Closed Bug 241900 Opened 21 years ago Closed 20 years ago

Allow Bugzilla::Auth to have multiple login and validation styles

Categories

(Bugzilla :: User Accounts, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
Bugzilla 2.20

People

(Reporter: erik, Assigned: erik)

References

(Blocks 3 open bugs)

Details

Attachments

(3 files, 11 obsolete files)

5.32 KB, text/plain
kiko
: review-
Details
6.17 KB, text/plain
Details
82.62 KB, patch
kiko
: review+
bugreport
: review+
Details | Diff | Splinter Review
Two problems with Auth. First, it needs to make a distinction between methods that provide user information (login, passwd, etc.) versus those that validate that information. Bugzilla::Auth::CGI versus Bugzilla::Auth::DB, for example. Second, these methods should be selectable as sequences. That would allow a fallback to regular DB password logins if LDAP fails. It will become more necessary when additional methods of providing user information are introduced, too. I already have a patch ready that does these things, and will attach it shortly.
1. Breaks up the modules in Bugzilla/Auth by function. Those modules that cover entering user login data (eg., Auth/CGI.pm) go into Bugzilla/Auth/Login, and those that authenticate that data (eg., Auth/DB.pm) go into Bugzilla/Auth/Verify 2. Breaks Param('loginmethod') into user_info_method and user_verify_method, which cover the above separation. These params are also comma-seperated lists, allowing more than one method to be used in sequence, if needed. Future versions of editparams promise to allow these to be proper arrays, and the comma-seperated list is something of a placeholder waiting for that.
One side-effect of this patch is that editusers.cgi cannot tell reliably if users were logged in via one method or another, so its ability to stop the administrator from editing a user's attributes was taken out. The reason I consider this acceptable is that anything external that populates those attributes should really update them when there are differences between the two. can_edit becomes rather complex if you have more than one type of authentication. I changed it into a hash and made it so the value gets populated with either whatever the current user successfully logged in through, or the first one that allows new users to be added.
Status: NEW → ASSIGNED
I hit submit a little early on that last one. The can_edit hash containd keys for each modifiable attribute in the profiles table, and one called 'add', which is true if new users may be added.
Attachment #147179 - Flags: review?(bbaetz)
Blocks: 241903
Attachment #147179 - Flags: review?(bbaetz) → review?
Priority: -- → P2
Target Milestone: --- → Bugzilla 2.20
Comment on attachment 147179 [details] [diff] [review] Breaks up Auth and adds multiple-choice params A few initial problems... 1) editusers no longer compiles... 2) fix indents when you remove an enclosing conditional.
Attachment #147179 - Flags: review? → review-
Attached patch multiple-choice Auth (obsolete) — Splinter Review
This one should address the above problems. I'm kind of confused as to how that curly-brace mishap got through, as well as the indentation. Oh well. Here's another crack at it.
Attachment #147179 - Attachment is obsolete: true
Comment on attachment 149229 [details] [diff] [review] multiple-choice Auth Force of (recent) habit-- I gave the patch the wrong name.
Attachment #149229 - Attachment filename: whine.patch → auth.patch
Attachment #149229 - Flags: review?
Comment on attachment 149229 [details] [diff] [review] multiple-choice Auth >-if (Param('loginmethod') eq 'LDAP') { >+for my $verifymethod (split /,\s*/, Param('user_verify_method')) { >+ if ($verifymethod eq 'LDAP') { > my $netLDAP = have_vers("Net::LDAP", 0); > if (!$netLDAP && !$silent) { > print "If you wish to use LDAP authentication, then you must install Net::LDAP\n\n"; > } >+ } > } Indents messed up here... Anyway, fix the indents and this will be r=joel We should try developers and n.p.m.webtools to see if someone using LDAP cares to test.
Attachment #149229 - Flags: review? → review+
Attached patch multiple-choice Auth (obsolete) — Splinter Review
This should fix all of the indentation problems in the previous patch. I was using the wrong cvs diff args on all of my patches.
Attachment #149229 - Attachment is obsolete: true
Attachment #149868 - Flags: review?(bugreport)
Comment on attachment 149868 [details] [diff] [review] multiple-choice Auth r=joel
Attachment #149868 - Flags: review?(bugreport) → review+
Flags: approval?
Blocks: 166794
In case you're wondering, I'm just a *little* nervous about landing this prior to 2.18, so I'm holding approval until we branch at this point. From the sound of things, hopefully the wait won't be much longer.
Blocks: 250916
/me opens the can of worms and dumps it on the floor
Flags: approval? → approval+
checked in
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Flags: documentation?
Doh! This breaks password resets and confuses me now. Backed out and reopened. Clean up on Monday.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
The problem symptom is that the reset password link no longer appears on the login page. However, this is extremely confusing (I don;t know how I followed it before). Let's clean up the mechanism by which calls to the bottom-level modules are directed to them, probaly by creating some decent objects.
FWIW, here's a patch that fixes the problem here. I can't admit I *really* follow the code here, nor do I know if using objects would help us (it seems that all of the entities at hand are singletons, so classes might suffice). Some notes on the patch: - Bugzilla::Auth is called as a class though its first parameter to authenticate() was called self - I couldn't find a way to use Bugzilla::Auth::Verify::DB::can_edit as a hash, so I changed it to be a method and use a hash. Could it be that the can_edit variable is private to the package? - there was some funky indenting leftover, fixed. The codepath isn't *too* confusing once you realize the main call pattern: Bugzilla->login Bugzilla::Auth::Login::CGI (imported dynamically)-> login() Bugzilla::Auth -> authenticate() Bugzilla::Auth::Verify::DB (imported dynamically) -> authenticate() Bugzilla::Auth::Verify::DB -> can_edit() Bugzilla::Auth -> can_edit() Bugzilla::Auth::Verify::DB -> can_edit() (via current_verify_method) This is for the usecase that was broken and that is fixed by this patch -- there are obviously other equally clear paths that together form the picture, however complicated it turns out at the end. I'll remind you it was not my decision to code this in Perl <wink>.
(In reply to comment #13) > Backed out and reopened. > Clean up on Monday. May I suggest getting a 2nd review prior to the next checkin; you and erik are working so close together that it's easy for you to miss things that might concern others :-) (talking from my personal experience)
That wasn't quite correct; this one is: Bugzilla->login Bugzilla::Auth::Login::CGI (imported dynamically)-> login() Bugzilla::Auth -> authenticate() Bugzilla::Auth::Verify::DB (imported dynamically) -> authenticate() Bugzilla::Auth::Verify::DB -> can_edit() Bugzilla::Auth -> can_edit() Bugzilla::Auth::Verify::DB -> can_edit() (via current_verify_method)
Flags: approval+
Comment on attachment 149868 [details] [diff] [review] multiple-choice Auth Flagging this patch obsolete as part of testing another flag related issue. Besides, it is obsolete anyway. :-)
Attachment #149868 - Attachment is obsolete: true
*** Bug 250941 has been marked as a duplicate of this bug. ***
Attached patch Hopefully a less broken version (obsolete) — Splinter Review
This patch includes the changes from kiko's patch, plus it checks to see if DB is one of the allowed authentication methods before it bothers with the password change token in the first place. Right now there is no mechanism for an externally-managed password to be changed from within Bugzilla. A simple way to handle it would be to have a URL that points to a password manager or at least instructions on changing the passwords, but that could potentially mean having one URL for each verification method, which is kind of out of the question at this time. Maybe when editparams gets its revamp. Eventually, some sort of non-DB password management mechanism will be desired, and by that point, we'll need something more sophisticated, but I don't know if there are any solid plans for that sort of thing right now, which is good, because that's a messy task.
Attachment #152900 - Attachment is obsolete: true
Attachment #152984 - Flags: review?(bugreport)
Attachment #152984 - Flags: review?(kiko)
Is this is a diff -b, or is there some funky indentation going into Bugzilla.pm?
Comment on attachment 152984 [details] [diff] [review] Hopefully a less broken version This is much claner, but the diff -b makes the patch unapplyable without messing up indentation. Fix that and I'll r=joel
Attachment #152984 - Flags: review?(bugreport) → review-
Also, check the patch before you post it.... this one is missing the files removed.
Attached patch Hopefully again... (obsolete) — Splinter Review
1. I forgot to do cvsdo remove (ugh) 2. I've been wandering around thinking diff -b meant something it did not This is a diff -u -N, and the files that are supposed to be deleted are marked accordingly. No more hurrying to get a patch uploaded. Sorry about that.
Attachment #152984 - Attachment is obsolete: true
Attachment #153046 - Flags: review?(bugreport)
Comment on attachment 153046 [details] [diff] [review] Hopefully again... Stuff here is MHO, but I'd like you to consider the items and comment on them if you think I'm wrong. >Index: Bugzilla.pm >+# $current_login_method stores the name of the login method that succeeded. >+my $current_login_method = undef; [snip] >+ my $userid; >+ for my $method (split(/,\s*/, Param('user_info_method'))) { >+ require "Bugzilla/Auth/Login/" . $method . ".pm"; >+ $userid = "Bugzilla::Auth::Login::$method"->login($type); >+ if ($userid) { >+ $current_login_method = "Bugzilla::Auth::Login::$method"; >+ last; >+ } >+ } A comment about this section. How about we moved this loop into Bugzilla::Auth, so you called here: Bugzilla::Auth->login($type) and we abstracted away all these details from Bugzilla.pm? You're already providing a current verify method there, so you could store the other global together and centralize login stuff there. Bugzilla.pm should be as simple as possible IMO. >+ # $current_login_method is defined when the user's login information is >+ # found. If it's not defined, the user shouldn't be logged in. >+ if ($current_login_method) { >+ $current_login_method->logout($_user, $option); >+ if ($option != LOGOUT_KEEP_CURRENT) { >+ $current_login_method->clear_browser_cookies(); >+ logout_request(); >+ } Same here -- perhaps by calling logout() on Bugzilla::Auth and then having that be a nop if current_login_method is None. The browser cookies thing is a bit uneasy living here, but I'd need more thought to evaluate where it should go so it can stay for now I guess. >+ if ($current_login_method) { >+ $current_login_method->logout($_user, LOGOUT_ALL); >+ } Same here. >+ # in the future: >+ # >+ # user_verify_method and user_info_method should have maybe mark with an XXX here so we can find this easily later? >Index: token.cgi >+ # check verification methods >+ my $has_db = 0; >+ for (split (/[\s,]+/, Param("user_verify_method"))) { >+ if (/^DB$/) { >+ $has_db = 1; >+ } >+ } Can't you provide an API for this? I hate having code like this strung through all out APIs, it reminds me of having to maintain them after the fact :-) >Index: Bugzilla/Auth.pm >+# I'm willing to accept suggestions for somewhere else to put it. >+my $current_verify_method = undef; Looks like as good a place as any.. and with my suggestion all stored state goes here. Of course, we could have an Auth *object*, but that's easy to change once we centralize stuff in this module. >Index: Bugzilla/Auth/Login/CGI.pm >Index: Bugzilla/Auth/Login/CGI/Cookie.pm >Index: Bugzilla/Auth/Verify/DB.pm >Index: Bugzilla/Auth/Verify/LDAP.pm Can you summarize the changes for me here? Did much in the files change beyond consequences of the path rearrangement?
(In reply to comment #25) > all out APIs, it reminds me of having to maintain them after the fact :-) all our CGIs. Sorry, was distracted by the mozilla.org reboots.
* THIS IS NOT THE PATCH * Generally, the only changes are a consequence of the files being moved around. There was also a change to can_edit that was necessary. Trivial stuff, mostly.
Attached patch Slight update (obsolete) — Splinter Review
(In reply to comment #25) > A comment about this section. How about we moved this loop into Bugzilla::Auth, > so you called here: > > Bugzilla::Auth->login($type) > > and we abstracted away all these details from Bugzilla.pm? You're already > providing a current verify method there, so you could store the other global > together and centralize login stuff there. > > Bugzilla.pm should be as simple as possible IMO. I like the idea of doing that, and started on it, but it looks to me like it will be more of an involved process than it first seemed, due to being tied into $_user, which is then tied to $_cleanup. How about we tackle this one later? [...] > >+ # $current_login_method is defined when the user's login information is [...] > Same here -- perhaps by calling logout() on Bugzilla::Auth and then having that > be a nop if current_login_method is None. The browser cookies thing is a bit > uneasy living here, but I'd need more thought to evaluate where it should go so > it can stay for now I guess. Moving the logout function would probably be easier, but I think I'd rather tackle that at the same time as login gets moved, if it's all the same. > >+ # in the future: > >+ # > >+ # user_verify_method and user_info_method should have > > maybe mark with an XXX here so we can find this easily later? Done. > >Index: token.cgi > >+ # check verification methods > >+ my $has_db = 0; > >+ for (split (/[\s,]+/, Param("user_verify_method"))) { > >+ if (/^DB$/) { > >+ $has_db = 1; > >+ } > >+ } > > Can't you provide an API for this? I hate having code like this strung through > all out APIs, it reminds me of having to maintain them after the fact :-) Done. > Looks like as good a place as any.. and with my suggestion all stored state > goes here. Of course, we could have an Auth *object*, but that's easy to change > once we centralize stuff in this module. Well, I took the request for suggestions out, at least. > Can you summarize the changes for me here? Did much in the files change beyond > consequences of the path rearrangement? (comment 27)
Attachment #153046 - Attachment is obsolete: true
Comment on attachment 153164 [details] A diff of the Auth files that were moved We changed this: >+ 'caneditaccount' => Bugzilla::Auth->can_edit('new'), But you still have this: >+++ fix2/Bugzilla/Auth/Verify/LDAP.pm Wed Jul 14 >+# can_edit is now a hash. >+ >+my $can_edit = { >+ 'new' => 0, >+ 'userid' => 0, >+ 'login_name' => 0, >+ 'realname' => 0, >+}; >+ > sub authenticate { > my ($class, $username, $passwd) = @_; > >@@ -156,15 +166,13 @@ > return (AUTH_OK, $userid); > } > >-sub can_edit { return 0; } >- Notice something wrong? I do :-)
Attachment #153164 - Flags: review-
Blocks: 223082
I've got a document to attach in a bit that can go into Bugzilla/Auth/README.
Attached file README_v1
This file attempts to describe the loose concepts of pluggable auth. I would recomment it being included as Bugzilla/Auth/README as a source of some design documentation. While writing this file, I questioned the need for external knowledge of "current_*_class", and now think that it should be centralized inside Auth and the method calls proxied through as transparently as possible. So Bugzilla->login should call Auth->login which should resolve what method of auth is used and just call $method->login. Sound good? Erik, *please* edit this text file -- it needs some cleaning up but contains at least an initial framework of ideas.
Attached patch A fix and enhancement (obsolete) — Splinter Review
Here's what I have in this one: 1. Fixed the glaring omission of the new can_edit for LDAP 2. Fixed an unreported similar omission in a call to can_edit from createaccount.cgi 3. Per a conversation in #mozwebtools, created Bugzilla::Auth::Login::WWW, moving CGI into a subdirectory and taking most of the WWW-specific code out of Bugzilla.pm 4. Renamed the params and $current_*_method to use the term "class" instead of "method," which should help avoid confusion 5. Added a slightly altered version of kiko's README file Thoughts?
Attachment #153167 - Attachment is obsolete: true
Attachment #153443 - Flags: review?(kiko)
Opinions? We's always gots some opinions! :) Okay, here are the questions in outline form since hacking the patch to explain is going to take years: - You modify token stuff to use a has_db method. My question comes: isn't this in reality better and more flexibly referred to as can_edit("password")? Is the problem that password changing code still lives in token.cgi? If so, I'd rather we fixed that.. perhaps in a bug that went in before this one, or maybe use can_edit("password") and then open a bug to move stuff into DB.pm? I say this because hardcoding has_db seems awkward if somebody goes tomorrow and writes an ldap-password-changing-magic function. - I see you decided to go forth and rip the guts out of Bugzilla.pm! This scary prospect actually looks quite good (now that I understand it) however I have some comments wrt to it: + You left in a delete_user call which is a bit mysterious because it's being called from WWW::CGI->logout_request. Maybe we'd be happier leaving the logout_request ugliness in Bugzilla.pm for now until we figure out what's going on with it. + I need to be told again why $current_login_class and login_class need to live in Bugzilla.pm. I would think that the logout function wouldn't need to check for $current_login_class -- let Auth::Login::WWW->logout worry about it. That way all the submodule ickiness is centralized in WWW. How does that sound? - You do some user_verify_class grabbing in defparams.pl:check_user_verify_class. Would part of that live happier inside Auth? If so, perhaps file a bug to clean that up, and file another one to clean up the XXX that's left in there (and block them with this bug). Design-wise, it seems like we're close to a winner. Let's see about these questions, do adjustments as necessary and I'll do a good look at the code to push this in.
One additional question: how does editusers.cgi know it can or can't edit a user if we have no more calls to can_edit() in the CGI? I'm missing something there, I think?
(In reply to comment #33) > - You modify token stuff to use a has_db method. My question comes: isn't this > in reality better and more flexibly referred to as can_edit("password")? Is the > problem that password changing code still lives in token.cgi? If so, I'd rather > we fixed that.. perhaps in a bug that went in before this one, or maybe use > can_edit("password") and then open a bug to move stuff into DB.pm? had_db was added mainly as a way to allow a couple of the password-changing interfaces to continue to work without anyone pretending that the existing password-changina API is acceptable. In the near future, I can't see any of the external verify modules actually altering passwords, and hopefully before they are actually able to, we can see the DB password-change stuff move into Bugzilla::Auth::Verify::DB, but that stuff is IMO too much of a tangle to get moved into this patch (I'd like to land it this year). > I say this because hardcoding has_db seems awkward if somebody goes tomorrow > and writes an ldap-password-changing-magic function. It's totally awkward and I hate it, but it's there for the same reason that the password changing stuff hasn't moved yet-- because it complicates the patch a lot more. I'm willing to open a new bug to have it all cleaned out, if that's acceptable. > + You left in a delete_user call which is a bit mysterious because it's > being called from WWW::CGI->logout_request. Maybe we'd be happier leaving the > logout_request ugliness in Bugzilla.pm for now until we figure out what's going > on with it. I stared at that for a good long time. All it is is a destructor function for $_user, which is fine. The other part of logout_request clears cookies, which I find terrible (even though it's just a hack for the old code that reads $::COOKIE). Anyway, it's harmless in either place, and I preferred to move the cookie portion out of Bugzilla.pm. The end result is identical. > + I need to be told again why $current_login_class and login_class need > to live in Bugzilla.pm. I would think that the logout function wouldn't need to > check for $current_login_class -- let Auth::Login::WWW->logout worry about it. > That way all the submodule ickiness is centralized in WWW. How does that sound? It's in Bugzilla.pm because about a thousand places call have Bugzilla->login() hard-coded, and I determined that while the WWW-specific part of Bugzilla.pm is something that can be easily moved in this patch, the assumption that we're using the WWW cannot, and probably is a job for some later (extensive) clean-up work. > - You do some user_verify_class grabbing in > defparams.pl:check_user_verify_class. Would part of that live happier inside > Auth? If so, perhaps file a bug to clean that up, and file another one to clean > up the XXX that's left in there (and block them with this bug). defparams has param checking functions, so that's where I put it. I'm not sure defparams should have to call Bugzilla::Auth in order to do the same. As far as the XXX, there are dependencies on ideas that are only being discussed right now and are not afaik contained in bugs. It doesn't matter much to me whether there's a bug open or not, but I didn't open it because I couldn't accurately show everything that blocks it. (In reply to comment #34) > One additional question: how does editusers.cgi know it can or can't edit a > user if we have no more calls to can_edit() in the CGI? I'm missing something > there, I think? Because editusers.cgi is an administrative interface, rather than a user interface. In some cases, an administrator is going to want to edit certain aspects of a user, even though the auth system has it closed off. All users get data that sits in the DB, regardless of which auth module was used, and that data is all that editusers changes. userprefs.cgi, on the other hand, needs to follow the rules more stricly, because altering the blocked data can be dangerous at worst or ineffectual at best.
Blocks: 227686
Attachment #153046 - Flags: review?(bugreport)
Attachment #152984 - Flags: review?(kiko)
Attached patch more fixing (obsolete) — Splinter Review
Per a discussion with kiko:
Attachment #153443 - Attachment is obsolete: true
(In reply to comment #36) > Created an attachment (id=153691) > more fixing > > Per a discussion with kiko: Guh... didn't finish that thought before hitting submit. OK, here's what happened: - Moved current_login_method into WWW.pm - logout_request was moved back to Bugzilla.pm
Attachment #153691 - Flags: review?(kiko)
Attachment #153443 - Flags: review?(kiko)
Comment on attachment 153691 [details] [diff] [review] more fixing Comment: >Index: Bugzilla.pm >@@ -97,11 +71,10 @@ >+ # $current_login_class is defined when the user's login information is >+ # found. If it's not defined, the user shouldn't be logged in. >+ if (Bugzilla::Auth::Login::WWW->login_class) { >+ Bugzilla::Auth::Login::WWW->login_class->logout($_user, $option); > } > } > >@@ -109,8 +82,9 @@ > my ($class, $user) = @_; > # When we're logging out another user we leave cookies alone, and > # therefore avoid calling logout() directly. >- use Bugzilla::Auth::CGI; >- Bugzilla::Auth::CGI->logout($user, LOGOUT_ALL); >+ if (Bugzilla::Auth::Login::WWW->login_class) { >+ Bugzilla::Auth::Login::WWW->login_class->logout($_user, LOGOUT_ALL); >+ } Implement a Bugzilla::Auth::Login::WWW->logout() method that takes care of this, removing the need to do these ifs here in Bugzilla.pm, and we will have a winner. >Index: defparams.pl Please file a bug on cleaning up this defparams.pl mess and XXXs. Post number in a comment. >Index: editusers.cgi Please add a comment explaining here that we don't check for can_edit() -- with a good rationale as to why not. >Index: token.cgi >+ # check verification methods >+ unless (Bugzilla::Auth->has_db) { Note that bug 227686 is open to remove this and centralize this password-changing mess. Please add a diff of the moved files for the next round so I can confirm that they look as good as I think they do.
Attachment #153691 - Flags: review?(kiko) → review-
Blocks: 252173
(In reply to comment #38) > (From update of attachment 153691 [details] [diff] [review]) > Implement a Bugzilla::Auth::Login::WWW->logout() method that takes care of > this, removing the need to do these ifs here in Bugzilla.pm, and we will have a > winner. I have that. It'll be in my next patch, RSN. > Please file a bug on cleaning up this defparams.pl mess and XXXs. Post number > in a comment. bug 252173 > >Index: editusers.cgi > > Please add a comment explaining here that we don't check for can_edit() -- with > a good rationale as to why not. We've discussed this in IRC, so I'll paraphrase for everyone on the CC list: The problem is that now that a system may have multiple ways of getting a person's information, be it LDAP, Auth, or the hopefully-soon-to-be-posted environment-variable auth (bug 241903). In my case, I'll be using environment-variable auth with a fallback to CGI and DB, in case env auth isn't available. What that means, then, is that a user may be able to change their password, for example, as far as DB is concerned, but not as far as Env or LDAP is concerned. Right now, it checks the current method that the user logged in with, which should be sufficient for most situations, but may need to be re-examined in the future. The problem is with editusers.cgi, which is an administrative interface (regular users never touch it). Now you're logged in as person A and altering person B. What I decided to do was remove all of the checks as to whether a user may be modified, since as long as you're not altering the main key that identifies a user (currently login_name), there won't be any effect for an LDAP user, nor will there be one for an Env user, once that's available. So the answer, I guess, is that there is little reason now to care about whether you should be allowed to edit another user's attributes. Editing your own is another story, though, since you can shoot yourself in the foot (I'm OK with allowing administrators to shoot their users in the feet, though). > Please add a diff of the moved files for the next round so I can confirm that > they look as good as I think they do. Actually, there have been no new changes to DB.pm or LDAP.pm, so see the existing attachment 153164 [details] above. The new patch will follow shortly.
Status: REOPENED → ASSIGNED
Attached patch with logout moved (obsolete) — Splinter Review
Here it is...
Attachment #153691 - Attachment is obsolete: true
Attachment #153699 - Flags: review?(kiko)
Comment on attachment 153699 [details] [diff] [review] with logout moved Don't cry. >Index: Bugzilla.pm > sub logout_user { > my ($class, $user) = @_; > # When we're logging out another user we leave cookies alone, and > # therefore avoid calling logout() directly. >- use Bugzilla::Auth::CGI; >- Bugzilla::Auth::CGI->logout($user, LOGOUT_ALL); >+ Bugzilla::Auth::Login::WWW->logout($_user, LOGOUT_ALL); a) this comment is outdated b) it's $user, not $_user!
Attachment #153699 - Flags: review?(kiko) → review-
> a) this comment is outdated Not entirely outdated. I altered it to be more specific. > b) it's $user, not $_user! Fixed.
Attachment #153699 - Attachment is obsolete: true
Attachment #153701 - Flags: review?(kiko)
14:28 <@kiko> ____erik, you have a leftover delete_user function...
Attachment #153701 - Attachment is obsolete: true
Attachment #153702 - Flags: review?(kiko)
Attachment #153701 - Flags: review?(kiko)
Comment on attachment 153702 [details] [diff] [review] removing obsolete function from patch >Index: Bugzilla.pm >@@ -97,20 +67,14 @@ > } > $option = LOGOUT_CURRENT unless defined $option; > >- use Bugzilla::Auth::CGI; >- Bugzilla::Auth::CGI->logout($_user, $option); >- if ($option != LOGOUT_KEEP_CURRENT) { >- Bugzilla::Auth::CGI->clear_browser_cookies(); >- logout_request(); >- } >+ Bugzilla::Auth::Login::WWW->logout($_user, $option); > } > > sub logout_user { > my ($class, $user) = @_; > # When we're logging out another user we leave cookies alone, and >- # therefore avoid calling logout() directly. >- use Bugzilla::Auth::CGI; >- Bugzilla::Auth::CGI->logout($user, LOGOUT_ALL); >+ # therefore avoid calling Bugzilla->logout() directly. >+ Bugzilla::Auth::Login::WWW->logout($user, LOGOUT_ALL); > } This patch introduces a slight bug. The bug manifests itself because this code is very very `smart'. I know: I wrote it. This is how the bug occurs: - logout_user() is called via editusers.cgi. - Auth::Login::WWW->logout() is called, which calls - Auth::Login::WWW::CGI->logout() which in turn, clears browser cookies and logs out the admin who is using editusers.cgi (see the callsite) because logout() just does a clear_browser_cookies if the type isn't LOGOUT_KEEP_COOKIES. - Oops, we have an angry admin -- we're not supposed to touch his cookies. Boring, right? Alternatives: - Keep the if code that does the cookie clearing and user logout inside Bugzilla.pm. I find this really nasty and confusing, but maybe just opening a new bug for this and XXXing it is enough. - Provide a special constant LOGOUT_SOMEBODY_ELSE that is special-cased inside logout() to avoid clearing cookies too. Any others you see? I'm sorry I'm being picky, but this code has delicate semantics and I've done changes here that required hours of testing. I'm find with you doing the XXX thing because this has gone through many iterations and it's an evil leftover (I propagated or created, you could say).
Attachment #153702 - Flags: review?(kiko) → review-
(In reply to comment #44) > - Auth::Login::WWW::CGI->logout() which in turn, clears browser cookies and > logs out the admin who is using editusers.cgi (see the callsite) because > logout() just does a clear_browser_cookies if the type isn't > LOGOUT_KEEP_COOKIES. > - Oops, we have an angry admin -- we're not supposed to touch his cookies. WORKSFORME. if ($option == LOGOUT_ALL) { $dbh->do("DELETE FROM logincookies WHERE userid = ?", undef, $user->id); return; } The return above is called before the browser cookies get deleted. I tested it out and it seems to work fine.
Attachment #153702 - Flags: review- → review?(kiko)
By jove, you're right! I hadn't seen that. It's a horrible horrible hack :-) I've filed follow-up bug 252204 and blocked it here.
Blocks: 252204
Comment on attachment 153702 [details] [diff] [review] removing obsolete function from patch Looks good (/me shuts eyes) >Index: Bugzilla/Auth/Login/WWW/CGI.pm >+ $template->process("account/auth/login.html.tmpl", >+ { 'target' => $cgi->url(-relative=>1), >+ 'form' => \%::FORM, >+ 'mform' => \%::MFORM, >+ 'caneditaccount' => Bugzilla::Auth->can_edit('new'), >+ 'has_db' => Bugzilla::Auth->has_db, Just one thing: ensure this doesn't have to be \Bugzilla::Auth->has_db (I know regular functions do, but I'm not sure about "package/class methods".
Attachment #153702 - Flags: review?(kiko) → review+
Attachment #153702 - Flags: review?(bugreport)
Attachment #153702 - Flags: review?(bugreport)
Flags: approval?
(In reply to comment #47) > >+ 'has_db' => Bugzilla::Auth->has_db, > > Just one thing: ensure this doesn't have to be \Bugzilla::Auth->has_db (I know > regular functions do, but I'm not sure about "package/class methods". It doesn't. I'm sending the returned true/false value, not a function reference.
Flags: approval? → approval+
fixed again
Status: ASSIGNED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → FIXED
Erik, thanks for having the patience and taking the time to take this one through the motions -- the end product came out really nice.
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: