diff options
author | Will Woods <wwoods@redhat.com> | 2008-06-10 11:21:32 -0400 |
---|---|---|
committer | Will Woods <wwoods@redhat.com> | 2008-06-10 11:21:32 -0400 |
commit | 4782cbf51cdf89faa977ccace668f75e97e21e6d (patch) | |
tree | b60f7451f0a6391b5bddbf4cf9a04c8dc4c4efd4 /bugzilla/base.py | |
parent | 35f9cb409068820018480408376e2c4332d1f315 (diff) | |
download | python-bugzilla-4782cbf51cdf89faa977ccace668f75e97e21e6d.tar.gz python-bugzilla-4782cbf51cdf89faa977ccace668f75e97e21e6d.tar.xz python-bugzilla-4782cbf51cdf89faa977ccace668f75e97e21e6d.zip |
stop sending passwords with rhbugzilla requests - rely on the login() cookie everywhere
Diffstat (limited to 'bugzilla/base.py')
-rw-r--r-- | bugzilla/base.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/bugzilla/base.py b/bugzilla/base.py index 1ecb790..1be4224 100644 --- a/bugzilla/base.py +++ b/bugzilla/base.py @@ -62,6 +62,7 @@ class BugzillaBase(object): self.password = '' self.url = '' self.user_agent = user_agent + self.logged_in = False # Bugzilla object state info that users shouldn't mess with self._cookiejar = None self._proxy = None @@ -108,7 +109,14 @@ class BugzillaBase(object): setattr(self,k,v) def connect(self,url): - '''Connect to the bugzilla instance with the given url.''' + '''Connect to the bugzilla instance with the given url. + + This will also read any available config files (see readconfig()), + which may set 'user' and 'password'. + + If 'user' and 'password' are both set, we'll run login(). Otherwise + you'll have to login() yourself before some methods will work. + ''' # Set up the transport if url.startswith('https'): self._transport = SafeCookieTransport() @@ -139,7 +147,8 @@ class BugzillaBase(object): '''Attempt to log in using the given username and password. Subsequent method calls will use this username and password. Returns False if login fails, otherwise returns some kind of login info - typically - either a numeric userid, or a dict of user info. + either a numeric userid, or a dict of user info. It also sets the + logged_in attribute to True, if successful. If user is not set, the value of Bugzilla.user will be used. If *that* is not set, ValueError will be raised. @@ -147,6 +156,7 @@ class BugzillaBase(object): This method will be called implicitly at the end of connect() if user and password are both set. So under most circumstances you won't need to call this yourself. + ''' if user: self.user = user @@ -160,6 +170,9 @@ class BugzillaBase(object): try: r = self._login(self.user,self.password) + self.logged_in = True + log.info("login successful - dropping password from memory") + self.password = '' except xmlrpclib.Fault, f: r = False return r |