Description of problem: Bugzilla XML-RPC interface should provide a method to verify if some cookie is still valid for some bugzilla user. The motivation is that user may log in using User.login() and store authentication cookie in the cookie file an re-use it in subsequent run of various scripts using XML-RPC. Currently, there does not seem to be an easy way to verify if cookie is still valid (possible workaround is to verify if user names or email addresses are returned in query results), and whether cookie is for specific user. I used to (ab)use User.login without any argument to get (part of) that information, which returned non-0 user id if cookie was still valid, or 0 otherwise. However, that is no longer possible after following upstream change was deployed on parter-bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=445885 Possible API: User.isValidCookie($bugzilla_login), possibly with $bugzilla_login being optional, giving answer to a question whether cookie is valid for session of any / specified user. Version-Release number of selected component (if applicable): partner-bugzilla instance as of 2008-07-22
Noura, with the latest change upstream that was requested and I applied the patch, User.login() now requires that login/password be defined or else it throws an user error. It is not likely that this patch will be reverted as I am sure upstream will not deem this critical. So could you implement a method that will silently call Bugzilla->login() and will return 1/0 if the user is authenticated or not. The param { login => $email } could be required just as some extra validation against any kind of spoofing attack. I recommend we keep the method name short such as User.validCookie or User.validLogin, doesn't matter. So basically it would be package Bugzilla::WebService::User; sub validCookie { my ($self, $params) = @_; Bugzilla->login(); if (Bugzilla->user->id && Bugzilla->user->login eq $params->{login}) { return 1; } else { return 0; } } What do you think? Dave
Created attachment 312414 [details] v1 for new xmlrpc function User.valid_cookie Hi Dave, Based on your suggestion, I created the attached patch with the function, I think it a good idea. Thanks, Noura
Comment on attachment 312414 [details] v1 for new xmlrpc function User.valid_cookie Please add: defined $params->{login} || ThrowCodeError('param_required', { param => 'login' }); before Bugzilla->login() and update the docs. Looks good so go ahead and checkin after. Dave
Thanks for the review Dave, Patch is committed now with your suggestions. Noura
Thanks! Seems to work fine.