Skip to content

bugzilla
bugzilla
Commit 32aa48ea authored by mkanat%kerio.com's avatar mkanat%kerio.com
Browse files
Options

Bug 298659: setting authentication to LDAP,DB fails

Patch By A. Karl Kornel <karl@kornel.name> r=glob, a=justdave
parent b4e43c11
Show whitespace changes
Inline Side-by-side
Showing with 22 additions and 16 deletions
Bugzilla/Auth.pm
View file @ 32aa48ea
...@@ -107,13 +107,15 @@ sub authenticate { ...@@ -107,13 +107,15 @@ sub authenticate {
my @args = @_; my @args = @_;
my @firstresult = (); my @firstresult = ();
my @result = (); my @result = ();
my $current_verify_method;
for my $method (split /,\s*/, Param("user_verify_class")) { for my $method (split /,\s*/, Param("user_verify_class")) {
$current_verify_method = $method;
$method = "Bugzilla::Auth::Verify::" . $method; $method = "Bugzilla::Auth::Verify::" . $method;
@result = $method->authenticate(@args); @result = $method->authenticate(@args);
@firstresult = @result unless @firstresult; @firstresult = @result unless @firstresult;
if (($result[0] != AUTH_NODATA)&&($result[0] != AUTH_LOGINFAILED)) { if (($result[0] != AUTH_NODATA)&&($result[0] != AUTH_LOGINFAILED)) {
$current_verify_class = $method; unshift @result, ($current_verify_method);
return @result; return @result;
} }
} }
...@@ -123,13 +125,16 @@ sub authenticate { ...@@ -123,13 +125,16 @@ sub authenticate {
# see if we can set $current to the first verify method that # see if we can set $current to the first verify method that
# will allow a new login # will allow a new login
my $chosen_verify_method;
for my $method (split /,\s*/, Param("user_verify_class")) { for my $method (split /,\s*/, Param("user_verify_class")) {
$current_verify_method = $method;
$method = "Bugzilla::Auth::Verify::" . $method; $method = "Bugzilla::Auth::Verify::" . $method;
if ($method->can_edit('new')) { if ($method->can_edit('new')) {
$current_verify_class = $method; $chosen_verify_method = $method;
} }
} }
unshift @result, $chosen_verify_method;
return @result; return @result;
} }
...@@ -222,16 +227,17 @@ This method is passed a username and a password, and returns a list ...@@ -222,16 +227,17 @@ This method is passed a username and a password, and returns a list
containing up to four return values, depending on the results of the containing up to four return values, depending on the results of the
authentication. authentication.
The first return value is one of the status codes defined in The first return value is the name of the class that generated the results
L<Bugzilla::Constants|Bugzilla::Constants> and described below. The constined in the remaining return values. The second return value is one of
rest of the return values are status code-specific and are explained in the status codes defined in L<Bugzilla::Constants|Bugzilla::Constants> and
the status code descriptions. described below. The rest of the return values are status code-specific
and are explained in the status code descriptions.
=over 4 =over 4
=item C<AUTH_OK> =item C<AUTH_OK>
Authentication succeeded. The second variable is the userid of the new Authentication succeeded. The third variable is the userid of the new
user. user.
=item C<AUTH_NODATA> =item C<AUTH_NODATA>
...@@ -241,11 +247,11 @@ cases, such as cookie authentication when the cookie is not present. ...@@ -241,11 +247,11 @@ cases, such as cookie authentication when the cookie is not present.
=item C<AUTH_ERROR> =item C<AUTH_ERROR>
An error occurred when trying to use the login mechanism. The second return An error occurred when trying to use the login mechanism. The third return
value may contain the Bugzilla userid, but will probably be C<undef>, value may contain the Bugzilla userid, but will probably be C<undef>,
signifiying that the userid is unknown. The third value is a tag describing signifiying that the userid is unknown. The fourth value is a tag describing
the error used by the authentication error templates to print a description the error used by the authentication error templates to print a description
to the user. The optional fourth argument is a hashref of values used as part to the user. The optional fifth argument is a hashref of values used as part
of the tag's error descriptions. of the tag's error descriptions.
This error template must have a name/location of This error template must have a name/location of
...@@ -255,22 +261,22 @@ I<account/auth/C<lc(authentication-type)>-error.html.tmpl>. ...@@ -255,22 +261,22 @@ I<account/auth/C<lc(authentication-type)>-error.html.tmpl>.
An incorrect username or password was given. Note that for security reasons, An incorrect username or password was given. Note that for security reasons,
both cases return the same error code. However, in the case of a valid both cases return the same error code. However, in the case of a valid
username, the second argument may be the userid. The authentication username, the third argument may be the userid. The authentication
mechanism may not always be able to discover the userid if the password is mechanism may not always be able to discover the userid if the password is
not known, so whether or not this argument is present is implementation not known, so whether or not this argument is present is implementation
specific. For security reasons, the presence or lack of a userid value should specific. For security reasons, the presence or lack of a userid value should
not be communicated to the user. not be communicated to the user.
The third argument is an optional tag from the authentication server The fourth argument is an optional tag from the authentication server
describing the error. The tag can be used by a template to inform the user describing the error. The tag can be used by a template to inform the user
about the error. Similar to C<AUTH_ERROR>, an optional hashref may be about the error. Similar to C<AUTH_ERROR>, an optional hashref may be
present as a fourth argument, to be used by the tag to give more detailed present as a fifth argument, to be used by the tag to give more detailed
information. information.
=item C<AUTH_DISABLED> =item C<AUTH_DISABLED>
The user successfully logged in, but their account has been disabled. The user successfully logged in, but their account has been disabled.
The second argument in the returned array is the userid, and the third The third argument in the returned array is the userid, and the fourth
is some text explaining why the account was disabled. This text would is some text explaining why the account was disabled. This text would
typically come from the C<disabledtext> field in the C<profiles> table. typically come from the C<disabledtext> field in the C<profiles> table.
Note that this argument is a string, not a tag. Note that this argument is a string, not a tag.
......
Bugzilla/Auth/Login/WWW/CGI.pm
View file @ 32aa48ea
...@@ -53,8 +53,8 @@ sub login { ...@@ -53,8 +53,8 @@ sub login {
$cgi->delete('Bugzilla_login', 'Bugzilla_password'); $cgi->delete('Bugzilla_login', 'Bugzilla_password');
my $authmethod = Param("user_verify_class"); # Perform the actual authentication, get the method name from the class name
my ($authres, $userid, $extra, $info) = my ($authmethod, $authres, $userid, $extra, $info) =
Bugzilla::Auth->authenticate($username, $passwd); Bugzilla::Auth->authenticate($username, $passwd);
if ($authres == AUTH_OK) { if ($authres == AUTH_OK) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment