Bugzilla::Auth Re-Write Has Landed
Max Kanat-Alexander
mkanat at bugzilla.org
Fri May 12 03:03:46 UTC 2006
Hey everybody.
So, just now I checked-in bug 300410:
https://bugzilla.mozilla.org/show_bug.cgi?id=300410
This was basically a complete re-write of the Bugzilla authentication
system.
That means that HEAD is probably NOT SAFE to run right now. This was
about the third-largest patch in Bugzilla's history, so I expect *some*
regressions. We've tested logins with CGI and Env authentication, we've
tested Cookies, and we've tested the DB stuff. We know that LDAP doesn't
work right now, but we're going to get it fixed.
For an explanation of how the new system works, perldoc
Bugzilla/Auth.pm, and look at the "STRUCTURE" section. In general, it's
been re-written to be truly object-oriented.
It should be even easier to write a new Authentication module for
Bugzilla now.
However, for now, make sure that you only run HEAD if you're okay with
possible serious authentication bugs. (Meaning, if somebody steals a
login or something, don't say I didn't tell you so.)
The Tinderboxes are failing, but not because the patch actually breaks
anything. The tests themselves are broken.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla Services. And Everything Else, too.
More information about the developers
mailing list