1624853 – Authentication cookie not set on Bugzilla 5

Bug 1624853 - Authentication cookie not set on Bugzilla 5

Summary: Authentication cookie not set on Bugzilla 5

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Bugzilla
Classification:	Community
Component:	WebService
Sub Component:
Version:	5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	PnT DevOps Devs
QA Contact:	tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-09-03 12:41 UTC by Lubomír Sedlář
Modified:	2025-10-16 23:52 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2018-09-05 06:11:02 UTC
Embargoed:

Attachments	(Terms of Use)
Reproducer script (336 bytes, text/plain) 2018-09-03 12:41 UTC, Lubomír Sedlář	no flags	Details
View All

Description Lubomír Sedlář 2018-09-03 12:41:52 UTC

Created attachment 1480534 [details]
Reproducer script

Description of problem:
I was testing bugzilla integration code on dist-git against Bugzilla 5. It seems to work fine for queries that don't need authentication. I can't query bugs that require user to be logged in.

The code calls User.login and relies on authentication cookies in further calls. These cookies do not seem to get set on Bugzilla 5.

Version-Release number of selected component:
Whatever is currently deployed as https://bugzilla5.redhat.com/xmlrpc.cgi


How reproducible:
Always

Steps to Reproduce:
1. Set BZ_USER and BZ_PASS environment variables to valid login credentials.
2. Run following script:

import os
import xmlrpclib
import kobo.xmlrpc

url = 'https://bugzilla5.redhat.com/xmlrpc.cgi'

transport = kobo.xmlrpc.SafeCookieTransport()
client = xmlrpclib.ServerProxy(url, transport=transport)
client.User.login(
    {"login": os.environ["BZ_USER"],
     "password": os.environ["BZ_PASS"]}
)
print(client._ServerProxy__transport.cookiejar)

Actual results:
<CookieJar[<Cookie BIGipServer~prod~bugzilla5-app-http=2358969610.20480.0000 for bugzilla5.redhat.com/>]>

Expected results:
When running against https://bugzilla.redhat.com/ I get this:
<CookieJar[<Cookie Bugzilla_login=208684 for .bugzilla.redhat.com/>, <Cookie Bugzilla_logincookie=VjEOvDHuug for .bugzilla.redhat.com/>]>

Additional info:
I'm not sure that the different cookies are actually the problem. All I observe is that after login I get error for some bugs saying I need to log in. The credentials are ok, I can use them in web UI and they work correctly.

Comment 1 Philip Gunter 2018-09-05 03:06:47 UTC

Lubomír can you retest against partner-bugzilla.redhat.com? Partner has been upgraded to Bugzilla5 and is using the same F5 configuration as we'll use for production. I just want to see if this resolves the F5 issues.

Comment 2 Lubomír Sedlář 2018-09-05 05:58:06 UTC

On that instance I don't get any cookie at all.


$ python cookie.py 
<CookieJar[]>


As a workaround, it seems to work if I take the token returned by the login call and add it to all calls as "token" argument. Is that correct behaviour?

Comment 3 Jeff Fearn 🐞 2018-09-05 06:11:02 UTC

(In reply to Lubomír Sedlář from comment #2)
> As a workaround, it seems to work if I take the token returned by the login
> call and add it to all calls as "token" argument. Is that correct behaviour?

Yes it is. It's been so long since that changed I forgot about it :}

It is documented in the FAQ that the API no longer supports cookies.

https://partner-bugzilla.redhat.com/page.cgi?id=faq.html#using-the-bugzilla-api

Comment 4 Lubomír Sedlář 2018-09-05 06:25:57 UTC

Thank you for the information. I'm not sure how I managed to miss that part of documentation.

FYI the fix is then https://code.engineering.redhat.com/gerrit/#/c/148982/

Note You need to log in before you can comment on or make changes to this bug.