ForceHTTPSLogin: Difference between revisions

From Request Tracker Wiki
Jump to navigation Jump to search
m (2 revisions imported)
(No difference)

Revision as of 15:09, 6 April 2016

#
 # rt-3.4.5-ForceHTTPSLogin.patch
 #
 # Warning: this patch is under devel, barely tested!!!
 #
 # * 2005.01.13 Paulo Matos <paulo.matos@fct.unl.pt>
 # - Updated to apply directly to 3.4.5.
 # * 2005.01.06 Paulo Matos <paulo.matos@fct.unl.pt>
 # - Redirect to https when credentials are not found;
 # - Redirect to http when credentials are found;
 # - Changed cookiename removing SERVER_PORT.
 #
 diff -uNr rt-3.4.5.orig/html/autohandler rt-3.4.5/html/autohandler
 --- rt-3.4.5.orig/html/autohandler  2005-02-01 14:20:40.000000000 +0000
 +++ rt-3.4.5/html/autohandler   2006-01-13 01:20:03.000000000 +0000
 @@ -72,6 +72,11 @@
 
  $m->comp('/Elements/SetupSessionCookie', %ARGS);
 
 +# check credentials and HTTPS, if so redirect to HTTP
 +if ($session{'CurrentUser'} && $session{'CurrentUser'}->Id && $ENV{'HTTPS'}) {
 +    $m->redirect('http://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
 +}
 +
  unless ($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {
      $session{'CurrentUser'} = RT::CurrentUser->new();
  }
 @@ -218,6 +223,10 @@
 
  # If we have no credentials
  else {
 +    # check if we are in HTTPS mode
 +    if (! $ENV{'HTTPS'} ) {
 +         $m->redirect('https://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
 +    }
      $m->comp('/Elements/Login', %ARGS);
      $m->abort();
  }
 diff -uNr rt-3.4.5.orig/html/Elements/SetupSessionCookie rt-3.4.5/html/Elements/SetupSessionCookie
 --- rt-3.4.5.orig/html/Elements/SetupSessionCookie  2005-04-18 02:44:50.000000000 +0100
 +++ rt-3.4.5/html/Elements/SetupSessionCookie   2006-01-13 01:20:03.000000000 +0000
 @@ -47,7 +47,9 @@
  return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
 
  my %cookies = CGI::Cookie->fetch();
 -my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};
 +# removed SERVER_PORT from cookie name so it can be valid on HTTP and HTTPS
 +#my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};
 +my $cookiename = "RT_SID_".$RT::rtname.".".'0000';
  my %backends = (
      mysql  => 'Apache::Session::MySQL',
      Pg     => 'Apache::Session::Postgres',
Retrieved from "https://rt-wiki.bestpractical.com/index.php?title=ForceHTTPSLogin&oldid=1351"