Not able to login to Bugzilla webservices

[Vivek Chandra]

Hey,

Have been trying to access bugzilla webservice via JsonRpc but its not letting me do so.

Bugzilla server 4.2( no public access ) : https://bugzilla.corp.nai.org/bugzilla/

Followin this tutorial,
http://guy-pyrzak.blogspot.in/2009/07/bugzilla-json-rpc-webservice-with.html?showComment=1343289927209#c2491578236827623791

And the Doc's http://www.bugzilla.org/docs/4.2/en/html/api/Bugzilla/WebService/User.html#login

What i've tried so far :

<script type="text/javascript" >
function hello(){
var myObject = { "method": "User.login",
"params": [ { "login": "uname",
"password":"userPassword"
} ]};

var enc = $.toJSON(myObject);
$.ajax({"contentType":"application/json",
"data": enc,
"dataType": "json",
"url": "https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi",
"type": "post",
success: function(d, ts){
alert("Hell Yeah");
console.log('w00t',d);
console.dir(d);
},
error: function (obj){
console.log(obj)
}
});
}
</script>

From the above script, i get an error :
OPTIONS https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi 403 (Forbidden) jquery.min.js:19
XMLHttpRequest cannot load https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi. Origin http://<ip> is not allowed by Access-Control-Allow-Origin.


From my understanding, "Access-Control-Allow-Origin" is caused because of "same origin policy" problem and hence i should use "jsonp". But,Jsonp - i.e, script injection can only be done via GET request. But,if i try the same JS script with a GET request - i get a security warning saying login via POST.


Confused on how to connect/login via Web services.

[Vivek Chandra]

I have access to the jsonrpc.cgi script because,the link https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi
gives the following o/p

{"error":{"message":"When using JSON-RPC over GET, you must specify a 'method' parameter. See the documentation at docs/en/html/api/Bugzilla/WebService/Server/JSONRPC.html","code":32000},"id":"https://bugzilla.corp.nai.org/bugzilla/","result":null}

[Thorsten Schöning]

Guten Tag Vivek Chandra,
am Dienstag, 31. Juli 2012 um 12:01 schrieben Sie:

>>From the above script, i get an error :
> OPTIONS https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi 403 (Forbidden) jquery.min.js:19
> XMLHttpRequest cannot load
> https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi. Origin
> http://<ip> is not allowed by Access-Control-Allow-Origin.

From where does your browser execute the JavaScript? I would suspect
having both errors the same root cause, the same origin policy of your
browser.

>>From my understanding, "Access-Control-Allow-Origin" is caused
>>because of "same origin policy" problem and hence i should use
>>"jsonp". But,Jsonp - i.e, script injection can only be done via GET
>>request. But,if i try the same JS script with a GET request - i get
>>a security warning saying login via POST.

From my understanding of Wikipedia to JSONP, this is nothing which
will work with a normal RPC-style interface, but is a typical hack
around same origin policy which the called service has to implement.
Bugzilla doesn't implement this, though JSONP won't work directly
speaking with your Bugzilla instance.

Maybe you should provide some more information about what you really
try to achieve, especially who needs the data, where whoever needs the
data is executed etc.

Mit freundlichen Grüßen,

Thorsten Schöning

--
Thorsten Schöning E-Mail:Thorsten....@AM-SoFT.de
AM-SoFT IT-Systeme http://www.AM-SoFT.de/

Telefon.............030-2 1001-310
Fax...............05151- 9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hanover HRB 207 694 - Geschäftsführer: Andreas Muchow

[Vivek Chandra]

> From where does your browser execute the JavaScript? I would suspect
>
> having both errors the same root cause, the same origin policy of your
>
> browser.

------------

My browser is running that Javascript - from the client. I do not have access to the Bugzilla server.

> From my understanding of Wikipedia to JSONP, this is nothing which
>
> will work with a normal RPC-style interface, but is a typical hack
>
> around same origin policy which the called service has to implement.
>
> Bugzilla doesn't implement this, though JSONP won't work directly
>
> speaking with your Bugzilla instance.

____________

I took up jsonp as it was needed to access scripts lying in another domain. Since my Client and the bugzilla are not on the same server,i thought jsonp was the only way i can fetch the data.

> Maybe you should provide some more information about what you really
>
> try to achieve, especially who needs the data, where whoever needs the
>
> data is executed etc.

What i'm trying to achieve =>

1) Fetch some bug id's from my corporations bugzilla server and use it to display some statistics - based on the query( when fetching )
2) inorder to get any details of any bug - i need to login!!, which i'm not able to.

Gist of things <=> I just want the bugzilla data - fetched based on a query in javascript format.

[Thorsten Schöning]

Guten Tag Vivek Chandra,
am Dienstag, 31. Juli 2012 um 12:48 schrieben Sie:

> My browser is running that Javascript - from the client. I do not
> have access to the Bugzilla server.

The interesting part is the domain from which your browser gets the
HTML whith your JavaScript embedded.

> I took up jsonp as it was needed to access scripts lying in another
> domain. Since my Client and the bugzilla are not on the same
> server,i thought jsonp was the only way i can fetch the data.

JSONP is not standard interface, it's something the server where you
want to fetch data from must implement. Bugzilal doesn't, therefore
you need something in between the browser with it's same origin policy
and your Bugzilla server. You may retrieve JSONP from your own server,
which routes your request to your Bugzilla server and sends it's
response, but Bugzilla itself won't recognize JSONP.

[Vivek Chandra]

Guten Tag Thorsten Schöning ,

I dint follow this - "The interesting part is the domain from which your browser gets the
HTML whith your JavaScript embedded" what do you mean by that?

And,JSONP =>

You mean to say, i need an intermediate server( in the same domain as of bugzilla server) which is capable of sending and receiving the 'jsonp' requests from my client?
Once again,i do not have access to the bugzilla server.

Why am i getting the 403 forbidden error when i can access the script?, is there any error in the way i'm accessing the server?, in the way i'm sending the request?

Please have a look at the Question for more info on the problem i'm facing - http://stackoverflow.com/questions/11667809/bugzilla-webservice-via-json-rpc

Regards,
Vivek

[Thorsten Schöning]

Guten Tag Vivek Chandra,
am Mittwoch, 1. August 2012 um 09:09 schrieben Sie:

> I dint follow this - "The interesting part is the domain from which your browser gets the
> HTML whith your JavaScript embedded" what do you mean by that?

Which URL are you typing into your browser to request your HTML page?
It surely is another than where you Bugzilla is hosted and that's the
problem: same origin policy. You can't simply speak to your Bugzilla
server from JavaScript of another domain. And I suspect both of your
errors, 403 and the other one, are caused by same origin policy.

> You mean to say, i need an intermediate server( in the same domain
> as of bugzilla server)

No, in the same domain as your HTML or else your JavaScript wouldn't
be able to talk to your intermediate server, too, just like it can't
communicate with Bugzilla.

> Why am i getting the 403 forbidden error when i can access the
> script?

I suspect same origin policy.

> is there any error in the way i'm accessing the server? in the way

> i'm sending the request?

You could test that with a local copy of Bugzilla and your HTML page,
in this case same-origin wouldn't be a problem and you can implement
the proper communication with Bugzilla itself. Afterwards you can
think of solutions to the same origin policy, but once again, I don't
think that JSONP directly to your Bugzilla server will work. But I
didn't use JSONP yet, I may be wrong of course.

[Vivek Chandra]

The URL from which i'm making a call to bugzilla server is not in the same domain as the bugzilla server.

I will try what you have suggested - getting a local copy of bugzilla and accessing it from there.

One last question -

You said I cannot be in a different domain and speak to bugzilla(via Javascript) - but if from the same client machine ( different domain than bugzilla), I gave the URL - " https://bugzilla.corp.nai.org/bugzilla/jsonrpc.cgi " to which the reply from the server was an error Object =>

{"error":{"message":"When using JSON-RPC over GET, you must specify a 'method' parameter. See the documentation at docs/en/html/api/Bugzilla/WebService/Server/JSONRPC.html","code":32000},"id":"https://bugzilla.corp.nai.org/bugzilla/","result":null}

The above error object is what prompted me to think that I have access to the jsonrpc.cgi and that the javascript on my client can access bugzilla scripts(via jsonp)


Question :
If I cannot access bugzilla from another domain - why is bugzilla throwing me an error saying "must specify a 'method' parameter"?

[Thorsten Schöning]

Guten Tag Vivek Chandra,
am Mittwoch, 1. August 2012 um 11:16 schrieben Sie:

> Question :
> If I cannot access bugzilla from another domain - why is bugzilla
> throwing me an error saying "must specify a 'method' parameter"?

The script-tag in a HTML page can send a request to everywhere, that's
how JSONP works: The script tag itself requests some JavaScript from
anywhere and this is executed in the context of your HTML page. But
whoever is requested for JSONP, has to sent it and Bugzilla doesn't
because JSONP is not standardized interface, it's just same hack for
the same origin policy. That's why you get the error message: The
script tag can request to your Bugzilla, but Bugzilla doesn't
understand it since there's no JSON-RPC request going on, just
anybody who calls the CGI.

[Vivek Chandra]

Guten Tag Thorsten Schöning,

Turns out, jsonp is supported by bugzilla. Got a Hit on my stackoverflow question - http://stackoverflow.com/questions/11667809/bugzilla-webservice-via-json-rpc

Everything is working for now. Since i have to send the credentials via bugzilla_username/password - i'm searching for ways to store the credentials in a session. I'm not able to use cookie login as it has to be done via User.login method - over POST, which is not possible via jsonp.

So,if you have any suggestions to make on how to store the credentials - please do so. Other than that, thank you for all your help and time.

Regards,
Vivek

[Thorsten Schöning]

Guten Tag Vivek Chandra,
am Freitag, 3. August 2012 um 10:42 schrieben Sie:

> Turns out, jsonp is supported by bugzilla.

I don't think so:

> You'll be limited to retrieving information, changes require POST calls
[...]

> I'm not able to use cookie login as it has
> to be done via User.login method - over POST, which is not possible via jsonp.

> So,if you have any suggestions to make on how to store the
> credentials - please do so.

I don't see any other possibility than using cookies and POST.

Mit freundlichen Grüßen,

Thorsten Schöning

--
Thorsten Schöning E-Mail:Thorsten....@AM-SoFT.de
AM-SoFT IT-Systeme http://www.AM-SoFT.de/

Telefon.............030-2 1001-310
Fax...............05151- 9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln

AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow