[Rt-commit] rt branch, 4.4/crypt-minor-fixes, updated. rt-4.4.4-242-g53e13897f1

Dianne Skoll dianne at bestpractical.com
Thu Feb 4 08:25:56 EST 2021


The branch, 4.4/crypt-minor-fixes has been updated
       via  53e13897f11ac805df63f1c6d9c0a713ac9cad9e (commit)
      from  8922a3f80f556c74868d366b92f860e62bc86cef (commit)

Summary of changes:
 share/html/Crypt/GetSMIMECert.html | 32 +++++++++++++++++++-------------
 share/html/Elements/CryptStatus    |  2 +-
 2 files changed, 20 insertions(+), 14 deletions(-)

- Log -----------------------------------------------------------------
commit 53e13897f11ac805df63f1c6d9c0a713ac9cad9e
Author: Dianne Skoll <dianne at bestpractical.com>
Date:   Thu Feb 4 08:25:14 2021 -0500

    Download S/MIME certificate by Transaction Id instead of User Id
    
    This allows RT to restrict downloading to users who have permission
    to see the transaction.

diff --git a/share/html/Crypt/GetSMIMECert.html b/share/html/Crypt/GetSMIMECert.html
index f7d6d198ff..99c9f1948b 100644
--- a/share/html/Crypt/GetSMIMECert.html
+++ b/share/html/Crypt/GetSMIMECert.html
@@ -53,26 +53,32 @@
 <& /Elements/ListActions, actions => \@results &>
 
 <%ARGS>
-$User => undef
+$TxnId => undef
 $title => loc('Download S/MIME Certificate')
 </%ARGS>
 
 <%INIT>
 my @results;
-if (!$User || $User !~ /^\d+$/) {
-    push(@results, loc('User must be supplied to download an S/MIME certificate.'));
+if (!$TxnId || $TxnId !~ /^\d+$/) {
+    push(@results, loc('Transaction ID must be supplied to download an S/MIME certificate.'));
 } else {
-    my $u = RT::User->new(RT->SystemUser);
-    $u->Load($User);
-    if (!$u->id || !$u->SMIMECertificate) {
-        push(@results, loc('Could not find S/MIME certificate for specified user'));
+    my $txn = RT::Transaction->new( $session{'CurrentUser'} );
+    my ($status, $msg) = $txn->Load($TxnId);
+    if (!$status) {
+        push(@results, $msg);
     } else {
-        my $name = $u->EmailAddress || $u->Name || $u->id;
-        $r->content_type('application/x-x509-user-cert');
-        $r->header_out('Content-Disposition' => "attachment; filename=\"$name.crt\"");
-        $m->out($u->SMIMECertificate);
-        $m->flush_buffer;
-        $m->abort();
+        my $u = RT::User->new(RT->SystemUser);
+        $u->Load($txn->Creator);
+        if (!$u->id || !$u->SMIMECertificate) {
+            push(@results, loc('Could not find S/MIME certificate for specified user'));
+        } else {
+            my $name = $u->EmailAddress || $u->Name || $u->id;
+            $r->content_type('application/x-x509-user-cert');
+            $r->header_out('Content-Disposition' => "attachment; filename=\"$name.crt\"");
+            $m->out($u->SMIMECertificate);
+            $m->flush_buffer;
+            $m->abort();
+        }
     }
 }
 
diff --git a/share/html/Elements/CryptStatus b/share/html/Elements/CryptStatus
index a55a259e43..d39b1722c5 100644
--- a/share/html/Elements/CryptStatus
+++ b/share/html/Elements/CryptStatus
@@ -118,7 +118,7 @@ sub KeyDownloadLink {
         }
     } elsif ($protocol eq 'SMIME') {
         if ($Message && $Message->TransactionObj && $Message->TransactionObj->Creator) {
-            $txt = '<a href="' . RT->Config->Get('WebPath') . '/Crypt/GetSMIMECert.html?User=' . $Message->TransactionObj->Creator . '"> ' . loc('(Download S/MIME Certificate)') . '</a>';
+            $txt = '<a href="' . RT->Config->Get('WebPath') . '/Crypt/GetSMIMECert.html?TxnId=' . $Message->TransactionObj->Id . '"> ' . loc('(Download S/MIME Certificate)') . '</a>';
         }
     }
 

-----------------------------------------------------------------------


More information about the rt-commit mailing list