Modify

Opened 9 years ago

Closed 8 years ago

Last modified 4 years ago

#3598 closed defect (worksforme)

XmlRpcPlugin doesn't work with AccountManagerPlugin.LoginModule

Reported by: anonymous Owned by: Alec Thomas
Priority: normal Component: XmlRpcPlugin
Severity: normal Keywords: XmlRpc AccountManager LoginModule
Cc: radist-hack@…, Olemis Lang Trac Release: 0.11

Description

I've installed both, disabled native trac's LoginModule and configured apache to use http authentication in /trac/[^/]+/login/xmlrpc only (but not in /trac/[^/]+/login) to use AccountManagerPlugin.LoginModule's login form. But xmlrpc client (VSTrac) returned 'Forbidden' error. I tried to configure apache to send authentication request for /trac/[^/]+/login, but achieved nothing except http-authentication in web-interface instead of html-form-based authentication (i.e., VSTrac still said 'Forbidden').


I don't know whether is this XmlRpcPlugin, or AccountManagerPlugin.LoginModule defect, or even trac's plugin api design defect. But it seems, AccountManagerPlugin.LoginModule accepts http-authentication, so I think, the problem is located in XmlRpcPlugin.

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by Odd Simon Simonsen

Resolution: worksforme
Status: newclosed

As the XmlRpcPlugin docs (ie. wiki page) says, AccountManagerPlugin replaces authentication to use a forms-based login. Add HttpAuthPlugin to your list of plugins to help correct this for special needs like xmlrpc.

comment:2 in reply to:  1 Changed 4 years ago by Olemis Lang

Replying to osimons:

As the XmlRpcPlugin docs (ie. wiki page) says, AccountManagerPlugin replaces authentication to use a forms-based login. Add HttpAuthPlugin to your list of plugins to help correct this for special needs like xmlrpc.

JFTR , in recent versions of AccountManagerPlugin the only thing that is needed is to insert in TracIni

[account-manager]
environ_auth_overwrite = false

... and setup web server HTTP auth to force valid user for /login/.* paths . Nevertheless this will not work if you are running TracStandalone server because path to /login form will be matched and HTTP authentication enforced as well .

comment:3 Changed 4 years ago by Olemis Lang

Cc: Olemis Lang added

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Alec Thomas.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.