Re: [rt-users] Login from other form

Mon, 18 Feb 2008 06:58:05 -0800 

On 2/18/2008 8:37 AM, GUBBELS Jac wrote:

> I tried quite some things with PHP (cURL, snoopy etc) and even
> JavaScript to submit the login form without pressing the submit button,
> but I do not seem to be able to get those approaches to deliver.

Instead of trying to automate the form submission, what you should 
probably do is bypass the authentication altogether.  One simple way is 
to set the REMOTE_USER environment variable to the person's RT user 
name, and then set $RT::WebExternalAuth to true.  If you don't want such 
a simplistic and relatively insecure method of user spoofing available, 
you can override the code in the base autohandler (e.g. 
/opt/share/html/autohandler) to add in a transformation from your 
encrypted user credentials to a real RT user.  In 3.6.3 the code to be 
inserted would probably go here:

# If it's a noauth file, don't ask for auth.
if ( $m->base_comp->path =~ $RT::WebNoAuthRegex ) {
     $m->comp( { base_comp => $m->request_comp }, $m->fetch_next, %ARGS);
     $m->abort;
}

# If RT is configured for external auth, let's go through and get 
REMOTE_USER
elsif ($RT::WebExternalAuth) {

     # do we actually have a REMOTE_USER equivlent?
     if ( RT::Interface::Web::WebCanonicalizeInfo() ) {


between the first IF and the ELSIF.  Look inside of the

     if ( RT::Interface::Web::WebCanonicalizeInfo() ) {

block to see what to do once you have a user name.  Basically, you want 
to do some part of this:

         $session{'CurrentUser'} = RT::CurrentUser->new();
         my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load';

         if ( $^O eq 'MSWin32' and $RT::WebExternalGecos ) {
             my $NodeName = Win32::NodeName();
             $user =~ s/^\Q$NodeName\E\\//i;
         }

         $session{'CurrentUser'}->$load_method($user);

followed by a check to see if you actually loaded a user:

     if ( $session{'CurrentUser'}->Id() )

Or something like that.  HTH!

-- 
Regards,


joe
Joe Casadonte
[EMAIL PROTECTED]

==========                                                  ==========
== The statements and opinions expressed here are my own and do not ==
== necessarily represent those of Oracle Corporation.               ==
==========                                                  ==========
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Reply via email to