diff --git a/include/class.auth.php b/include/class.auth.php
index 30a4290b64ca5e4d12909f69108dcc81dbc593ff..9619a389f0af1b32cca214132205155d915f8d6f 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -1044,6 +1044,11 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
function signOn() {
+ global $cfg;
+
+
+ if (!$cfg || !$cfg->isAuthTokenEnabled())
+ return null;
$user = null;
if ($_GET['auth']) {
@@ -1119,7 +1124,9 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
}
}
-UserAuthenticationBackend::register('AuthTokenAuthentication');
+
+if ($cfg && $cfg->isAuthTokenEnabled())
+ UserAuthenticationBackend::register('AuthTokenAuthentication');
//Simple ticket lookup backend used to recover ticket access link.
// We're using authentication backend so we can guard aganist brute force
diff --git a/include/class.client.php b/include/class.client.php
index 50fda6cef195f8e01e9e4277ade1a5cc31f82d57..23b64d161fb1772cbd788e1cd194b683f04989c2 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -41,12 +41,14 @@ implements EmailContact, ITicketUser, TemplateVariable {
$tag = substr($name, 3);
switch (strtolower($tag)) {
case 'ticket_link':
+ $qstr = array();
+ if ($cfg && $cfg->isAuthTokenEnabled()
+ && ($ticket=$this->getTicket()))
+ $qstr['auth'] = $ticket->getAuthToken($this);
+
return sprintf('%s/view.php?%s',
$cfg->getBaseUrl(),
- Http::build_query(
- array('auth' => $this->getTicket()->getAuthToken($this)),
- false
- )
+ Http::build_query($qstr, false)
);
break;
}
@@ -64,7 +66,7 @@ implements EmailContact, ITicketUser, TemplateVariable {
return array(
'email' => __('Email address'),
'name' => array('class' => 'PersonsName', 'desc' => __('Full name')),
- 'ticket_link' => __('Auth. token used for auto-login'),
+ 'ticket_link' => __('Link to view the ticket'),
);
}
diff --git a/include/class.config.php b/include/class.config.php
index b3c75485c1ed9d8862656cb4e9c2e8ea1d1dc20f..dcc47d01d49ebbf2339a4080411465e820515117 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -173,6 +173,7 @@ class OsticketConfig extends Config {
'default_help_topic' => 0,
'help_topic_sort_mode' => 'a',
'client_verify_email' => 1,
+ 'allow_auth_tokens' => 1,
'verify_email_addrs' => 1,
'client_avatar' => 'gravatar.mm',
'agent_avatar' => 'gravatar.mm',
@@ -659,6 +660,10 @@ class OsticketConfig extends Config {
return $this->get('client_verify_email');
}
+ function isAuthTokenEnabled() {
+ return $this->get('allow_auth_tokens');
+ }
+
function isCaptchaEnabled() {
return (extension_loaded('gd') && function_exists('gd_info') && $this->get('enable_captcha'));
}
@@ -1159,6 +1164,7 @@ class OsticketConfig extends Config {
'clients_only'=>isset($vars['clients_only'])?1:0,
'client_registration'=>$vars['client_registration'],
'client_verify_email'=>isset($vars['client_verify_email'])?1:0,
+ 'allow_auth_tokens' => isset($vars['allow_auth_tokens']) ? 1 : 0,
'client_name_format'=>$vars['client_name_format'],
'client_avatar'=>$vars['client_avatar'],
));
diff --git a/include/class.http.php b/include/class.http.php
index e17839d5b73b600cca2b95969799ff0f29f9a109..2616121c24b130f365f58b2b10f1d1810be118c8 100644
--- a/include/class.http.php
+++ b/include/class.http.php
@@ -122,8 +122,14 @@ class Http {
}
static function build_query($vars, $encode=true, $separator='&') {
- return http_build_query(
- ($encode ? Format::htmlchars($vars) : $vars), '', $separator);
+
+ if (!$vars)
+ return '';
+
+ if ($encode)
+ $vars = Format::htmlchars($vars);
+
+ return http_build_query($vars, '', $separator);
}
}
?>
diff --git a/include/i18n/en_US/help/tips/settings.users.yaml b/include/i18n/en_US/help/tips/settings.users.yaml
index 3a6f5b918b8b860fd1fe64384dacff4d824db2db..b1b48a1c9986aa5377d3ee2d5c8a9dae7b3e6395 100644
--- a/include/i18n/en_US/help/tips/settings.users.yaml
+++ b/include/i18n/en_US/help/tips/settings.users.yaml
@@ -71,3 +71,8 @@ client_verify_email:
<br><br>
Disabling email verification might allow third-parties (e.g. ticket
collaborators) to impersonate the ticket owner.
+
+allow_auth_tokens:
+ title: Enable Authentication Tokens
+ content: >
+ Enable this option to allow use of authentication tokens to auto-login users on ticket link click.
diff --git a/include/staff/settings-users.inc.php b/include/staff/settings-users.inc.php
index 6b444e8f5163500e13261b880caf83ece6f4e72d..4096ccbd921cc483729dc0534dad5be2787190a8 100644
--- a/include/staff/settings-users.inc.php
+++ b/include/staff/settings-users.inc.php
@@ -116,6 +116,14 @@ if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin() || !$config)
<i class="help-tip icon-question-sign" href="#client_session_timeout"></i>
</td>
</tr>
+ <tr><td><?php echo __('Authentication Token'); ?>:</td>
+ <td><input type="checkbox" name="allow_auth_tokens" <?php
+ if ($config['allow_auth_tokens'])
+ echo 'checked="checked"'; ?>/> <?php
+ echo __('Enable use of authentication tokens to auto-login users'); ?>
+ <i class="help-tip icon-question-sign" href="#allow_auth_tokens"></i>
+ </td>
+ </tr>
<tr><td><?php echo __('Client Quick Access'); ?>:</td>
<td><input type="checkbox" name="client_verify_email" <?php
if ($config['client_verify_email'])