Provided by: rt-extension-resetpassword-common_1.12-3_all bug

NAME

       RT::Extension::ResetPassword - add "forgot your password?" link to RT instance

DESCRIPTION

       This extension for RT adds a new "Forgot your password?" link to the front of your RT
       instance. Any user can request that RT send them a password reset token by email.  RT will
       send the user a one-time URL which he or she can use to reset her password.

       It also adds a new option to the user admin page in RT for the RT admin to send a password
       reset email for new users or users who have forgotten their passwords. See below for
       options to enable this admin feature only and disable self-service features.

RT VERSION

       Works with RT 4.0, 4.2, 4.4, 5.0

INSTALLATION

       "perl Makefile.PL"
       "make"
       "make install"
           May need root permissions

       Install Patches
           This is to enable searches for users with a password set.

           For RT 5 prior to 5.0.2, apply this:

               patch -p1 -d /opt/rt5 < patches/user-admin-callbacks.patch

           For RT 4.4.4, apply this:

               patch -p1 -d /opt/rt4 < patches/4.4.4-user-admin-callbacks.patch

           For RT 4 prior to 4.4.4, apply this:

               patch -p1 -d /opt/rt4 < patches/4-user-admin-callbacks.patch

           See below for details.

       "make initdb"
           Only run this the first time you install this module.

           If you run this twice, you may end up with duplicate data in your database.

           If you are upgrading this module, check for upgrading instructions in case changes
           need to be made to your database.

       Edit your /opt/rt4/etc/RT_SiteConfig.pm
           If you are using RT 4.2 or greater, add this line:

               Plugin('RT::Extension::ResetPassword');

           For RT 4.0, add this line:

               Set(@Plugins, qw(RT::Extension::ResetPassword));

           or add "RT::Extension::ResetPassword" to your existing @Plugins line.

       Clear your mason cache
               rm -rf /opt/rt4/var/mason_data/obj

       Restart your webserver

UPGRADING

       If you are upgrading from version 0.05, you will need to run "make initdb" as documented
       in INSTALLATION to install the Template used by this Extension.

       To run on RT 4.0 or 4.2, replace this line in the template:

           { RT::Interface::Web::RequestENV('REMOTE_ADDR') }

       with this:

           { $ENV{'REMOTE_ADDR'} }

CONFIGURATION

       This extension resets passwords managed by RT. It cannot reset passwords for RTs that use
       any configured external auth such as SAML, OAuth, LDAP, or Active Directory as RT does not
       have password reset connections in those external systems.

       The contents of the email sent to users can be found in the global PasswordReset template
       (do not confuse this with the core PasswordChange template).

       If you want to prevent unauthorized visitors from determining what user accounts exist and
       whether they are disabled, set HidePasswordResetErrors to 1 in your RT configuration; then
       any password reset request will appear to the requestor to have resulted in an email being
       sent, thus not revealing the reasons for any failure. All failures will still be logged
       with an appropriate diagnostic message.

       For an RT open to the internet the most secure configuration is to use the default
       configuration ( This means setting no config options from below ). The default
       configuration only allows for existing users with an existing password to reset their
       password.

       If the rights schema for the RT is tight then it could be desirable to allow users who
       have a user record in RT ( They have emailed RT before ) but no password to create a
       password for themselves by setting $AllowUsersWithoutPassword to 1. This can allow for any
       user to access the RT self service pages. This can be dangerous if the RT rights are not
       set-up correctly as users could see data they should not be able to.

       The $CreateNewUserAndSetPassword and $CreateNewUserAsPrivileged config options should only
       be used when access to the RT web UI is limited.  This usually means access to the web UI
       is restricted so that only users on the company network can access the UI and create new
       user records.

       $AllowUsersWithoutPassword
           Setting this config option to true will allow existing users who do not have a
           password set to send themselves a reset password email and set a password.

           Setting this to false (0) requires a user to already have a password to use the reset
           feature. This is useful for managing access and not automatically allowing new
           accounts to get a password.

           This extension adds a "Password Status" at the bottom of the Access control section on
           the user admin page which shows whether the user currently has a password set. The
           "Delete password" option allows you to clear passwords if a user should no longer have
           access.

           For RT 4.4 and 5, this extension also adds a checkbox to the user admin page that
           allows you to filter users, displaying only those who have a password set. If you
           disable the $AllowUsersWithoutPassword option, this checkbox allows you to see all
           users who have an existing password and would therefore be able to reset their
           password.

       $CreateNewUserAsPrivileged
           Set this config value to true if users creating a new account should default to
           privileged users.

           WARNING Setting this to true can be dangerous as it allows anyone to create a new
           privileged user. Usually privileged users are given rights to edit and see information
           not desired to be public.

       $CreateNewUserAndSetPassword
           This configuration option determines if a nonexistent user can create a new user
           record.

           WARNING See the note about the danger of setting this to true and setting
           $CreateNewUserAsPrivileged to true as well.

       $DisableResetPasswordOnLogin
           Set this config value to true if you do not want the "forgot password" option to
           display on the login page.

           This is useful if you want only the password reset email option on the RT user admin
           page, but no self-service options.

       $PasswordChangeLinkExpirySeconds
           Set this config value to the time in seconds before a password-change link expires.
           The default value is 4*60*60, meaning that password-change links expire after four
           hours by default.

       $ResetPasswordFromAddress
           By default, the From address in the password reset email is the default
           $CorrespondAddress from RT. You can use this option to set a different From address
           for the reset email.

AUTHOR

       Best Practical Solutions, LLC <modules@bestpractical.com>

BUGS

       All bugs should be reported via email to

           L<bug-RT-Extension-ResetPassword@rt.cpan.org|mailto:bug-RT-Extension-ResetPassword@rt.cpan.org>

       or via the web at

           L<rt.cpan.org|http://rt.cpan.org/Public/Dist/Display.html?Name=RT-Extension-ResetPassword>.

LICENSE AND COPYRIGHT

       This software is Copyright (c) 2012-2020 by Best Practical Solutions, LLC

       This is free software, licensed under:

         The GNU General Public License, Version 2, June 1991