From eaefaf63be7f083b601505e20eb88e658f355a0b Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 7 Oct 2014 12:40:13 +0200 Subject: [PATCH] authenticate: fix bugzilla.redhat.com issues (4.4.x) There are two problems in the authenticate() subroutine. The first is that git-send-bugzilla sends a GET request, even though it should send a POST. This is remedied by replacing "mech->submit" with the more explicit "mech->submit_form", where the login button is explicitly selected for clicking. The second problem is documented here: https://jira.almworks.com/browse/DZO-1189 Basically, the POST request for logging in must contain the valid Bugzilla_login_token value that the initial GET returned. Unfortunately, the initial GET doesn't return such a Bugzilla_login_token at all, because Bugzilla 4.4.x (erroneously) provides that only if the initial GET contains Bugzilla_login_request_cookie. Since we don't do that on the initial get, we receive no Bugzilla_login_token, and then the POST request is rejected. This is fixed by sending the initial GET twice -- the first GET will makes sure we set Bugzilla_login_request_cookie on the second, and the second (now correct) GET makes sure that Bugzilla_login_token is set in the response. We then reflect Bugzilla_login_token in the login POST request. Signed-off-by: Laszlo Ersek --- git-send-bugzilla.pl | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/git-send-bugzilla.pl b/git-send-bugzilla.pl index 219cdcc..98582c4 100755 --- a/git-send-bugzilla.pl +++ b/git-send-bugzilla.pl @@ -42,10 +42,16 @@ sub authenticate { $mech->get("$url?GoAheadAndLogIn=1"); die "Can't fetch login form: ", $mech->res->status_line unless $mech->success; + $mech->get("$url?GoAheadAndLogIn=1"); + + $mech->submit_form( + with_fields => { + Bugzilla_login => $username, + Bugzilla_password => $password + }, + button => "GoAheadAndLogIn" + ); - $mech->set_fields(Bugzilla_login => $username, - Bugzilla_password => $password); - $mech->submit; die "Login submission failed: ", $mech->res->status_line unless $mech->success; die "Invalid login or password\n" if $mech->title =~ /Invalid/i; -- 1.8.3.1