278792 - Move Crypt() to Bugzilla::Auth

Status: RESOLVED FIXED

(Bugzilla :: Bugzilla-General, enhancement)

Description

[Max Kanat-Alexander]

The Crypt() function from globals.pl should be easily moveable to Bugzilla::Util.

Comment 1

[Max Kanat-Alexander]

I'm also going to rename it to bz_crypt, becase:

+ Bugzilla::Util functions are all lowercase.
+ There's already a "crypt" function in perl.
+ Having a function that differs from a builtin only by a capital letter is 
  probably not as good as having the bz_ prefix on there.

Comment 2

[Max Kanat-Alexander]

OK, actually, it should go to Bugzilla::Auth, since that's where it really belongs.

This is determined by a comment in checksetup:

# The only use for loading globals.pl is for Crypt(), which should at some
# point probably be factored out into Bugzilla::Auth::*

I'll also re-name it to crypt_new_password, since that makes more sense, and
more clearly indicates what it does.

Comment 3

[Max Kanat-Alexander]

Attachment: Move Crypt()

OK, here it is. I didn't want to also remove globals.pl from checksetup in the
same patch; we can file a new bug to do that.

Comment 4

[Vlad Dascalu]

I'm probably missing something here, but what does "new" mean from the
"crypt_new_password" thing?

As far as I can see from the code, the sub takes a password, crypts it, and
returns the result. There is no "new password" generated or something like that.

Comment 5

[Max Kanat-Alexander]

It's because it's only for crypting a password that's a *new* password for the
user. You can't use it to re-crypt the password later, to check against the
crypted version. It will return something different every time you pass it the
same string.

Comment 6

[Vlad Dascalu]

Comment on attachment 171596 [details] [diff] [review]
Move Crypt()

Oh. Well that's what crypt from the Perl distribution does by default, and it's
not named crypt_new.

In my opinion it's not a new password, it's the same password, in its crypted
form. It's similar to the MD5 of the password. I wouldn't call that a new
password.

So I think this is bad terminology for some developers, including me.

Comment 7

[Max Kanat-Alexander]

OK. I'll call it bz_crypt_password.

Comment 8

[Max Kanat-Alexander]

Attachment: Version 2

OK. I named it bz_crypt. I figure that's simple enough. I also improved the
documentation, slightly, and used a better way of calling Exporter.

Comment 9

[Shane H. W. Travis]

Checking in checksetup.pl;
/cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v  <--  checksetup.pl
new revision: 1.333; previous revision: 1.332
done
Checking in editusers.cgi;
/cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v  <--  editusers.cgi
new revision: 1.72; previous revision: 1.71
done
Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v  <--  globals.pl
new revision: 1.291; previous revision: 1.290
done
Checking in token.cgi;
/cvsroot/mozilla/webtools/bugzilla/token.cgi,v  <--  token.cgi
new revision: 1.28; previous revision: 1.27
done
Checking in userprefs.cgi;
/cvsroot/mozilla/webtools/bugzilla/userprefs.cgi,v  <--  userprefs.cgi
new revision: 1.63; previous revision: 1.62
done
Checking in Bugzilla/Auth.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth.pm,v  <--  Auth.pm
new revision: 1.8; previous revision: 1.7
done
Checking in Bugzilla/Auth/Verify/DB.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Verify/DB.pm,v  <--  DB.pm
new revision: 1.4; previous revision: 1.3
done