Skip to content

bugzilla
bugzilla
Commit 38b44914 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 344106: Error upgrading Bugzilla to version 2.23.2+ with perl 5.8.0 - Patch…

Bug 344106: Error upgrading Bugzilla to version 2.23.2+ with perl 5.8.0 - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=myk
parent 8b6eecc5
Hide whitespace changes
Inline Side-by-side
Showing with 34 additions and 45 deletions
Bugzilla/Auth.pm
View file @ 38b44914
......@@ -36,8 +36,6 @@ use Bugzilla::Auth::Login::Stack;
use Bugzilla::Auth::Verify::Stack;
use Bugzilla::Auth::Persist::Cookie;
use Switch;
sub new {
my ($class, $params) = @_;
my $self = fields::new($class);
......@@ -149,50 +147,41 @@ sub _handle_login_result {
$self->{_persister}->persist_login($user);
}
}
else {
switch ($fail_code) {
case AUTH_ERROR {
ThrowCodeError($result->{error}, $result->{details});
}
case AUTH_NODATA {
if ($login_type == LOGIN_REQUIRED) {
# This seems like as good as time as any to get rid of
# old crufty junk in the logincookies table. Get rid
# of any entry that hasn't been used in a month.
$dbh->do("DELETE FROM logincookies WHERE " .
$dbh->sql_to_days('NOW()') . " - " .
$dbh->sql_to_days('lastused') . " > 30");
$self->{_info_getter}->fail_nodata($self);
}
# Otherwise, we just return the "default" user.
$user = Bugzilla->user;
}
# The username/password may be wrong
# Don't let the user know whether the username exists or whether
# the password was just wrong. (This makes it harder for a cracker
# to find account names by brute force)
case [AUTH_LOGINFAILED, AUTH_NO_SUCH_USER] {
ThrowUserError("invalid_username_or_password");
}
# The account may be disabled
case AUTH_DISABLED {
$self->{_persister}->logout();
# XXX This is NOT a good way to do this, architecturally.
$self->{_persister}->clear_browser_cookies();
# and throw a user error
ThrowUserError("account_disabled",
{'disabled_reason' => $result->{user}->disabledtext});
}
# If we get here, then we've run out of options, which
# shouldn't happen.
else {
ThrowCodeError("authres_unhandled",
{ value => $fail_code });
}
elsif ($fail_code == AUTH_ERROR) {
ThrowCodeError($result->{error}, $result->{details});
}
elsif ($fail_code == AUTH_NODATA) {
if ($login_type == LOGIN_REQUIRED) {
# This seems like as good as time as any to get rid of
# old crufty junk in the logincookies table. Get rid
# of any entry that hasn't been used in a month.
$dbh->do("DELETE FROM logincookies WHERE " .
$dbh->sql_to_days('NOW()') . " - " .
$dbh->sql_to_days('lastused') . " > 30");
$self->{_info_getter}->fail_nodata($self);
}
# Otherwise, we just return the "default" user.
$user = Bugzilla->user;
}
# The username/password may be wrong
# Don't let the user know whether the username exists or whether
# the password was just wrong. (This makes it harder for a cracker
# to find account names by brute force)
elsif (($fail_code == AUTH_LOGINFAILED) || ($fail_code == AUTH_NO_SUCH_USER)) {
ThrowUserError("invalid_username_or_password");
}
# The account may be disabled
elsif ($fail_code == AUTH_DISABLED) {
$self->{_persister}->logout();
# XXX This is NOT a good way to do this, architecturally.
$self->{_persister}->clear_browser_cookies();
# and throw a user error
ThrowUserError("account_disabled",
{'disabled_reason' => $result->{user}->disabledtext});
}
# If we get here, then we've run out of options, which shouldn't happen.
else {
ThrowCodeError("authres_unhandled", { value => $fail_code });
}
return $user;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment