[rt-users] autogenerated password bug
Ed Davison
bfdi533 at cbacc-security3.mccombs.utexas.edu
Thu Oct 7 11:48:42 EDT 2004
I have added the following code from the RTWiki to autogenerate a
password for a new user:
{
if (($Transaction->CreatorObj->id != $RT::Nobody->id) &&
(!$Transaction->CreatorObj->Privileged) &&
($Transaction->CreatorObj->__Value('Password') eq '*NO-PASSWORD*')
) {
my $user = RT::User->new($RT::SystemUser);
$user->Load($Transaction->CreatorObj->Id);
my ($stat, $pass) = $user->SetRandomPassword();
if (!$stat) {
$OUT .=
"An internal error has occurred. RT was not able to set a password for
you. Please contact your local RT administrator for assistance.";
}
$out .= " You can check the current status and history of your requests
at:
".$RT::WebURL."
When prompted, enter the following username and password:
Username: ".$user->Name."
Password: ".$pass."
"; } }
Now, once that was implemented, it seemed to work just fine. But, then
I got a user reporting that he had gotten THREE username/password combos
in the same autoreply. Checking into this I found that all of the users
in the email had created tickets in the system previously. This is a
pretty big bug and has resulted in both the user and my department
director expressing concern over this bug.
In looking through the code, there are no where clauses and no splits
that I can see would account for multiple entries.
Any ideas why this would create THREE username/password entries in the
autoreply???
Ed Davison
More information about the rt-users
mailing list