From: Dylan William Hardison Date: Fri, 25 Jan 2019 15:52:07 +0000 (-0500) Subject: no bug - Use BUGZILLA_ALLOW_INSECURE_HTTP instead of MOJO_TEST and BUGZILLA_UNSAFE_AU... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da0730826753274e4c14821077143aa354e15123;p=thirdparty%2Fbugzilla.git no bug - Use BUGZILLA_ALLOW_INSECURE_HTTP instead of MOJO_TEST and BUGZILLA_UNSAFE_AUTH_DELEGATION --- diff --git a/Bugzilla/App/Plugin/OAuth2.pm b/Bugzilla/App/Plugin/OAuth2.pm index 3f2951de7..e49278c8d 100644 --- a/Bugzilla/App/Plugin/OAuth2.pm +++ b/Bugzilla/App/Plugin/OAuth2.pm @@ -119,7 +119,7 @@ sub _verify_client { return (0, 'invalid_scope'); } - if (!$ENV{MOJO_TEST} && Mojo::URL->new($redirect_uri)->scheme ne 'https') { + if (!$ENV{BUGZILLA_ALLOW_INSECURE_HTTP} && Mojo::URL->new($redirect_uri)->scheme ne 'https') { INFO("invalid_redirect_uri: $redirect_uri"); return (0, 'invalid_redirect_uri'); } diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 4ae0d7338..4c2cb5d45 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -48,7 +48,7 @@ our @EXPORT = qw( use constant HTTPD_ENV => qw( LOCALCONFIG_ENV - BUGZILLA_UNSAFE_AUTH_DELEGATION + BUGZILLA_ALLOW_INSECURE_HTTP LOG4PERL_CONFIG_FILE LOG4PERL_STDERR_DISABLE USE_NYTPROF diff --git a/README.rst b/README.rst index b47aa1d56..2a3142ef8 100644 --- a/README.rst +++ b/README.rst @@ -292,8 +292,8 @@ MOJO_CLIENTS this value and increase "MOJO_WORKERS" instead for better performance. Default: 200 -BUGZILLA_UNSAFE_AUTH_DELEGATION - This should never be set in production. It allows auth delegation over http. +BUGZILLA_ALLOW_INSECURE_HTTP + This should never be set in production. It allows auth delegation and oauth over http. BMO_urlbase The public url for this instance. Note that if this begins with https:// diff --git a/auth.cgi b/auth.cgi index 66405fcb1..3fc5f50d9 100755 --- a/auth.cgi +++ b/auth.cgi @@ -47,7 +47,7 @@ ThrowUserError("auth_delegation_invalid_description") my $callback_uri = URI->new($callback); -my $legal_protocol = $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION} +my $legal_protocol = $ENV{BUGZILLA_ALLOW_INSECURE_HTTP} ? qr/^https?$/i # http or https : qr/^https$/i; # https only diff --git a/docker-compose.yml b/docker-compose.yml index b00c6bc03..8f2f6a34e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,7 +18,7 @@ services: environment: &bmo_env - LOCALCONFIG_ENV=1 - LOG4PERL_CONFIG_FILE=log4perl-docker.conf - - BUGZILLA_UNSAFE_AUTH_DELEGATION=1 + - BUGZILLA_ALLOW_INSECURE_HTTP=1 - HTTP_BACKEND=simple - PORT=80 - BMO_db_host=bmo-db.vm diff --git a/t/mojo-oauth2.t b/t/mojo-oauth2.t index a5cb3defd..e1e59abe6 100644 --- a/t/mojo-oauth2.t +++ b/t/mojo-oauth2.t @@ -11,9 +11,9 @@ use 5.10.1; use lib qw( . lib local/lib/perl5 ); BEGIN { - $ENV{LOG4PERL_CONFIG_FILE} = 'log4perl-t.conf'; - $ENV{BUGZILLA_DISABLE_HOSTAGE} = 1; - $ENV{MOJO_TEST} = 1; + $ENV{LOG4PERL_CONFIG_FILE} = 'log4perl-t.conf'; + $ENV{BUGZILLA_DISABLE_HOSTAGE} = 1; + $ENV{BUGZILLA_ALLOW_INSECURE_HTTP} = 1; } use Bugzilla::Test::MockDB; diff --git a/vagrant_support/start_morbo b/vagrant_support/start_morbo index 926655b2e..8909282f4 100644 --- a/vagrant_support/start_morbo +++ b/vagrant_support/start_morbo @@ -1,10 +1,12 @@ #!/usr/bin/env perl -$ENV{PERL5LIB} = '/vagrant/local/lib/perl5'; -$ENV{PATH} = "/vagrant/local/bin:$ENV{PATH}"; -$ENV{MOJO_LISTEN} = 'http://*:80'; +$ENV{PERL5LIB} = '/vagrant/local/lib/perl5'; +$ENV{PATH} = "/vagrant/local/bin:$ENV{PATH}"; +$ENV{MOJO_LISTEN} = 'http://*:80'; +$ENV{BUGZILLA_ALLOW_INSECURE_HTTP} = 1; -my @files = ('Bugzilla.pm', 'Bugzilla', glob("*.cgi"), 'extensions', 'template'); -my @watch= map { ('-w' => $_) } (@files); +my @files + = ('Bugzilla.pm', 'Bugzilla', glob("*.cgi"), 'extensions', 'template'); +my @watch = map { ('-w' => $_) } (@files); system morbo => @watch, '-v', 'bugzilla.pl';