Patch: "Remember me"

Patch tested with current trunk, works fine here. From my point of view it would be a useful addition to the plugin, I hereby vote for it being included :)

0.10 version supported?

Any status on this? This needs to be added at least as an option to this plugin IMHO.

Patch works great on 0.10, fyi. I'm happy for now. :)

Replying to luks:

Attached a patch to remember the login if user wants to.

why not to include this patch into main plugin source?

#1428 marked as dup.

Does this patch work with the current trunk and Trac-0.11 ? We need this in the source!

--JamesMills

Patch for remember-me for r3260 and Trac 0.11

I add the remember-me-r3260.diff attachment. This path works with the current trunk and trac-0.11.

Again why not adding this to the source.

OK, I need some clarification on what exactly this is supposed to be doing.

Is it:

1. If the user closes the browser without logging out, the next time they open the browser and got to the site they will be automatically logged in?
2. Remember the user's login name so that they only have to type in their password?

Also, I've got serious doubts about the effectiveness of the patches. First, they don't work for me. Second, the patches create another cookie, trac_auth_session that appears to have the value of whether or not the session is "remembered", except it is a session cookie, which means it'll be deleted when the user closes the browser.

I'm happy to add this type of feature, but please clarify what the expected behavior is actually supposed to be.

Hi,

To clarify it should:

1. Remember and Automatically log the user in when they re-visit the site.

--JamesMills

This last patch, is updated to r3734, checks against current ip, logs user out if it doesn't match and makes this an optional feature.

Patch also makes this a 0.11 only feature.

Fixed a get_header bug introduced by me

This can probably get simpler though, the info I store on the cookie is present on the auth_cookie table, maybe we keep to a single cookie(plus the form token one) and check ip from db.

This one also checks against the ip stored on auth_cookie

Note that the new patch changes the meaning of the trac_auth_session cookie. My original patch used it to check whether we are in a regular session, and if we are not to extend the expires header of the persistent cookie. This was to avoid sending a new cookie in each request.

The new patch makes trac_auth_session a long-living cookie and uses it for a different reason, which I don't exactly understand, but I think it could be done without it (by comparing req.get_header("X-Forwarded-For") or req.remote_addr to ipnr from the auth_cookie table). The new patch also updates the usual trac_auth cookie on each request.

The patch works great for people using a single IP, but a number of wxTrac users is complaining that it doesn't work. Those people either change networks or their ISP uses several IP addresses. They are logged off even without closing browser.

I'd really like to see this feature included in the plugin, but IMHO checking IP should be optional (or removed).

Updated patch against r3857

To dottedmag: Thanks for the patch! One problem - sometimes remember_me.3.patch causes internal server error which prevents user to log in until Trac cookies are removed. On my machine it's occured when I do log out:

2008-09-04 12:17:18,000 Trac[main] DEBUG: Dispatching <Request "GET u'/login'">
2008-09-04 12:17:18,015 Trac[web_ui] DEBUG: Updating auth cookie cd7ed7b364780a791a7a01631a165bdd for user None
2008-09-04 12:17:18,015 Trac[chrome] DEBUG: Prepare chrome data for request
2008-09-04 12:17:18,015 Trac[web_ui] DEBUG: Updating auth cookie cd7ed7b364780a791a7a01631a165bdd for user None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_CREATE on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing BROWSER_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TRAC_ADMIN on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing PERMISSION_GRANT on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing PERMISSION_REVOKE on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_ADMIN on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TIMELINE_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing ROADMAP_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_VIEW on <Resource 'wiki'>
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing SEARCH_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing REPORT_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TESTMNG_ADMIN on None
2008-09-04 12:17:18,015 Trac[main] ERROR: 'NoneType' object is unsubscriptable
Traceback (most recent call last):
  File "c:\python25\lib\site-packages\Trac-0.11-py2.5.egg\trac\web\main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "c:\python25\lib\site-packages\Trac-0.11-py2.5.egg\trac\web\main.py", line 173, in dispatch
    chosen_handler)
  File "c:\python25\lib\site-packages\Trac-0.11-py2.5.egg\trac\web\main.py", line 286, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "build\bdist.win32\egg\acct_mgr\web_ui.py", line 461, in pre_process_request
    if not req.incookie['trac_auth_session'].value == row[0]:
TypeError: 'NoneType' object is unsubscriptable

In LoginModule?._do_logout, the session cookie needs to be reset even if the username is (still) set to anonymous. Else an auth cookie with an unmatching IP will never get reset leading to infinite redirect loop.

Replying to tim.kosse@filezilla-project.org:

In LoginModule?._do_logout, the session cookie needs to be reset even if the username is (still) set to anonymous. Else an auth cookie with an unmatching IP will never get reset leading to infinite redirect loop.

Yep! I've just commented two lines in _do_logout and now it works for me, thanks!

#if req.authname == 'anonymous':
    # Not logged in
    #return

Replying to scratcher:

Yep! I've just commented two lines in _do_logout and now it works for me, thanks!

There was different reason for error obviously. My error message was caused by fact that trac_auth_session cookie was not reseted at all in _do_logout method even when anonymous check was removed (commented). Aterwards I discovered that req.outcookie['trac_auth_session']['path'] is set in _do_logout method along with 'expires' property. When I removed first assignment ('path'), trac_auth_session cookie become removed correctly from browser and error gone. Now it works with Trac 0.11 stable.

Patch to truly expire trac_auth_session cookie after logout