Description of problem: Property logged_in returns False positive when token for other user is present. Any bug manipulation will fail (as expected). Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. login in as one user, let it create .bugzillatoken 2. remove .bugzillacookie and password from .bugzillarc, change name in .bugzillarc to different user Actual results: logged_in returns true, any bug manipulation (add a comment) will fail Expected results: logged_in returns false Additional info: I use logged_in to verify that token is true, to use the token both token and name must be provided to the server, so I verify it using this code: try: uid = int(token.split('-')[0]) user = bz._proxy.User.get({'ids': [uid]}) if user['users'][0]['name'] == user: return True except: pass return False
Thanks for the report. What python-bugzilla version is this? I tried to reproduce but couldn't, but I'm not sure if I followed your steps correctly. Can you try to distill a reproducer to a concrete set of shell commands, and then a test script with: logging.basicConfig(level=logging.DEBUG) in it, and post the full results
Seems I was wrong. Verify function for bugzilla >=5.0 requires both token and username, but it seems that present function ignores username completely. When I tried wrong combination of username and token, it did not work, but it does now, so I probably made some mistake. If you agree, we can close this bug, probably as "worksforme".
Okay, closing. thanks for testing FWIW if you ever need to do bugzilla testing, you can use the public partner-bugzilla.redhat.com instance: shares same login credentials, but the content is wiped and synced with bugzilla.redhat.com every now and then.