- mid-term: release acct_mgr-0.5, fork afterwards, especially to switch support to Trac (1.0) db API
- Maintenance release acct_mgr-0.4.3 with important fix for AccountGuard - for Trac 0.11 .. 1.0 (open: 50)
- Stable release acct_mgr-0.4 (open: 39)
- Plug-able registration process using new IAccountRegistrationInspector interface (open: 74)
- Stable release acct_mgr-0.3 (open: 36)
- Starting ticket list cleanup and triaging (open: 96)
Account Manager Plugin
The AccountManagerPlugin offers features for managing user accounts and more:
- enable authentication through a number of built-in authentication resources and some more by 3rd party extensions
- allow users to register new accounts
- login via an HTML form instead of using HTTP authentication
- allow existing users to change their passwords, even delete their accounts
These features are new in the plugin for Trac 0.10.
- send a new password to users who’ve forgotten their password
- administration of user accounts
These features are new in the plugin for Trac 0.11 and later
- login failure tracking and rule based account locking (temporary or permanent lock)
- per-account details admin page
- password hash refresh and store migration on user login
- i18n support (requires Trac 0.12 or later)
- account meta-data listing from Trac db table session_attribute, with cleanup option
- Single-Sign-On functionality for applications with multiple Trac environments per domain/host
- mostly account-/user-related WikiMacros
You do wonder, if you could contribute here? Great! There are some recommendations, where to start.
In any case, please respect our rules for contributions, that are enforced for this plugin as of 01-Dec-2012.
First make sure you’ve installed setuptools. Make sure you have a version >= 0.6c9, since previous versions contain a bug which makes the installation fail. Then you can install the plugin using the easy_install application.
Note: Windows users will need to add easy_install to their PATH.
Release Status, Downloads and Source
|Stable Version||easy_install https://trac-hacks.org/svn/accountmanagerplugin/tags/acct_mgr-0.4.3||download||subversion|
|Under Development||easy_install https://trac-hacks.org/svn/accountmanagerplugin/trunk||download||subversion|
Which version is best you? Likely the stable release, if not explicitly told otherwise. It works for any release starting from Trac 0.11 to 1.1.1.
Browse the source with Trac to see more. I.e. there is the /tags branch containing latest stable as well as previous plugin revisions by version tag. For Subversion checkout use svn co <url> with appropriate URL (i.e. see links above).
Code from branches suggesting the corresponding Trac version is available too, and it is in sync with tagged versions. But there is no 0.12, and it will never be. Code from 0.11 branch works equally well for all Trac starting from 0.11 up to Trac 1.0 (current stable). Once we'll get to acct_mgr-0.6 there will be a 1.0 folder indicating 'for Trac 1.0 or later'.
Only if you inherited a really old install, the obsolete 0.10 branch could still be interesting.
Hint: Whether you are using tracd standalone server or a web-server, you must restart it to detect and load the plugin.
On upgrades from previous plugin versions please see the README.update file included in the source.
About i18n/l10n support
Starting with acct_mgr-0.3 this plugin has been prepared for localization.
But English message texts are still the (POSIX) default. If this isn't your preferred language, you can
- look, if it's already available from the Trac plugin l10n project at Transifex or
- do it yourself (see the l10n cookbook page for Trac plugins for more details).
Top translations: Trac_Plugin-L10N » acct_mgr-messages
Preparing the plugin from source requires no additional steps for compiling message catalog files. Only to include translations marked as # fuzzy by the translator, you'll want to do a manual message catalog compilation with the extra -f argument before packaging:
cd accountmanagerplugin/ python ./setup.py compile_catalog -f python ./setup.py bdist_egg
Complaints about missing locale directory are often a side-effect of failure to compile any message catalog for inclusion into Python egg, hence the whole path is missing. Due to a know Trac issue Babel has to be installed prior to Trac, to get it all working as expected.
Again, for more details see the l10n cookbook page for Trac plugins.
In order to use the features of the AccountManager you will need to enable some or all of its components. The available components are mentioned here, but are described in greater details on separate pages linked below.
|AccountManager||This holds core code of this plugin.||This component must be enabled to use any of the other components. See details.|
|AccountManagerAdminPanel1||This component adds new pages to the web admin section.||The admin part for managing related parts of Trac's configuration2 should be an important part of what you're expecting. See details.|
|AccountModule||Allows users to manage their account3 via tab “Account” in users “Preferences”.||The user accessible part, might be required or even forbidden depending on your use case. See details.|
|LoginModule||Allows users to login via a HTML form instead of using HTTP authentication.||Replace Trac's own login module for an alternative to Simple HTTP Authentication, but only one can be enable at a time. See details.|
|AccountGuard||This component adds login failure tracking and administrative account locking.||Use it as part of your security policy to protect against brute-force attacks on user passwords. See details.|
|RegistrationModule||It adds a “Register” link on metanav4.||Enable users to register a new account with a configurable procedure. See details.|
|EmailVerificationModule||An new email address will trigger an email with a verification code to enter, to approve it is really users own email address, and user account privileges cut down until successful verification.||Implement a verification process for added or changed email addresses, if required. See details.|
1 Name in acct_mgr-0.3 was AccountManagerAdminPage. If you are upgrading to acct_mgr-0.4 from an earlier version, and this feature was enabled using acct_mgr.admin.AccountManagerAdminPages, this feature will now be disabled until it is enabled using acct_mgr.admin.AccountManagerAdminPanel.
2 Found in trac.ini
3 Change their password, or even delete their account, if permission granted by appropriate configuration
4 Same menu bar as the “Login” link
The easiest way to learn about available components and enable them is via Trac's plugin admin page (before Trac 0.11 this has been a separate trac:WebAdmin plugin). Users logged in with the TRAC_ADMIN permission will be able to manage the enabled components:
Components can also be enabled or disabled in the trac.ini file under the [components] section.
You might feel overwhelmed by component dependencies, the number of options and their relation to components. This is a known issue, but is currently worked on, see #8930.
Meanwhile configuration cookbook is the single most recommended place to look for examples of basic configurations and more.
In order to use the AccountManager plugin, while logged in as a user owning TRAC_ADMIN rights, use the “Admin” link on the menubar.
You might want to change some permission assignments. For instance, if you remove TICKET_MODIFY and WIKI_MODIFY permission from the “anonymous“ group and add it to the “authenticated” group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.
TRAC_ADMIN is not strictly required for access to account administration pages provided by AccountManager. The ACCTMGR_* permissions are sufficient, and should even be preferred where appropriate, i.e. to limit delegation of administrative tasks to just account administration by granting ACCTMGR_USER_ADMIN.
Thanks to Thomas Moschny for providing the suggestion and an initial patch.
Fixing a critical implementation issue, where on user ID change the new account has been created with empty password, and subsequent password reset would have added an alternative random password instead of replacing the initial password due to prior improvements of the password reset procedure.
New options permit
- migration to existing accounts - found to be essential for users with write-protected password stores, for setups of multiple Trac environments with shared password store(s) or as workaround for missing password reset
- preserving passwords in general for users in SessionStore or specifically when migrating to an existing account (for users in any password store)
- retaining login data of previous account - again essential for migrating one user ID in multiple Trac environments with shared password store(s)
Special processing of Trac db table session_attribute has been required, replacing the corresponding user ID changer component.
- components-admin.png (82.0 kB) -
screenshot of components web admin, added by mgood on 08/04/06 22:47:00.
- account-manager-admin.png (39.1 kB) -
screenshot of account administration, added by mgood on 08/06/06 22:22:53.
- login-form.png (4.4 kB) -
screenshot of login form, added by mgood on 08/06/06 23:04:00.
- register.png (5.6 kB) -
screenshot of registration page, added by mgood on 08/06/06 23:09:57.
- my-account.png (7.5 kB) - added by mgood on 08/06/06 23:35:46.
- reset-password.png (8.2 kB) - added by mgood on 08/06/06 23:36:13.
- account-manager-admin_v0.4.png (75.3 kB) -
screenshot of account administration - v 0.4, added by hasienda on 08/27/11 15:20:34.
- transifex_acct_mgr-messages_v0.3.png (15.8 kB) -
coverage of translations per language for v0.3, added by hasienda on 08/27/11 15:59:06.
- components-admin_acct_mgr-0.4.png (175.3 kB) -
screenshot of components admin page - v0.4, added by hasienda on 12/06/12 01:30:41.