[rt-users] Use of cookies for external authentication

ParimalaRamdas at oaktech.com ParimalaRamdas at oaktech.com
Tue Jun 17 14:03:00 EDT 2003 

Hi,
 After much effort to learn the intricacies of RT, I have tried to 
implement an external authentication by the use of cookies. I say tried 
because it doen't seem to work. Let me explain what I have done so far.
-have set a cookie in my web-site which stores the user name, so when user 
clicks on rt link, the user should be created in rt db
-have added a line in RT_Siteconfig.pm Set($WebExternalAuth, 1);
-have modified a few lines and commented out a few in 
share/html/autohandler to make use of cookies.
But after this , I fail to understand why the user is not being created in 
the database. Can anyone help me please? 
Thanks,
Parimala.


<%INIT>
local *session;
Encode::_utf8_on($ARGS{$_}) foreach (keys %ARGS);

use CGI qw(standard);
use CGI::Cookie;

if ($ARGS{'Debug'}) {
        require Time::HiRes;
        $m->{'rt_base_time'} = [Time::HiRes::gettimeofday()];
 
}
else {
        $m->{'rt_base_time'} = time;
}
$m->comp('/Elements/SetupSessionCookie');

unless ($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {
    $session{'CurrentUser'} = RT::CurrentUser->new();
}

# Set the proper encoding for the current language handle
$r->content_type("text/html; charset=utf-8");

# If it's a noauth file, don't ask for auth.
if ($m->base_comp->path =~ '^/+NoAuth/' ||
    $m->base_comp->path =~ '^/+REST/\d+\.\d+/NoAuth/')
{
    $m->call_next();
    $m->abort();
}

# If RT is configured for external auth, let's get REMOTE_USER
#elsif ($RT::WebExternalAuth and length($ENV{'REMOTE_USER'})) {
elsif ($RT::WebExternalAuth) {
    my $orig_user = $user;

#    $user = $ENV{'REMOTE_USER'};
    my %cookies = fetch CGI::Cookie;
    my $name = $cookies{'user'}->value;
    $user = $name;

    $session{'CurrentUser'} = RT::CurrentUser->new();
    my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load';
 
    if ($^O eq 'MSWin32' and $RT::WebExternalGecos) {
        my $NodeName = Win32::NodeName();
        $user =~ s/^\Q$NodeName\E\\//i;
    }

    $session{'CurrentUser'}->$load_method($user);

    if ($RT::WebExternalAuto and !$session{'CurrentUser'}->Id() ) {
        # Create users on-the-fly with default attributes

        my $UserObj = RT::User->new(RT::CurrentUser->new('root'));

        my ($val, $msg) = $UserObj->Create(
            %{ref($RT::AutoCreate) ? $RT::AutoCreate : {}},
            Name         => $user,
            Gecos        => $user,
        );


        if ($val) {
            $UserObj->SetPrivileged(1);

#           if ($^O !~ /^(?:riscos|MacOS|MSWin32|dos|os2)$/) {
                # Populate fields with information from Unix /etc/passwd
#
#               my ($comments, $realname) = (getpwnam($user))[5, 6];
#               $UserObj->SetComments($comments) if defined $comments;
#               $UserObj->SetRealName($realname) if defined $realname;
#           }
#           elsif ($^O eq 'MSWin32' and eval 'use Net::AdminMisc; 1') {
                # Populate fields with information from NT domain 
controller
#           }

            $session{'CurrentUser'}->Load($user);
        }
        else {
            delete $session{'CurrentUser'};
            $m->abort() unless $RT::WebFallbackToInternalAuth;
            $m->comp('/Elements/Login', %ARGS, Error=> loc('Cannot create 
user: [_1]', $msg));
        }
    }

    unless ( $session{'CurrentUser'}->Id() ) {
        delete $session{'CurrentUser'};
        $user = $orig_user;

        if ( $RT::WebExternalOnly ) { 
            $m->comp('/Elements/Login', %ARGS, Error=> loc('You are not an 
authorized user'));
            $m->abort();
        }
    }
}

delete $session{'CurrentUser'}
    unless $session{'CurrentUser'} and defined 
$session{'CurrentUser'}->Id;

# If the user is logging in, let's authenticate
if (!$session{'CurrentUser'} && defined ($user) && defined ($pass) ){
    $session{'CurrentUser'} = RT::CurrentUser->new();
    $session{'CurrentUser'}->Load($user);

    if (!$session{'CurrentUser'}->id() ||
        !$session{'CurrentUser'}->IsPassword($pass))
    {
        delete $session{'CurrentUser'};
        $m->comp('/Elements/Login', %ARGS,
                 Error => loc('Your username or password is incorrect'));
        $m->abort();
    }
}
 
# If we've got credentials, let's serve the file up.
if ( (defined $session{'CurrentUser'}) and 
     ( $session{'CurrentUser'}->Id) ) {
 
    # Process per-page global callbacks
    $m->comp('/Elements/Callback', %ARGS);

    # If the user isn't privileged, they can only see SelfService
    if ((! $session{'CurrentUser'}->Privileged) and
        ($m->base_comp->path !~ '^(/+)SelfService/') ) {
        $m->comp('/SelfService/index.html');
        $m->abort();
    }
    else {
        $m->call_next();
    }
}

# If we have no credentials
else {
    $m->comp('/Elements/Login', %ARGS);
    $m->abort();
}
</%INIT>
<& /Elements/Footer, %ARGS &>
<%ARGS>
$user => undef
$pass => undef
$menu => undef
</%ARGS>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20030617/8e84e899/attachment.htm>

More information about the rt-users mailing list