Closed Bug 1001462 Opened 11 years ago Closed 11 years ago

Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token'

Categories

(Bugzilla :: WebService, enhancement)

Product:
Bugzilla
Component:
WebService
Version:
4.4.4
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.4

People

(Reporter: dkl, Assigned: dkl)

References

Details

(Keywords: regression)

Attachments

(2 files, 6 obsolete files)

4.4 1001462_3.patch
2.73 KB, patch
glob
: review+
Details | Diff | Splinter Review
Trunk 1001462_4.patch
3.85 KB, patch
glob
: review+
Details | Diff | Splinter Review
XMLRPC and JSONRPC allow users to pass 'token' instead of 'Bugzilla_token' as a short-cut to webservice calls. But the shorter 'token' causes Bug.search to generate an error as it considers 'token' to be an invalid param since it uses Bugzilla::Bug->match. Trunk does not have this issue as it uses Bugzilla::Search and 'token' is ignored. For 4.4, we need to update Bugzilla/Auth/Login/Cookie.pm to use 'token' if present and then delete it from the $params before Bug.search is executed. This will solve the error. As a workaround users can use 'Bugzilla_token' as it is properly removed when it is read. dkl
Attached patch 1001462_1.patch (obsolete) — Splinter Review
Applies to both trunk and 4.4. dkl
Attachment #8418950 - Flags: review?(glob)
Attachment #8418950 - Attachment is obsolete: true
Attachment #8418950 - Flags: review?(glob)
Attached patch Patch for 4.4 v1 (obsolete) — Splinter Review
Attachment #8418957 - Flags: review?(glob)
Attached patch Patch for trunk v1 (obsolete) — Splinter Review
Attachment #8418958 - Flags: review?(glob)
Comment on attachment 8418957 [details] [diff] [review] Patch for 4.4 v1 Review of attachment 8418957 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8418957 - Flags: review?(glob) → review+
Comment on attachment 8418958 [details] [diff] [review] Patch for trunk v1 Review of attachment 8418958 [details] [diff] [review]: ----------------------------------------------------------------- with this patch, trunk throws the follow error when calling User.login: > The function requires a login argument, and that argument was not set. i'm providing the login argument, and the same call works without the patch:
Attachment #8418958 - Flags: review?(glob) → review-
Attached patch Patch for trunk v2 (obsolete) — Splinter Review
weird :) this one should work much better for XMLRPC.
Attachment #8418958 - Attachment is obsolete: true
Attachment #8420208 - Flags: review?(glob)
Flags: approval4.4?
Comment on attachment 8420208 [details] [diff] [review] Patch for trunk v2 Review of attachment 8420208 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8420208 - Flags: review?(glob) → review+
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 8243604..70e8ab7 master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 7f74756..2234f68 4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment on attachment 8418957 [details] [diff] [review] Patch for 4.4 v1 >=== modified file 'Bugzilla/WebService/User.pm' > foreach my $param ("login", "password") { >- defined $params->{$param} >+ (!defined $params->{$param} && !defined $params->{'Bugzilla_' . $param}) > || ThrowCodeError('param_required', { param => $param }); This code is wrong. It must be: defined $params->{$param} || defined $params->{'Bugzilla_' . $param} || ThrowCodeError('param_required', { param => $param }); This makes several QA tests to fail.
Attachment #8418957 - Flags: review-
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment on attachment 8420208 [details] [diff] [review] Patch for trunk v2 Same problem here.
Attachment #8420208 - Flags: review-
The fix I suggested in comment 10 is not enough. Now QA tests throw: # Failed test 'JSON-RPC: User.login returned successfully' # at lib/QA/RPC.pm line 84. # The function requires a login argument, and that argument was not set. Can't use an undefined value as a HASH reference at lib/QA/RPC.pm line 50. I think the patch should be backed out as there is something else which is still broken.
Backed out: To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git d694e68..52b113c master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 1d6e06b..ad99e9d 4.4 -> 4.4
Flags: approval4.4+
Flags: approval+
Flags: blocking5.0+
Attached patch Trunk 1001462_3.patch (obsolete) — Splinter Review
Attachment #8420208 - Attachment is obsolete: true
Attached patch 4.4 1001462_2.patch (obsolete) — Splinter Review
Attachment #8418957 - Attachment is obsolete: true
Attachment #8516462 - Flags: review?(glob)
Attachment #8516459 - Flags: review?(glob)
Comment on attachment 8516462 [details] [diff] [review] 4.4 1001462_2.patch Review of attachment 8516462 [details] [diff] [review]: ----------------------------------------------------------------- # Failed test 'Bugzilla/WebService/User.pm has 1 error(s): # user error tag 'invalid_login_or_password' is used at line(s) (74) but not defined for language(s): any' # at t/012throwables.t line 199. ::: Bugzilla/WebService/User.pm @@ +70,5 @@ > + if ($user->id) { > + return $self->_login_to_hash($user); > + } > + else { > + ThrowUserError('invalid_login_or_password'); this ThrowUserError is never reached -- Bugzilla->login() throws an error if the user/pass is invalid, and the param_required checks ensures we can't get an anon user back from ->login. @@ +75,1 @@ > } after more investigate, most of this code isn't actually reached. Bugzilla::WebService::Server::XMLRPC::handle_login handles all the authentication requests where login/password parameters are provided, including calls to User.login (!). the only time we get past the "already logged in" check is if there are missing parameters.
Attachment #8516462 - Flags: review?(glob) → review-
Attachment #8516462 - Attachment is obsolete: true
Attachment #8520019 - Flags: review?(glob)
Attachment #8516459 - Attachment is obsolete: true
Attachment #8516459 - Flags: review?(glob)
Attachment #8520025 - Flags: review?(glob)
Comment on attachment 8520025 [details] [diff] [review] Trunk 1001462_4.patch Review of attachment 8520025 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8520025 - Flags: review?(glob) → review+
Comment on attachment 8520019 [details] [diff] [review] 4.4 1001462_3.patch Review of attachment 8520019 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8520019 - Flags: review?(glob) → review+
Flags: approval5.0+
Flags: approval4.4+
Flags: approval+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git ded5d29..c0156f2 master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 4b4ddaf..0b19b10 5.0 -> 5.0 To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 16fa3bf..cbc11fd 4.4 -> 4.4
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
Blocks: 1097813
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: