wiki:AccountManagerPlugin

Version 100 (modified by hasienda, 4 years ago) (diff)

own milestone "i18n support" reached - finally :-)

ToDo

News

17-Oct-2010
more bug squashing, and i18n support has been introduced to trunk (open: 46)
09-Oct-2010
Growing number of long-standing issues resolved, prepare for a maintenance release based on current trunk (open: 61)
28-Sep-2010
Maintainership handed over from pacopablo to hasienda
26-Sep-2010
Starting ticket list cleanup and triaging (open: 96)

Account Manager Plugin

Description

The AccountManagerPlugin offers several features for managing user accounts:

  • allow users to register new accounts
  • login via an HTML form instead of using HTTP authentication
  • allow existing users to change their passwords or delete their accounts

These features are new in the plugin for Trac 0.10.

  • send a new password to users who’ve forgotten their password
  • administration of user accounts

Bugs/Feature Requests

Existing bugs and feature requests for AccountManagerPlugin are available from Trac-Hacks ticket system.

If you have any issues that is not found in existing tickets, create a new ticket, please.

You do wonder, if you could contribute here? Great! There are some recommendations, where to start.

Install

First make sure you’ve installed setuptools. Make sure you have a version >= 0.6c9, since previous versions contain a bug which makes the installation fail. xccx Then you can install the plugin using the easy_install application.

Note: Windows users will need to add easy_install to their PATH.

For Trac 0.9:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.9

For Trac 0.10:

Install the trac:WebAdmin plugin.

Then install this plugin:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10

For Trac 0.11

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.11

For Trac 0.12:

easy_install https://trac-hacks.org/svn/accountmanagerplugin/trunk

If you are using the tracd standalone server or Apache 2.2.x you will need to restart it to detect the plugin.

Source

Browse the source

Subversion Checkout (depends on your Trac version):

svn co http://trac-hacks.org/svn/accountmanagerplugin/0.9
svn co http://trac-hacks.org/svn/accountmanagerplugin/0.10
svn co http://trac-hacks.org/svn/accountmanagerplugin/0.11
svn co http://trac-hacks.org/svn/accountmanagerplugin/trunk

Downloads:

Components

In order to use the features of the AccountManager you will need to enable some or all of its components.

The easiest way to enable the components is via the trac:WebAdmin plugin. Users logged in with the TRAC_ADMIN permission will be able to manage the enabled components:

screenshot of components web admin

Components can also be enabled or disabled in the trac.ini file under the [components] section. For example to enable the login form and disable user registration:

[components]
trac.web.auth.LoginModule = disabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.web_ui.RegistrationModule = disabled

Hint: Option names are written in CamelCase style notation, but will get (re-)written all-lowercase, if added/updated via the Trac admin web-UI. Anyway, case doesn't really matter here.

The available components are described below.

AccountManager

Package
acct_mgr.api

This is the core of this plugin. This component must be enabled to use any of the other components.

Additionally one or more sources for storing authentication information are required:

There's even some information on how to get not-yet-implemented LDAP authentication.

AccountManagerAdminPage

Package
acct_mgr.admin

Note: This component requires Trac 0.10 or later

This component adds a new page to the trac:WebAdmin section for managing user accounts. It requires the TRAC_ADMIN permission to access.

[components]
acct_mgr.admin.AccountManagerAdminPage = enabled

screenshot of account administration

AccountModule

Package
acct_mgr.web_ui

Allows users to change their password, or delete their account. When logged in it will appear as a tab “Account” after clicking the “Preferences” link.

[components]
acct_mgr.web_ui.AccountModule = enabled

New for Trac 0.10: When used in combination with the LoginModule it adds a link to the login page “Forgot your password?” where users can reset their password if they’ve forgotten it. You will need to have your SMTP server information configured in your trac.ini for the “Forgot your password?” link to show up and enable AccountChangeListener:

[components]
acct_mgr.notification.accountchangelistener = enabled

To disable just the password reset functionality add the following line to the [account-manager] section:

[account-manager]
reset_password = False

New for Trac 0.11: When a user resets their password they will be required to change their password on the next successful login. This can be disabled via the trac.ini by setting:

[account-manager]
force_passwd_change = false

LoginModule

Package
acct_mgr.web_ui

Warning: this module is not supported using the tracd stand-alone server on Trac 0.9. It either needs Trac 0.10 or later, or an external webserver such as Apache.

Allows users to login via a HTML form instead of using HTTP authentication.

[components]
acct_mgr.web_ui.LoginModule = enabled

screenshot of login form

Disable HTTP authentication

To use the AccountManager’s form-based login system instead, add this your trac.ini:

[components]
trac.web.auth.LoginModule = disabled 

When using the tracd server be sure not to use the --auth or --basic-auth options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use the HTML form.

If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like:

<Location /trac/login>
   # Some options like AuthType and AuthUserFile
   Require valid-user
</Location>

Deleting or commenting the Require valid-user line should be sufficient to disable HTTP authentication. After you’ve tested it you can probably delete or comment out the rest of the authentication options. In some pre-bundled packages as Bitnami Trac you will find it inside an apache configuration extension as trac.conf (BitnamiTrac\trac\conf\trac.conf)

RegistrationModule

Package
acct_mgr.web_ui

Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.

[components]
acct_mgr.web_ui.RegistrationModule = enabled

screenshot of registration page

Warning: You must enable one of the password storage modules for the Registration Module to work.

Note: You must not enable ignore_auth_case in trac.ini as otherwise this module won’t work.

EmailVerificationModule

Package
acct_mgr.web_ui

If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:

[components]
acct_mgr.web_ui.EmailVerificationModule = enabled

Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users). Update: After changeset [9304] ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure.

This has been added as a strict requirement now as suggested by ticket #5509 to trunk code with changeset [9277], but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions.

Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option

[account-manager]
verify_email = false

for switching this off easily, to restore the old behavior of AccountManagerPlugin by default, is available since changeset [9304] as well.

Post Setup/Configuration

In order to use the Account Manager plugin, while logged in as a user with TRAC_ADMIN rights, use the new “Admin” link on the menubar.

Once in, you might want to enable the permissions to allow the “authenticated” user group permissions. For instance, if you remove the anonymous group from TICKET_MODIFY, and WIKI_MODIFY, and add the “authenticated” group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.

Recent Changes

[14278] by hasienda on 2014-11-17 22:27:03
AccountManagerPlugin: Save max items setting for user list pager to preferences, refs #11879.
[14277] by hasienda on 2014-11-17 07:16:13
AccountManagerPlugin: Remove compatibility class, refs #11469.

Actually ConfigurationError has already been available in Trac 0.10, so
the compatibility code from [14274] is obsolete and removed, effectively
reverting to the originally proposed changes.

Thanks to Ryan J Ollos for initial report as well as for reviewing most of
my changes.

[14276] by hasienda on 2014-11-16 21:37:32
AccountManagerPlugin: Don't notify users other than these in 'account_changes_notify_addresses' option, refs #8796.

Thanks to Arthur for proposing the change to fix this issue.

Author/Contributors

Author: mgood
Maintainer: hasienda
Contributors: coderanger, crocea, manski, mrelbe, otaku42, pacopablo, s0undt3ch

Attachments (9)

Download all attachments as: .zip