Ticket #131 (closed enhancement: fixed)

Opened 6 years ago

Last modified 2 years ago

[Patch] "Remember me"

Reported by: luks Assigned to: pacopablo
Priority: highest Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin, manski, hans@uprev.com, rjollos Trac Release: 0.11

Description

Attached a patch to remember the login if user wants to.

Attachments

remember-me.diff (3.0 kB) - added by luks on 01/13/06 14:15:38.
remember-me-r3260.diff (2.7 kB) - added by jasminlapalme@mac.com on 02/21/08 22:00:35.
Patch for remember-me for r3260 and Trac 0.11
remember_me.patch (9.4 kB) - added by s0undt3ch on 05/29/08 06:41:54.
Fixed a get_header bug introduced by me
remember_me.2.patch (10.3 kB) - added by s0undt3ch on 05/29/08 08:15:43.
This one also checks against the ip stored on auth_cookie
remember_me.3.patch (10.5 kB) - added by dottedmag on 08/06/08 22:45:38.
Updated patch against r3857
remember_me.4.patch (10.5 kB) - added by scratcher on 09/30/08 16:09:33.
Patch to truly expire trac_auth_session cookie after logout
remember_me.5836.patch (8.6 kB) - added by manski on 05/27/09 20:13:51.
Patch again r5836 and Trac 0.11.4; without IP checking

Change History

01/13/06 14:15:17 changed by luks

  • type changed from defect to enhancement.

01/13/06 14:15:38 changed by luks

  • attachment remember-me.diff added.

06/15/06 23:02:42 changed by gunnar

  • cc set to gunnar.
  • release set to 0.8.

10/26/06 12:54:46 changed by otaku42

Patch tested with current trunk, works fine here. From my point of view it would be a useful addition to the plugin, I hereby vote for it being included :)

12/27/06 11:17:36 changed by anonymous

0.10 version supported?

03/07/07 20:07:59 changed by trisweb

Any status on this? This needs to be added at least as an option to this plugin IMHO.

03/07/07 20:16:03 changed by trisweb

Patch works great on 0.10, fyi. I'm happy for now. :)

(in reply to: ↑ description ) 05/28/07 14:10:38 changed by anonymous

Replying to luks:

Attached a patch to remember the login if user wants to.

07/25/07 04:28:50 changed by anonymous

why not to include this patch into main plugin source?

08/19/07 12:29:34 changed by ThurnerRupert

#1428 marked as dup.

11/16/07 13:36:47 changed by davidf@sjsoft.com

  • cc changed from gunnar to gunnar, davidf@sjsoft.com.

01/17/08 01:43:21 changed by James.Mills@au.pwc.com

  • cc changed from gunnar, davidf@sjsoft.com to gunnar, davidf@sjsoft.com, JamesMills.
  • priority changed from normal to high.

Does this patch work with the current trunk and Trac-0.11 ? We need this in the source!

--JamesMills

02/21/08 22:00:35 changed by jasminlapalme@mac.com

  • attachment remember-me-r3260.diff added.

Patch for remember-me for r3260 and Trac 0.11

02/21/08 22:01:30 changed by anonymous

  • cc changed from gunnar, davidf@sjsoft.com, JamesMills to gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com.

I add the remember-me-r3260.diff attachment. This path works with the current trunk and trac-0.11.

Again why not adding this to the source.

05/28/08 00:01:17 changed by pacopablo

  • owner changed from mgood to pacopablo.
  • release changed from 0.8 to 0.10.

OK, I need some clarification on what exactly this is supposed to be doing.

Is it:

  1. If the user closes the browser without logging out, the next time they open the browser and got to the site they will be automatically logged in?
  2. Remember the user's login name so that they only have to type in their password?

Also, I've got serious doubts about the effectiveness of the patches. First, they don't work for me. Second, the patches create another cookie, trac_auth_session that appears to have the value of whether or not the session is "remembered", except it is a session cookie, which means it'll be deleted when the user closes the browser.

I'm happy to add this type of feature, but please clarify what the expected behavior is actually supposed to be.

05/28/08 01:45:40 changed by james@todotornot.com

Hi,

To clarify it should:

1. Remember and Automatically log the user in when they re-visit the site.

--JamesMills

05/29/08 06:33:18 changed by s0undt3ch

This last patch, is updated to r3734, checks against current ip, logs user out if it doesn't match and makes this an optional feature.

05/29/08 06:34:27 changed by s0undt3ch

  • release changed from 0.10 to 0.11.

Patch also makes this a 0.11 only feature.

05/29/08 06:41:54 changed by s0undt3ch

  • attachment remember_me.patch added.

Fixed a get_header bug introduced by me

05/29/08 06:46:41 changed by s0undt3ch

This can probably get simpler though, the info I store on the cookie is present on the auth_cookie table, maybe we keep to a single cookie(plus the form token one) and check ip from db.

05/29/08 08:15:43 changed by s0undt3ch

  • attachment remember_me.2.patch added.

This one also checks against the ip stored on auth_cookie

05/29/08 09:04:17 changed by anonymous

Note that the new patch changes the meaning of the trac_auth_session cookie. My original patch used it to check whether we are in a regular session, and if we are not to extend the expires header of the persistent cookie. This was to avoid sending a new cookie in each request.

The new patch makes trac_auth_session a long-living cookie and uses it for a different reason, which I don't exactly understand, but I think it could be done without it (by comparing req.get_header("X-Forwarded-For") or req.remote_addr to ipnr from the auth_cookie table). The new patch also updates the usual trac_auth cookie on each request.

08/01/08 16:45:25 changed by marcin

  • cc changed from gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com to gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin.

The patch works great for people using a single IP, but a number of wxTrac users is complaining that it doesn't work. Those people either change networks or their ISP uses several IP addresses. They are logged off even without closing browser.

I'd really like to see this feature included in the plugin, but IMHO checking IP should be optional (or removed).

08/06/08 22:45:38 changed by dottedmag

  • attachment remember_me.3.patch added.

Updated patch against r3857

09/04/08 10:45:34 changed by scratcher

To dottedmag: Thanks for the patch! One problem - sometimes remember_me.3.patch causes internal server error which prevents user to log in until Trac cookies are removed. On my machine it's occured when I do log out: 

2008-09-04 12:17:18,000 Trac[main] DEBUG: Dispatching <Request "GET u'/login'">
2008-09-04 12:17:18,015 Trac[web_ui] DEBUG: Updating auth cookie cd7ed7b364780a791a7a01631a165bdd for user None
2008-09-04 12:17:18,015 Trac[chrome] DEBUG: Prepare chrome data for request
2008-09-04 12:17:18,015 Trac[web_ui] DEBUG: Updating auth cookie cd7ed7b364780a791a7a01631a165bdd for user None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_CREATE on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing BROWSER_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TRAC_ADMIN on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing PERMISSION_GRANT on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing PERMISSION_REVOKE on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_ADMIN on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TIMELINE_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing ROADMAP_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_VIEW on <Resource 'wiki'>
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing SEARCH_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing REPORT_VIEW on None
2008-09-04 12:17:18,015 Trac[perm] DEBUG: No policy allowed anonymous performing TESTMNG_ADMIN on None
2008-09-04 12:17:18,015 Trac[main] ERROR: 'NoneType' object is unsubscriptable
Traceback (most recent call last):
  File "c:\python25\lib\site-packages\Trac-0.11-py2.5.egg\trac\web\main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "c:\python25\lib\site-packages\Trac-0.11-py2.5.egg\trac\web\main.py", line 173, in dispatch
    chosen_handler)
  File "c:\python25\lib\site-packages\Trac-0.11-py2.5.egg\trac\web\main.py", line 286, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "build\bdist.win32\egg\acct_mgr\web_ui.py", line 461, in pre_process_request
    if not req.incookie['trac_auth_session'].value == row[0]:
TypeError: 'NoneType' object is unsubscriptable

(follow-up: ↓ 22 ) 09/06/08 12:01:54 changed by tim.kosse@filezilla-project.org

In LoginModule?._do_logout, the session cookie needs to be reset even if the username is (still) set to anonymous. Else an auth cookie with an unmatching IP will never get reset leading to infinite redirect loop.

(in reply to: ↑ 21 ; follow-up: ↓ 23 ) 09/30/08 11:43:33 changed by scratcher

Replying to tim.kosse@filezilla-project.org:

In LoginModule?._do_logout, the session cookie needs to be reset even if the username is (still) set to anonymous. Else an auth cookie with an unmatching IP will never get reset leading to infinite redirect loop.

Yep! I've just commented two lines in _do_logout and now it works for me, thanks! 

#if req.authname == 'anonymous':
    # Not logged in
    #return

(in reply to: ↑ 22 ) 09/30/08 15:42:12 changed by scratcher

Replying to scratcher:

Yep! I've just commented two lines in _do_logout and now it works for me, thanks!

There was different reason for error obviously. My error message was caused by fact that trac_auth_session cookie was not reseted at all in _do_logout method even when anonymous check was removed (commented). Aterwards I discovered that req.outcookie['trac_auth_session']['path'] is set in _do_logout method along with 'expires' property. When I removed first assignment ('path'), trac_auth_session cookie become removed correctly from browser and error gone. Now it works with Trac 0.11 stable.

09/30/08 16:09:33 changed by scratcher

  • attachment remember_me.4.patch added.

Patch to truly expire trac_auth_session cookie after logout

11/03/08 00:42:21 changed by sincoder

I get this error if I've login with "remember me" on computer A and login in without "remember me" on computer B:

Oops…

Trac detected an internal error: 

TypeError: unsubscriptable object

11/03/08 00:43:30 changed by sincoder

I need to clarify that I get the above error when I visit my trac again on computer A

11/05/08 12:44:19 changed by jb@orumjensen.dk

I receive the same error as sincoder when svitching between pc's: I can solve it i Firefox by deleting the cookies. NOTE: using remember_me.4.patch 

2008-11-05 10:30:43,947 Trac[main] ERROR: 'NoneType' object is unsubscriptable
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/Trac-0.11.1-py2.5.egg/trac/web/main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/lib/python2.5/site-packages/Trac-0.11.1-py2.5.egg/trac/web/main.py", line 173, in dispatch
    chosen_handler)
  File "/usr/lib/python2.5/site-packages/Trac-0.11.1-py2.5.egg/trac/web/main.py", line 286, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "build/bdist.linux-i686/egg/acct_mgr/web_ui.py", line 461, in pre_process_request
    if not req.incookie['trac_auth_session'].value == row[0]:
TypeError: 'NoneType' object is unsubscriptable

11/15/08 19:07:25 changed by PeterA

I manually merged remember_me.4.patch to 0.11/acct_mgr and got it working great. Many thanks. Though each time my laptop got a new IP due to DNS, the session disappeared and I had to log in again.

Looks like the pre_process_request() does not honor the trac environment variable [trac].check_ip. If it is false, the function should skip checking for IP match. I commented out the fragment of the code below and got the issue resolved. 

    # IRequestFilter methods 
440	    def pre_process_request(self, req, handler): 
441 ###	        if 'trac_auth_session' in req.incookie: 
442	            # Let's check for a matching IP, proxy'ed or not 
443 ###	            remote_addr = req.get_header("X-Forwarded-For") or req.remote_addr 
444 ###	            if not req.incookie['trac_auth_session'].value == remote_addr: 
445 ###	                self.log.debug("Cookie IP does not match Remote address IP: " 
446 ###	                               "'%s'!='%s'; Killing Session", 
447 ###	                               req.incookie['trac_auth_session'].value, 
448 ###	                               remote_addr) 
449 ###	                self._do_logout(req) 
450	                # Repeat request after logout in order for the user not to 
451	                # think he's logged in 
452 ###	                req.redirect(req.path_info)

02/22/09 03:18:48 changed by sincoder

  • priority changed from high to highest.

Please resolve the issue with switching PC's when using remember_me.4.patch. 

2008-11-05 10:30:43,947 Trac[main] ERROR: 'NoneType' object is unsubscriptable
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/Trac-0.11.1-py2.5.egg/trac/web/main.py", line 423, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/lib/python2.5/site-packages/Trac-0.11.1-py2.5.egg/trac/web/main.py", line 173, in dispatch
    chosen_handler)
  File "/usr/lib/python2.5/site-packages/Trac-0.11.1-py2.5.egg/trac/web/main.py", line 286, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "build/bdist.linux-i686/egg/acct_mgr/web_ui.py", line 461, in pre_process_request
    if not req.incookie['trac_auth_session'].value == row[0]:
TypeError: 'NoneType' object is unsubscriptable

05/27/09 20:13:51 changed by manski

  • attachment remember_me.5836.patch added.

Patch again r5836 and Trac 0.11.4; without IP checking

05/27/09 20:18:14 changed by manski

I've added a patch against the currently most recent AccountManagerPlugin revision (r5836) and Trac 0.11.4. This patch differs from the previous patch as it doesn't use IP address checking and has some documentation. I've disabled this "obstacle" as most/some(?) people have dynamic IP addresses and for those IP address checking renders this patch almost useless.

05/28/09 08:10:18 changed by manski

  • cc changed from gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin to gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin, manski.

06/10/09 17:32:38 changed by anonymous

Please make this part of the source!!! We would like the feature (it is common on almost all apps today).

08/24/09 13:43:21 changed by alexb

Any update on commiting this feature? It's been 15 months since "I'm happy to add this type of feature."

09/03/09 03:23:05 changed by hans@uprev.com

Please add this to the official plugin. This feature is much needed.

09/03/09 03:23:37 changed by anonymous

  • cc changed from gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin, manski to gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin, manski, hans@uprev.com.

09/03/09 08:10:45 changed by rjollos

  • cc changed from gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin, manski, hans@uprev.com to gunnar, davidf@sjsoft.com, JamesMills, jasminlapalme@mac.com, marcin, manski, hans@uprev.com, rjollos.

11/03/09 20:05:10 changed by sorin

  • owner changed from pacopablo to sorin.
  • status changed from new to assigned.

I would like this feature in main.

11/03/09 22:37:05 changed by anonymous

  • summary changed from Patch: "Remember me" to [Patch] "Remember me".

12/20/09 19:41:53 changed by anonymous

This is a very critical feature -- why is nothing happening?

12/21/09 20:47:09 changed by otaku42

  • owner changed from sorin to pacopablo.
  • status changed from assigned to new.

Assigning the ticket back to pacopablo.

02/25/10 18:33:12 changed by pacopablo

  • status changed from new to closed.
  • resolution set to fixed.

(In [7720]) Commit the Remember Me patch. Closes #131

04/18/10 22:43:09 changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

I get this error: 

Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/trac/web/api.py", line 339, in send_error
    'text/html')
  File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 684, in render_template
    data = self.populate_data(req, data)
  File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 592, in populate_data
    d['chrome'].update(req.chrome)
  File "/usr/lib/python2.4/site-packages/trac/web/api.py", line 169, in __getattr__
    value = self.callbacks[name](self)
  File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 460, in prepare_request
    for category, name, text in contributor.get_navigation_items(req):
  File "/usr/lib/python2.4/site-packages/trac/web/auth.py", line 86, in get_navigation_items
    if req.authname and req.authname != 'anonymous':
  File "/usr/lib/python2.4/site-packages/trac/web/api.py", line 169, in __getattr__
    value = self.callbacks[name](self)
  File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 131, in authenticate
    authname = authenticator.authenticate(req)
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 381, in wrap
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 392, in authenticate
  File "/usr/lib/python2.4/site-packages/trac/web/auth.py", line 70, in authenticate
    authname = self._get_name_for_cookie(req, req.incookie['trac_auth'])
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 456, in _get_name_for_cookie
AttributeError: 'Environment' object has no attribute 'secure_cookies'

05/06/10 19:55:24 changed by anatoly techtonik <techtonik@gmail.com>

What version of Trac and Account Manager do you use? secure_cookies were added in 0.11.2

05/09/10 00:02:59 changed by anonymous

  • status changed from reopened to closed.
  • resolution set to fixed.

05/09/10 00:03:10 changed by anonymous

This is working fine.

05/17/10 17:27:25 changed by Ben

Is that 'patch' included in the newest version? I'm using TracAccountManager? 0.2.1dev-r7163 and doesn't find this option...

06/15/10 18:32:22 changed by hans@uprev.com

I'm running Trac 0.11.7, with TracAccountManager? 0.2.1dev-r7731 I don't see a "Remember me" checkbox on the login page. Do I need to change some settings to enable this?

Comment #40 says it was commited in r7720, so it should be included in the version I have right?

Add/Change #131 ([Patch] "Remember me")




Change Properties
Action