X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fhtml%2Fautohandler;fp=rt%2Fhtml%2Fautohandler;h=ce8b7569e1ffffdbd8972bd7727e8e59a3a99952;hp=0000000000000000000000000000000000000000;hb=945721f48f74d5cfffef7c7cf3a3d6bc2521f5dd;hpb=160be29a0dc62e79a4fb95d2ab8c0c7e5996760e diff --git a/rt/html/autohandler b/rt/html/autohandler new file mode 100644 index 000000000..ce8b7569e --- /dev/null +++ b/rt/html/autohandler @@ -0,0 +1,178 @@ +%# BEGIN LICENSE BLOCK +%# +%# Copyright (c) 1996-2003 Jesse Vincent +%# +%# (Except where explictly superceded by other copyright notices) +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# Unless otherwise specified, all modifications, corrections or +%# extensions to this work which alter its source code become the +%# property of Best Practical Solutions, LLC when submitted for +%# inclusion in the work. +%# +%# +%# END LICENSE BLOCK +<%INIT> + +# Roll back any dangling transactions from a previous failed connection +$RT::Handle->ForceRollback() if $RT::Handle->TransactionDepth; + + +local *session; +%ARGS = map { + # if they've passed multiple values, they'll be an array. if they've passed just one, a scalar + # whatever they are, mark them as utf8 + my $type = ref($_); + (!$type) + ? Encode::decode(utf8 => $_, Encode::FB_PERLQQ) : + ($type eq 'ARRAY') + ? [ map { ref($_) ? $_ : Encode::decode(utf8 => $_, Encode::FB_PERLQQ) } @$_ ] : + ($type eq 'HASH') + ? { map { ref($_) ? $_ : Encode::decode(utf8 => $_, Encode::FB_PERLQQ) } %$_ } : $_ +} %ARGS; + +if ($ARGS{'Debug'}) { + require Time::HiRes; + $m->{'rt_base_time'} = [Time::HiRes::gettimeofday()]; + +} +else { + $m->{'rt_base_time'} = time; +} +$m->comp('/Elements/SetupSessionCookie', %ARGS); + +unless ($session{'CurrentUser'} && $session{'CurrentUser'}->Id) { + $session{'CurrentUser'} = RT::CurrentUser->new(); +} + +# Set the proper encoding for the current language handle +$r->content_type("text/html; charset=utf-8"); + +# If it's a noauth file, don't ask for auth. +if ($m->base_comp->path =~ '^/+NoAuth/' || + $m->base_comp->path =~ '^/+REST/\d+\.\d+/NoAuth/') +{ + $m->call_next(%ARGS); + $m->abort(); +} + +# If RT is configured for external auth, let's get REMOTE_USER +elsif ($RT::WebExternalAuth and length($ENV{'REMOTE_USER'})) { + my $orig_user = $user; + + $user = $ENV{'REMOTE_USER'}; + $session{'CurrentUser'} = RT::CurrentUser->new(); + my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load'; + + if ($^O eq 'MSWin32' and $RT::WebExternalGecos) { + my $NodeName = Win32::NodeName(); + $user =~ s/^\Q$NodeName\E\\//i; + } + + $session{'CurrentUser'}->$load_method($user); + + if ($RT::WebExternalAuto and !$session{'CurrentUser'}->Id() ) { + # Create users on-the-fly with default attributes + + my $UserObj = RT::User->new(RT::CurrentUser->new('root')); + + my ($val, $msg) = $UserObj->Create( + %{ref($RT::AutoCreate) ? $RT::AutoCreate : {}}, + Name => $user, + Gecos => $user, + ); + + if ($val) { + $UserObj->SetPrivileged(1); + + if ($^O !~ /^(?:riscos|MacOS|MSWin32|dos|os2)$/) { + # Populate fields with information from Unix /etc/passwd + + my ($comments, $realname) = (getpwnam($user))[5, 6]; + $UserObj->SetComments($comments) if defined $comments; + $UserObj->SetRealName($realname) if defined $realname; + } + elsif ($^O eq 'MSWin32' and eval 'use Net::AdminMisc; 1') { + # Populate fields with information from NT domain controller + } + + $session{'CurrentUser'}->Load($user); + } + else { + delete $session{'CurrentUser'}; + $m->abort() unless $RT::WebFallbackToInternalAuth; + $m->comp('/Elements/Login', %ARGS, Error=> loc('Cannot create user: [_1]', $msg)); + } + } + + unless ( $session{'CurrentUser'}->Id() ) { + delete $session{'CurrentUser'}; + $user = $orig_user; + + if ( $RT::WebExternalOnly ) { + $m->comp('/Elements/Login', %ARGS, Error=> loc('You are not an authorized user')); + $m->abort(); + } + } +} + +delete $session{'CurrentUser'} + unless $session{'CurrentUser'} and defined $session{'CurrentUser'}->Id; + +# Process per-page authentication callbacks +$m->comp('/Elements/Callback', %ARGS, _CallbackName => 'Auth'); + +# If the user is logging in, let's authenticate +if (!$session{'CurrentUser'} && defined ($user) && defined ($pass) ){ + $session{'CurrentUser'} = RT::CurrentUser->new(); + $session{'CurrentUser'}->Load($user); + + if (!$session{'CurrentUser'}->id() || + !$session{'CurrentUser'}->IsPassword($pass)) + { + delete $session{'CurrentUser'}; + $m->comp('/Elements/Login', %ARGS, + Error => loc('Your username or password is incorrect')); + $m->abort(); + } +} + +# If we've got credentials, let's serve the file up. +if ( (defined $session{'CurrentUser'}) and + ( $session{'CurrentUser'}->Id) ) { + + # Process per-page global callbacks + $m->comp('/Elements/Callback', %ARGS); + + # If the user isn't privileged, they can only see SelfService + if ((! $session{'CurrentUser'}->Privileged) and + ($m->base_comp->path !~ '^(/+)SelfService/') ) { + $m->comp('/SelfService/index.html'); + $m->abort(); + } + else { + $m->call_next(%ARGS); + } +} + +# If we have no credentials +else { + $m->comp('/Elements/Login', %ARGS); + $m->abort(); +} + +<& /Elements/Footer, %ARGS &> +<%ARGS> +$user => undef +$pass => undef +$menu => undef +