wiki:AccountManagerPlugin

Version 155 (modified by hasienda, 18 months ago) (diff)

change download section to tagged release, rephrasing the meaning of available branches too

ToDo

News

14-Feb-2013
Maintenance release acct_mgr-0.4.3 with important fix for AccountGuard - for Trac 0.11 .. 1.0 (open: 50)
01-Dec-2012
Stable release acct_mgr-0.4 (open: 39)
11-Aug-2012
Plug-able registration process using new IAccountRegistrationInspector interface (open: 74)
07-Jul-2011
Stable release acct_mgr-0.3 (open: 36)
26-Sep-2010
Starting ticket list cleanup and triaging (open: 96)

Account Manager Plugin

Description

The AccountManagerPlugin offers features for managing user accounts and more:

  • enable authentication through a number of built-in authentication resources and some more by 3rd party extensions
  • allow users to register new accounts
  • login via an HTML form instead of using HTTP authentication
  • allow existing users to change their passwords, even delete their accounts

These features are new in the plugin for Trac 0.10.

  • send a new password to users who’ve forgotten their password
  • administration of user accounts

These features are new in the plugin for Trac 0.11 and later

  • login failure tracking and rule based account locking (temporary or permanent lock)
  • per-account details admin page
  • password hash refresh and store migration on user login
  • i18n support (requires Trac 0.12 or later)
  • account meta-data listing from Trac db table session_attribute, with cleanup option
  • Single-Sign-On functionality for applications with multiple Trac environments per domain/host
  • mostly account-/user-related WikiMacros

Bugs/Feature Requests

Existing bugs and feature requests for AccountManagerPlugin are here.

If you have any issues that is not found in existing tickets, create a new ticket, please.

You do wonder, if you could contribute here? Great! There are some recommendations, where to start.

In any case, please respect our rules for contributions, that are enforced for this plugin as of 01-Dec-2012.

Install

Prerequisites

First make sure you’ve installed setuptools. Make sure you have a version >= 0.6c9, since previous versions contain a bug which makes the installation fail. Then you can install the plugin using the easy_install application.

Note: Windows users will need to add easy_install to their PATH.

Release Status, Downloads and Source

Stable Version easy_install https://trac-hacks.org/svn/accountmanagerplugin/tags/acct_mgr-0.4.3 download subversion
Under Development easy_install https://trac-hacks.org/svn/accountmanagerplugin/trunk download subversion

Which version is best you? Likely the stable release, if not explicitly told otherwise. It works for any release starting from Trac 0.11 to 1.1.1.

Browse the source with Trac to see more. I.e. there is the /tags branch containing latest stable as well as previous plugin revisions by version tag. For Subversion checkout use svn co <url> with appropriate URL (i.e. see links above).
Code from branches suggesting the corresponding Trac version is available too, and it is in sync with tagged versions. But there is no 0.12, and it will never be. Code from 0.11 branch works equally well for all Trac starting from 0.11 up to Trac 1.0 (current stable). Once we'll get to acct_mgr-0.6 there will be a 1.0 folder indicating 'for Trac 1.0 or later'.
Only if you inherited a really old install, the obsolete 0.10 branch could still be interesting.

Hint: Whether you are using tracd standalone server or a web-server, you must restart it to detect and load the plugin.

On upgrades from previous plugin versions please see the README.update file included in the source.

About i18n/l10n support

Starting with acct_mgr-0.3 this plugin has been prepared for localization.
But English message texts are still the (POSIX) default. If this isn't your preferred language, you can

  1. look, if it's already available from the Trac plugin l10n project at Transifex or
  2. do it yourself (see the l10n cookbook page for Trac plugins for more details).

You've done a new translation? Superb! Contributing your translation is highly appreciated.
You could send it to the plugin's maintainer or contribute to Trac plugin l10n project via Transifex:

Top translations: Trac_Plugin-L10N » acct_mgr-messages

translation coverage - stable release http://www.transifex.net/projects/p/Trac_Plugin-L10N/resource/acct_mgr-messages/chart/image_png

Left: Status for acct_mgr-0.3, right: near-sync to trunk - kindly provided by https://ds0k0en9abmn1.cloudfront.net/static/charts/images/tx-logo-micro.png

Preparing the plugin from source requires no additional steps for compiling message catalog files. Only to include translations marked as # fuzzy by the translator, you'll want to do a manual message catalog compilation with the extra -f argument before packaging:

cd accountmanagerplugin/
python ./setup.py compile_catalog -f
python ./setup.py bdist_egg

Complaints about missing locale directory are often a side-effect of failure to compile any message catalog for inclusion into Python egg, hence the whole path is missing. Due to a know Trac issue Babel has to be installed prior to Trac, to get it all working as expected.
Again, for more details see the l10n cookbook page for Trac plugins.

Setup

Components

In order to use the features of the AccountManager you will need to enable some or all of its components. The available components are mentioned here, but are described in greater details on separate pages linked below.

ComponentDescription/PurposeRecommendation
AccountManager This holds core code of this plugin. This component must be enabled to use any of the other components. See details.
AccountManagerAdminPanel1 This component adds new pages to the web admin section.The admin part for managing related parts of Trac's configuration2 should be an important part of what you're expecting. See details.
AccountModule Allows users to manage their account3 via tab “Account” in users “Preferences”. The user accessible part, might be required or even forbidden depending on your use case. See details.
LoginModule Allows users to login via a HTML form instead of using HTTP authentication. Replace Trac's own login module for an alternative to Simple HTTP Authentication, but only one can be enable at a time. See details.
AccountGuard This component adds login failure tracking and administrative account locking. Use it as part of your security policy to protect against brute-force attacks on user passwords. See details.
RegistrationModule It adds a “Register” link on metanav4. Enable users to register a new account with a configurable procedure. See details.
EmailVerificationModule An new email address will trigger an email with a verification code to enter, to approve it is really users own email address, and user account privileges cut down until successful verification. Implement a verification process for added or changed email addresses, if required. See details.

1 Name in acct_mgr-0.3 was AccountManagerAdminPage. If you are upgrading to acct_mgr-0.4 from an earlier version, and this feature was enabled using acct_mgr.admin.AccountManagerAdminPages, this feature will now be disabled until it is enabled using acct_mgr.admin.AccountManagerAdminPanel.
2 Found in trac.ini
3 Change their password, or even delete their account, if permission granted by appropriate configuration
4 Same menu bar as the “Login” link

The easiest way to learn about available components and enable them is via Trac's plugin admin page (before Trac 0.11 this has been a separate trac:WebAdmin plugin). Users logged in with the TRAC_ADMIN permission will be able to manage the enabled components:

screenshot of components admin page - v0.4

Components can also be enabled or disabled in the trac.ini file under the [components] section.

Configuration

You might feel overwhelmed by component dependencies, the number of options and their relation to components. This is a known issue, but is currently worked on, see #8930.

Meanwhile configuration cookbook is the single most recommended place to look for examples of basic configurations and more.

Post Setup/Configuration

In order to use the AccountManager plugin, while logged in as a user owning TRAC_ADMIN rights, use the “Admin” link on the menubar.

You might want to change some permission assignments. For instance, if you remove TICKET_MODIFY and WIKI_MODIFY permission from the “anonymous“ group and add it to the “authenticated” group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.

TRAC_ADMIN is not strictly required for access to account administration pages provided by AccountManager. The ACCTMGR_* permissions are sufficient, and should even be preferred where appropriate, i.e. to limit delegation of administrative tasks to just account administration by granting ACCTMGR_USER_ADMIN.

Recent Changes

[14278] by hasienda on 2014-11-17 22:27:03
AccountManagerPlugin: Save max items setting for user list pager to preferences, refs #11879.
[14277] by hasienda on 2014-11-17 07:16:13
AccountManagerPlugin: Remove compatibility class, refs #11469.

Actually ConfigurationError has already been available in Trac 0.10, so
the compatibility code from [14274] is obsolete and removed, effectively
reverting to the originally proposed changes.

Thanks to Ryan J Ollos for initial report as well as for reviewing most of
my changes.

[14276] by hasienda on 2014-11-16 21:37:32
AccountManagerPlugin: Don't notify users other than these in 'account_changes_notify_addresses' option, refs #8796.

Thanks to Arthur for proposing the change to fix this issue.

Author/Contributors

Author: mgood
Maintainer: hasienda
Contributors: coderanger, crocea, janakj, jun66j5, manski, mrelbe, otaku42, pacopablo, riggs, rjollos, s0undt3ch, lgaifax

Attachments (9)

Download all attachments as: .zip