Bug 1696781 - Disable OAuth2 integration in createaccount.cgi, and en…

…able it in token.cgi after creating account.
mozilla-bteam · Oct 13, 2021 · 655be39 · 655be39
1 parent 35fc683
commit 655be39
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/Bugzilla.pm b/Bugzilla.pm
@@ -284,6 +284,14 @@ sub login {
   my $do_logout     = $cgi->param('logout');
   my $on_token_page = $script_name eq '/token.cgi';
 
+  my $is_creatingaccount = 0;
+  if ($script_name eq '/createaccount.cgi'
+    || ($on_token_page && !$cgi->param('token_account_created')))
+  {
+    # The user hasn't yet created account.
+    $is_creatingaccount = 1;
+  }
+
   if ($authenticated_user->password_change_required) {
 
     # We cannot show the password reset UI for API calls, so treat those as
@@ -388,9 +396,10 @@ sub login {
   }
 
   # If Mojo native app is requesting login, we need to possibly redirect
+  # If the user is creating account, we should wait until the process finishes.
   my $C = Bugzilla->request_cache->{mojo_controller};
   my $session = $C->session;
-  if (!$on_token_page && $session->{override_login_target}) {
+  if (!$is_creatingaccount && $session->{override_login_target}) {
     my $override_login_target = delete $session->{override_login_target};
     my $cgi_params            = delete $session->{cgi_params};
     my $mojo_url              = Mojo::URL->new($override_login_target);

diff --git a/token.cgi b/token.cgi
@@ -449,6 +449,7 @@ sub confirm_create_account {
   # Log in the new user using credentials they just gave.
   $cgi->param('Bugzilla_login',    $otheruser->login);
   $cgi->param('Bugzilla_password', $password1);
+  $cgi->param('token_account_created', 1);
   Bugzilla->login(LOGIN_OPTIONAL);
 
   print $cgi->header();