[Rt-commit] rt branch 5.0/rest2-handle-invalid-cookie-login created. rt-5.0.2-26-g38b4040c3f
BPS Git Server
git at git.bestpractical.com
Mon Oct 4 13:53:23 UTC 2021
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/rest2-handle-invalid-cookie-login has been created
at 38b4040c3f6978e6d3fc90d946b14cfc997be1c8 (commit)
- Log -----------------------------------------------------------------
commit 38b4040c3f6978e6d3fc90d946b14cfc997be1c8
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat Oct 2 06:55:51 2021 +0800
Fix server fatal error for invalid cookie logins in REST2
When current session is invalid, RT sends a new session id back to agent
via HTTP "Set-Cookie" header, which works fine in web UI. But since
REST2 didn't have cgi_request object that's needed to send HTTP headers,
this would error out:
Can't call method "err_headers_out" on an undefined value
This commit makes a temp cgi_request object to get around this issue.
Like in web UI, here we also send new session id back to agent,
otherwise the new session id would never be used, which is a waste.
diff --git a/lib/RT/REST2/Middleware/Auth.pm b/lib/RT/REST2/Middleware/Auth.pm
index 24a4a8ecc6..b082d757b2 100644
--- a/lib/RT/REST2/Middleware/Auth.pm
+++ b/lib/RT/REST2/Middleware/Auth.pm
@@ -89,11 +89,16 @@ sub login_from_cookie {
local *RT::Interface::Web::RequestENV = sub { return $env->{$_[0]} };
local *HTML::Mason::Commands::session;
+ local $HTML::Mason::Commands::r = HTML::Mason::FakeApache->new;
RT::Interface::Web::LoadSessionFromCookie();
+
if (RT::Interface::Web::_UserLoggedIn) {
return $HTML::Mason::Commands::session{CurrentUser};
}
+ else {
+ $env->{err_headers_out} = $HTML::Mason::Commands::r->err_headers_out;
+ }
}
return;
@@ -165,7 +170,7 @@ sub unauthorized {
my $url = RT->Config->Get('WebPath') . '/';
return [
302,
- [ 'Location' => $url ],
+ [ 'Location' => $url, %{$env->{err_headers_out} || {}} ],
[ "Login required" ],
];
}
commit bb221cef051c57171bbb73e1471c54989d5845b3
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat Oct 2 05:06:43 2021 +0800
Drop old REST2 code that's for RT4
diff --git a/lib/RT/REST2/Middleware/Auth.pm b/lib/RT/REST2/Middleware/Auth.pm
index 4fdc7469c8..24a4a8ecc6 100644
--- a/lib/RT/REST2/Middleware/Auth.pm
+++ b/lib/RT/REST2/Middleware/Auth.pm
@@ -86,12 +86,7 @@ sub login_from_cookie {
# this is foul but LoadSessionFromCookie doesn't have a hook for
# saying "look up cookie in my $env". this beats duplicating
# LoadSessionFromCookie
- local *RT::Interface::Web::RequestENV = sub { return $env->{$_[0]} }
- if RT::Handle::cmp_version($RT::VERSION, '4.4.0') >= 0;
-
- # similar but for 4.2
- local %ENV = %$env
- if RT::Handle::cmp_version($RT::VERSION, '4.4.0') < 0;
+ local *RT::Interface::Web::RequestENV = sub { return $env->{$_[0]} };
local *HTML::Mason::Commands::session;
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list