Re: [rt-users] Error when initializing database with external auth enabled

2016-06-20 Thread Shawn Moore
On 2016年5月24日 at 20:27:02, Bart Bunting (bart.bunt...@ursys.com.au) wrote:
> Hi there,

Hi Bart,

> I may be just missing something but this is failing miserably for me and
> I am not sure what the correct way to fix it is:
>  
> Running rt 4.4.1 rc1 as of today.

I’m glad to hear it. :)

> When I have the external authentication configuration enabled in
> RT_SiteConfig.pm the
> initial database import breaks. I think this is because when it trys to
> add the "root" user it attempts to canonicalize the name from ldap which
> fails.

You’re exactly right. It’s even trying to canonicalize the RT System and Nobody 
users too.

> I can work around this by having puppet install one version of 
> RT_SiteConfig.pm without  
> external authentication configured, run the database import and then
> replace it with a version with external auth enabled.
>  
> This works, I've tested it.
>  
> It just feels terribly ugly and wrong.

Indeed it is, but hey, it works.

> Can anyone suggest what I might be doing wrong here or is this a genuine
> issue?

It’s a genuine issue. I’ve created an Issues ticket on your behalf:

https://issues.bestpractical.com/Ticket/Display.html?id=32009

I’ve also fixed the underlying issue with the following two commits (the first 
for RT System and Nobody, the latter for the root user):

https://github.com/bestpractical/rt/commit/86b45ac4e26
https://github.com/bestpractical/rt/commit/a32c5813bdd

These fixes will be included in RT 4.4.1rc2, but if you want to apply the 
patches ahead of time, you can get rid of your double SiteConfig hack.

> Kind regards
> Bart

Thank you for testing the RCs!
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Los Angeles - September, 2016


Re: [rt-users] Can't set DBI::db=HASH(0x8b3efb0)->{PrintWarm}

2016-06-16 Thread Shawn Moore
Hi Daniel,

On 2016年6月16日 at 13:30:18, Daniel M. via rt-users 
(rt-users@lists.bestpractical.com) wrote:

> [/opt/rt4/local/html/Ticket/Update.html:200]

This suggests that you’d customized RT’s code directly, so I bet you are 
running a 4.2-era (or older) /Ticket/Update.html file against RT 4.4. In other 
words, RT has made changes to that file as part of your upgrade to 4.4.0, but 
your local override is hiding those changes, so that’s why you’re seeing 
strange errors.

The way to proceed (in descending order of preference) would be to refactor 
your customizations to be callbacks, which is the recommended way to customize 
RT’s templates, or simply remove your local override if you don’t need it, or 
finally apply your customizations again to 4.4’s version of /Ticket/Update.html.

See https://docs.bestpractical.com/rt/latest/writing_extensions.html#Callbacks 
for more detail on the recommended approach.

Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Los Angeles - September, 2016


Re: [rt-users] Critical error after upgrading to RT 4.4.0

2016-06-10 Thread Shawn Moore
On 2016年6月6日 at 4:14:57, Guadagnino Cristiano (guadagnino.cristi...@creval.it) 
wrote:
> Hi Shawn!

Hi Cris,

> Uhm. The only thing I can think of is that I have added a custom role. Maybe 
> this is the thing  
> that's giving me problems?
>  
> Apparently however the custom role is behaving well.

I replicated the issue (it happens when a user has CreateTicket but not 
ShowTicket) and I believe I’ve fixed it. Can you try the following patch?

https://github.com/bestpractical/rt/commit/5d0a88d47f141f37fdb8bb7c6e3428c122aff423

The fix will be included as part of RT 4.4.1 as this is definitely a blocker!

> Thank you!
>  
> Cris

Thanks for helping track this down, and sorry about the trouble.

Cheers,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Los Angeles - September, 2016


Re: [rt-users] Critical error after upgrading to RT 4.4.0

2016-06-01 Thread Shawn Moore
Hi Cris,

On 2016年6月1日 at 5:58:31, Guadagnino Cristiano (guadagnino.cristi...@creval.it) 
wrote:
> Yesterday I upgraded from RT 4.2.12 to RT 4.4.0.
>  
> Today I am sometimes getting errors like this:
>  
> [30091] [Wed Jun 1 09:13:03 2016] [critical]: Couldn't create ticket groups 
> for ticket  
> 133221. aborting Ticket creation. (/opt/rt4/sbin/../lib/RT/Ticket.pm:444)
>  
> [30091] [Wed Jun 1 09:13:03 2016] [crit]: Ticket creation failed: I: AGG 
> MAGGIO 2016.xlsx:  
> Ticket could not be created due to an internal error 
> (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:  
> 697)

This is the first we’ve seen of this error. :/ If you can send over a stack 
trace that will help track it down. Adding this to your site config will do so:

Set($LogStackTraces, “error");

> I am having difficulty understanding where the problem is (what's the meaning 
> of "ticket  
> groups"?) and hence how to solve it.

Ticket groups are the groups that contain AdminCcs, Ccs, Requestors, etc.

> Please help!!!

Do you have any customizations? Which extensions are installed? And which 
database are you on?

> Cris

Best of luck,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Los Angeles - September, 2016


Re: [rt-users] accessing role object from template

2016-05-23 Thread Shawn Moore
On 2016年5月21日 at 3:21:17, Woody - Wild Thing Safaris 
(wo...@wildthingsafaris.com) wrote:
> Hi all,

Hi Woody,

> I've created a custom role "Transfer Operators" and i wanted to email
> all those people from a scrip/template, but i have found that the
> argument in ScripActions cannot take a word boundary - renaming the role
> to TransferOperators and the argument in ScripActions sends a mail.

One workaround would be to use the RT::CustomRole-1 syntax (where 1 is the 
role’s ID) in the ScripAction argument.

I’ve made a ticket for adjusting how the argument parsing works, since you’re 
right, that is a bit limiting: 
https://issues.bestpractical.com/Ticket/Display.html?id=31997

> It would seem that either Role Names need to be restricted to single
> words, or Notify.pm needs an update to cope with spaces in Role Names
>  
> My question is however, how can i access Role member info from a template
>  
> something like:
>  
> { $Ticket->RoleObj("TransferOperators")->RealName }

Two options:

Load the role by name:

my $role = RT::CustomRole->new($CurrentUser);
$role->Load(“TransferOperators”);
$Ticket->RoleGroup($role->GroupType);

or specify the internal ID directly:

$Ticket->RoleGroup(“RT::CustomRole-1”);

This will return an RT::Group object. If you only need email address(es), you 
can use $Ticket->RoleAddresses(“RT::CustomRole-1”) directly.

> w.

By the way, we’d love to hear more about how you’re using custom roles :)

Thanks!
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] Angular web page breaks when I try to access it from the local/html directory of RT 4.4.2

2016-05-11 Thread Shawn Moore
On 2016年5月11日 at 13:54:01, Keith Creasy (kcre...@aph.org) wrote:
> Hello.

Hi Keith,

> We have a similar script, that doesn't use angular.js, that works.
>  
> Any idea if RT is simply not compatible with Angular.js markup?

I’ve done some prototyping with Angular (1.x) within RT’s UI and I don’t recall 
having any particular problems.

> Is there any hope of updating RT to be more REST and json compliant as well 
> as making it so  
> it doesn't try to mangle scripts?

We are eager to release a new REST API with JSON support, but as of right now 
it’s still in the works.

RT certainly shouldn’t be mangling scripts in any case!

> Keith

Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] Custom role?

2016-05-09 Thread Shawn Moore
Hi Guadagnino,

On 2016年5月6日 at 3:08:53, Guadagnino Cristiano (guadagnino.cristi...@creval.it) 
wrote:
> Shawn,
> I'm sorry but I think I still need some help.
>  
> I disabled the single-member custom role and created a new
> multiple-member custom role.
>  
> I applied it to a queue, and then I entered the queue configuration and
> added myself as GroupManager on that queue.
>  
> After that, if I look at the tickets in that queue (both those
> pre-existing and those created afterwards) I see no user in the
> GroupManager field.
>  
> I would have expected to see my name as GroupManager.
> How is this supposed to work?

You won’t see your name as GroupManager on individual tickets, since your user 
was added at the queue level. You should be able to add additional users on the 
ticket level and they’ll show up on tickets. However, permissions, 
notifications, (e.g. anything that uses the list of role members) will include 
both ticket-level and queue-level members. This is how the builtin roles 
AdminCc and Cc work too.

> Thank you in advance.
> Cris

Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] Custom role?

2016-05-05 Thread Shawn Moore
On 2016年5月5日 at 4:45:55, Guadagnino Cristiano (guadagnino.cristi...@creval.it) 
wrote:
> Hi all,

Hi Cris,

> I am trying to use the new "custom role" functionality in RT 4.4, but
> I'm not sure I understand how it works.
>  
> I created the new "GroupManager" role and I assigned some queue
> privileges to it.
>  
> The problem is: how am I supposed to assign the role to a user?

You’ll first have to pick which queues the GroupManager role should be applied 
to, just like you do for custom fields. Admin -> Custom Roles -> GroupManager 
-> "Applies to" lets you select the queues.

Then, when you’re creating or updating tickets in that queue, you’ll see 
GroupMember alongside other People fields. It’ll be next to either 
AdminCc/Cc/Requestor if it’s a multi-member role, or in this case, since it 
sounds like a single-member role, alongside Owner.

If it’s a multi-member role, you can also add members on the queue level by 
going to Admin -> Queues -> (select your queue) -> Watchers, just like you can 
for Cc and AdminCc.

> Thank you in advance
>  
> Cris

Thanks!
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] disable url links in ticket history

2016-03-25 Thread Shawn Moore
On 2016年3月25日 at 18:32:36, user1...@qet.be (user1...@qet.be) wrote:
> Hi all,

Hi U,

> Does anyone know if it is possible, or a good way to go to disable the links 
> in the ticket  
> history.
> I clarify:
> We get a lot of tickets where people send us phishing mails they received or 
> mails containing  
> a possible malicious url to analyse.
> What we like to do is implement something that those urls in the history are 
> "not clickable”  
> so that nobody of the first line handlers can incidentally get infected.

The automatic linking in the ticket history is done by a feature called 
MakeClicky. It was designed so that you can add your own parser to augment text 
in other ways too, not limited to just hyperlinking urls (or for that matter, 
“just” hyperlinking). The example in our documentation makes “ticket #xyz” into 
clickable links. But, the way it’s implemented allows you to turn it off 
completely with the following config:

    Set(@Active_MakeClicky, qw());

See https://docs.bestpractical.com/rt/4.4.0/extending/clickable_links.html for 
more information.

> kind regards,
>  
> U

Cheers,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] Problems with SLA since upgrading to 4.4

2016-02-16 Thread Shawn Moore
On 2016年2月11日 at 0:46:59, Yourevilness (sli...@onthenet.com.au) wrote:
> Hello,

Hi,

> Recently upgraded from 4.2.11 > 4.4.0 which has SLA in its core config. […]
> Doesn't appear to work. Can someone have a look over my settings or tell me
> what i'm missing?

Could you check each queue’s Basics admin page to see if “SLA Enabled” is 
checked?

Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany - March 14 & 15, 2016
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Problems with RT::Authen::ExternalAuth::LDAP after upgrade to 4.4

2016-02-11 Thread Shawn Moore
Hi Gavin,

On 2016年2月11日 at 10:20:44, Gavin Henry (gavin.he...@gmail.com) wrote:
> Undefined subroutine
> ::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at
> /opt/rt4/sbin/../lib/RT/User.pm line 787.

Could you try loading that module in that bit of code, near 
/opt/rt4/lib/RT/User.pm line 787. Changing:

    if($config->{'type'} eq 'ldap'){
        ($found, %params) = 
RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
    } elsif ($config->{'type'} eq 'db') {

to:

    if($config->{'type'} eq 'ldap’){
        require RT::Authen::ExternalAuth::LDAP;
        ($found, %params) = 
RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
    } elsif ($config->{'type'} eq 'db') {

Please let us know if that makes it any better.

Thanks,
Shawn



-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany  March 14 & 15, 2016

Re: [rt-users] Problems with RT::Authen::ExternalAuth::LDAP after upgrade to 4.4

2016-02-10 Thread Shawn Moore
Hi John,

On 2016年2月10日 at 2:11:18, John Andersen (j...@yvig.com) wrote:
> For background. this particular installation went live 10 years ago and has
> been carried over (mostly flawlessly I might add) from version to version
> over that 10 years; I try to stay on the most recent stable version.

I’m very happy to hear that RT has been running smoothly for you for so long!

> Set( $ExternalAuthPriority,['LDAP_DIR3']);
> Set( $ExternalInfoPriority,['LDAP_DIR3']);
> Set( $ExternalServiceUsesSSLorTLS, 0);
> Set( $AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings, {
> ...
> );

Could you try adding this as well?

Set( $ExternalAuth, 1 );

> I'd be grateful for any ideas or pointers!

Please let us know if that gets you back up and running. We’ll do a better job 
about this in 4.4.1.

> Thank you,
> John

Thanks!
Shawn

-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany  March 14 & 15, 2016

Re: [rt-users] RT 4.2 suddenly reset to a nonsensical view

2016-02-09 Thread Shawn Moore
On 2016年2月9日 at 15:57:44, Boris Epstein (borepst...@gmail.com) wrote:
Hello listmates,
Hi Boris,

Has anybody ever discovered a situation where all of a sudden your view resets 
to a non-sensical view where your search, tickets, etc. configs - all the 
advanced options - are gone and all you see is a view which is essentially 
useless. Tickets, however, seem to be there - if you specify them by number.

Any idea what this could be - or how to reset it to something reasonable?
What’s the URL? Sounds like you ended up in self-service.

Thanks.

Boris.

Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany — March 14 & 15, 2016

Re: [rt-users] RT 4.4.RC3

2016-01-11 Thread Shawn Moore
On 2016年1月11日 at 15:29:03, Max McGrath (mmcgr...@carthage.edu) wrote:
> Hello -

Hi Max,

> I just upgraded from RT 4.4 RC2 to 4.4 RC3 in my test environment. I had
> an issue in RC2 that I still have in RC3.

Thank you for testing the RCs!

> [24618] [Mon Jan 11 20:31:59 2016] [error]: RT::User::ExternalAuthId
> Unimplemented in RT::Record. (/opt/rt4/sbin/../lib/RT/Record.pm line 958)

The ExternalAuthId column was removed from the users table in RT 4.4. I suspect 
you’re still using it in ExternalSettings in RT_SiteConfig. If it’s not clear, 
send that over and we’ll have a look. Just be sure to censor any sensitive 
information in there.

Thanks,
Shawn


Re: [rt-users] RT 4.4 Errors

2015-11-23 Thread Shawn Moore
Hi Max,

On 2015年11月23日 at 15:59:38, Max McGrath (mmcgr...@carthage.edu) wrote:

> [12001] [Mon Nov 23 17:04:12 2015] [error]: Can't call method "loc" on an
> undefined value at /opt/rt4/sbin/../lib/RT/Ticket.pm line 1371.

Can you upgrade to 4.4.0 rc2? That includes a fix for this bug.

> Max

Thanks!
Shawn


Re: [rt-users] RT 4.4 RC1 Update

2015-11-20 Thread Shawn Moore

On 2015年11月20日 at 12:56:15, Max McGrath (mmcgr...@carthage.edu) wrote:
> Hello -

Hi Max,

> Just tried upgrading from RT 4.2.12 to RT 4.4 RC1 in my test environment to
> give you some feedback. Hopefully this is the proper place to post this:

Thank you for testing the RC! This is a perfectly fine place to discuss it. :-)

> […] Now I am getting this: […]
> Can't locate Scope/Upper.pm in @INC (@INC contains:
> […]

This is the root of the problem. You’re missing one of the new dependencies in 
RT, the Perl module Scope::Upper. It looks like RT is declaring that dependency 
correctly, so this might have just been a fluke. If you run “make fixdeps” 
again it should install that module for you.

> I don't claim to be a Perl or Apache expert, so if I'm missing something
> simple -- some help would be appreciated!
>  
> Thanks!
>  
> Max

Thank you :)
Shawn


Re: [rt-users] Action: Extract Custom Field Values - RT don't show me this option

2015-11-16 Thread Shawn Moore
On 2015年11月16日 at 17:17:53, Marcelo Calado | TBS TAX Services 
(mcal...@tbstaxservices.com) wrote:
Hello Everyone!

Hi Marcelo,
When I tried to create the Scrip, I can’t see the Action “Extract Custom Field 
Valeus”

Did you run “make initdb” from the ExtractCustomFieldValues directory? That 
adds the necessary Action record to your database. Everything else looks to be 
in order.
 
Tks, 

Marcelo Calado.



Thanks,

Shawn



[rt-users] [rt-announce] Security vulnerabilities in RT

2015-08-12 Thread Shawn Moore
We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x.  We are releasing RT versions 4.0.24 and 4.2.12 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4.2.

The vulnerabilities addressed by 4.0.24, 4.2.12, and the below patches
include the following:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages.  This vulnerability is assigned
CVE-2015-5475.  It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface.  This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.

Patches for all releases of 4.0.x and 4.2.x are available for download
below.  Versions of RT older than 4.0.0 are unsupported and do not
receive security patches; please contact sa...@bestpractical.com if you
need assistance with an older RT version.

https://download.bestpractical.com/pub/rt/release/security-2015-08-12.tar.gz
https://download.bestpractical.com/pub/rt/release/security-2015-08-12.tar.gz.asc

0ffdfae09837c09957f69e9de69660735d3099ee  security-2015-08-12.tar.gz
92c8d4d299c7bc205eb8382274306dc3aaa14970  security-2015-08-12.tar.gz.asc

The README in the tarball contains instructions for applying the
patches.  If you need help resolving this issue locally, we will provide
discounted pricing for single-incident support; please contact us at
sa...@bestpractical.com for more information.



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
rt-announce mailing list
rt-annou...@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce


[rt-users] [rt-announce] RT 4.0.24 released

2015-08-12 Thread Shawn Moore
RT 4.0.24 -- 2015-08-12
---

RT 4.0.24 contains an important security fix.

https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz.sig

SHA1 sums

0588b678cc1f13ae1504e9fffede1b8485d172f7  rt-4.0.24.tar.gz
8f8b69532112aa01d6fe540478de6a7046ad6fb0  rt-4.0.24.tar.gz.sig

This release is a security release which addresses the following
vulnerability:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages.  This vulnerability is assigned
CVE-2015-5475.  It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.


A complete changelog is available from git by running:
git log rt-4.0.23..rt-4.0.24
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.23...rt-4.0.24



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
rt-announce mailing list
rt-annou...@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce


[rt-users] [rt-announce] RT 4.2.12 released

2015-08-12 Thread Shawn Moore
RT 4.2.12 -- 2015-08-12
---

RT 4.2.12 contains important security fixes.

https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz.asc

SHA1 sums

ddbf70752c2b96354caf7687534addf075859d4d  rt-4.2.12.tar.gz
8e76c69a56a60afbe0a75673874a1f4510355350  rt-4.2.12.tar.gz.asc

This release is a security release which addresses the following
vulnerabilities:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages.  This vulnerability is assigned
CVE-2015-5475.  It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface.  This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.


A complete changelog is available from git by running:
git log rt-4.2.11..rt-4.2.12
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.11...rt-4.2.12



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
rt-announce mailing list
rt-annou...@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce


Re: [rt-users] Unable to grant Status changes rights to user

2015-06-29 Thread Shawn Moore
Hi Chrilly,

 2015/06/29 8:28、Chrilly Cheng chri...@gmail.com のメール:
 
 Issue resolved by rename the rights. It only supports 25 characters length.

Thanks for following up with your solution. I’ll see if I can remove that limit 
in RT, or at least warn about it!

 BR,
 Chrilly

Thanks,
Shawn


signature.asc
Description: Message signed with OpenPGP using GPGMail