User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

OTRS is one of the best open source service desk software I have ever seen. This software claims to be compatible with 6 ITIL processes, which it is more than amazing. I have been using OTRS since release 3 if I remember for good, and because of that, I have had done little patches to make it work as I want.

You should know I love Joomla as CMS, this blog is done with it. My enterprise website is using Joomla as well, and we must use OTRS as our elected ticketing system. A user in the Joomla website is a customer in the OTRS system. So, it must authenticate to log into the user portal. Joomla uses other crypt hash for its passwords, so I am going to talk here how I make it work.

I will assume you have a working Joomla 3.4 and OTRS 4 or better.

Apply the following patch. Edit it manually if it doesn't work out of the box. 

--- Kernel/System/CustomerAuth/DB.pm.orig       2015-02-24 18:13:39.000000000 -0500
+++ Kernel/System/CustomerAuth/DB.pm    2015-02-26 18:53:43.000000000 -0500
@@ -48,6 +48,8 @@ sub new {
        || die "Need CustomerAuthModule::DB::CustomerPw$Param{Count} in Kernel/Config.pm!";
    $Self->{CryptType} = $ConfigObject->Get( 'Customer::AuthModule::DB::CryptType' . $Param{Count} )
        || '';
+    $Self->{SQL} = $ConfigObject->Get( 'Customer::AuthModule::DB::SQL' . $Param{Count} )
+        || '';

    if ( $ConfigObject->Get( 'Customer::AuthModule::DB::DSN' . $Param{Count} ) ) {
        $Self->{DBObject} = Kernel::System::DB->new(
@@ -112,7 +114,7 @@ sub Auth {

    # sql query
    $Self->{DBObject}->Prepare(
-        SQL => "
+        SQL => $Self->{SQL}?$Self->{SQL}:"
            SELECT $Self->{Pw}, $Self->{Key} FROM $Self->{Table} WHERE
            $Self->{Key} = ?
            ",
@@ -148,8 +150,17 @@ sub Auth {
    # md5 or sha pw
    elsif ( $GetPw !~ /^.{13}$/ ) {

+       # bcrypt variant
+        if ( $GetPw =~ m{\A\$2[ay]?\$[0-9]{2}\$[./A-Za-z0-9]{22}}xms ) {
+           use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash bcrypt);
+            my ( $Cost, $Salt ) = $GetPw =~ m{^\$2[ay]?\$([0-9]{2})\$([./A-Za-z0-9]{22})}xms;
+            $EncodeObject->EncodeOutput( \$Pw );
+           $CryptedPw = bcrypt( $Pw, '$2y$'.$Cost.'$'.$Salt );
+            $EncodeObject->EncodeInput( \$CryptedPw );
+       }
+
        # md5 pw
-        if ( $GetPw =~ m{\A \$.+? \$.+? \$.* \z}xms ) {
+        elsif ( $GetPw =~ m{\A \$.+? \$.+? \$.* \z}xms ) {

            # strip Salt
            $Salt =~ s/^(\$.+?\$)(.+?)\$.*$/$2/;

Edit your Config.pm file and point to your Joomla database, check the $Self->{'DatabaseUser'} parameter.

To finish, install the Crypt::Eksblowfish::Bcrypt Perl package, you can install it from my RPM repository.

Enjoy!

blog comments powered by Disqus