diff options
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 6 | ||||
-rw-r--r-- | Bugzilla/WebService/User.pm | 8 | ||||
-rw-r--r-- | Bugzilla/WebService/Util.pm | 23 |
3 files changed, 19 insertions, 18 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 48ab27a5e..40c66a8f9 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -115,7 +115,6 @@ our @ISA = qw(XMLRPC::Deserializer); use Bugzilla::Error; use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST); -use Bugzilla::WebService::Util qw(fix_credentials); use Scalar::Util qw(tainted); sub deserialize { @@ -139,11 +138,6 @@ sub deserialize { my $params = $som->paramsin; # This allows positional parameters for Testopia. $params = {} if ref $params ne 'HASH'; - - # Update the params to allow for several convenience key/values - # use for authentication - fix_credentials($params); - Bugzilla->input_params($params); return $som; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 112d336d7..f8358f78d 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -54,10 +54,16 @@ sub login { # Username and password params are required foreach my $param ("login", "password") { - (!defined $params->{$param} && !defined $params->{'Bugzilla_' . $param}) + defined $params->{$param} || ThrowCodeError('param_required', { param => $param }); } + # Make sure the CGI user info class works if necessary. + my $input_params = Bugzilla->input_params; + $input_params->{'Bugzilla_login'} = $params->{login}; + $input_params->{'Bugzilla_password'} = $params->{password}; + $input_params->{'Bugzilla_restrictlogin'} = $params->{restrict_login}; + my $user = Bugzilla->login(); my $result = { id => $self->type('int', $user->id) }; diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 8e66a9b53..bba6122e5 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -261,17 +261,18 @@ sub params_to_objects { sub fix_credentials { my ($params) = @_; - - # Allow user to pass in login, password, restrict_login, and - # token as short-cuts to the longer versions. - $params->{'Bugzilla_login'} = delete $params->{'login'} - if exists $params->{'login'}; - $params->{'Bugzilla_password'} = delete $params->{'password'} - if exists $params->{'password'}; - $params->{'Bugzilla_restrictlogin'} = delete $params->{'restrict_login'} - if exists $params->{'restrict_login'}; - $params->{'Bugzilla_token'} = delete $params->{'token'} - if exists $params->{'token'}; + # Allow user to pass in login=foo&password=bar as a convenience + # even if not calling GET /login. We also do not delete them as + # GET /login requires "login" and "password". + if (exists $params->{'login'} && exists $params->{'password'}) { + $params->{'Bugzilla_login'} = $params->{'login'}; + $params->{'Bugzilla_password'} = $params->{'password'}; + } + # Allow user to pass token=12345678 as a convenience which becomes + # "Bugzilla_token" which is what the auth code looks for. + if (exists $params->{'token'}) { + $params->{'Bugzilla_token'} = $params->{'token'}; + } # Allow extensions to modify the credential data before login Bugzilla::Hook::process('webservice_fix_credentials', { params => $params }); |