| 1 | [[PageOutline(2-5,Contents,pullout)]] |
| 2 | |
| 3 | == !LoginModule == |
| 4 | '''Package''':: acct_mgr.web_ui |
| 5 | |
| 6 | Allows users to login via a HTML form instead of using HTTP authentication. |
| 7 | |
| 8 | [[Image(AccountManagerPlugin:login-form.png)]] |
| 9 | |
| 10 | === Configuration === |
| 11 | To use the AccountManager’s HTML form, you need to explicitly disable Trac's own HTTP authentication module. To do so add this your trac.ini or find and modify existing lines accordingly: |
| 12 | |
| 13 | {{{ |
| 14 | #!cfg |
| 15 | [components] |
| 16 | acct_mgr.web_ui.LoginModule = enabled |
| 17 | |
| 18 | trac.web.auth.LoginModule = disabled |
| 19 | }}} |
| 20 | |
| 21 | When using the [trac:TracStandalone tracd] server be sure '''not''' to use the `--auth` or `--basic-auth` options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use AccountManagerPlugin's HTML form. |
| 22 | |
| 23 | If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like: |
| 24 | |
| 25 | {{{ |
| 26 | <Location /trac/login> |
| 27 | # Some options like AuthType and AuthUserFile |
| 28 | Require valid-user |
| 29 | </Location> |
| 30 | }}} |
| 31 | |
| 32 | Deleting or commenting the `Require valid-user` line should be sufficient to disable HTTP authentication. After you’ve tested it, you can probably delete or comment out the rest of the authentication options. In some pre-bundled packages as Bitnami Trac you will find it inside an apache configuration extension as trac.conf (!BitnamiTrac\trac\conf\trac.conf) |
| 33 | |
| 34 | === Compatibility === |
| 35 | requires Trac >= 0.10 |
| 36 | To use this module with [trac:TracStandalone tracd] stand-alone server you'll need Trac 0.10 or later version, or an external webserver such as Apache. |
| 37 | |
| 38 | ---- |
| 39 | |
| 40 | == !RegistrationModule == |
| 41 | '''Package''':: acct_mgr.web_ui |
| 42 | |
| 43 | Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link. |
| 44 | |
| 45 | [[Image(AccountManagerPlugin:register.png)]] |
| 46 | |
| 47 | === Configuration === |
| 48 | {{{ |
| 49 | #!cfg |
| 50 | [components] |
| 51 | acct_mgr.web_ui.RegistrationModule = enabled |
| 52 | }}} |
| 53 | |
| 54 | {{{ |
| 55 | #!div class="important" |
| 56 | '''Warning:''' You must enable one of the [wiki:AccountManagerPlugin/AuthStores password storage modules] for the Registration Module to work. |
| 57 | }}} |
| 58 | '''Note:''' You must not enable `ignore_auth_case` in `trac.ini` as otherwise this module won’t work. [''Update:'' This doesn't apply to `trunk` branch anymore. Use a revision at changeset [9286] or later to lift this limitation.] |
| 59 | |
| 60 | ---- |
| 61 | |
| 62 | == !EmailVerificationModule == |
| 63 | '''Package''':: acct_mgr.web_ui |
| 64 | |
| 65 | If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address: |
| 66 | |
| 67 | === Configuration === |
| 68 | {{{ |
| 69 | #!cfg |
| 70 | [components] |
| 71 | acct_mgr.web_ui.EmailVerificationModule = enabled |
| 72 | }}} |
| 73 | |
| 74 | Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of ''authenticated'' users). ''Update:'' After changeset [9304] ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure. |
| 75 | |
| 76 | This '''has been added as a strict requirement now''' as suggested by ticket #5509 to `trunk` code with changeset [9277], but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions. |
| 77 | |
| 78 | Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option |
| 79 | {{{ |
| 80 | #!cfg |
| 81 | [account-manager] |
| 82 | verify_email = false |
| 83 | }}} |
| 84 | for switching this off easily, to restore the old behavior of AccountManagerPlugin by default, is available since changeset [9304] as well. |