Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Request Tracker>
  3. Commit
rt branch, 5.0/disable-password-option-for-authtoken, created. rt-5.0.0beta2-1-g264f3ddda7
ast at bestpractical
Jun 24, 2020, 2:05 AM
Post #1 of 1 (22 views)
Permalink
The branch, 5.0/disable-password-option-for-authtoken has been created
at 264f3ddda79092bf030cd152db6d7fb473cfb602 (commit)

- Log -----------------------------------------------------------------
commit 264f3ddda79092bf030cd152db6d7fb473cfb602
Author: Aaron Trevena <ast@bestpractical.com>
Date: Wed Jun 24 10:00:30 2020 +0100

Add config option to disable password for auth tokens

Added and documented new configuration option to not require a password
when adding a new auth token, this solves problems with requiring a password
in a hybrid RT where both external and local accounts are used.

diff --git a/docs/authentication.pod b/docs/authentication.pod
index eba5b36be1..0f6f77baac 100644
--- a/docs/authentication.pod
+++ b/docs/authentication.pod
@@ -31,6 +31,14 @@ your RT Apache configuration to allow RT to access the Authorization header.

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

+
+If you have a mix of local and external authentication you can disable
+requiring a password to create or edit tokens with the following line
+in /opt/rt4/etc/RT_SiteConfig.pm :
+
+ Set($DisablePasswordForAuthToken, 1);
+
+
You can find more information about tokens in L<RT::Authen::Token>.

=head1 External Authentication
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index ce7c78f679..b8bd1c52ac 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -5001,15 +5001,20 @@ sub ProcessAuthToken {
if ( $args_ref->{Create} ) {

# Don't require password for systems with some form of federated auth
+ # or if configured to not require a password
my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+ my $require_password = 1;
+ if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+ $require_password = 0;
+ }

if ( !length( $args_ref->{Description} ) ) {
push @results, loc("Description cannot be blank.");
}
- elsif ( $res{'CanSet'} && !length( $args_ref->{Password} ) ) {
+ elsif ( $require_password && !length( $args_ref->{Password} ) ) {
push @results, loc("Please enter your current password.");
}
- elsif ( $res{'CanSet'} && !$session{CurrentUser}->IsPassword( $args_ref->{Password} ) ) {
+ elsif ( $require_password && !$session{CurrentUser}->IsPassword( $args_ref->{Password} ) ) {
push @results, loc("Please enter your current password correctly.");
}
else {
diff --git a/share/html/Elements/AuthToken/Create b/share/html/Elements/AuthToken/Create
index 653374c332..01d82cd8f1 100644
--- a/share/html/Elements/AuthToken/Create
+++ b/share/html/Elements/AuthToken/Create
@@ -57,7 +57,7 @@
<div class="modal-body">
<form method="POST">
<input type="hidden" name="Owner" value="<% $Owner %>">
-% if ( $res{'CanSet'} ){
+% if ( $require_password ){
<div class="form-row">
<div class="label col-4">
<&|/l, $session{'CurrentUser'}->Name()&>[_1]'s current password</&>:
@@ -89,8 +89,13 @@
</div>

<%INIT>
-# Don't require password for systems with some form of federated auth
+# Don't require password for systems with some form of federated auth,
+# or if configured to not require a password
my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+ $require_password = 0;
+}
</%INIT>

<%ARGS>

-----------------------------------------------------------------------
_______________________________________________
rt-commit mailing list
rt-commit@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-commit

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal