0.15 2013-05-22 Thomas Sibley
* Minor documentation updates to add NAME sections for MetaCPAN
0.14 2013-05-22 Thomas Sibley
* Prevent potential session reuse when Apache::Session::File is RT's
$WebSessionClass. This is also resolved by RT versions 4.0.13 and
3.8.17 and by the May 2013 security patches. Changes here are purely
for correctness/bulletproofing down the road.
* Moved much documentation from comments into POD; cleanups are still
needed, but this is a good start.
0.13 2013-01-31 Thomas Sibley
* Cut down on code by using the core RT::Record->Update method
0.12 2012-10-26 Thomas Sibley
* Redirect correctly after login on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
* Added "group_scope" as a configurable option.
* Tests: Add to LDAP the base DN under which we search for users/groups
0.11 2012-07-03 Alex Vandiver
* Obfuscate passwords in RT's System Configuration page
* Set an empty CurrentUser on failure, instead of removing it entirely
0.10_01 2012-02-23 Thomas Sibley
* Escape usernames in filter values so special characters don't die
0.10 2012-02-17 Thomas Sibley
* Silence confusing log messages when $ExternalInfoPriority is empty
0.09_03 2012-01-27 Thomas Sibley
* Fetch the necessary attributes when group_attr_value is used
* Test escaping of commas during the group check
0.09_02 2012-01-26 Thomas Sibley
* Improved logging inside the LDAP group membership check
0.09_01 2012-01-23 Thomas Sibley
* Improved logic when dealing with Disabled/disabling users
* Configurable group membership attribute values
* Group membership tests
0.09 2011-05-06 Kevin Falcone
* compatibility fixes for 3.8.10 and 4.0.0
* author testsuite
* updated README
v0.08_01 2011-02-18 Kevin Falcone
* Testing prerelase for 0.09, since 0.09_01 never made it to CPAN
* Upgrade Module::Install
* Remove and then replace a requires('RT') since Module::Install::RTx now
handles that
* Fix the features/recommends to work with modern MI
* Use CSS to hide password box for ExternalAuth users so they don't think
they can change their password via RT
* Fix for 3.8.9/4.0.0 to work with new Login infrastructure
NEVER RELEASED v0.09_01 2009-03-28 Mike Peachey <zordrak@cpan.org>
* Makefile.PL
Removed RT requirement since most RT installs are not done
via CPAN and therefore CPAN installation fails dependency
checking.
* ChangeLog
Added entry for v0.09_01
v0.08 2009-01-24 Mike Peachey <zordrak@cpan.org>
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.08
* ChangeLog
Added entry for v0.08
* etc/RT_SiteConfig.pm
Added ssl_version to example LDAP config as it is used by
the code, but had not been demonstrated.
s/Crypt::MD5::md5_hex/Digest::MD5::md5_hex/ in example DBI
config.
Added the ability to provide a static salt to the p_enc_sub
however this behavious may be reviewed in future releases
to allow integration with better encryption methods.
s/userSupportAccess/disabled/ in example DBI config.
* html/Callbacks/ExternalAuth/autohandler/Auth
Modified the log message regarding the RT-3.8.[01] plugin
bug from error level to debug level and modified the text
of the message to be more clear for RT-3.8.2+ users.
v0.08_01 2009-01-20 Mike Peachey <zordrak@cpan.org>
* ChangeLog
Added entry for v0.08_01
Tabs-to-spaces conversion made where needed.
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.08_01
DoAuth method created to inherit the work that used to be
performed by the Auth callback for autohandler.
GetAuth reduced to an interface. Its purpose is now just to
check what type of service was passed and then call the
GetAuth method from the right package.
Authentication now halts and returns with error if
ExternalAuthPriority is not set. This prevents a fairly
useless compile error and logs an explanation instead.
Information lookup is now bypassed and logged if
ExternalInfoPriority is not set, preventing another useless
compile error and replacing it with an explanation.
SSO Cookie authentication now available following the
integration of RT::Authen::CookieAuth. Methods updated
to reflect the availability of this service.
* lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
File added to house the cookie grab. While SSO cookies are
a function of DBI authentication (at the moment at least)
there is no need for DBI.pm to use CGI::Cookie for this one
purpose. With the future possibility of futher cookie
functions as well, I decided it deserved its own module.
* lib/RT/Authen/ExternalAuth/LDAP.pm
Changed an unless($base) to unless(defined($base)) to allow
for the use of a defined, but empty, baseDN so that an LDAP
directory may be searched from the root.
* etc/RT_SiteConfig.pm
CookieAuth settings have been merged into the ExternalAuth
settings hash. Example from CookieAuth has been merged in.
'auth' and 'info' settings have been deprecated and so have
been removed from the examples. The function they served has
been replaced by the ExternalAuthPriority and
ExternalInfoPriority variables.
* lib/RT/Authen/User_Vendor.pm
The override for the IsPassword method has been deprecated
and deleted. It is no longer necessary to do password tests
as a call to the User object. The equivalent function is
now provided by GetAuth in ExternalAuth.pm and is called
with an ExternalAuth service name, username and password.
Currently, this only needs to be called by DoAuth in
ExternalAuth.pm
While RT::Authen::ExternalAuth used to be used to integrate
internal RT authentication with an external method as a single
operation, this causes a lack of modularity. Now ExternalAuth
is only concerned with its own authentication methods and if
they fail then RT will decide to do fallback to internal
authentication on its own.
* html/Callbacks/ExternalAuth/autohandler/Auth
Workaround for RT versions 3.8.0 and 3.8.1 removed.
RT::Authen::ExternalAuth v0.08 will be officially compatible
only with versions 3.8.2 and up.
All functionality has been replaced by a call to ExternalAuth.pm's
DoAuth method. This is permitted by the passing of a reference to
the current session variable. DoAuth simply modifies that variable
as necessary to perform its function. Any data returned is purely
informational.
* README
Updated to include basic information on SSO cookies.
* Makefile.PL
Updated to reflect the integration of RT::Authen::CookieAuth.
v0.07_02 2008-12-22 Kevin Falcone <falcone@cpan.org>
* html/Callbacks/ExternalAuth/autohandler/Auth
Make the workaround needed for 3.8.1 work on 3.8.2
v0.07_01 2008-11-06 Mike Peachey <zordrak@cpan.org>
Kevin Falcone <falcone@cpan.org>
* ALL
Complete code refactoring and updates for RT-3.8.x
compatability.
v0.06 2008-11-01 Mike Peachey <zordrak@cpan.org>
* README
A few minor tweaks.
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.06
* etc/RT_SiteConfig.pm
A number of clarifications added to the example config comments
such as making clear the fact that a valid d_filter is required.
v0.06_03 2008-10-31 Mike Peachey <zordrak@cpan.org>
Kevin Falcone <falcone@cpan.org>
* html/Callbacks/ExternalAuth/autohandler/Auth
Add fix to work around a plugin bug in RT-3.8.0 & RT-3.8.1
preventing User_Vendor.pm overlay being required before
RT::User is loaded.
Check the return value from calling RT::User::Create.
Check the return value when loading an autocreated user.
* README
Updated to talk about removing old files in local/.
* lib/RT/Authen/User_Vendor.pm
Added error-checking to complain if a an LDAP configuration is
in use, but no d_filter has been specified.
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.06_03.
* ChangeLog
General clean-up.
v0.06_02 2008-10-01 Kevin Falcone <falcone@cpan.org>
* ChangeLog
Updates to previous release.
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.06_02.
v0.06_01 2008-10-17 Kevin Falcone <falcone@cpan.org>
* lib/RT/Authen/User_Vendor.pm
Add a patch to be compatible with 3.8
* Upgrade Module::Install::RTx to work better with RT-3.8.x
v0.05 2008-04-09 Mike Peachey <zordrak@cpan.org>
* lib/RT/Authen/User_Vendor.pm
Typo on line 962. s/servicen/service/
* html/Callbacks/ExternalAuth/autohandler/Auth
Deprecated $user_autocreated. It was being used to prevent a call
to RT::User::UpdateFromExternal in User_Vendor.pm because it was
deemed an unecessary expense to set the user's info and then look
it up again straight after. However, I have since realised that
UpdateFromExternal is the only code doing a check to see if the
user has been disabled in the external source and so bypassing
it when users are created allows new users to log in once even
if they have not been "enabled".
I will be doing a small rewrite of this code in the future to
abstract the External disable-lookup code from UpdateFromExternal
and perhaps remove the function altogether, but for now everything
will work fine.
* ChangeLog
I did it again. I added a / on the front of the path to
ExternalAuth.pm. What a plonker!
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.05
v0.04 2008-04-03 Mike Peachey <zordrak@cpan.org>
* etc/RT_SiteConfig.pm
The example LDAP ExternalSettings configuration did not contain
example values for user and pass for RT's connection to an LDAP
server. These have now been added.
Thanks to Andrew Fay <andrew.fay@hotmail.com> for noticing this one.
* ChangeLog
Removed a "/" from the start of the ExternalAuth.pm file line in 0.03
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.04
v0.03 2008-03-31 Mike Peachey <zordrak@cpan.org>
* html/Callbacks/ExternalAuth/autohandler/Auth
Bug found on lines 94-100.
The ELSE block starting on line 95 was assigned to the IF starting
on 85 instead of the IF block starting on line 86. This meant that
if the user entered at the login screen exists no password would
be checked.
It was doing this:
If session has current user who has an ID
If password has already been validated
SUCCESS
Else
Return to autohandler with valid session & implicit auth
Else delete session
This has now been corrected to this:
If session has current user who has an ID
If password has already been validated
SUCCESS
Else
Delete session
Else return to autohandler with whatever we had before the block
* lib/RT/Authen/ExternalAuth.pm
Version updated to 0.03
v0.02 2008-03-17 Mike Peachey <zordrak@cpan.org>
* lib/RT/User_Vendor.pm
Bug #1 found on line 446.
CanonicalizeUserInfo was being called directly, instead of being
called on the $self user object.
This was causing CanonicalizeUserInfo to shift the e-mail address
it was passed into the $self var instead of the $email var. It was
therefore returning a blank e-mail address regardless of the input.
* lib/RT/User_Vendor.pm
Header comments altered to reflect that the file is part of the
RT::Authen::ExternalAuth extension.
* /lib/RT/Authen/ExternalAuth.pm
Version updated to 0.02
v0.01 2008-03-13 Mike Peachey <zordrak@cpan.org>
* Initial Release