If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Bugzilla shouldn't try to write API tokens into the shadow DB

RESOLVED FIXED in Bugzilla 5.0

Status

()

Bugzilla
WebService
P1
critical
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: glob, Assigned: glob)

Tracking

Bugzilla 5.0
Bug Flags:
approval +
approval5.0 +
blocking5.0 +

Details

Attachments

(1 attachment)

(Assignee)

Description

3 years ago
if you have a shadow_db, perform a search, and bugzilla needs to create an api_token, the following error is generated:

The MySQL server is running with the --read-only option so it cannot execute this statement [for Statement "INSERT INTO tokens (userid, issuedate, token, tokentype, eventdata) VALUES (?, NOW(), ?, ?, ?)"] (Bugzilla/Token.pm:457)



the decision to include an api token is imho sub-optimal:

> [% IF javascript_urls.containsany(['js/bug.js', 'js/field.js', 'js/comment-tagging.js']) %]
>   , api_token: '[% get_api_token FILTER js FILTER html %]'
> [% END %]

the means we're generating tokens in situations where we don't need one, and doesn't allow for extension page which need to make api calls to use the api_token unless they include one of those three javascript files.

i think it would be better for a boolean to be passed to the header which triggers inclusion of the api_token, and explicitly include the token only where required.
Flags: blocking5.0+

Comment 1

3 years ago
yes
Also, Bugzilla::Token::_create_token() should probably automatically shift to dbh_main before generating the token.
(Assignee)

Comment 2

3 years ago
Created attachment 8561219 [details] [diff] [review]
1128853_1.patch

- automatically switch to the shadow db when creating a token
- adds "generate_api_token" param to global/header
- sets generate_api_token to 1 where required
  - most of these are due to user auto-completion
  - no longer generating a token on search results
Assignee: webservice → glob
Status: NEW → ASSIGNED
Attachment #8561219 - Flags: review?(dkl)

Updated

3 years ago
Summary: Searching when using a shadow_db results in "The MySQL server is running with the --read-only option" error → Bugzilla shouldn't try to write API tokens into the shadow DB

Updated

3 years ago
See Also: → bug 1081672
Comment on attachment 8561219 [details] [diff] [review]
1128853_1.patch

Review of attachment 8561219 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8561219 - Flags: review?(dkl) → review+

Updated

3 years ago
Flags: approval?
Flags: approval5.0?
(Assignee)

Comment 4

3 years ago
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   f6686ca..b7147b7  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   dbc7a21..c1fa559  5.0 -> 5.0
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED

Comment 5

3 years ago
Do not forget to a+ your patch too. ;)

Updated

3 years ago
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval+
You need to log in before you can comment on or make changes to this bug.