Bugzilla shouldn't try to write API tokens into the shadow DB

RESOLVED FIXED in Bugzilla 5.0

Status

()

P1
critical
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: glob, Assigned: glob)

Tracking

Bugzilla 5.0
Bug Flags:
approval +
approval5.0 +
blocking5.0 +

Details

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
if you have a shadow_db, perform a search, and bugzilla needs to create an api_token, the following error is generated:

The MySQL server is running with the --read-only option so it cannot execute this statement [for Statement "INSERT INTO tokens (userid, issuedate, token, tokentype, eventdata) VALUES (?, NOW(), ?, ?, ?)"] (Bugzilla/Token.pm:457)



the decision to include an api token is imho sub-optimal:

> [% IF javascript_urls.containsany(['js/bug.js', 'js/field.js', 'js/comment-tagging.js']) %]
>   , api_token: '[% get_api_token FILTER js FILTER html %]'
> [% END %]

the means we're generating tokens in situations where we don't need one, and doesn't allow for extension page which need to make api calls to use the api_token unless they include one of those three javascript files.

i think it would be better for a boolean to be passed to the header which triggers inclusion of the api_token, and explicitly include the token only where required.
Flags: blocking5.0+

Comment 1

4 years ago
yes
Also, Bugzilla::Token::_create_token() should probably automatically shift to dbh_main before generating the token.
(Assignee)

Comment 2

4 years ago
Created attachment 8561219 [details] [diff] [review]
1128853_1.patch

- automatically switch to the shadow db when creating a token
- adds "generate_api_token" param to global/header
- sets generate_api_token to 1 where required
  - most of these are due to user auto-completion
  - no longer generating a token on search results
Assignee: webservice → glob
Status: NEW → ASSIGNED
Attachment #8561219 - Flags: review?(dkl)

Updated

4 years ago
Summary: Searching when using a shadow_db results in "The MySQL server is running with the --read-only option" error → Bugzilla shouldn't try to write API tokens into the shadow DB

Updated

4 years ago
See Also: → bug 1081672
Comment on attachment 8561219 [details] [diff] [review]
1128853_1.patch

Review of attachment 8561219 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8561219 - Flags: review?(dkl) → review+
Flags: approval?
Flags: approval5.0?
(Assignee)

Comment 4

4 years ago
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   f6686ca..b7147b7  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   dbc7a21..c1fa559  5.0 -> 5.0
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED

Comment 5

4 years ago
Do not forget to a+ your patch too. ;)
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval+
You need to log in before you can comment on or make changes to this bug.