This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/improve-db-connection-handling has been created
at f9f7fe7468a1f14cdad4ea4cc2ee1cd9a71e3add (commit)
- Log -----------------------------------------------------------------
commit f9f7fe7468a1f14cdad4ea4cc2ee1cd9a71e3add
Author: Jason Crome <jcrome@bestpractical.com>
Date: Wed May 11 13:33:31 2022 -0400
Soften language around password-less DB logins
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 4a72c5b2ec..e168d1599e 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -283,7 +283,8 @@ Set($DatabaseAdmin, "@DB_DBA@");
=item C<$AllowEmptyDatabasePassword>
-Allow RT to use an empty database password. B<NOT> recommended!
+Allow RT to use an empty database password. Set this to 1 if your database
+server authenticates users without using passwords.
=cut
commit e9b17c55276c805501d59e8bdacb108a30ba2e76
Author: Jason Crome <jcrome@bestpractical.com>
Date: Fri May 6 16:03:17 2022 -0400
Try to avoid connecting to DB if password missing
For some installs of RT, too many failed database connections will lock
account access. Regardless of whether this is a permission error,
configuration error, etc., try to mitigate this by not attempting to
connect if the database password is blank or missing.
Add a configuration option, AllowEmptyDatabasePassword, to skip the
requirement of having a non-empty database password to start RT.
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 1b7720241e..4a72c5b2ec 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -281,6 +281,14 @@ during upgrades.
Set($DatabaseAdmin, "@DB_DBA@");
+=item C<$AllowEmptyDatabasePassword>
+
+Allow RT to use an empty database password. B<NOT> recommended!
+
+=cut
+
+Set($AllowEmptyDatabasePassword, 0);
+
=back
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 034ca84b28..662e8c1430 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -765,6 +765,9 @@ our %META;
Immutable => 1,
Widget => '/Widgets/Form/String',
},
+ AllowEmptyDatabasePassword => {
+ Widget => '/Widgets/Form/Boolean',
+ },
FullTextSearch => {
Type => 'HASH',
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 3f741fa7ff..9195278624 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -120,9 +120,33 @@ sub Connect {
$ENV{'NLS_NCHAR'} = "AL32UTF8";
}
+ # Prevent RT from connecting without a password. For some installations, an empty
+ # password might indicate that we couldn't read our RT config, and repeated attempts
+ # to connect to the database without a password may lock the db account RT uses.
+ # Here we attempt to mitigate that outcome, and determine why we have no password.
+ #
+ # Sometimes, you might want to allow this. If so, you'll need to specifically enable
+ # AllowEmptyDatabasePassword in your RT config to account for this.
+
+ my $dbpassword = RT->Config->Get('DatabasePassword');
+ if( !$dbpassword or $dbpassword eq '' ) {
+ if( !RT->Config->Get('AllowEmptyDatabasePassword') ) {
+ # Password is empty, and it's not supposed to be.
+ if( !RT->Config->LoadedConfigs ) {
+ # No configs are loaded, so try to load them again. If this was because of permissions,
+ # we should have already, but for the sake of being paranoid, try to load them again.
+ # Either they will load, or fail and we'll get told why.
+ RT->LoadConfig;
+ } else {
+ die "Cannot start RT with an empty password. Check your RT configuration\n" .
+ "and make sure you've provided a database password.\n";
+ }
+ }
+ }
+
$self->SUPER::Connect(
User => RT->Config->Get('DatabaseUser'),
- Password => RT->Config->Get('DatabasePassword'),
+ Password => $dbpassword,
DisconnectHandleOnDestroy => 1,
%args,
);
-----------------------------------------------------------------------
hooks/post-receive
--
rt
_______________________________________________
rt-commit mailing list
rt-commit@lists.bestpractical.com
https://lists.bestpractical.com/mailman/listinfo/rt-commit
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/improve-db-connection-handling has been created
at f9f7fe7468a1f14cdad4ea4cc2ee1cd9a71e3add (commit)
- Log -----------------------------------------------------------------
commit f9f7fe7468a1f14cdad4ea4cc2ee1cd9a71e3add
Author: Jason Crome <jcrome@bestpractical.com>
Date: Wed May 11 13:33:31 2022 -0400
Soften language around password-less DB logins
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 4a72c5b2ec..e168d1599e 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -283,7 +283,8 @@ Set($DatabaseAdmin, "@DB_DBA@");
=item C<$AllowEmptyDatabasePassword>
-Allow RT to use an empty database password. B<NOT> recommended!
+Allow RT to use an empty database password. Set this to 1 if your database
+server authenticates users without using passwords.
=cut
commit e9b17c55276c805501d59e8bdacb108a30ba2e76
Author: Jason Crome <jcrome@bestpractical.com>
Date: Fri May 6 16:03:17 2022 -0400
Try to avoid connecting to DB if password missing
For some installs of RT, too many failed database connections will lock
account access. Regardless of whether this is a permission error,
configuration error, etc., try to mitigate this by not attempting to
connect if the database password is blank or missing.
Add a configuration option, AllowEmptyDatabasePassword, to skip the
requirement of having a non-empty database password to start RT.
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 1b7720241e..4a72c5b2ec 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -281,6 +281,14 @@ during upgrades.
Set($DatabaseAdmin, "@DB_DBA@");
+=item C<$AllowEmptyDatabasePassword>
+
+Allow RT to use an empty database password. B<NOT> recommended!
+
+=cut
+
+Set($AllowEmptyDatabasePassword, 0);
+
=back
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 034ca84b28..662e8c1430 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -765,6 +765,9 @@ our %META;
Immutable => 1,
Widget => '/Widgets/Form/String',
},
+ AllowEmptyDatabasePassword => {
+ Widget => '/Widgets/Form/Boolean',
+ },
FullTextSearch => {
Type => 'HASH',
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 3f741fa7ff..9195278624 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -120,9 +120,33 @@ sub Connect {
$ENV{'NLS_NCHAR'} = "AL32UTF8";
}
+ # Prevent RT from connecting without a password. For some installations, an empty
+ # password might indicate that we couldn't read our RT config, and repeated attempts
+ # to connect to the database without a password may lock the db account RT uses.
+ # Here we attempt to mitigate that outcome, and determine why we have no password.
+ #
+ # Sometimes, you might want to allow this. If so, you'll need to specifically enable
+ # AllowEmptyDatabasePassword in your RT config to account for this.
+
+ my $dbpassword = RT->Config->Get('DatabasePassword');
+ if( !$dbpassword or $dbpassword eq '' ) {
+ if( !RT->Config->Get('AllowEmptyDatabasePassword') ) {
+ # Password is empty, and it's not supposed to be.
+ if( !RT->Config->LoadedConfigs ) {
+ # No configs are loaded, so try to load them again. If this was because of permissions,
+ # we should have already, but for the sake of being paranoid, try to load them again.
+ # Either they will load, or fail and we'll get told why.
+ RT->LoadConfig;
+ } else {
+ die "Cannot start RT with an empty password. Check your RT configuration\n" .
+ "and make sure you've provided a database password.\n";
+ }
+ }
+ }
+
$self->SUPER::Connect(
User => RT->Config->Get('DatabaseUser'),
- Password => RT->Config->Get('DatabasePassword'),
+ Password => $dbpassword,
DisconnectHandleOnDestroy => 1,
%args,
);
-----------------------------------------------------------------------
hooks/post-receive
--
rt
_______________________________________________
rt-commit mailing list
rt-commit@lists.bestpractical.com
https://lists.bestpractical.com/mailman/listinfo/rt-commit