Modify ↓
Opened 12 years ago
Last modified 4 years ago
#10827 new defect
Obscure authentication scheme
Reported by: | anatoly techtonik | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | AccountManagerPlugin |
Severity: | normal | Keywords: | authentication API |
Cc: | Trac Release: | 0.11 |
Description
This is a reply to comment:21:ticket:8545:
The #10826 is a proof that while implemented solution in #8545 might fix some problems it is still a hack.
A good fix will require documenting authentication process properly, covering two user stories.
- How does Trac detects authenticated users internally?
- How different components authenticate users at the same time?
The next step is decouple REMOTE_USER (external auth) from Trac Auth plugins (internal auth) and provide internal auth API that will solve the following problems:
- check if user is already authenticated
- authenticate user
- audit authentication process
- skip authentication if 1. is true
Attachments (0)
Change History (3)
comment:1 Changed 12 years ago by
Cc: | Ryan J Ollos added; anonymous removed |
---|---|
Keywords: | authentication API added |
Trac Release: | → 0.11 |
comment:2 Changed 8 years ago by
Owner: | Steffen Hoffmann deleted |
---|
comment:3 Changed 4 years ago by
Cc: | Ryan J Ollos removed |
---|
Note: See
TracTickets for help on using
tickets.
Replying to techtonik:
Oh, patch welcome.
Why? It'll require to understand, sure. But documenting Trac's authentication belongs into Trac's own Wiki. Setting Trac standards is a core development thing as well, and will not resolve issues with existing Trac versions anyway.
Clearly whatever deficiencies you see behind those requirements, I will not accept them as defect for this plugin, maybe as enhancement. OTOH I agree, that setting (better) standards is a good thing, and pushing Trac development is a noble task. Btw, you're free to contribute more/better wiki documentation at a suitable place, even more if you're able to give good advise.
Hm, I consider Trac plugins 'external' to Trac core as well, not only web-servers, xmlrpclib and others. AccountManagerPlugin just wraps itself tightly around Trac core code, because its not easy to hook into it by other means.
Especially the meaning of 3 is not clear to me here. 4 should be easy, if we have consensus that is should work like this.