The default bug view has changed. See this FAQ.

Backport bug 1175643 to bmo (Rewrite auth delegation to use a server-side POST instead of a client-side GET to delegate API Key)

RESOLVED FIXED

Status

()

bugzilla.mozilla.org
General
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: dylan, Assigned: dylan)

Tracking

Production

Details

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
It does what it says on the tin
(Assignee)

Comment 1

2 years ago
Created attachment 8642802 [details] [diff] [review]
1190693_1.patch

and here's the patch
Attachment #8642802 - Flags: review?(dkl)
Comment on attachment 8642802 [details] [diff] [review]
1190693_1.patch

Review of attachment 8642802 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl

::: auth.cgi
@@ +95,5 @@
> +    $ua->protocols_allowed(['http', 'https']);
> +    # If the URL of the proxy is given, use it, else get this information
> +    # from the environment variable.
> +    my $proxy_url = Bugzilla->params->{'proxy_url'};
> +    if ($proxy_url) {

nit:

if (my $proxy_url = Bugzilla->params->{'proxy_url'}) {
    $ua->proxy(['http', 'https'], $proxy_url);
}
else ...

@@ +112,5 @@
> +        eval {
> +            my $data = decode_json($resp->content);
> +            $callback_uri->query_param(callback_result => $data->{result});
> +        };
> +        if ($@) {

Nit: can shorten to
 
$@ && ThrowUserError('auth_delegation_json_error', { json_text => $resp->content });
print $cgi->redirect($callback_uri);
Attachment #8642802 - Flags: review?(dkl) → review+
(Assignee)

Comment 3

2 years ago
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   99bec2e..589ec37  master -> master
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Summary: Backport bug 1175643 to bmo for safer auth delegation → Backport bug 1175643 to bmo (Rewrite auth delegation to use a server-side POST instead of a client-side GET to delegate API Key)
You need to log in before you can comment on or make changes to this bug.