[Bps-public-commit] rt-authen-token branch, new-config-option-disable-password, created. 50579de704b8d0548216e80d19439ac359c9b1e2

Aaron Trevena ast at bestpractical.com
Mon Jun 29 08:00:15 EDT 2020


The branch, new-config-option-disable-password has been created
        at  50579de704b8d0548216e80d19439ac359c9b1e2 (commit)

- Log -----------------------------------------------------------------
commit 50579de704b8d0548216e80d19439ac359c9b1e2
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Tue Jun 23 19:27:05 2020 +0100

    Add configuration to disable password check on creation of tokens
    
    Added new behaviour and documentation, updated changelog

diff --git a/Changes b/Changes
index 3893a55..cbfb064 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for RT-Authen-Token
 
+0.04 2020-06-24
+ - Don't require a password for token creation when RT is configured
+   with DisablePasswordForAuthToken set to true
+
 0.03 2017-09-06
  - Don't require a password for token creation when RT is configured
    with External Authentication.
diff --git a/README b/README
index c1bfc93..9f280c8 100644
--- a/README
+++ b/README
@@ -55,6 +55,14 @@ INSTALLATION
 
     Restart your webserver
 
+CONFIGURATION
+
+    If you have a mix of local and external authentication you can disable
+    requiring a password to create or edit tokens with the following line
+    in /opt/rt4/etc/RT_SiteConfig.pm :
+
+        Set($DisablePasswordForAuthToken, 1);
+
 AUTHOR
     Best Practical Solutions, LLC <modules at bestpractical.com>
 
diff --git a/html/Elements/AuthToken/CreateForm b/html/Elements/AuthToken/CreateForm
index 72f1f6f..6a2965f 100644
--- a/html/Elements/AuthToken/CreateForm
+++ b/html/Elements/AuthToken/CreateForm
@@ -6,6 +6,10 @@ $Description => ''
 <%INIT>
 # Don't require password for systems with some form of federated auth
 my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+   $require_password = 0;
+}
 </%INIT>
 <form class="authtoken-form" method="post" data-ajax-url="<% RT->Config->Get('WebPath') %>/Helpers/AuthToken/Create">
 % if ($Error) {
@@ -13,7 +17,7 @@ my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
 % }
 <input type="hidden" name="Owner" value="<% $Owner %>">
 <table>
-% if ( $res{'CanSet'} ){
+% if ( $require_password ){
 <tr>
 <td class="label"><&|/l, $session{'CurrentUser'}->Name()&>[_1]'s current password</&>:</td>
 <td class="value"><input type="password" name="Password" size="16" autocomplete="off" /></td>
diff --git a/html/Elements/AuthToken/CreateResults b/html/Elements/AuthToken/CreateResults
index 3b98c1c..568b2bf 100644
--- a/html/Elements/AuthToken/CreateResults
+++ b/html/Elements/AuthToken/CreateResults
@@ -7,6 +7,10 @@ $Description => ''
 my $token = RT::AuthToken->new($session{CurrentUser});
 # Don't require password for systems with some form of federated auth
 my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+   $require_password = 0;
+}
 my ($error, $authstring);
 
 if (!$Owner) {
@@ -15,10 +19,10 @@ if (!$Owner) {
 elsif (!length($Description)) {
     $error = loc("Description cannot be blank.");
 }
-elsif ($res{'CanSet'} && !length($Password)) {
+elsif ($require_password && !length($Password)) {
     $error = loc("Please enter your current password.");
 }
-elsif ($res{'CanSet'} && !$session{CurrentUser}->IsPassword($Password) ) {
+elsif ($require_password && !$session{CurrentUser}->IsPassword($Password) ) {
     $error = loc("Please enter your current password correctly.");
 }
 else {
diff --git a/lib/RT/Authen/Token.pm b/lib/RT/Authen/Token.pm
index bac8d4d..dd0ca1f 100644
--- a/lib/RT/Authen/Token.pm
+++ b/lib/RT/Authen/Token.pm
@@ -112,6 +112,14 @@ Apache configuration to allow RT to access the Authorization header.
 
 =back
 
+=head1 CONFIGURATION
+
+If you have a mix of local and external authentication you can disable
+requiring a password to create or edit tokens with the following line
+in /opt/rt4/etc/RT_SiteConfig.pm :
+
+    Set($DisablePasswordForAuthToken, 1);
+
 =head1 AUTHOR
 
 Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>

-----------------------------------------------------------------------


More information about the Bps-public-commit mailing list