Integrate login-related plugins

[Noah Kantrowitz]

We clearly have too many implementations of alternate login mechanisms:

• AccountManagerPlugin
• AuthFormPlugin
• DbAuthPlugin

Given that Matt has made an extension point for this kind of thing, I propose that we merge both AuthForm and DbAuth into AccountManager.

[Brad Anderson]

Whoops, didn't see this ticket before I added #174, #175, #176. I'm all for the merge.

[Matt Good]

Yeah, I was going to bring that up when I saw DbAuthPlugin mentioned on the mailing list. Patches are welcome. The HTTP authentication used by AuthFormPlugin should be possible for validating users, though it won't be possible to implement the methods for listing/editing users.

[adeason@…]

I don't think AuthFormPlugin needs to be integrated with Db/AccountManager. The idea behind it is that you can use any kind of HTTP authentication method to use with it, and doesn't need to be managed by Trac. You could use any Apache module to auth off of Kerberos or LDAP or MySQL or whatever (or write some CGI to write your own). You could have a Trac module to manage accounts in a database and use that for HTTP auth with AuthForm, but they are still definitely separate things.

[Matt Good]

adeason@…: the point is that the AccountManagerPlugin also supports form-based authentication, so it's kind of redundant. As I said, the HTTP authentication could be added to AccountManager, so it's not necessary to keep it as a separate plugin.

[Matt Good]

(In [1534]) * add an HttpAuthStore to support logins by checking the password against

HTTP authentication for a URL (re #173)

• update the modules to check whether the current password store supports writing passwords or deleting accounts

[Mikhail Gusarov]

OpenidPlugin is another authentication plugin which can be integrated.

[anonymous]

Replying to Mikhail Gusarov <dottedmag@dottedmag.net>:

OpenidPlugin is another authentication plugin which can be integrated.

Openid is pretty cool and I'm considering using it for one of my sites, but I don't think the OpenidPlugin will benefit from being part of the AccountManagerPlugin. The OpenidPlugin doesn't fit into any of the interfaces provided by the AccountManagerPlugin since it's very different from the username/password backends supported by the AccountManager. I don't really see any place they overlap, so I think it's best if they remain separate.

[Matt Good]

Oops, that "anonymous" was me.

[Mikhail Gusarov]

Then OpenIdPlugin and AccountManager plugin will be incompatible forever. I think it's possible to refactor AccountManagerPlugin a bit to separate account from the credentials, and then associate account with multiple types of credentials (password, SSL cert, OpenId identity etc).

[Matt Good]

Replying to Mikhail Gusarov <dottedmag@dottedmag.net>:

I think it's possible to refactor AccountManagerPlugin a bit to separate account from the credentials, and then associate account with multiple types of credentials (password, SSL cert, OpenId identity etc).

That's beyond the scope of this ticket. This ticket is just meant to address the overlap between the several plugins that all implemented basically the same username/password style login forms. If you have some needs for integrating the Openid and AccountManager plugins please open a new ticket for that.

[Steffen Hoffmann]

I there still something to be done? Given the low interest within the past 4(!) years this is somewhat hard to believe.

[Steffen Hoffmann]

Replying to mgood:

Replying to Mikhail Gusarov <dottedmag@dottedmag.net>:

I think it's possible to refactor AccountManagerPlugin a bit to separate account from the credentials, and then associate account with multiple types of credentials (password, SSL cert, OpenId identity etc).

That's beyond the scope of this ticket. This ticket is just meant to address the overlap between the several plugins that all implemented basically the same username/password style login forms. If you have some needs for integrating the !Openid and AccountManager plugins please open a new ticket for that.

Right, I'll follow that approach. The initial request has been fulfilled, since the other plugins in question are currently depreciated in favor of AccountManagerPlugin.

[Steffen Hoffmann]

#1061 might have been open as this new ticket. I've taken care to mention this ticket there. Nothing more to be done here, as far as I can see.