tui/SOURCES/ersek-authenticate-fix-bugz...

From eaefaf63be7f083b601505e20eb88e658f355a0b Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 7 Oct 2014 12:40:13 +0200
Subject: [PATCH] authenticate: fix bugzilla.redhat.com issues (4.4.x)

There are two problems in the authenticate() subroutine.

The first is that git-send-bugzilla sends a GET request, even though it
should send a POST. This is remedied by replacing "mech->submit" with the
more explicit "mech->submit_form", where the login button is explicitly
selected for clicking.

The second problem is documented here:

https://jira.almworks.com/browse/DZO-1189

Basically, the POST request for logging in must contain the valid
Bugzilla_login_token value that the initial GET returned.

Unfortunately, the initial GET doesn't return such a Bugzilla_login_token
at all, because Bugzilla 4.4.x (erroneously) provides that only if the
initial GET contains Bugzilla_login_request_cookie. Since we don't do that
on the initial get, we receive no Bugzilla_login_token, and then the POST
request is rejected.

This is fixed by sending the initial GET twice -- the first GET will makes
sure we set Bugzilla_login_request_cookie on the second, and the second
(now correct) GET makes sure that Bugzilla_login_token is set in the
response. We then reflect Bugzilla_login_token in the login POST request.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 git-send-bugzilla.pl | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/git-send-bugzilla.pl b/git-send-bugzilla.pl
index 219cdcc..98582c4 100755
--- a/git-send-bugzilla.pl
+++ b/git-send-bugzilla.pl
@@ -42,10 +42,16 @@ sub authenticate {
 	$mech->get("$url?GoAheadAndLogIn=1");
 	die "Can't fetch login form: ", $mech->res->status_line
 		unless $mech->success;
+	$mech->get("$url?GoAheadAndLogIn=1");
+
+	$mech->submit_form(
+		with_fields => {
+			Bugzilla_login => $username,
+			Bugzilla_password => $password
+		},
+		button => "GoAheadAndLogIn"
+	);
 
-	$mech->set_fields(Bugzilla_login => $username,
-			  Bugzilla_password => $password);
-	$mech->submit;
 	die "Login submission failed: ", $mech->res->status_line
 		unless $mech->success;
 	die "Invalid login or password\n" if $mech->title =~ /Invalid/i;
-- 
1.8.3.1
git-bugzilla package creation Signed-off-by: tuibuilder_pel7x64builder0 <tuibuilder@powerel.org> 5 years ago			`From eaefaf63be7f083b601505e20eb88e658f355a0b Mon Sep 17 00:00:00 2001`
			`From: Laszlo Ersek <lersek@redhat.com>`
			`Date: Tue, 7 Oct 2014 12:40:13 +0200`
			`Subject: [PATCH] authenticate: fix bugzilla.redhat.com issues (4.4.x)`

			`There are two problems in the authenticate() subroutine.`

			`The first is that git-send-bugzilla sends a GET request, even though it`
			`should send a POST. This is remedied by replacing "mech->submit" with the`
			`more explicit "mech->submit_form", where the login button is explicitly`
			`selected for clicking.`

			`The second problem is documented here:`

			`https://jira.almworks.com/browse/DZO-1189`

			`Basically, the POST request for logging in must contain the valid`
			`Bugzilla_login_token value that the initial GET returned.`

			`Unfortunately, the initial GET doesn't return such a Bugzilla_login_token`
			`at all, because Bugzilla 4.4.x (erroneously) provides that only if the`
			`initial GET contains Bugzilla_login_request_cookie. Since we don't do that`
			`on the initial get, we receive no Bugzilla_login_token, and then the POST`
			`request is rejected.`

			`This is fixed by sending the initial GET twice -- the first GET will makes`
			`sure we set Bugzilla_login_request_cookie on the second, and the second`
			`(now correct) GET makes sure that Bugzilla_login_token is set in the`
			`response. We then reflect Bugzilla_login_token in the login POST request.`

			`Signed-off-by: Laszlo Ersek <lersek@redhat.com>`
			`---`
			`git-send-bugzilla.pl \| 12 +++++++++---`
			`1 file changed, 9 insertions(+), 3 deletions(-)`

			`diff --git a/git-send-bugzilla.pl b/git-send-bugzilla.pl`
			`index 219cdcc..98582c4 100755`
			`--- a/git-send-bugzilla.pl`
			`+++ b/git-send-bugzilla.pl`
			`@@ -42,10 +42,16 @@ sub authenticate {`
			`$mech->get("$url?GoAheadAndLogIn=1");`
			`die "Can't fetch login form: ", $mech->res->status_line`
			`unless $mech->success;`
			`+ $mech->get("$url?GoAheadAndLogIn=1");`
			`+`
			`+ $mech->submit_form(`
			`+ with_fields => {`
			`+ Bugzilla_login => $username,`
			`+ Bugzilla_password => $password`
			`+ },`
			`+ button => "GoAheadAndLogIn"`
			`+ );`

			`- $mech->set_fields(Bugzilla_login => $username,`
			`- Bugzilla_password => $password);`
			`- $mech->submit;`
			`die "Login submission failed: ", $mech->res->status_line`
			`unless $mech->success;`
			`die "Invalid login or password\n" if $mech->title =~ /Invalid/i;`
			`--`
			`1.8.3.1`