Obscure authentication scheme
|Reported by:||techtonik||Owned by:|
This is a reply to comment:21:ticket:8545:
A good fix will require documenting authentication process properly, covering two user stories.
- How does Trac detects authenticated users internally?
- How different components authenticate users at the same time?
The next step is decouple REMOTE_USER (external auth) from Trac Auth plugins (internal auth) and provide internal auth API that will solve the following problems:
- check if user is already authenticated
- authenticate user
- audit authentication process
- skip authentication if 1. is true