https://github.com/bestpractical/rt-extension-resetpassword

https://github.com/bestpractical/rt-extension-resetpassword

Last synced: about 1 month ago
JSON representation

• Host: GitHub
• URL: https://github.com/bestpractical/rt-extension-resetpassword
• Owner: bestpractical
• Created: 2011-09-19T14:47:53.000Z (over 13 years ago)
• Default Branch: master
• Last Pushed: 2021-04-28T18:40:40.000Z (over 3 years ago)
• Last Synced: 2023-04-13T18:31:29.795Z (over 1 year ago)
• Language: Perl
• Homepage: http://search.cpan.org/dist/rt-extension-resetpassword
• Size: 207 KB
• Stars: 4
• Watchers: 9
• Forks: 11
• Open Issues: 5
• Metadata Files:
  • Readme: README
  • Changelog: Changes

Awesome Lists containing this project

README

        
NAME

    RT::Extension::ResetPassword - add "forgot your password?" link to RT

    instance

DESCRIPTION

    This extension for RT adds a new "Forgot your password?" link to the

    front of your RT instance. Any user can request that RT send them a

    password reset token by email. RT will send the user a one-time URL

    which he or she can use to reset her password.

    It also adds a new option to the user admin page in RT for the RT admin

    to send a password reset email for new users or users who have forgotten

    their passwords. See below for options to enable this admin feature only

    and disable self-service features.

RT VERSION

    Works with RT 4.0, 4.2, 4.4, 5.0

INSTALLATION

    perl Makefile.PL

    make

    make install

        May need root permissions

    Install Patches

        This is to enable searches for users with a password set.

        For RT 5 prior to 5.0.2, apply this:

            patch -p1 -d /opt/rt5 < patches/user-admin-callbacks.patch

        For RT 4.4.4, apply this:

            patch -p1 -d /opt/rt4 < patches/4.4.4-user-admin-callbacks.patch

        For RT 4 prior to 4.4.4, apply this:

            patch -p1 -d /opt/rt4 < patches/4-user-admin-callbacks.patch

        See below for details.

    make initdb

        Only run this the first time you install this module.

        If you run this twice, you may end up with duplicate data in your

        database.

        If you are upgrading this module, check for upgrading instructions

        in case changes need to be made to your database.

    Edit your /opt/rt4/etc/RT_SiteConfig.pm

        If you are using RT 4.2 or greater, add this line:

            Plugin('RT::Extension::ResetPassword');

        For RT 4.0, add this line:

            Set(@Plugins, qw(RT::Extension::ResetPassword));

        or add RT::Extension::ResetPassword to your existing @Plugins line.

    Clear your mason cache

            rm -rf /opt/rt4/var/mason_data/obj

    Restart your webserver

UPGRADING

    If you are upgrading from version 0.05, you will need to run make initdb

    as documented in INSTALLATION to install the Template used by this

    Extension.

    To run on RT 4.0 or 4.2, replace this line in the template:

        { RT::Interface::Web::RequestENV('REMOTE_ADDR') }

    with this:

        { $ENV{'REMOTE_ADDR'} }

CONFIGURATION

    This extension resets passwords managed by RT. It cannot reset passwords

    for RTs that use any configured external auth such as SAML, OAuth, LDAP,

    or Active Directory as RT does not have password reset connections in

    those external systems.

    The contents of the email sent to users can be found in the global

    PasswordReset template (do not confuse this with the core PasswordChange

    template).

    If you want to prevent unauthorized visitors from determining what user

    accounts exist and whether they are disabled, set

    HidePasswordResetErrors to 1 in your RT configuration; then any password

    reset request will appear to the requestor to have resulted in an email

    being sent, thus not revealing the reasons for any failure. All failures

    will still be logged with an appropriate diagnostic message.

    For an RT open to the internet the most secure configuration is to use

    the default configuration ( This means setting no config options from

    below ). The default configuration only allows for existing users with

    an existing password to reset their password.

    If the rights schema for the RT is tight then it could be desirable to

    allow users who have a user record in RT ( They have emailed RT before )

    but no password to create a password for themselves by setting

    $AllowUsersWithoutPassword to 1. This can allow for any user to access

    the RT self service pages. This can be dangerous if the RT rights are

    not set-up correctly as users could see data they should not be able to.

    The $CreateNewUserAndSetPassword and $CreateNewUserAsPrivileged config

    options should only be used when access to the RT web UI is limited.

    This usually means access to the web UI is restricted so that only users

    on the company network can access the UI and create new user records.

    $AllowUsersWithoutPassword

        Setting this config option to true will allow existing users who do

        not have a password value to send themselves a reset password email

        and set a password.

        Setting this to false (0) requires a user to already have a password

        to use the reset feature. This is useful for managing access and not

        automatically allowing new accounts to get a password.

        This extension adds a "Password Status" at the bottom of the Access

        control section on the user admin page which shows whether the user

        currently has a password set. The "Delete password" option allows

        you to clear passwords if a user should no longer have access.

        For RT 4.4 and 5, this extension also adds a checkbox to the user

        admin page that allows you to filter users, displaying only those

        who have a password set. If you disable the

        $AllowUsersWithoutPassword option, this checkbox allows you to see

        all users who have an existing password and would therefore be able

        to reset their password.

    $CreateNewUserAsPrivileged

        Set this config value to true if users creating a new account should

        default to privileged users.

        WARNING Setting this to true can be dangerous as it allows anyone to

        create a new priviledged user. Usually privlidged users are given

        rights to edit and see information not desired to be public.

    $CreateNewUserAndSetPassword

        This configuration option determines if a nonexistant user can

        create an new user record.

        WARNING See the note about the danger of setting this to true and

        setting $CreateNewUserAsPrivileged to true as well.

    $DisableResetPasswordOnLogin

        Set this config value to true if you do not want the "forgot

        password" option to display on the login page.

        This is useful if you want only the password reset email option on

        the RT user admin page, but no self-service options.

    $PasswordChangeLinkExpirySeconds

        Set this config value to the time in seconds before a

        password-change link expires. The default value is 4*60*60, meaning

        that password-change links expire after four hours by default.

    $ResetPasswordFromAddress

        By default, the From address in the password reset email is the

        default $CorrespondAddress from RT. You can use this option to set a

        different From address for the reset email.

AUTHOR

    Best Practical Solutions, LLC 

BUGS

    All bugs should be reported via email to

        L

    or via the web at

        L.

LICENSE AND COPYRIGHT

    This software is Copyright (c) 2012-2020 by Best Practical Solutions,

    LLC

    This is free software, licensed under:

      The GNU General Public License, Version 2, June 1991