[rt-users] Login from other form

Joe Casadonte joe.casadonte at oracle.com
Mon Feb 18 09:56:05 EST 2008 

On 2/18/2008 8:37 AM, GUBBELS Jac wrote:

> I tried quite some things with PHP (cURL, snoopy etc) and even
> JavaScript to submit the login form without pressing the submit button,
> but I do not seem to be able to get those approaches to deliver.

Instead of trying to automate the form submission, what you should 
probably do is bypass the authentication altogether.  One simple way is 
to set the REMOTE_USER environment variable to the person's RT user 
name, and then set $RT::WebExternalAuth to true.  If you don't want such 
a simplistic and relatively insecure method of user spoofing available, 
you can override the code in the base autohandler (e.g. 
/opt/share/html/autohandler) to add in a transformation from your 
encrypted user credentials to a real RT user.  In 3.6.3 the code to be 
inserted would probably go here:

# If it's a noauth file, don't ask for auth.
if ( $m->base_comp->path =~ $RT::WebNoAuthRegex ) {
     $m->comp( { base_comp => $m->request_comp }, $m->fetch_next, %ARGS);
     $m->abort;
}

# If RT is configured for external auth, let's go through and get 
REMOTE_USER
elsif ($RT::WebExternalAuth) {

     # do we actually have a REMOTE_USER equivlent?
     if ( RT::Interface::Web::WebCanonicalizeInfo() ) {


between the first IF and the ELSIF.  Look inside of the

     if ( RT::Interface::Web::WebCanonicalizeInfo() ) {

block to see what to do once you have a user name.  Basically, you want 
to do some part of this:

         $session{'CurrentUser'} = RT::CurrentUser->new();
         my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load';

         if ( $^O eq 'MSWin32' and $RT::WebExternalGecos ) {
             my $NodeName = Win32::NodeName();
             $user =~ s/^\Q$NodeName\E\\//i;
         }

         $session{'CurrentUser'}->$load_method($user);

followed by a check to see if you actually loaded a user:

     if ( $session{'CurrentUser'}->Id() )

Or something like that.  HTH!

-- 
Regards,


joe
Joe Casadonte
joe.casadonte at oracle.com

==========                                                  ==========
== The statements and opinions expressed here are my own and do not ==
== necessarily represent those of Oracle Corporation.               ==
==========                                                  ==========

More information about the rt-users mailing list