I tried quite some things with PHP (cURL, snoopy etc) and even
JavaScript to submit the login form without pressing the submit button,
but I do not seem to be able to get those approaches to deliver.
Instead of trying to automate the form submission, what you should
probably do is bypass the authentication altogether. One simple way is
to set the REMOTE_USER environment variable to the person’s RT user
name, and then set $RT::WebExternalAuth to true. If you don’t want such
a simplistic and relatively insecure method of user spoofing available,
you can override the code in the base autohandler (e.g.
/opt/share/html/autohandler) to add in a transformation from your
encrypted user credentials to a real RT user. In 3.6.3 the code to be
inserted would probably go here:
If it’s a noauth file, don’t ask for auth.
if ( $m->base_comp->path =~ $RT::WebNoAuthRegex ) {
$m->comp( { base_comp => $m->request_comp }, $m->fetch_next, %ARGS);
$m->abort;
}
If RT is configured for external auth, let’s go through and get
REMOTE_USER
elsif ($RT::WebExternalAuth) {
# do we actually have a REMOTE_USER equivlent?
if ( RT::Interface::Web::WebCanonicalizeInfo() ) {
between the first IF and the ELSIF. Look inside of the
if ( RT::Interface::Web::WebCanonicalizeInfo() ) {
block to see what to do once you have a user name. Basically, you want
to do some part of this:
$session{'CurrentUser'} = RT::CurrentUser->new();
my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load';
if ( $^O eq 'MSWin32' and $RT::WebExternalGecos ) {
my $NodeName = Win32::NodeName();
$user =~ s/^\Q$NodeName\E\\//i;
}
$session{'CurrentUser'}->$load_method($user);
followed by a check to see if you actually loaded a user:
if ( $session{'CurrentUser'}->Id() )
Or something like that. HTH!
Regards,
joe
Joe Casadonte
joe.casadonte@oracle.com
========== ==========
== The statements and opinions expressed here are my own and do not ==
== necessarily represent those of Oracle Corporation. ==
========== ==========