[Rt-devel] Passing an authenticated user to RT

Mike Peachey mike.peachey at jennic.com
Mon Feb 11 08:44:49 EST 2008

Mike Peachey wrote:
> Mike Peachey wrote:
>> Jesse Vincent wrote:
>>> On Feb 11, 2008, at 5:18 AM, Mike Peachey wrote:
> <tons about stuff>
> I think I might actually have a way forward with this. I have confirmed 
> that the RT should have access to the cookie, and the cookie stores a 
> loginID which is permanently unique and stored in the MySQL database 
> against the users userID.
> I *should*, theoretically, be able to pull that loginID, check it 
> against the database entry to pull the userID and then log the user in 
> (BEFORE the autocreate callback).
> I *think* I could do this all from autohandler, but I'm not sure how 
> secure it is to be running MySQL calls from autohandler..
> /me continues to ponder options.


I'm doing it from within the autohandler Auth callback which already 
contains code for custom MySQL authentication.

Prior to checking ifdef($user && pass), it will confirm the authenticity 
of the cookie and the user it refers to, and if it's good it will set a 
$confirmedByCookie and defined the $user.

$user is then used as normal, but ifdef($confirmedByCookie) will 
override $pass where necessary.


What I don't know is where I should place the custom cookie checking 
code that connects to the database, pulls and converts data etc. Should 
it all be in the callback? Should I create a new function in 
Web::Interface somewhere? Should I add a subroutine within the callback? 
Should I add another callback containing the sub?

Where is the *RIGHT* place to put the code within RT's design architecture?
Kind Regards,


Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

More information about the Rt-devel mailing list