Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
cfc22fd3
Commit
cfc22fd3
authored
Nov 27, 2003
by
kiko%async.com.br
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 226324: Move relogin.cgi code to Bugzilla::Auth::CGI. Provide a
logout() method that is proxied through Bugzilla.pm's logout(), and fix callers to use it. r=justdave, bbaetz, a=justdave
parent
44a7b4d9
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
48 additions
and
37 deletions
+48
-37
Bugzilla.pm
Bugzilla.pm
+16
-4
CGI.pm
Bugzilla/Auth/CGI.pm
+26
-1
buglist.cgi
buglist.cgi
+1
-1
createaccount.cgi
createaccount.cgi
+2
-6
relogin.cgi
relogin.cgi
+3
-25
No files found.
Bugzilla.pm
View file @
cfc22fd3
...
@@ -99,8 +99,17 @@ sub login {
...
@@ -99,8 +99,17 @@ sub login {
}
}
sub
logout
{
sub
logout
{
use
Bugzilla::Auth::
CGI
;
# remove cookies and clean up database state
Bugzilla::Auth::
CGI
->
logout
();
logout_request
();
}
sub
logout_request
{
undef
$_user
;
undef
$_user
;
$::userid
=
0
;
$::userid
=
0
;
delete
$::COOKIE
{
"Bugzilla_login"
};
delete
$::COOKIE
{
"Bugzilla_logincookie"
};
}
}
my
$_dbh
;
my
$_dbh
;
...
@@ -266,10 +275,13 @@ L<Bugzilla::User|Bugzilla::User>.
...
@@ -266,10 +275,13 @@ L<Bugzilla::User|Bugzilla::User>.
=item C<logout>
=item C<logout>
Logs out the current user. For the moment, this will just cause calls to
Logs out the current user.
C<user> to return C<undef>. Eventually this will handle deleting cookies from
the browser and values from the database, which is currently all handled
=item C<logout_request>
by C<relogin.cgi>.
Essentially, causes calls to C<user> to return C<undef>. This has the
effect of logging out a user for the current request only; cookies and
database state are left intact.
=item C<dbh>
=item C<dbh>
...
...
Bugzilla/Auth/CGI.pm
View file @
cfc22fd3
...
@@ -177,6 +177,28 @@ sub login {
...
@@ -177,6 +177,28 @@ sub login {
}
}
sub
logout
{
my
(
$class
,
$user
)
=
@_
;
if
(
$user
)
{
# Even though we know the userid must match, we still check it in the
# SQL as a sanity check, since there is no locking here, and if
# the user logged out from two machines simulataniously, while someone
# else logged in and got the same cookie, we could be logging the
# other user out here. Yes, this is very very very unlikely, but why
# take chances? - bbaetz
my
$dbh
=
Bugzilla
->
dbh
;
$dbh
->
do
(
"DELETE FROM logincookies WHERE cookie = ? AND userid = ?"
,
undef
,
$::COOKIE
{
"Bugzilla_logincookie"
},
$user
->
id
);
}
my
$cgi
=
Bugzilla
->
cgi
;
$cgi
->
send_cookie
(
-
name
=>
"Bugzilla_login"
,
-
expires
=>
"Tue, 15-Sep-1998 21:49:00 GMT"
);
$cgi
->
send_cookie
(
-
name
=>
"Bugzilla_logincookie"
,
-
expires
=>
"Tue, 15-Sep-1998 21:49:00 GMT"
);
}
1
;
1
;
__END__
__END__
...
@@ -188,7 +210,7 @@ Bugzilla::Auth::CGI - CGI-based logins for Bugzilla
...
@@ -188,7 +210,7 @@ Bugzilla::Auth::CGI - CGI-based logins for Bugzilla
=head1 SUMMARY
=head1 SUMMARY
This is a L<login module|Bugzilla::Auth/"LOGIN"> for Bugzilla. Users connecting
This is a L<login module|Bugzilla::Auth/"LOGIN"> for Bugzilla. Users connecting
from a CGI script use this module to authenticate.
from a CGI script use this module to authenticate.
Logouts are also handled here.
=head1 BEHAVIOUR
=head1 BEHAVIOUR
...
@@ -198,6 +220,9 @@ using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>.
...
@@ -198,6 +220,9 @@ using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>.
If no data is present for that, then cookies are tried, using
If no data is present for that, then cookies are tried, using
L<Bugzilla::Auth::Cookie>.
L<Bugzilla::Auth::Cookie>.
When a logout is performed, we take care of removing the relevant
logincookie database entry and effectively deleting the client cookie.
=head1 SEE ALSO
=head1 SEE ALSO
L<Bugzilla::Auth>
L<Bugzilla::Auth>
buglist.cgi
View file @
cfc22fd3
...
@@ -95,7 +95,7 @@ if ($::FORM{'format'} && $::FORM{'format'} eq "rdf" && !$::FORM{'ctype'}) {
...
@@ -95,7 +95,7 @@ if ($::FORM{'format'} && $::FORM{'format'} eq "rdf" && !$::FORM{'ctype'}) {
# Note that if and when this call clears cookies or has other persistent
# Note that if and when this call clears cookies or has other persistent
# effects, we'll need to do this another way instead.
# effects, we'll need to do this another way instead.
if
((
exists
$::FORM
{
'ctype'
})
&&
(
$::FORM
{
'ctype'
}
eq
"js"
))
{
if
((
exists
$::FORM
{
'ctype'
})
&&
(
$::FORM
{
'ctype'
}
eq
"js"
))
{
Bugzilla
->
logout
();
Bugzilla
->
logout
_request
();
}
}
# Determine the format in which the user would like to receive the output.
# Determine the format in which the user would like to receive the output.
...
...
createaccount.cgi
View file @
cfc22fd3
...
@@ -47,15 +47,11 @@ unless (Bugzilla::Auth->can_edit) {
...
@@ -47,15 +47,11 @@ unless (Bugzilla::Auth->can_edit) {
ThrowUserError
(
"auth_cant_create_account"
);
ThrowUserError
(
"auth_cant_create_account"
);
}
}
my
$cgi
=
Bugzilla
->
cgi
;
# Clear out the login cookies. Make people log in again if they create an
# Clear out the login cookies. Make people log in again if they create an
# account; otherwise, they'll probably get confused.
# account; otherwise, they'll probably get confused.
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_login'
,
Bugzilla
->
logout
();
-
expires
=>
'Tue, 15-Sep-1998 21:49:00 GMT'
);
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_logincookie'
,
-
expires
=>
'Tue, 15-Sep-1998 21:49:00 GMT'
);
my
$cgi
=
Bugzilla
->
cgi
;
print
$cgi
->
header
();
print
$cgi
->
header
();
my
$login
=
$::FORM
{
'login'
};
my
$login
=
$::FORM
{
'login'
};
...
...
relogin.cgi
View file @
cfc22fd3
...
@@ -23,7 +23,6 @@
...
@@ -23,7 +23,6 @@
use
strict
;
use
strict
;
use
vars
%::
COOKIE
;
use
vars
qw($template $vars)
;
use
vars
qw($template $vars)
;
use
lib
qw(.)
;
use
lib
qw(.)
;
...
@@ -37,33 +36,12 @@ require "CGI.pl";
...
@@ -37,33 +36,12 @@ require "CGI.pl";
ConnectToDatabase
();
ConnectToDatabase
();
quietly_check_login
();
quietly_check_login
();
my
$cgi
=
Bugzilla
->
cgi
;
Bugzilla
->
logout
();
if
(
$::userid
)
{
# Even though we know the userid must match, we still check it in the
# SQL as a sanity check, since there is no locking here, and if
# the user logged out from two machines simulataniously, while someone
# else logged in and got the same cookie, we could be logging the
# other user out here. Yes, this is very very very unlikely, but why
# take chances? - bbaetz
SendSQL
(
"DELETE FROM logincookies WHERE cookie = "
.
SqlQuote
(
$::COOKIE
{
"Bugzilla_logincookie"
})
.
"AND userid = $::userid"
);
}
$cgi
->
send_cookie
(
-
name
=>
"Bugzilla_login"
,
my
$cgi
=
Bugzilla
->
cgi
;
-
expires
=>
"Tue, 15-Sep-1998 21:49:00 GMT"
);
print
$cgi
->
header
();
$cgi
->
send_cookie
(
-
name
=>
"Bugzilla_logincookie"
,
-
expires
=>
"Tue, 15-Sep-1998 21:49:00 GMT"
);
delete
$::COOKIE
{
"Bugzilla_login"
};
$vars
->
{
'message'
}
=
"logged_out"
;
$vars
->
{
'message'
}
=
"logged_out"
;
# This entire script should eventually just become a call to Bugzilla->logout
Bugzilla
->
logout
;
print
$cgi
->
header
();
$template
->
process
(
"global/message.html.tmpl"
,
$vars
)
$template
->
process
(
"global/message.html.tmpl"
,
$vars
)
||
ThrowTemplateError
(
$template
->
error
());
||
ThrowTemplateError
(
$template
->
error
());
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment