[Bps-public-commit] rt-authen-token branch, master, updated. 69394050cc19d586f0ab40c88a6ee29c87973bb4

Jim Brandt jbrandt at bestpractical.com
Tue Aug 29 14:24:08 EDT 2017 

The branch, master has been updated
       via  69394050cc19d586f0ab40c88a6ee29c87973bb4 (commit)
       via  3603069f2395fdb062c3385c55e1f652ef3d4cd2 (commit)
      from  0f3bcd2fa4563d14a7fb6b0ac8f211c0ec2d2c3d (commit)

Summary of changes:
 README                                | 7 +++++++
 html/Elements/AuthToken/CreateForm    | 4 ++++
 html/Elements/AuthToken/CreateResults | 6 ++++--
 lib/RT/Authen/Token.pm                | 7 +++++++
 4 files changed, 22 insertions(+), 2 deletions(-)

- Log -----------------------------------------------------------------
commit 3603069f2395fdb062c3385c55e1f652ef3d4cd2
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Tue Aug 29 11:51:28 2017 -0400

    Add docs for passing Authorization header via Apache

diff --git a/README b/README
index e606839..c1bfc93 100644
--- a/README
+++ b/README
@@ -46,6 +46,13 @@ INSTALLATION
 
             Plugin( "RT::Authen::Token" );
 
+    Update your Apache configuration
+        If you are running RT under Apache, add the following directive to
+        your RT Apache configuration to allow RT to access the Authorization
+        header.
+
+            SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+
     Restart your webserver
 
 AUTHOR
diff --git a/lib/RT/Authen/Token.pm b/lib/RT/Authen/Token.pm
index cc8c792..a3aafe6 100644
--- a/lib/RT/Authen/Token.pm
+++ b/lib/RT/Authen/Token.pm
@@ -101,6 +101,13 @@ Add this line:
 
     Plugin( "RT::Authen::Token" );
 
+=item Update your Apache configuration
+
+If you are running RT under Apache, add the following directive to your RT
+Apache configuration to allow RT to access the Authorization header.
+
+    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+
 =item Restart your webserver
 
 =back

commit 69394050cc19d586f0ab40c88a6ee29c87973bb4
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Tue Aug 29 14:21:12 2017 -0400

    Don't require a password for RT's with external authentication
    
    If RT is set up with an external authentication, it won't have
    a local password to validate. Use the logic already available in
    CurrentUserRequireToSetPassword to test for this condition and
    omit the password validation.

diff --git a/html/Elements/AuthToken/CreateForm b/html/Elements/AuthToken/CreateForm
index 39f9642..72f1f6f 100644
--- a/html/Elements/AuthToken/CreateForm
+++ b/html/Elements/AuthToken/CreateForm
@@ -4,6 +4,8 @@ $Error => ''
 $Description => ''
 </%ARGS>
 <%INIT>
+# Don't require password for systems with some form of federated auth
+my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
 </%INIT>
 <form class="authtoken-form" method="post" data-ajax-url="<% RT->Config->Get('WebPath') %>/Helpers/AuthToken/Create">
 % if ($Error) {
@@ -11,10 +13,12 @@ $Description => ''
 % }
 <input type="hidden" name="Owner" value="<% $Owner %>">
 <table>
+% if ( $res{'CanSet'} ){
 <tr>
 <td class="label"><&|/l, $session{'CurrentUser'}->Name()&>[_1]'s current password</&>:</td>
 <td class="value"><input type="password" name="Password" size="16" autocomplete="off" /></td>
 </tr>
+% }
 <tr>
 <td class="label"><&|/l&>Description</&>:<br><em><&|/l&>What's this token for?</&></em></td>
 <td class="value"><input type="text" name="Description" value="<% $Description %>" size="16" /></td>
diff --git a/html/Elements/AuthToken/CreateResults b/html/Elements/AuthToken/CreateResults
index 1fd42d4..3b98c1c 100644
--- a/html/Elements/AuthToken/CreateResults
+++ b/html/Elements/AuthToken/CreateResults
@@ -5,6 +5,8 @@ $Description => ''
 </%ARGS>
 <%INIT>
 my $token = RT::AuthToken->new($session{CurrentUser});
+# Don't require password for systems with some form of federated auth
+my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
 my ($error, $authstring);
 
 if (!$Owner) {
@@ -13,10 +15,10 @@ if (!$Owner) {
 elsif (!length($Description)) {
     $error = loc("Description cannot be blank.");
 }
-elsif (!length($Password)) {
+elsif ($res{'CanSet'} && !length($Password)) {
     $error = loc("Please enter your current password.");
 }
-elsif (!$session{CurrentUser}->IsPassword($Password) ) {
+elsif ($res{'CanSet'} && !$session{CurrentUser}->IsPassword($Password) ) {
     $error = loc("Please enter your current password correctly.");
 }
 else {

-----------------------------------------------------------------------

More information about the Bps-public-commit mailing list