wiki:AccountManagerPlugin

Version 41 (modified by Torben Brodt, 17 years ago) (diff)

HttpAuthStore is not available in AccountManagerPlugin for Trac 0.9

Account Manager Plugin

Description

The AccountManager offers several features for managing user accounts:

  • allow users to register new accounts
  • login via an HTML form instead of using HTTP authentication
  • allow existing users to change their passwords or delete their accounts

These features are new in the plugin for Trac 0.10.

  • send a new password to users who've forgotten their password
  • administration of user accounts

Bugs/Feature Requests

Existing bugs and feature requests for AccountManagerPlugin are here.

If you have any issues, create a new ticket.

Install

First make sure you've installed setuptools.

Then you can install the plugin using the easy_install application.

Note: Windows users will need to add easy_install to their PATH.

For Trac 0.9:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.9

For Trac 0.10:

Install the trac:WebAdmin plugin.

Then install this plugin:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10

For Trac 0.11: (and check #899 patch)

easy_install http://trac-hacks.org/svn/accountmanagerplugin/trunk

Source

Browse the source

Subversion Checkout (depends on your Trac version):

svn co http://trac-hacks.org/svn/accountmanagerplugin/0.9
svn co http://trac-hacks.org/svn/accountmanagerplugin/0.10

Components

In order to use the features of the AccountManager you will need to enable some or all of its components.

The easiest way to enable the components is via the trac:WebAdmin plugin. Users logged in with the TRAC_ADMIN permission will be able to manage the enabled components:

screenshot of components web admin

Components can also be enabled or disabled in the trac.ini file under the [components] section. For example to enable the login form and disable user registration:

[components]
trac.web.auth.LoginModule = disabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.web_ui.RegistrationModule = disabled

The available components are described below.

AccountManager

Package
acct_mgr.api

This is the core of this plugin. This components must be enabled to use any of the other components.

HtDigestStore

Package
acct_mgr.htfile

Used to store passwords in the htdigest file format.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtDigestStore = enabled

[account-manager]
; configure the plugin to store passwords in the htdigest format:
password_format = htdigest
; with Trac 0.10 use this instead:
password_store = HtDigestStore

; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htdigest

; the name of the authentication "realm"
; it can be any text to identify your site or project
htdigest_realm = TracRealm

HtPasswdStore

Package
acct_mgr.htfile

Used to store passwords in the htpasswd file format.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtPasswdStore = enabled

[account-manager]
; configure the plugin to store passwords in the htpasswd format:
password_format = htpasswd
; with Trac 0.10 use this instead:
password_store = HtPasswdStore

; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htpasswd

HttpAuthStore

Package
acct_mgr.http

Note: This component requires Trac 0.10

Used to delegate authentication to the web server. This allows access to be restricted based on LDAP, a password file, etc, or some combination of them.

Note: This password store does not support listing/adding/removing users or changing passwords.

[components]
; be sure to enable the component
acct_mgr.http.HttpAuthStore = enabled

[account-manager]
; configure the plugin to use a page that is secured with http authentication
authentication_url = http://hostname/path
password_store = HttpAuthStore

This will generally be matched with an Apache config like:

<Directory /var/www/html/path>
   ...HTTP authentication configuration...
   Require valid-user
</Directory>

AccountManagerAdminPage

Package
acct_mgr.admin

Note: This component requires Trac 0.10

This component adds a new page to the trac:WebAdmin section for managing user accounts. It requires the TRAC_ADMIN permission to access.

[components]
acct_mgr.admin.AccountManagerAdminPage = enabled

screenshot of account administration

AccountModule

Package
acct_mgr.web_ui

Allows users to change their password, or delete their account. When logged in it will appear as a link "My Account" in the same row as the "Login" link.

[components]
acct_mgr.web_ui.AccountModule = enabled

New for Trac 0.10: When used in combination with the LoginModule it adds a link to the login page "Forgot your password?" where users can reset their password if they've forgotten it. You will need to have your SMTP server information configured in your trac.ini for the "Forgot your password?" link to show up.

LoginModule

Package
acct_mgr.web_ui

Warning: this module is not supported using the tracd stand-alone server on Trac 0.9. It either needs Trac 0.10, or an external webserver such as Apache.

Allows users to login via a HTML form instead of using HTTP authentication.

In order to use this plugin you will need to disable the default Trac login module:

[components]
trac.web.auth.LoginModule = disabled
acct_mgr.web_ui.LoginModule = enabled

You will also need to remove any authentication methods on the "login" page from your Apache configuration that you may have set up during cgi or mod_python setup, e.g., look for and remove something like the following lines

<Location /trac/myproject/login>
  AuthType Basic
  AuthName "Bio Scripts Trac Login"
  AuthUserFile /path/to/trac.htpasswd
  Require valid-user
</Location>

screenshot of login form

Disable HTTP authentication

When using the tracd server be sure not to use the "--auth" or "--basic-auth" options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use the HTML form.

If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like like:

<Location /trac/login>
   # Some options like AuthType and AuthUserFile
   Require valid-user
</Location>

Deleting or commenting the Require valid-user line should be sufficient to disable HTTP authentication. After you've tested it you can probably delete or comment out the rest of the authentication options.

RegistrationModule

Package
acct_mgr.web_ui

Enables users to register a new account. It adds a "Register" link on the same menu bar as the "Login" link.

[components]
acct_mgr.web_ui.RegistrationModule = enabled

screenshot of registration page

Post Setup/Configuration

In order to use the Account Manager plugin, while logged in as a user with TRAC_ADMIN rights, use the new "Admin" link on the menubar.

Once in, you might want to enable the permissions to allow the "authenticated" user group permissions. For instance, if you remove the anonymous group from TICKET_MODIFY, and WIKI_MODIFY, and add the "authenticated" group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.

Author/Contributors

Author: mgood
Contributors:

TagIt(plugin,mgood,alpha,0.9)?

Attachments (9)

Download all attachments as: .zip