WebService packages call internal methods like # $self->_some_private_method. So we have to inherit from # that class as well as this Server class. diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index b2a50712a..cbfb1b7f2 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -78,6 +78,7 @@ sub deserialize { $som->{_bz_do_taint} = 1; } bless $som, 'Bugzilla::XMLRPC::SOM'; + Bugzilla->input_params($som->paramsin); return $som; } @@ -146,11 +147,13 @@ use Bugzilla::WebService::Util qw(taint_data); sub paramsin { my $self = shift; + return $self->{bz_params_in} if $self->{bz_params_in}; my $params = $self->SUPER::paramsin(@_); if ($self->{_bz_do_taint}) { taint_data($params); } - return $params; + $self->{bz_params_in} = $params; + return $self->{bz_params_in}; } 1; diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index ba899cd4d..67a4720de 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -61,12 +61,12 @@ sub login { } # Make sure the CGI user info class works if necessary. - my $cgi = Bugzilla->cgi; - $cgi->param('Bugzilla_login', $params->{login}); - $cgi->param('Bugzilla_password', $params->{password}); - $cgi->param('Bugzilla_remember', $remember); + my $input_params = Bugzilla->input_params; + $input_params->{'Bugzilla_login'} = $params->{login}; + $input_params->{'Bugzilla_password'} = $params->{password}; + $input_params->{'Bugzilla_remember'} = $remember; - Bugzilla->login; + Bugzilla->login(); return { id => $self->type('int', Bugzilla->user->id) }; } -- cgit v1.2.3-24-g4f1b