]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3aea7c7)
Bug 1557779 - OAuth flow broken when user is not already logged in *and* uses duo...
authordklawren <dklawren@users.noreply.github.com>
Mon, 10 Jun 2019 20:18:13 +0000 (16:18 -0400)
committerGitHub <noreply@github.com>
Mon, 10 Jun 2019 20:18:13 +0000 (16:18 -0400)
Bugzilla.pm patch | blob | blame | history

diff --git a/Bugzilla.pm b/Bugzilla.pm
index 89bf3bc77acd05290160d9dd9f01893a15fbf8f2..8ab2f48c49735a37d91115cc22256e9a89f9b768 100644 (file)
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -283,9 +283,10 @@ sub login {
   # At this point, we now know if a real person is logged in.
 
   # Check if a password reset is required
-  my $cgi         = Bugzilla->cgi;
-  my $script_name = $cgi->script_name;
-  my $do_logout   = $cgi->param('logout');
+  my $cgi           = Bugzilla->cgi;
+  my $script_name   = $cgi->script_name;
+  my $do_logout     = $cgi->param('logout');
+  my $on_token_page = $script_name eq '/token.cgi';
 
   if ($authenticated_user->password_change_required) {
 
@@ -319,7 +320,6 @@ sub login {
     my $expired      = defined $date && $date < DateTime->now;
     my $on_mfa_page
       = $script_name eq '/userprefs.cgi' && $cgi->param('tab') eq 'mfa';
-    my $on_token_page = $script_name eq '/token.cgi';
 
     Bugzilla->request_cache->{mfa_warning}              = 1;
     Bugzilla->request_cache->{mfa_grace_period_expired} = $expired;
@@ -393,9 +393,12 @@ sub login {
 
   # If Mojo native app is requesting login, we need to possibly redirect
   my $C = $Bugzilla::App::CGI::C;
-  if ($C->session->{override_login_target}) {
-    my $mojo_url = Mojo::URL->new($C->session->{override_login_target});
-    $mojo_url->query($C->session->{cgi_params});
+  my $session = $C->session;
+  if (!$on_token_page && $session->{override_login_target}) {
+    my $override_login_target = delete $session->{override_login_target};
+    my $cgi_params            = delete $session->{cgi_params};
+    my $mojo_url              = Mojo::URL->new($override_login_target);
+    $mojo_url->query($cgi_params);
     $C->redirect_to($mojo_url);
   }
 
Mirror of https://github.com/bugzilla/bugzilla.git