Closed
Bug 443210
Opened 16 years ago
Closed 13 years ago
Implement Bugzilla.parameters to access parameters used in Bugzilla
Categories
(Bugzilla :: WebService, enhancement)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.4
People
(Reporter: mkanat, Assigned: LpSolit)
References
Details
Attachments
(1 file, 3 obsolete files)
4.28 KB,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
In bug 428659, we throw an error if ssl is "authenticated sessions" and User.login is called without SSL. However, there's no way for a client to know if Bugzilla requires SSL for login or not, or even if it supports ssl! So we have to include some way to get the ssl parameter.
Flags: blocking3.2+
Reporter | ||
Comment 1•16 years ago
|
||
Okay, here's the only two parameters that I think are very important to have for 3.2.
Reporter | ||
Comment 2•16 years ago
|
||
And this is more what it will look like on HEAD, although I'm not done yet.
Assignee | ||
Comment 3•16 years ago
|
||
IMO, the information listed in "WIP for HEAD" should not be disclosed if requirelogin = 1 and you are not logged in, because you cannot normally access this data from the web and there is no reason to bypass it using the API. The patch for 3.2 seems fine though as this information is already available when accessing the login page.
Comment 4•16 years ago
|
||
Comment on attachment 327823 [details] [diff] [review] v1 for 3.2 I dont see that the Bugzilla::WebService::type function is available under the 3.2 branch, only on HEAD. So you should use type() instead.
Attachment #327823 -
Flags: review?(dkl) → review-
Reporter | ||
Comment 5•16 years ago
|
||
Since we got the ssl redirect working, this isn't a 3.2 blocker anymore, and in fact won't even go into 3.2 anymore.
Flags: blocking3.2+ → blocking3.2-
Target Milestone: Bugzilla 3.2 → Bugzilla 4.0
Comment 6•14 years ago
|
||
If you think that we need some more parameters, please tell me what parameter you mean.
Attachment #437087 -
Flags: review?(mkanat)
Assignee | ||
Comment 7•14 years ago
|
||
Comment on attachment 437087 [details] [diff] [review] patch, V3 All parameters should be accessible as long as I'm in the tweakparams group.
Attachment #437087 -
Flags: review?(mkanat) → review-
Comment 8•14 years ago
|
||
(In reply to comment #7) > (From update of attachment 437087 [details] [diff] [review]) > All parameters should be accessible as long as I'm in the tweakparams group. What should a user see who is not in he tweakparams group? * Nothing or some selected(which)
Assignee | ||
Comment 11•13 years ago
|
||
I really need this for our QA tests, so taking!
Assignee: mkanat → LpSolit
Attachment #327823 -
Attachment is obsolete: true
Attachment #327826 -
Attachment is obsolete: true
Attachment #437087 -
Attachment is obsolete: true
Attachment #585617 -
Flags: review?(mkanat)
Assignee | ||
Updated•13 years ago
|
Summary: WebServices need access to some params → Implement Bugzilla.parameters to access parameters used in Bugzilla
Reporter | ||
Comment 12•13 years ago
|
||
Comment on attachment 585617 [details] [diff] [review] patch, v4 Review of attachment 585617 [details] [diff] [review]: ----------------------------------------------------------------- Awesome! ::: Bugzilla/WebService/Bugzilla.pm @@ +42,5 @@ > version > ); > > +# Logged-out users do not need to know more than that. > +use constant PARAMETERS_WHITELIST => qw( Let's call this PARAMETERS_LOGGED_OUT. @@ +48,5 @@ > + requirelogin > +); > + > +# These parameters are guessable from the web UI when the user > +# is logged in. So it's safe to access them. The only problem is that you're also providing these values to third-party sites who *can't* log in, via JSONP. But I suppose that's true for all our APIs, so it's not like this would be a new security issue. @@ +49,5 @@ > +); > + > +# These parameters are guessable from the web UI when the user > +# is logged in. So it's safe to access them. > +use constant PARAMETERS_WHITELIST_EXTENDED => qw( And this PARAMETERS_LOGGED_IN. @@ +387,5 @@ > + C<useqacontact>, > + C<usestatuswhiteboard>, > + C<usetargetmilestone>. > + > +A user being in the tweakparams group can access all existing parameters. Remove "being". Right after this sentence, add: The list of parameters returned by this method is not stable and will never be stable.
Attachment #585617 -
Flags: review?(mkanat) → review+
Reporter | ||
Updated•13 years ago
|
Flags: approval+
Assignee | ||
Comment 13•13 years ago
|
||
I fixed everything you said on checkin. Thanks! :) Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified Bugzilla/WebService/Bugzilla.pm Committed revision 8066.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•13 years ago
|
Flags: testcase?
You need to log in
before you can comment on or make changes to this bug.
Description
•