Modify

Opened 8 years ago

Closed 8 years ago

Last modified 6 years ago

#1092 closed defect (fixed)

HttpAuthPlugin broken on trac-0.10.3

Reported by: Shawn Owned by: coderanger
Priority: normal Component: HttpAuthPlugin
Severity: blocker Keywords:
Cc: Trac Release: 0.10

Description

This plug-in works fine with 0.10 but broken under 0.10.3

By checking the code it seems that the method

# IAuthenticator methods
    def authenticate(self, req):

will be invoked prior to the method

 # IRequestFilter methods
    def pre_process_request(self, req, handler):

So from the log, we can see use was authenticated successfully, but the authenticate method returns None.

My quick workaround is copy the autenticate code from pre_process_request to authenticate method and it works.

Attachments (0)

Change History (4)

comment:1 Changed 8 years ago by chrisje@…

Though I know some basics of python (position sensitive etc.), I'm not very familiar with it. I managed to fix bug 1093 myself, but this one I couldn't get to work.

What exactly did you change to get it to work?

comment:2 Changed 8 years ago by chrisje@…

Ah, I got it working now. I did the copying of the code correct, but I also needed to add /xmlrpc to the authentication configuration for apache. Now I have a login form on the webpage _and_ xmlrpc access for eclipse, yay! ;-)

comment:3 Changed 8 years ago by Shawn

Here is my hack, hope it helps before the 'official' patch is out

    # IAuthenticator methods
    def authenticate(self, req):
        if req.remote_user:
            return req.remote_user
        for path in self.paths:
            if req.path_info.startswith(path):
                header = req.get_header('Authorization')
                if header is None:
                    self.log.info('HTTPAuthFilter: No authentication data given, returing 403')
                    return None # Run HTTP auth
                else:
                    token = header.split()[1]
                    user, passwd = base64.b64decode(token).split(':', 1)
                    if AccountManager(self.env).check_password(user, passwd):
                        self.log.debug('HTTPAuthFilter: Authentication okay')
                        # req.environ['REMOTE_USER'] = user
                        # self.log.debug(req.remote_user)
                        return user
                    else:
                        self.log.info('HTTPAuthFilter: Bad authentication data given, returing 403')
                        return None # Failed auth
        return None

comment:4 Changed 8 years ago by coderanger

  • Resolution set to fixed
  • Status changed from new to closed

(In [1890]) What was I smoking when I wrote this? Should actually work now. (closes #1092)

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.