[Bps-public-commit] rt-authen-token branch, new-config-option-disable-password, created. 50579de704b8d0548216e80d19439ac359c9b1e2
Aaron Trevena
ast at bestpractical.com
Mon Jun 29 08:00:15 EDT 2020
The branch, new-config-option-disable-password has been created
at 50579de704b8d0548216e80d19439ac359c9b1e2 (commit)
- Log -----------------------------------------------------------------
commit 50579de704b8d0548216e80d19439ac359c9b1e2
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date: Tue Jun 23 19:27:05 2020 +0100
Add configuration to disable password check on creation of tokens
Added new behaviour and documentation, updated changelog
diff --git a/Changes b/Changes
index 3893a55..cbfb064 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
Revision history for RT-Authen-Token
+0.04 2020-06-24
+ - Don't require a password for token creation when RT is configured
+ with DisablePasswordForAuthToken set to true
+
0.03 2017-09-06
- Don't require a password for token creation when RT is configured
with External Authentication.
diff --git a/README b/README
index c1bfc93..9f280c8 100644
--- a/README
+++ b/README
@@ -55,6 +55,14 @@ INSTALLATION
Restart your webserver
+CONFIGURATION
+
+ If you have a mix of local and external authentication you can disable
+ requiring a password to create or edit tokens with the following line
+ in /opt/rt4/etc/RT_SiteConfig.pm :
+
+ Set($DisablePasswordForAuthToken, 1);
+
AUTHOR
Best Practical Solutions, LLC <modules at bestpractical.com>
diff --git a/html/Elements/AuthToken/CreateForm b/html/Elements/AuthToken/CreateForm
index 72f1f6f..6a2965f 100644
--- a/html/Elements/AuthToken/CreateForm
+++ b/html/Elements/AuthToken/CreateForm
@@ -6,6 +6,10 @@ $Description => ''
<%INIT>
# Don't require password for systems with some form of federated auth
my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+ $require_password = 0;
+}
</%INIT>
<form class="authtoken-form" method="post" data-ajax-url="<% RT->Config->Get('WebPath') %>/Helpers/AuthToken/Create">
% if ($Error) {
@@ -13,7 +17,7 @@ my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
% }
<input type="hidden" name="Owner" value="<% $Owner %>">
<table>
-% if ( $res{'CanSet'} ){
+% if ( $require_password ){
<tr>
<td class="label"><&|/l, $session{'CurrentUser'}->Name()&>[_1]'s current password</&>:</td>
<td class="value"><input type="password" name="Password" size="16" autocomplete="off" /></td>
diff --git a/html/Elements/AuthToken/CreateResults b/html/Elements/AuthToken/CreateResults
index 3b98c1c..568b2bf 100644
--- a/html/Elements/AuthToken/CreateResults
+++ b/html/Elements/AuthToken/CreateResults
@@ -7,6 +7,10 @@ $Description => ''
my $token = RT::AuthToken->new($session{CurrentUser});
# Don't require password for systems with some form of federated auth
my %res = $session{'CurrentUser'}->CurrentUserRequireToSetPassword();
+my $require_password = 1;
+if ( RT->Config->Get('DisablePasswordForAuthToken') or not $res{'CanSet'}) {
+ $require_password = 0;
+}
my ($error, $authstring);
if (!$Owner) {
@@ -15,10 +19,10 @@ if (!$Owner) {
elsif (!length($Description)) {
$error = loc("Description cannot be blank.");
}
-elsif ($res{'CanSet'} && !length($Password)) {
+elsif ($require_password && !length($Password)) {
$error = loc("Please enter your current password.");
}
-elsif ($res{'CanSet'} && !$session{CurrentUser}->IsPassword($Password) ) {
+elsif ($require_password && !$session{CurrentUser}->IsPassword($Password) ) {
$error = loc("Please enter your current password correctly.");
}
else {
diff --git a/lib/RT/Authen/Token.pm b/lib/RT/Authen/Token.pm
index bac8d4d..dd0ca1f 100644
--- a/lib/RT/Authen/Token.pm
+++ b/lib/RT/Authen/Token.pm
@@ -112,6 +112,14 @@ Apache configuration to allow RT to access the Authorization header.
=back
+=head1 CONFIGURATION
+
+If you have a mix of local and external authentication you can disable
+requiring a password to create or edit tokens with the following line
+in /opt/rt4/etc/RT_SiteConfig.pm :
+
+ Set($DisablePasswordForAuthToken, 1);
+
=head1 AUTHOR
Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list