[Rt-devel] Passing an authenticated user to RT

Mike Peachey mike.peachey at jennic.com
Mon Feb 11 08:44:49 EST 2008


Mike Peachey wrote:
> Mike Peachey wrote:
>> Jesse Vincent wrote:
>>> On Feb 11, 2008, at 5:18 AM, Mike Peachey wrote:
> 
> <tons about stuff>
> 
> I think I might actually have a way forward with this. I have confirmed 
> that the RT should have access to the cookie, and the cookie stores a 
> loginID which is permanently unique and stored in the MySQL database 
> against the users userID.
> 
> I *should*, theoretically, be able to pull that loginID, check it 
> against the database entry to pull the userID and then log the user in 
> (BEFORE the autocreate callback).
> 
> I *think* I could do this all from autohandler, but I'm not sure how 
> secure it is to be running MySQL calls from autohandler..
> 
> /me continues to ponder options.

Update:

I'm doing it from within the autohandler Auth callback which already 
contains code for custom MySQL authentication.

Prior to checking ifdef($user && pass), it will confirm the authenticity 
of the cookie and the user it refers to, and if it's good it will set a 
$confirmedByCookie and defined the $user.

$user is then used as normal, but ifdef($confirmedByCookie) will 
override $pass where necessary.

********************

What I don't know is where I should place the custom cookie checking 
code that connects to the database, pulls and converts data etc. Should 
it all be in the callback? Should I create a new function in 
Web::Interface somewhere? Should I add a subroutine within the callback? 
Should I add another callback containing the sub?

Where is the *RIGHT* place to put the code within RT's design architecture?
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________


More information about the Rt-devel mailing list