This is an old revision of the document!


(start with version 6.0)

A new authentication mecanism as been introduced. It is a welknown method in many web sites where new users or users who have lost there password can choose a new password (or a first one). A chalenge email is sent to the user with an url that contain a unique random number. This URL look like http://host/sympa/ticket/12345789 . When using this URL a new Sympa session is initialized. This session trusted by Sympa as unn authenticated web session. The email used is of course the same as the email used for the chalenge.

This is done via a new table : one_time_ticket_table . This table is used both to store the email that will applied to the session but also to store the wwsympa action that will be appled.

create_one_time_ticket ()

This function create a ticket and store it in one_time_ticket_table . The result is the ticket number : a random used as key in database.

IN

  • $email the email to be appled if the ticket is used for creating a session
  • $robot the domain
  • $data_string a char string that will be used to create the context of the session if used. This string look like PATH_INFO in URL.
  • $remote_addr the client remote host, used to specify the host who request the ticket creation

OUT

  • a random integer

get_one_time_ticket

Read one_time_ticket from table and remove it.

IN

  • $ticket_number a ticket id

OUT return a hash with

  • result = closed|expired|success|error
  • email = the email to be used with the new session
  • date = the date the ticket was updated (for information purpose)
  • remote_addr = the host from which the ticket was requested or updated
  • robot = the domain
  • data = the path_info to perform a web action. example: 'subrequest/foo' in order to go to action subrequest related to list foo
  • status = the status of the ticket
  • internals/internals-auth.1213712602.txt.gz
  • Last modified: 2008/06/17 16:23
  • by serge.aumont@cru.fr