[rt-users] Auto Login Link in autoreply with password

Marouane HIMDI marouane.himdi at kereval.com
Mon Aug 30 08:49:10 EDT 2010


  Torsten  talks about this tool  ttp://www.openwall.com/john/

Le 30/08/2010 14:19, Codatel Lists a écrit :
> what do you mean by parse it through john?
>
> On 30/08/2010, at 10:12 PM, Torsten Brumm wrote:
>
>> Damn, you are right, for users with a password this will not work.
>>
>> Hmmm, possibly other guys have better ideas....parse it through john 
>> and then you have it plain text :-(
>>
>> 2010/8/30 Codatel Lists <lists at codatel.com.au 
>> <mailto:lists at codatel.com.au>>
>>
>>     This is what the RT replied back to me in the email
>>
>>>     http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=
>>>     <http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=>
>>
>>     there was no password
>>
>>
>>     FYI the Auto generation script has no effect here as the
>>     requestor is an existing email address
>>
>>     so the
>>
>>>>         {$RT::WebURL}SelfService/Display.html?id={$Ticket->id()}&user={$Transaction->CreatorObj->Name}&pass={$pass}
>>>
>>
>>     line is outside the password auto genrating script.
>>
>>     I believe the $pass parameter has something to do with the script
>>     but it is not being understood as the line I used is not within
>>     that part of the script.
>>
>>
>>
>>
>>
>>     On 30/08/2010, at 7:48 PM, Torsten Brumm wrote:
>>
>>>     OK, the mail sent out, does it have the password posted?
>>>
>>>     Is this the correct link you created?
>>>     http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=
>>>     <http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=>
>>>
>>>     Or like this?
>>>     http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=
>>>     <http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=>$pass
>>>
>>>     ??
>>>     2010/8/30 Codatel Lists <lists at codatel.com.au
>>>     <mailto:lists at codatel.com.au>>
>>>
>>>         I have tried that and I get the following result.
>>>
>>>         The password is blank
>>>
>>>         http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=
>>>         <http://rt.mydomain.com/ticket/SelfService/Display.html?id=139&user=requestor@email.com&pass=>
>>>
>>>         On 30/08/2010, at 7:38 PM, Torsten Brumm wrote:
>>>
>>>>         Hi,
>>>>         looks like we didn't talked about the same...
>>>>
>>>>         You like to do this:
>>>>
>>>>         {$RT::WebURL}SelfService/Display.html?id={$Ticket->id()}&user={$Transaction->CreatorObj->Name}&pass={$Transaction->CreatorObj->__Value('Password')}
>>>>
>>>>         No idea what is stored
>>>>         here: $Transaction->CreatorObj->__Value('Password' but from
>>>>         the output you sent, it looks like the md5 of the password:
>>>>
>>>>         You should try this:
>>>>
>>>>         {$RT::WebURL}SelfService/Display.html?id={$Ticket->id()}&user={$Transaction->CreatorObj->Name}&pass={$pass}
>>>>
>>>>         inside $pass you sent out the plain text password and i
>>>>         think, the login method with the link will also have the
>>>>         plaintext pass.
>>>>
>>>>         Torsten
>>>>         2010/8/29 Codatel Lists <lists at codatel.com.au
>>>>         <mailto:lists at codatel.com.au>>
>>>>
>>>>             I am trying to setup my autoreply so that it has a
>>>>             direct link for the requestor to click and he can be
>>>>             logged straight into the RT.
>>>>             I am new to the eco system and have been playing around
>>>>             with it over the past few days.
>>>>             Ive hit a roadblock and am hoping someone can help me out.
>>>>
>>>>             I have inserted the following into the autoreply template
>>>>
>>>>             {$RT::WebURL}SelfService/Display.html?id={$Ticket->id()}&user={$Transaction->CreatorObj->Name}&pass={$Transaction->CreatorObj->__Value('Password')}
>>>>
>>>>
>>>>             It almost works perfectly except for the fact that the
>>>>             password actually goes out encrypted and is pretty useless.
>>>>
>>>>             this is the link that the requestor gets back
>>>>
>>>>
>>>>             http://rt.mydomain.com.au/ticket/SelfService/Display.html?id=138&user=requestor@email.com&pass=091128365216c001205810ed3po175fb
>>>>             <http://rt.mydoman.com/ticket/SelfService/Display.html?id=138&user=requestor@email.com&pass=091128365216c001205810ed3po175fb>
>>>>
>>>>
>>>>
>>>>             Below is my entire template.
>>>>
>>>>
>>>>             Can someone please let me know how I am able to send a
>>>>             clickable link with every autoreply that will take the
>>>>             requestor straight to the ticket on the web.
>>>>
>>>>             Subject: AutoReply: {$Ticket->Subject}
>>>>
>>>>
>>>>             Greetings,
>>>>
>>>>             This message has been automatically generated in
>>>>             response to the
>>>>             creation of a helpdesk call:
>>>>
>>>>                     "{$Ticket->Subject()}",
>>>>
>>>>             a summary of which appears below.
>>>>
>>>>             There is no need to reply to this message right now.
>>>>             Your ticket has been
>>>>              assigned an ID of [{$rtname} #{$Ticket->id()}]. Please
>>>>             include this string
>>>>             in the subject line of all future correspondence about
>>>>             this issue.
>>>>
>>>>             {
>>>>             *RT::User::GenerateRandomNextChar =
>>>>             \&RT::User::_GenerateRandomNextChar;
>>>>
>>>>
>>>>             if (($Transaction->CreatorObj->id != $RT::Nobody->id) &&
>>>>                 (!$Transaction->CreatorObj->Privileged) &&
>>>>                 ($Transaction->CreatorObj->__Value('Password') eq
>>>>             '*NO-PASSWORD*')
>>>>                 ) {
>>>>
>>>>
>>>>
>>>>                     my $user = RT::User->new($RT::SystemUser);
>>>>                     $user->Load($Transaction->CreatorObj->Id);
>>>>                     my ($stat, $pass) = $user->SetRandomPassword();
>>>>
>>>>
>>>>
>>>>                     if (!$stat) {
>>>>                             $OUT .=
>>>>
>>>>             "An internal error has occurred. RT was not able to set
>>>>             a password for you.
>>>>             Please contact your local RT administrator for
>>>>             assistance.";
>>>>
>>>>
>>>>                     }
>>>>
>>>>
>>>>             $OUT .= "
>>>>             You can check the current status and history of your
>>>>             requests at:
>>>>
>>>>
>>>>                     ".$RT::WebURL."
>>>>
>>>>
>>>>             When prompted, enter the following username and password:
>>>>
>>>>
>>>>                     Username: ".$user->Name."
>>>>                     Password: ".$pass."
>>>>
>>>>             ";
>>>>             }
>>>>             }
>>>>             {$RT::WebURL}SelfService/Display.html?id={$Ticket->id()}&user={$Transaction->CreatorObj->Name}&pass={$Transaction->CreatorObj->__Value('Password')}
>>>>
>>>>                                     Thank you.
>>>>                                   
>>>>              {$Ticket->QueueObj->CorrespondAddress()}
>>>>
>>>>
>>>>             -------------------------------------------------------------------------
>>>>             {$Transaction->Content()}
>>>>
>>>>
>>>>             RT Training in Washington DC, USA on Oct 25 & 26 2010
>>>>             Last one this year -- Learn how to get the most out of RT!
>>>>
>>>>
>>>>
>>>>
>>>>         -- 
>>>>         MFG
>>>>
>>>>         Torsten Brumm
>>>>
>>>>         http://www.brumm.me <http://www.brumm.me/>
>>>>         http://www.elektrofeld.de <http://www.elektrofeld.de/>
>>>
>>>
>>>
>>>
>>>     -- 
>>>     MFG
>>>
>>>     Torsten Brumm
>>>
>>>     http://www.brumm.me <http://www.brumm.me/>
>>>     http://www.elektrofeld.de <http://www.elektrofeld.de/>
>>
>>
>>
>>
>> -- 
>> MFG
>>
>> Torsten Brumm
>>
>> http://www.brumm.me <http://www.brumm.me/>
>> http://www.elektrofeld.de <http://www.elektrofeld.de/>
>
>
>
> RT Training in Washington DC, USA on Oct 25&  26 2010
> Last one this year -- Learn how to get the most out of RT!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100830/ca702b89/attachment.htm>


More information about the rt-users mailing list