Closed Bug 1014115 Opened 11 years ago Closed 11 years ago

Login API changed in in 4.4.3, causing 3rd-party programs to stop working.

Categories

(Bugzilla :: WebService, defect)

Product:
Bugzilla
Component:
WebService
Version:
4.4.3
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: lloydsensei+bugzilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 Steps to reproduce: I installed Bugzilla 4.4 I used Mercurial with the hgext/Bugzilla extension (http://mercurial.selenic.com/wiki/BugzillaExtension) I updated Bugzilla to 4.4.4 I created a commit with "Bug 251 fixed" as commit message (The extension stopped working correctly) Actual results: Using the hgext/Bugzilla extension produced the following error: bugzilla hook failed: Bugzilla error: <Fault 410: 'You must log in before using this part of Bugzilla.'> Expected results: A comment should have been inserted into the Bug 251. The extension should continue working as this is a bugfix update and not a major update. ADDITIONAL INFORMATION can be found in the bug report I created for the extension which now has to be updated because of this API change : http://bz.selenic.com/show_bug.cgi?id=4257 The goal of this bug is to understand: - If the api DID change from 4.4.2 to 4.4.3 - why it did change Regards, Camusensei
Yes, the API did change due to fixing a security bug (bug 893195) as mentioned in the Release Notes (the first bullet in http://www.bugzilla.org/releases/4.4.4/release-notes.html#v44_point). This requires all third party Webservice callers to be adapted to use tokens instead of cookies for login so I'd file a bug for the extension in question. As this is a security fix, I doubt we will be reversing the bug but you can ask Bugzilla Project lead (justdave, CCd for reference but you'd probably want to catch him on IRC) that approved the original change, if you think otherwise.
Assignee: general → webservice
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Component: Bugzilla-General → WebService
Resolution: --- → WONTFIX
Camusensei: I explained this on IRC to you, and the reasons why this was done. I told you to fix the software trying to log into Bugzilla, so it confuses me that you filed a ticket here.
Hi Andre. Sorry, I was told to file a bug against both bugzilla and the app, and Teemu's explanation is exactly what I needed. Regards, Camusensei
You need to log in before you can comment on or make changes to this bug.