|Version 4 (modified by 6 years ago) (diff),|
This holds core code of this plugin. This component must be enabled to use any of the other components.
Additionally one or more sources for storing authentication information are required:
There's even some information on how to get not-yet-implemented LDAP authentication.
This component adds new pages to the trac:WebAdmin section for managing user accounts:
- admin/accounts/config - basic configuration, i.e. AuthStore activation and ordering
- admin/accounts/details - upcoming
- admin/accounts/notification - AccountManager change notification settings
- admin/accounts/users - user account listing with some management functions, i.e. add/delete accounts, change password, etc.
It requires the
TRAC_ADMIN permission to access.
Update: A more granular set of permissions has been introduced with changeset  and TRAC_ADMIN is not required anymore.
[components] acct_mgr.admin.AccountManagerAdminPage = enabled
requires Trac >= 0.10
Allows users to change their password, or delete their account. When logged in it will appear as a tab “Account” after clicking the “Preferences” link.
[components] acct_mgr.web_ui.AccountModule = enabled
Since Trac 0.10: When used in combination with the LoginModule it adds a link to the login page “Forgot your password?” where users can reset their password if they’ve forgotten it. You will need to have your SMTP server information configured in your
trac.ini for the “Forgot your password?” link to show up and enable AccountChangeListener:
[components] acct_mgr.notification.accountchangelistener = enabled
To disable just the password reset functionality add the following line to the
[account-manager] reset_password = False
Since Trac 0.11: When a user resets their password they will be required to change their password on the next successful login. This can be disabled via the
trac.ini by setting:
[account-manager] force_passwd_change = false
Allows users to login via a HTML form instead of using HTTP authentication.
To use the AccountManager’s HTML form, you need to explicitly disable Trac's own HTTP authentication module. To do so add this your trac.ini or find and modify existing lines accordingly:
[components] acct_mgr.web_ui.LoginModule = enabled trac.web.auth.LoginModule = disabled
When using the tracd server be sure not to use the
--basic-auth options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use AccountManagerPlugin's HTML form.
If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like:
<Location /trac/login> # Some options like AuthType and AuthUserFile Require valid-user </Location>
Deleting or commenting the
Require valid-user line should be sufficient to disable HTTP authentication. After you’ve tested it, you can probably delete or comment out the rest of the authentication options. In some pre-bundled packages as Bitnami Trac you will find it inside an apache configuration extension as trac.conf (BitnamiTrac\trac\conf\trac.conf)
requires Trac >= 0.10
trunk - add administrative account locking to protect against brute-force attacks on user passwords
Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.
[components] acct_mgr.web_ui.RegistrationModule = enabled
Warning: You must enable one of the password storage modules for the Registration Module to work.
Note: You must not enable
trac.ini as otherwise this module won’t work. [Update: This doesn't apply to
trunk branch anymore. Use a revision at changeset  or later to lift this limitation.]
If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:
[components] acct_mgr.web_ui.EmailVerificationModule = enabled
Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users). Update: After changeset  ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure.
This has been added as a strict requirement now as suggested by ticket #5509 to
trunk code with changeset , but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions.
Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option
[account-manager] verify_email = false
login-form_v0.3_custom.png (6.8 KB) - added by 6 years ago.
screenshot of login form - v0.3 with custom style
acct_mgr-admin_acct-details_v0.3.png (84.3 KB) - added by 6 years ago.
account details admin page with failed login attempts
acct_mgr_with_acct-guard_login-failure_v0.3.png (18.4 KB) - added by 6 years ago.
account manager login page when hitting temporary account lock condition on login failure
acct_mgr_with_acct-guard_login-success_v0.3.png (35.2 KB) - added by 6 years ago.
failed login attemps display after successful login
Download all attachments as: .zip