From 70e8ab711072845b5a39394268e70a88729e9d9a Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 12 May 2014 14:36:59 +0000 Subject: Bug 1001462 - Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token' r/a=glob --- Bugzilla/WebService/Server/XMLRPC.pm | 6 ++++++ Bugzilla/WebService/User.pm | 8 +------- Bugzilla/WebService/Util.pm | 23 +++++++++++------------ 3 files changed, 18 insertions(+), 19 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 40c66a8f9..48ab27a5e 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -115,6 +115,7 @@ our @ISA = qw(XMLRPC::Deserializer); use Bugzilla::Error; use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST); +use Bugzilla::WebService::Util qw(fix_credentials); use Scalar::Util qw(tainted); sub deserialize { @@ -138,6 +139,11 @@ sub deserialize { my $params = $som->paramsin; # This allows positional parameters for Testopia. $params = {} if ref $params ne 'HASH'; + + # Update the params to allow for several convenience key/values + # use for authentication + fix_credentials($params); + Bugzilla->input_params($params); return $som; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index f8358f78d..112d336d7 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -54,16 +54,10 @@ sub login { # Username and password params are required foreach my $param ("login", "password") { - defined $params->{$param} + (!defined $params->{$param} && !defined $params->{'Bugzilla_' . $param}) || ThrowCodeError('param_required', { param => $param }); } - # Make sure the CGI user info class works if necessary. - my $input_params = Bugzilla->input_params; - $input_params->{'Bugzilla_login'} = $params->{login}; - $input_params->{'Bugzilla_password'} = $params->{password}; - $input_params->{'Bugzilla_restrictlogin'} = $params->{restrict_login}; - my $user = Bugzilla->login(); my $result = { id => $self->type('int', $user->id) }; diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index bba6122e5..8e66a9b53 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -261,18 +261,17 @@ sub params_to_objects { sub fix_credentials { my ($params) = @_; - # Allow user to pass in login=foo&password=bar as a convenience - # even if not calling GET /login. We also do not delete them as - # GET /login requires "login" and "password". - if (exists $params->{'login'} && exists $params->{'password'}) { - $params->{'Bugzilla_login'} = $params->{'login'}; - $params->{'Bugzilla_password'} = $params->{'password'}; - } - # Allow user to pass token=12345678 as a convenience which becomes - # "Bugzilla_token" which is what the auth code looks for. - if (exists $params->{'token'}) { - $params->{'Bugzilla_token'} = $params->{'token'}; - } + + # Allow user to pass in login, password, restrict_login, and + # token as short-cuts to the longer versions. + $params->{'Bugzilla_login'} = delete $params->{'login'} + if exists $params->{'login'}; + $params->{'Bugzilla_password'} = delete $params->{'password'} + if exists $params->{'password'}; + $params->{'Bugzilla_restrictlogin'} = delete $params->{'restrict_login'} + if exists $params->{'restrict_login'}; + $params->{'Bugzilla_token'} = delete $params->{'token'} + if exists $params->{'token'}; # Allow extensions to modify the credential data before login Bugzilla::Hook::process('webservice_fix_credentials', { params => $params }); -- cgit v1.2.3-24-g4f1b