Passwordless Protected Access

Overview

A user can be given a link of the form http://mantis.company.com.au/view.php?id=123&key=987tyjkhcgwip2uy523hriu and then be able to view and/or edit the task without a separate login. This is particularly useful when you want to email a link to a person without creating an account for them or without asking them to login (which might be too much effort for some customers).

Implementation

A unique key must be generated for every bug. Two options are possible:

(1) generate random key when creating a bug record. Update old bugs through some conversion script. (2) create a hash based on the bug id plus some constant random key. That constant key must be different for every Mantis implementation. (Perhaps the feature is switched off until this key is generated.)

Advantages of (1): shorter URL since you don’t need to add the “id” parameter. Advantages of (2): no changes to the db schema

We don’t need to set a login cookie at all, since this is effectively an alternative access control.

Configuration options

[x] enable bug access URL

[x] allow edit of bug
[x] allow adding notes
[x] show private notes

Example

Here is an example which we were using for testing a while back:

http://squish.ish.com.au/t?i=4691&w=qxn0CoSqgIi0NDZ96VSl

Page view

The display of the bug should be customisable independently of the regular bug view page. This allows the admin to remove from the view certain fields (eg. who the bug is assigned to), style the page in a more corporate way and also remove links which make no sense (eg. advanced view).

 
Logged in as: anonymous
mantisbt/passwordless_protected_access.txt · Last modified: 2011/11/16 07:38 by atrol