Backing out bug 241900

6 files changed, 44 insertions, 126 deletions

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e6cf27963..dcea8189a 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -18,7 +18,6 @@
 # Rights Reserved.
 #
 # Contributor(s): Bradley Baetz <bbaetz@acm.org>
-#                 Erik Stambaugh <erik@dasbistro.com>
 
 package Bugzilla::Auth;
 
@@ -27,25 +26,19 @@ use strict;
 use Bugzilla::Config;
 use Bugzilla::Constants;
 
-# This is here for lack of a better place for it.  I considered making it
-# part of the user object, but that object doesn't necessarily point to a
-# currently authenticated user.
-#
-# I'm willing to accept suggestions for somewhere else to put it.
-my $current_verify_method = undef;
-
-# 'inherit' from the main verify method
+# 'inherit' from the main loginmethod
 BEGIN {
-    for my $verifymethod (split /,\s*/, Param("user_verify_method")) {
-        if ($verifymethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
-            $verifymethod = $1;
+    my $loginmethod = Param("loginmethod");
+    if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
+        $loginmethod = $1;
     }
     else {
-            die "Badly-named user_verify_method '$verifymethod'";
+        die "Badly-named loginmethod '$loginmethod'";
     }
-        require "Bugzilla/Auth/Verify/" . $verifymethod . ".pm";
+    require "Bugzilla/Auth/" . $loginmethod . ".pm";
 
-    }
+    our @ISA;
+    push (@ISA, "Bugzilla::Auth::" . $loginmethod);
 }
 
 # PRIVATE
@@ -68,46 +61,6 @@ sub get_netaddr {
     return join(".", unpack("CCCC", pack("N", $addr)));
 }
 
-# This is a replacement for the inherited authenticate function
-# go through each of the available methods for each function
-sub authenticate {
-    my $self = shift;
-    my @args   = @_;
-    my @firstresult = ();
-    my @result = ();
-    for my $method (split /,\s*/, Param("user_verify_method")) {
-        $method = "Bugzilla::Auth::Verify::" . $method;
-        @result = $method->authenticate(@args);
-        @firstresult = @result unless @firstresult;
-
-        if (($result[0] != AUTH_NODATA)&&($result[0] != AUTH_LOGINFAILED)) {
-            $current_verify_method = $method;
-            return @result;
-        }
-    }
-    @result = @firstresult;
-    # no auth match
-
-    # see if we can set $current to the first verify method that
-    # will allow a new login
-
-    for my $method (split /,\s*/, Param("user_verify_method")) {
-        $method = "Bugzilla::Auth::Verify::" . $method;
-        if ($method::can_edit->{'new'}) {
-            $current_verify_method = $method;
-        }
-    }
-
-    return @result;
-}
-
-sub can_edit {
-    if ($current_verify_method) {
-        return $current_verify_method->{'can_edit'};
-    }
-    return {};
-}
-
 1;
 
 __END__
@@ -125,8 +78,16 @@ used to obtain the data (from CGI, email, etc), and the other set uses
 this data to authenticate against the datasource (the Bugzilla DB, LDAP,
 cookies, etc).
 
-Modules for obtaining the data are located under L<Bugzilla::Auth::Login>, and
-modules for authenticating are located in L<Bugzilla::Auth::Verify>.
+The handlers for the various types of authentication
+(DB/LDAP/cookies/etc) provide the actual code for each specific method
+of authentication.
+
+The source modules (currently, only
+L<Bugzilla::Auth::CGI|Bugzilla::Auth::CGI>) then use those methods to do
+the authentication.
+
+I<Bugzilla::Auth> itself inherits from the default authentication handler,
+identified by the I<loginmethod> param.
 
 =head1 METHODS
 
@@ -147,9 +108,7 @@ only some addresses.
 =head1 AUTHENTICATION
 
 Authentication modules check a user's credentials (username, password,
-etc) to verify who the user is.  The methods that C<Bugzilla::Auth> uses for
-authentication are wrappers that check all configured modules (via the
-C<Param('user_info_method')> and C<Param('user_verify_method')>) in sequence.
+etc) to verify who the user is.
 
 =head2 METHODS
 
@@ -216,36 +175,19 @@ Note that this argument is a string, not a tag.
 
 =back
 
-=item C<current_verify_method>
-
-This scalar gets populated with the full name (eg.,
-C<Bugzilla::Auth::Verify::DB>) of the verification method being used by the
-current user.  If no user is logged in, it will contain the name of the first
-method that allows new users, if any.  Otherwise, it carries an undefined
-value.
-
 =item C<can_edit>
 
-This determines if the user's account details can be modified.  It returns a
-reference to a hash with the keys C<userid>, C<login_name>, and C<realname>,
-which determine whether their respective profile values may be altered, and
-C<new>, which determines if new accounts may be created.
-
-Each user verification method (chosen with C<Param('user_verify_method')> has
-its own set of can_edit values.  Calls to can_edit return the appropriate
-values for the current user's login method.
-
-If a user is not logged in, C<can_edit> will contain the values of the first
-verify method that allows new users to be created, if available.  Otherwise it
-returns an empty hash.
+This determines if the user's account details can be modified. If this
+method returns a C<true> value, then accounts can be created and
+modified through the Bugzilla user interface. Forgotten passwords can
+also be retrieved through the L<Token interface|Bugzilla::Token>.
 
 =back
 
 =head1 LOGINS
 
 A login module can be used to try to log in a Bugzilla user in a
-particular way. For example,
-L<Bugzilla::Auth::Login::CGI|Bugzilla::Auth::Login::CGI>
+particular way. For example, L<Bugzilla::Auth::CGI|Bugzilla::Auth::CGI>
 logs in users from CGI scripts, first by using form variables, and then
 by trying cookies as a fallback.
 
@@ -308,5 +250,5 @@ user-performed password changes.
 
 =head1 SEE ALSO
 
-L<Bugzilla::Auth::Login::CGI>, L<Bugzilla::Auth::Login::CGI::Cookie>, L<Bugzilla::Auth::Verify::DB>
+L<Bugzilla::Auth::CGI>, L<Bugzilla::Auth::Cookie>, L<Bugzilla::Auth::DB>
 
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/CGI.pm
index 2f8ca071d..471e538e9 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/CGI.pm
@@ -25,9 +25,8 @@
 #                 Gervase Markham <gerv@gerv.net>
 #                 Christian Reis <kiko@async.com.br>
 #                 Bradley Baetz <bbaetz@acm.org>
-#                 Erik Stambaugh <erik@dasbistro.com>
 
-package Bugzilla::Auth::Login::CGI;
+package Bugzilla::Auth::CGI;
 
 use strict;
 
@@ -50,7 +49,7 @@ sub login {
     my $username = $cgi->param("Bugzilla_login");
     my $passwd = $cgi->param("Bugzilla_password");
 
-    my $authmethod = Param("user_verify_method");
+    my $authmethod = Param("loginmethod");
     my ($authres, $userid, $extra, $info) =
       Bugzilla::Auth->authenticate($username, $passwd);
 
@@ -99,11 +98,11 @@ sub login {
         $username = $cgi->cookie("Bugzilla_login");
         $passwd = $cgi->cookie("Bugzilla_logincookie");
 
-        require Bugzilla::Auth::Login::CGI::Cookie;
+        require Bugzilla::Auth::Cookie;
         my $authmethod = "Cookie";
 
         ($authres, $userid, $extra) =
-          Bugzilla::Auth::Login::CGI::Cookie->authenticate($username, $passwd);
+          Bugzilla::Auth::Cookie->authenticate($username, $passwd);
 
         # If the data for the cookie was incorrect, then treat that as
         # NODATA. This could occur if the user's IP changed, for example.
@@ -144,7 +143,7 @@ sub login {
                            { 'target' => $cgi->url(-relative=>1),
                              'form' => \%::FORM,
                              'mform' => \%::MFORM,
-                             'caneditaccount' => Bugzilla::Auth->can_edit->{'new'},
+                             'caneditaccount' => Bugzilla::Auth->can_edit,
                            }
                           )
           || ThrowTemplateError($template->error());
@@ -234,7 +233,7 @@ __END__
 
 =head1 NAME
 
-Bugzilla::Auth::Login::CGI - CGI-based logins for Bugzilla
+Bugzilla::Auth::CGI - CGI-based logins for Bugzilla
 
 =head1 SUMMARY
 
@@ -247,7 +246,7 @@ Users are first authenticated against the default authentication handler,
 using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>.
 
 If no data is present for that, then cookies are tried, using
-L<Bugzilla::Auth::Login::CGI::Cookie>.
+L<Bugzilla::Auth::Cookie>.
 
 =head1 SEE ALSO
 
diff --git a/Bugzilla/Auth/Login/CGI/Cookie.pm b/Bugzilla/Auth/Cookie.pm
index 9c0e2e566..b50acbe24 100644
--- a/Bugzilla/Auth/Login/CGI/Cookie.pm
+++ b/Bugzilla/Auth/Cookie.pm
@@ -26,7 +26,7 @@
 #                 Christian Reis <kiko@async.com.br>
 #                 Bradley Baetz <bbaetz@acm.org>
 
-package Bugzilla::Auth::Login::CGI::Cookie;
+package Bugzilla::Auth::Cookie;
 
 use strict;
 
@@ -93,7 +93,7 @@ __END__
 
 =head1 NAME
 
-Bugzilla::Auth::Login::CGI::Cookie - cookie authentication for Bugzilla
+Bugzilla::Cookie - cookie authentication for Bugzilla
 
 =head1 SUMMARY
 
@@ -108,8 +108,8 @@ restricted to certain IP addresses as a security meaure. The exact
 restriction can be specified by the admin via the C<loginnetmask> parameter.
 
 This module does not ever send a cookie (It has no way of knowing when a user
-is successfully logged in). Instead L<Bugzilla::Auth::Login::CGI> handles this.
+is successfully logged in). Instead L<Bugzilla::Auth::CGI> handles this.
 
 =head1 SEE ALSO
 
-L<Bugzilla::Auth>, L<Bugzilla::Auth::Login::CGI>
+L<Bugzilla::Auth>, L<Bugzilla::Auth::CGI>
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/DB.pm
index 4db34b5cf..dee3b5db9 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/DB.pm
@@ -25,9 +25,8 @@
 #                 Gervase Markham <gerv@gerv.net>
 #                 Christian Reis <kiko@async.com.br>
 #                 Bradley Baetz <bbaetz@acm.org>
-#                 Erik Stambaugh <erik@dasbistro.com>
 
-package Bugzilla::Auth::Verify::DB;
+package Bugzilla::Auth::DB;
 
 use strict;
 
@@ -35,15 +34,6 @@ use Bugzilla::Config;
 use Bugzilla::Constants;
 use Bugzilla::Util;
 
-# can_edit is now a hash.
-
-my $can_edit = {
-    'new' => 1,
-    'userid' => 0,
-    'login_name' => 1,
-    'realname' => 1,
-};
-
 sub authenticate {
     my ($class, $username, $passwd) = @_;
 
@@ -71,6 +61,8 @@ sub authenticate {
     return (AUTH_OK, $userid);
 }
 
+sub can_edit { return 1; }
+
 sub get_id_from_username {
     my ($class, $username) = @_;
     my $dbh = Bugzilla->dbh;
@@ -119,7 +111,7 @@ __END__
 
 =head1 NAME
 
-Bugzilla::Auth::Verify::DB - database authentication for Bugzilla
+Bugzilla::Auth::DB - database authentication for Bugzilla
 
 =head1 SUMMARY
 
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/LDAP.pm
index 737827ee0..c34c3698f 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/LDAP.pm
@@ -25,9 +25,8 @@
 #                 Gervase Markham <gerv@gerv.net>
 #                 Christian Reis <kiko@async.com.br>
 #                 Bradley Baetz <bbaetz@acm.org>
-#                 Erik Stambaugh <erik@dasbistro.com>
 
-package Bugzilla::Auth::Verify::LDAP;
+package Bugzilla::Auth::LDAP;
 
 use strict;
 
@@ -36,15 +35,6 @@ use Bugzilla::Constants;
 
 use Net::LDAP;
 
-# can_edit is now a hash.
-
-my $can_edit = {
-    'new' => 0,
-    'userid' => 0,
-    'login_name' => 0,
-    'realname' => 0,
-};
-
 sub authenticate {
     my ($class, $username, $passwd) = @_;
 
@@ -166,13 +156,15 @@ sub authenticate {
     return (AUTH_OK, $userid);
 }
 
+sub can_edit { return 0; }
+
 1;
 
 __END__
 
 =head1 NAME
 
-Bugzilla::Auth::Verify::LDAP - LDAP based authentication for Bugzilla
+Bugzilla::Auth::LDAP - LDAP based authentication for Bugzilla
 
 This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
 Bugzilla, which logs the user in using an LDAP directory.
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm
index d73f22875..b568918e3 100644
--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -25,7 +25,6 @@
 #                 J. Paul Reed <preed@sigkill.com>
 #                 Bradley Baetz <bbaetz@student.usyd.edu.au>
 #                 Christopher Aillon <christopher@aillon.com>
-#                 Erik Stambaugh <erik@dasbistro.com>
 
 package Bugzilla::Config;
 
@@ -218,12 +217,6 @@ sub UpdateParams {
         $param{'loginmethod'} = $param{'useLDAP'} ? "LDAP" : "DB";
     }
 
-    # set verify method to whatever loginmethod was
-    if (exists $param{'loginmethod'} && !exists $param{'user_verify_method'}) {
-        $param{'user_verify_method'} = $param{'loginmethod'};
-        delete $param{'loginmethod'};
-    }
-
     # --- DEFAULTS FOR NEW PARAMS ---
 
     foreach my $item (@param_list) {