Modify

Opened 6 years ago

Closed 5 years ago

Last modified 15 months ago

#3598 closed defect (worksforme)

XmlRpcPlugin doesn't work with AccountManagerPlugin.LoginModule

Reported by: anonymous Owned by: athomas
Priority: normal Component: XmlRpcPlugin
Severity: normal Keywords: XmlRpc AccountManager LoginModule
Cc: radist-hack@…, olemis Trac Release: 0.11

Description

I've installed both, disabled native trac's LoginModule and configured apache to use http authentication in /trac/[^/]+/login/xmlrpc only (but not in /trac/[^/]+/login) to use AccountManagerPlugin.LoginModule's login form. But xmlrpc client (VSTrac) returned 'Forbidden' error. I tried to configure apache to send authentication request for /trac/[^/]+/login, but achieved nothing except http-authentication in web-interface instead of html-form-based authentication (i.e., VSTrac still said 'Forbidden').


I don't know whether is this XmlRpcPlugin, or AccountManagerPlugin.LoginModule defect, or even trac's plugin api design defect. But it seems, AccountManagerPlugin.LoginModule accepts http-authentication, so I think, the problem is located in XmlRpcPlugin.

Attachments (0)

Change History (3)

comment:1 follow-up: Changed 5 years ago by osimons

  • Resolution set to worksforme
  • Status changed from new to closed

As the XmlRpcPlugin docs (ie. wiki page) says, AccountManagerPlugin replaces authentication to use a forms-based login. Add HttpAuthPlugin to your list of plugins to help correct this for special needs like xmlrpc.

comment:2 in reply to: ↑ 1 Changed 15 months ago by olemis

Replying to osimons:

As the XmlRpcPlugin docs (ie. wiki page) says, AccountManagerPlugin replaces authentication to use a forms-based login. Add HttpAuthPlugin to your list of plugins to help correct this for special needs like xmlrpc.

JFTR , in recent versions of AccountManagerPlugin the only thing that is needed is to insert in TracIni

[account-manager]
environ_auth_overwrite = false

... and setup web server HTTP auth to force valid user for /login/.* paths . Nevertheless this will not work if you are running TracStandalone server because path to /login form will be matched and HTTP authentication enforced as well .

comment:3 Changed 15 months ago by olemis

  • Cc olemis added

Add Comment

Modify Ticket

Action
as closed The owner will remain athomas.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.