[Bps-public-commit] rt-authen-token branch, new-config-option-disable-password, created. a7d1d1d40e607c65988c98ae1650bbe0833a3295

Aaron Trevena ast at bestpractical.com
Tue Jun 23 14:28:01 EDT 2020 

The branch, new-config-option-disable-password has been created
        at  a7d1d1d40e607c65988c98ae1650bbe0833a3295 (commit)

- Log -----------------------------------------------------------------
commit a7d1d1d40e607c65988c98ae1650bbe0833a3295
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Tue Jun 23 19:27:05 2020 +0100

    Add configuration to disable password check on creation of tokens
    
    Added new behaviour and documentation, updated changelog

diff --git a/Changes b/Changes
index 3893a55..cbfb064 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for RT-Authen-Token
 
+0.04 2020-06-24
+ - Don't require a password for token creation when RT is configured
+   with DisablePasswordForAuthToken set to true
+
 0.03 2017-09-06
  - Don't require a password for token creation when RT is configured
    with External Authentication.
diff --git a/README b/README
index c1bfc93..1c2eb13 100644
--- a/README
+++ b/README
@@ -46,6 +46,13 @@ INSTALLATION
 
             Plugin( "RT::Authen::Token" );
 
+    If you have a mix of local and external authentication you can disable
+    requireing a password to create or edit tokens with the following line
+    in /opt/rt4/etc/RT_SiteConfig.pm :
+
+        Set($DisablePasswordForAuthToken, 1);
+
+
     Update your Apache configuration
         If you are running RT under Apache, add the following directive to
         your RT Apache configuration to allow RT to access the Authorization
diff --git a/html/Elements/AuthToken/CreateForm b/html/Elements/AuthToken/CreateForm
index 72f1f6f..6a2965f 100644
--- a/html/Elements/AuthToken/CreateForm
+++ b/html/Elements/AuthToken/CreateForm
@@ -6,6 +6,10 @@ $Description => ''
 <%INIT>
 # Don't require password for systems with some form of federated auth
 my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+   $require_password = 0;
+}
 </%INIT>
 <form class="authtoken-form" method="post" data-ajax-url="<% RT->Config->Get('WebPath') %>/Helpers/AuthToken/Create">
 % if ($Error) {
@@ -13,7 +17,7 @@ my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
 % }
 <input type="hidden" name="Owner" value="<% $Owner %>">
 <table>
-% if ( $res{'CanSet'} ){
+% if ( $require_password ){
 <tr>
 <td class="label"><&|/l, $session{'CurrentUser'}->Name()&>[_1]'s current password</&>:</td>
 <td class="value"><input type="password" name="Password" size="16" autocomplete="off" /></td>
diff --git a/html/Elements/AuthToken/CreateResults b/html/Elements/AuthToken/CreateResults
index 3b98c1c..568b2bf 100644
--- a/html/Elements/AuthToken/CreateResults
+++ b/html/Elements/AuthToken/CreateResults
@@ -7,6 +7,10 @@ $Description => ''
 my $token = RT::AuthToken->new($session{CurrentUser});
 # Don't require password for systems with some form of federated auth
 my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+   $require_password = 0;
+}
 my ($error, $authstring);
 
 if (!$Owner) {
@@ -15,10 +19,10 @@ if (!$Owner) {
 elsif (!length($Description)) {
     $error = loc("Description cannot be blank.");
 }
-elsif ($res{'CanSet'} && !length($Password)) {
+elsif ($require_password && !length($Password)) {
     $error = loc("Please enter your current password.");
 }
-elsif ($res{'CanSet'} && !$session{CurrentUser}->IsPassword($Password) ) {
+elsif ($require_password && !$session{CurrentUser}->IsPassword($Password) ) {
     $error = loc("Please enter your current password correctly.");
 }
 else {
diff --git a/lib/RT/Authen/Token.pm b/lib/RT/Authen/Token.pm
index bac8d4d..0ee4914 100644
--- a/lib/RT/Authen/Token.pm
+++ b/lib/RT/Authen/Token.pm
@@ -101,6 +101,12 @@ Add this line:
 
     Plugin( "RT::Authen::Token" );
 
+If you have a mix of local and external authentication you can disable
+requireing a password to create or edit tokens with the following line
+in /opt/rt4/etc/RT_SiteConfig.pm :
+
+    Set($DisablePasswordForAuthToken, 1);
+
 =item Update your Apache configuration
 
 If you are running RT under Apache, add the following directive to your RT

-----------------------------------------------------------------------

More information about the Bps-public-commit mailing list