ForceHTTPSLogin: Difference between revisions

From Request Tracker Wiki
Jump to navigation Jump to search
m (2 revisions imported)
 
m (Add syntaxhighlight tags to show code properly.)
 
Line 1: Line 1:
<nowiki>#
<syntaxhighlight>
#
  # rt-3.4.5-ForceHTTPSLogin.patch
  # rt-3.4.5-ForceHTTPSLogin.patch
  #
  #
Line 51: Line 52:
       mysql  =&gt; 'Apache::Session::MySQL',
       mysql  =&gt; 'Apache::Session::MySQL',
       Pg    =&gt; 'Apache::Session::Postgres',
       Pg    =&gt; 'Apache::Session::Postgres',
</nowiki>
</syntaxhighlight>

Latest revision as of 06:17, 1 February 2020

 #
 # rt-3.4.5-ForceHTTPSLogin.patch
 #
 # Warning: this patch is under devel, barely tested!!!
 #
 # * 2005.01.13 Paulo Matos &lt;paulo.matos@fct.unl.pt&gt;
 # - Updated to apply directly to 3.4.5.
 # * 2005.01.06 Paulo Matos &lt;paulo.matos@fct.unl.pt&gt;
 # - Redirect to https when credentials are not found;
 # - Redirect to http when credentials are found;
 # - Changed cookiename removing SERVER_PORT.
 #
 diff -uNr rt-3.4.5.orig/html/autohandler rt-3.4.5/html/autohandler
 --- rt-3.4.5.orig/html/autohandler  2005-02-01 14:20:40.000000000 +0000
 +++ rt-3.4.5/html/autohandler   2006-01-13 01:20:03.000000000 +0000
 @@ -72,6 +72,11 @@
 
  $m-&gt;comp('/Elements/SetupSessionCookie', %ARGS);
 
 +# check credentials and HTTPS, if so redirect to HTTP
 +if ($session{'CurrentUser'} &amp;&amp; $session{'CurrentUser'}-&gt;Id &amp;&amp; $ENV{'HTTPS'}) {
 +    $m-&gt;redirect('http://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
 +}
 +
  unless ($session{'CurrentUser'} &amp;&amp; $session{'CurrentUser'}-&gt;Id) {
      $session{'CurrentUser'} = RT::CurrentUser-&gt;new();
  }
 @@ -218,6 +223,10 @@
 
  # If we have no credentials
  else {
 +    # check if we are in HTTPS mode
 +    if (! $ENV{'HTTPS'} ) {
 +         $m-&gt;redirect('https://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
 +    }
      $m-&gt;comp('/Elements/Login', %ARGS);
      $m-&gt;abort();
  }
 diff -uNr rt-3.4.5.orig/html/Elements/SetupSessionCookie rt-3.4.5/html/Elements/SetupSessionCookie
 --- rt-3.4.5.orig/html/Elements/SetupSessionCookie  2005-04-18 02:44:50.000000000 +0100
 +++ rt-3.4.5/html/Elements/SetupSessionCookie   2006-01-13 01:20:03.000000000 +0000
 @@ -47,7 +47,9 @@
  return if $m-&gt;is_subrequest; # avoid reentrancy, as suggested by masonbook
 
  my %cookies = CGI::Cookie-&gt;fetch();
 -my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};
 +# removed SERVER_PORT from cookie name so it can be valid on HTTP and HTTPS
 +#my $cookiename = "RT_SID_".$RT::rtname.".".$ENV{'SERVER_PORT'};
 +my $cookiename = "RT_SID_".$RT::rtname.".".'0000';
  my %backends = (
      mysql  =&gt; 'Apache::Session::MySQL',
      Pg     =&gt; 'Apache::Session::Postgres',