Re: [rt-users] no alert for invalid mail addresses

[Jeffrey Pilant]

Martin Wheldon writes:
> You might want to checkout the perl module Regex::Common::Email::Address

I looked at that

http://search.cpan.org/~cwest/Regexp-Common-Email-Address-1.01/lib/Regexp/Common/Email/Address.pm
Provides a regex to match email addresses as defined by RFC 2822. Under
C<{-keep}>, the entire match is kept as C<$1>. If you want to parse that
further then pass it to C<< Email::Address->parse() >>. Don't worry,
it's fast.

This is from 2005, and the that RFC was replaced by 5322, which is what the big 
regex I gave was from.

The Wikipedia has even more relevant info on email addresses:
https://en.wikipedia.org/wiki/Email_address
It talks about support for foreign character sets, quoted normally invalid 
characters, allowed comments, and do on.  Basically, it is nearly complete 
chaos.  Check out their "valid" and "invalid" examples, as well as the 
internationalization example.

/jeff

The information contained in this e-mail is for the exclusive use of the 
intended recipient(s) and may be confidential, proprietary, and/or 
legally privileged.  Inadvertent disclosure of this message does not 
constitute a waiver of any privilege.  If you receive this message in 
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail 
and all copies and notify the sender.  Thank you. 

Re: [rt-users] no alert for invalid mail addresses

[Martin Wheldon]

Hi,

You might want to checkout the perl module Regex::Common::Email::Address

Best Regards

Martin

On 2017-01-06 13:16, Petr Hanousek wrote:

Hello Jeffrey,
thank you, I'll try to implement it here. Wonder if someone has done it
before or if there is any plugin for this? Or (the best way) if some
developer encodes it to some future release of RT? :)
Petr

On 5.1.2017 21:51, Jeffrey Pilant wrote:

Check out
http://www.regular-expressions.info/email.html
It indicates the 'most' official regex is:
\A(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*
 |  "(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]
  |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])*")
@ 
(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?

  |  \[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}
   (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:
  (?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]
  |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])+)
 \])\z

Yeah.  Quite a mouthful.  This is because there are quite a few ways 
to express email addresses.  And even this is not foolproof.


The same page also has other simpler regex expressions that work a 
fair amount of the time, but are less complicated, like:

\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b

The page claims it is 99% effective.

That, however, does not solve your problem.  Just because it is 
formulated correctly does not mean it is a valid address.


The usual solution is to whitelist the addresses and do a lookup.  Any 
address not found gets added tentatively, but flagged for testing.  
You can also at this time prompt for acceptance vs. going back to an 
edit screen.  This does require you maintain a list of valid email 
addresses somewhere.  The user list is a likely place, but if you are 
sending emails to people who are not users, then that fails.


/jeff

The information contained in this e-mail is for the exclusive use of 
the

intended recipient(s) and may be confidential, proprietary, and/or
legally privileged.  Inadvertent disclosure of this message does not
constitute a waiver of any privilege.  If you receive this message in
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail
and all copies and notify the sender.  Thank you.

Re: [rt-users] no alert for invalid mail addresses

[Petr Hanousek]

Hello Jeffrey,
thank you, I'll try to implement it here. Wonder if someone has done it
before or if there is any plugin for this? Or (the best way) if some
developer encodes it to some future release of RT? :)
Petr

On 5.1.2017 21:51, Jeffrey Pilant wrote:
> Check out
>   http://www.regular-expressions.info/email.html
> It indicates the 'most' official regex is:
> \A(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*
>  |  "(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]
>   |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])*")
> @ (?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?
>   |  \[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}
>(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:
>   (?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]
>   |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])+)
>  \])\z
> 
> Yeah.  Quite a mouthful.  This is because there are quite a few ways to 
> express email addresses.  And even this is not foolproof.
> 
> The same page also has other simpler regex expressions that work a fair 
> amount of the time, but are less complicated, like:
> \b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b
> 
> The page claims it is 99% effective.
> 
> That, however, does not solve your problem.  Just because it is formulated 
> correctly does not mean it is a valid address.
> 
> The usual solution is to whitelist the addresses and do a lookup.  Any 
> address not found gets added tentatively, but flagged for testing.  You can 
> also at this time prompt for acceptance vs. going back to an edit screen.  
> This does require you maintain a list of valid email addresses somewhere.  
> The user list is a likely place, but if you are sending emails to people who 
> are not users, then that fails.
> 
> /jeff
> 
> The information contained in this e-mail is for the exclusive use of the 
> intended recipient(s) and may be confidential, proprietary, and/or 
> legally privileged.  Inadvertent disclosure of this message does not 
> constitute a waiver of any privilege.  If you receive this message in 
> error, please do not directly or indirectly use, print, copy, forward,
> or disclose any part of this message.  Please also delete this e-mail 
> and all copies and notify the sender.  Thank you. 
> 
> 

-- 
+---+
   Petr Hanousek   e-mail: petr.hanou...@cesnet.cz
   MetaCentrum User Supportphone: +420 950 072 112
   CESNET z.s.p.o. mobile: +420 606 665 139
   location: Zikova 13a, Praha room: 32b
Czech Republic
+---+

[rt-users] Mail headers, search for missing value and LDAP/AD integration

[Marius Flage]

Hi!

Some different questions here:

1) It is possible to add meta information from RT in the outgoing mails
from the system? For instance I'm interested in getting the current
owner of a ticket as a separate mail header. For instance X-RT-Owner:
and then set to the current owner of the ticket. That would make it
easier to sort out just the tickets I'm concerned with.

2) I have a search where I want to find all tickets without an AdminCc
added. How can I do this?

3) We have LDAP authentication against Active Directory working, but
we're not getting the correct values populated from AD. Instead I have
to go in an manually fill out this information in RT itself. This is the
relevant configuration:

Set($ExternalAuthPriority,  [ 'My_LDAP' ] );

Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
'My_LDAP'   =>  {
'type'  =>  'ldap',
'server'=>  'SERVER',
'user'  =>  'ADMINUSER',
'pass'  =>  'PASSWORD',
'base'  =>  'ou=users,dc=local,dc=local,dc=no',
'filter'=>  '(objectclass=user)',
'd_filter'  =>  '(objectcategory=group)',
'group' =>  '',
'group_attr'=>  '',
'tls'   =>  1,
'ssl_version'   =>  3,
'net_ldap_args' => [version =>  3   ],
'group_scope'   =>  'base',
'group_attr_value'  =>  '',
'attr_match_list' => [
'Name',
'EmailAddress',
'RealName',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
});

Set($LDAPHost, 'SERVER');
Set($LDAPUser, 'ADMINUSER');
Set($LDAPPassword, 'PASSWORD');
Set($LDAPBase, 'ou=users,dc=local,dc=local,dc=no');
Set($LDAPFilter, '(&(cn = users))');
Set($LDAPCreatePrivileged, 1);

So I'm wondering which of these options are actually used, as they seem
to be a bit redundant and/or conflicting?

I'm running RT 4.2.10, btw.

--
Marius





signature.asc
Description: OpenPGP digital signature

Re: [rt-users] ***SPAM*** Re: How unprivileged users could see all tickets in their queue

[Martin Wheldon]

Apologies, if I remove the owner the CustomRole solution doesn't work.

Best Regards

Martin

On 2017-01-05 16:37, Felix Defrance wrote:

Hi,

In your example you said :
"I've got 2 unprivileged users with a single queue, each being the
owner of multiple tickets in that queue."

But in my case, the users is a customer, and they never owner of the
tickets.

So, the users see only the tickets they are requestor.

I would like to provide to a set of user, the ablillity to see all
ticket requestor in the queue..

Felix.

Le 05/01/2017 à 16:00, Martin Wheldon a écrit :


Hi,

No need to add the custom role to the tickets, just to the queue.

Best Regards

Martin

On 2017-01-05 14:26, Felix Defrance wrote:
Le 05/01/2017 à 12:22, Alex Hall a écrit :
Martin's suggestion makes sense, but I thought Felix was trying to
restrict user search, not ticket search? That is, he doesn't want
users to be able to search (and thus view the names of) all users?
It's quite early here, so my brain may still be muttled and I could
be wrong.
Alex, after I see it was possible to display any tickets via the
search
module, I want to restrict this too.

Sent from my iPhone

On Jan 5, 2017, at 06:08, Martin Wheldon
 wrote:

Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a
custom role and it seems to work fine.
Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the
owner of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I
added the users to the custom role. (Done on the queue, watchers
tab)
The I added the SeeQueue and ShowTickets permissions to the custom
role on the queue.

Now when I login as either of the users I see all the tickets in
that queue owner by those users.

 In this case, unprivileged users via (SelfService of course), just
see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged
in
foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue
(as
elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx


Hope that helps

Best Regards

Martin

On 2017-01-04 08:45, Emmanuel Lacour wrote:
Le 03/01/2017 à 18:27, Felix Defrance a écrit :
Hi all,
I don't find how I could add ShowTickets or QueueList in
SelfService.
I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.
The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).
I have tried to play with CustomRole but it's not working for me. So

anybody known how I can do it?
SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:
my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";
if ($status) {
$status =~ s/(['\\])/\\$1/g;
$Query .= " AND Status = '$status'";
}
so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)
But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or
customfields
to set the customer.


--
Félix Defrance
PGP: 0x0F04DC57