Bug 173761 Need ability to always require login

patch by joel r=gerv, a=justdave

Bug 173761 Need ability to always require login
bc3da73c · bugreport%peshkin.net · f4501251 · bc3da73c · bc3da73c · bc3da73c
Commit bc3da73c authored Nov 27, 2002 by bugreport%peshkin.net
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 6 deletions

CGI.pl CGI.pl +19 -4

defparams.pl defparams.pl +9 -0

index.cgi index.cgi +1 -1

token.cgi token.cgi +1 -1

No files found.
--- a/CGI.pl
+++ b/CGI.pl
@@ -219,7 +219,14 @@ sub get_netaddr {
    return join(".", unpack("CCCC", pack("N", $addr)));
 }

-sub quietly_check_login() {
+my $login_cookie_set = 0;
+# If quietly_check_login is called with no arguments and logins are
+# required, it will prompt for a login.
+sub quietly_check_login {
+    if (Param('requirelogin') && !(@_)) {
+        confirm_login();
+        return;
+    }
    $::disabledreason = '';
    my $userid = 0;
    my $ipaddr = $ENV{'REMOTE_ADDR'};
@@ -561,11 +568,19 @@ sub confirm_login {

       $::COOKIE{"Bugzilla_logincookie"} = $logincookie;
       my $cookiepath = Param("cookiepath");
-       print "Set-Cookie: Bugzilla_login= " . url_quote($enteredlogin) . " ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-       print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+       if ($login_cookie_set == 0) {
+           $login_cookie_set = 1;
+           print "Set-Cookie: Bugzilla_login= " . url_quote($enteredlogin) . " ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+           print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+       }
    }

-    $userid = quietly_check_login();
+    # If anonymous logins are disabled, quietly_check_login will force
+    # the user to log in by calling confirm_login() when called by any 
+    # code that does not call it with an argument. When confirm_login
+    # calls quietly_check_login, it must not result in confirm_login
+    # being called back.
+    $userid = quietly_check_login('do_not_recurse_here');

    if (!$userid) {
        if ($::disabledreason) {

--- a/defparams.pl
+++ b/defparams.pl
@@ -964,6 +964,15 @@ Reason: %reason%
  },

  {
+   name => 'requirelogin',
+   desc => 'If this option is set, all access to the system beyond the ' .
+           ' front page will require a login. No anonymous users will ' .
+           ' be permitted.',
+   type => 'b',
+   default => '0'
+  },
+
+  {
   name => 'usermatchmode',
   desc => 'Allow match strings to be entered for user names when entering ' .
           'and editing bugs.  <p>' .

--- a/index.cgi
+++ b/index.cgi
@@ -45,7 +45,7 @@ use vars qw(
 ConnectToDatabase();

 # Check whether or not the user is logged in and, if so, set the $::userid 
-quietly_check_login();
+quietly_check_login('permit_anonymous');

 ###############################################################################
 # Main Body Execution

--- a/token.cgi
+++ b/token.cgi
@@ -36,7 +36,7 @@ require "CGI.pl";

 # Establish a connection to the database backend.
 ConnectToDatabase();
-quietly_check_login();
+quietly_check_login('permit_anonymous');

 # Use the "Token" module that contains functions for doing various
 # token-related tasks.