Modify

Opened 8 years ago

Closed 8 years ago

Last modified 5 years ago

#1092 closed defect (fixed)

HttpAuthPlugin broken on trac-0.10.3

Reported by: Shawn Owned by: coderanger
Priority: normal Component: HttpAuthPlugin
Severity: blocker Keywords:
Cc: Trac Release: 0.10

Description

This plug-in works fine with 0.10 but broken under 0.10.3

By checking the code it seems that the method

# IAuthenticator methods
    def authenticate(self, req):

will be invoked prior to the method

 # IRequestFilter methods
    def pre_process_request(self, req, handler):

So from the log, we can see use was authenticated successfully, but the authenticate method returns None.

My quick workaround is copy the autenticate code from pre_process_request to authenticate method and it works.

Attachments (0)

Change History (4)

comment:1 Changed 8 years ago by chrisje@…

Though I know some basics of python (position sensitive etc.), I'm not very familiar with it. I managed to fix bug 1093 myself, but this one I couldn't get to work.

What exactly did you change to get it to work?

comment:2 Changed 8 years ago by chrisje@…

Ah, I got it working now. I did the copying of the code correct, but I also needed to add /xmlrpc to the authentication configuration for apache. Now I have a login form on the webpage _and_ xmlrpc access for eclipse, yay! ;-)

comment:3 Changed 8 years ago by Shawn

Here is my hack, hope it helps before the 'official' patch is out

    # IAuthenticator methods
    def authenticate(self, req):
        if req.remote_user:
            return req.remote_user
        for path in self.paths:
            if req.path_info.startswith(path):
                header = req.get_header('Authorization')
                if header is None:
                    self.log.info('HTTPAuthFilter: No authentication data given, returing 403')
                    return None # Run HTTP auth
                else:
                    token = header.split()[1]
                    user, passwd = base64.b64decode(token).split(':', 1)
                    if AccountManager(self.env).check_password(user, passwd):
                        self.log.debug('HTTPAuthFilter: Authentication okay')
                        # req.environ['REMOTE_USER'] = user
                        # self.log.debug(req.remote_user)
                        return user
                    else:
                        self.log.info('HTTPAuthFilter: Bad authentication data given, returing 403')
                        return None # Failed auth
        return None

comment:4 Changed 8 years ago by coderanger

  • Resolution set to fixed
  • Status changed from new to closed

(In [1890]) What was I smoking when I wrote this? Should actually work now. (closes #1092)

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from coderanger. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.