From fd29ee56c4678749c00e7698ef245f7e2967ee10 Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Sun, 27 Jul 2014 18:47:21 +1000
Subject: Bug 726696 - All authenticated WebServices methods should require
 username/pass, token or a valid API key for authentication r=dkl, a=sgreen

---
 js/bug.js             | 10 ++++++++--
 js/comment-tagging.js |  8 +++++++-
 js/field.js           |  2 ++
 3 files changed, 17 insertions(+), 3 deletions(-)

(limited to 'js')

diff --git a/js/bug.js b/js/bug.js
index abefbb22d..f0bf68a30 100644
--- a/js/bug.js
+++ b/js/bug.js
@@ -22,6 +22,7 @@ YAHOO.bugzilla.dupTable = {
             method : "Bug.possible_duplicates",
             id : YAHOO.bugzilla.dupTable.counter,
             params : {
+                Bugzilla_api_token: BUGZILLA.api_token,
                 product : product_name,
                 summary : summary_field.value,
                 limit : 7,
@@ -199,7 +200,10 @@ function set_assign_to(use_qa_contact) {
             var args = JSON.stringify({
                 version: "1.1",
                 method: 'BugUserLastVisit.update',
-                params: { ids: bug_id },
+                params: {
+                    Bugzilla_api_token: BUGZILLA.api_token,
+                    ids: bug_id
+                },
             });
             var callbacks = {
                 failure: function(res) {
@@ -218,7 +222,9 @@ function set_assign_to(use_qa_contact) {
             var args = JSON.stringify({
                 version: "1.1",
                 method: 'BugUserLastVisit.get',
-                params: { },
+                params: {
+                    Bugzilla_api_token: BUGZILLA.api_token
+                },
             });
             var callbacks = {
                 success: function(res) { done(JSON.parse(res.responseText)) },
diff --git a/js/comment-tagging.js b/js/comment-tagging.js
index 035d05b0b..987dfd8da 100644
--- a/js/comment-tagging.js
+++ b/js/comment-tagging.js
@@ -50,7 +50,11 @@ YAHOO.bugzilla.commentTagging = {
             return YAHOO.lang.JSON.stringify({
                 method : "Bug.search_comment_tags",
                 id : YAHOO.bugzilla.commentTagging.counter,
-                params : [ { query : query, limit : 10 } ]
+                params : {
+                    Bugzilla_api_token: BUGZILLA.api_token,
+                    query : query,
+                    limit : 10
+                }
             });
         };
         ac.minQueryLength = this.min_len;
@@ -327,6 +331,7 @@ YAHOO.bugzilla.commentTagging = {
             version: "1.1",
             method: 'Bug.comments',
             params: {
+                Bugzilla_api_token: BUGZILLA.api_token,
                 comment_ids: [ comment_id ],
                 include_fields: [ 'tags' ]
             }
@@ -359,6 +364,7 @@ YAHOO.bugzilla.commentTagging = {
             version: "1.1",
             method: 'Bug.update_comment_tags',
             params: {
+                Bugzilla_api_token: BUGZILLA.api_token,
                 comment_id: comment_id,
                 add: add,
                 remove: remove
diff --git a/js/field.js b/js/field.js
index 892c8669f..f865a141f 100644
--- a/js/field.js
+++ b/js/field.js
@@ -825,6 +825,7 @@ YAHOO.bugzilla.userAutocomplete = {
           method : "User.get",
           id : YAHOO.bugzilla.userAutocomplete.counter,
           params : [ { 
+            Bugzilla_api_token: BUGZILLA.api_token,
             match : [ decodeURIComponent(enteredText) ],
             include_fields : [ "name", "real_name" ]
           } ]
@@ -1047,6 +1048,7 @@ function show_comment_preview(bug_id) {
         version: "1.1",
         method: 'Bug.render_comment',
         params: {
+            Bugzilla_api_token: BUGZILLA.api_token,
             id: bug_id,
             text: comment.value
         }
-- 
cgit v1.2.3-24-g4f1b