From c0156f20dfd3f5bfa3a0e1c2b6ca0f2de34797a4 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Wed, 12 Nov 2014 16:38:10 +0000 Subject: Bug 1001462: Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token' r=glob,a=glob --- Bugzilla/WebService/Server/XMLRPC.pm | 7 +++++++ Bugzilla/WebService/User.pm | 34 ++++++++++++++++++---------------- Bugzilla/WebService/Util.pm | 6 +++--- 3 files changed, 28 insertions(+), 19 deletions(-) (limited to 'Bugzilla/WebService') diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 8f9070ae7..56b31ffef 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -117,6 +117,7 @@ our @ISA = qw(XMLRPC::Deserializer); use Bugzilla::Error; use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST); +use Bugzilla::WebService::Util qw(fix_credentials); use Scalar::Util qw(tainted); sub deserialize { @@ -140,7 +141,13 @@ sub deserialize { my $params = $som->paramsin; # This allows positional parameters for Testopia. $params = {} if ref $params ne 'HASH'; + + # Update the params to allow for several convenience key/values + # use for authentication + fix_credentials($params); + Bugzilla->input_params($params); + return $som; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 4c8af7f6c..f3b8bf703 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -53,27 +53,20 @@ use constant MAPPED_RETURNS => { sub login { my ($self, $params) = @_; + # Check to see if we are already logged in + my $user = Bugzilla->user; + if ($user->id) { + return $self->_login_to_hash($user); + } + # Username and password params are required foreach my $param ("login", "password") { - defined $params->{$param} + (defined $params->{$param} || defined $params->{'Bugzilla_' . $param}) || ThrowCodeError('param_required', { param => $param }); } - # Make sure the CGI user info class works if necessary. - my $input_params = Bugzilla->input_params; - $input_params->{'Bugzilla_login'} = $params->{login}; - $input_params->{'Bugzilla_password'} = $params->{password}; - $input_params->{'Bugzilla_restrictlogin'} = $params->{restrict_login}; - - my $user = Bugzilla->login(); - - my $result = { id => $self->type('int', $user->id) }; - - if ($user->{_login_token}) { - $result->{'token'} = $user->id . "-" . $user->{_login_token}; - } - - return $result; + $user = Bugzilla->login(); + return $self->_login_to_hash($user); } sub logout { @@ -409,6 +402,15 @@ sub _report_to_hash { return $item; } +sub _login_to_hash { + my ($self, $user) = @_; + my $item = { id => $self->type('int', $user->id) }; + if ($user->{_login_token}) { + $item->{'token'} = $user->id . "-" . $user->{_login_token}; + } + return $item; +} + 1; __END__ diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index e2bc78002..a0a51a8de 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -266,8 +266,8 @@ sub fix_credentials { # even if not calling GET /login. We also do not delete them as # GET /login requires "login" and "password". if (exists $params->{'login'} && exists $params->{'password'}) { - $params->{'Bugzilla_login'} = $params->{'login'}; - $params->{'Bugzilla_password'} = $params->{'password'}; + $params->{'Bugzilla_login'} = delete $params->{'login'}; + $params->{'Bugzilla_password'} = delete $params->{'password'}; } # Allow user to pass api_key=12345678 as a convenience which becomes # "Bugzilla_api_key" which is what the auth code looks for. @@ -277,7 +277,7 @@ sub fix_credentials { # Allow user to pass token=12345678 as a convenience which becomes # "Bugzilla_token" which is what the auth code looks for. if (exists $params->{'token'}) { - $params->{'Bugzilla_token'} = $params->{'token'}; + $params->{'Bugzilla_token'} = delete $params->{'token'}; } # Allow extensions to modify the credential data before login -- cgit v1.2.3-24-g4f1b