Edgewall Software
Home
Trac
Trac Hacks
Genshi
Babel
Bitten
Home
Download
Documentation
Mailing Lists
License
FAQ
Search:
Login
Preferences
Help/Guide
About Trac
Wiki
Timeline
Roadmap
Browse Source
View Tickets
New Ticket
Search
Context Navigation
-1
Start Page
Index
History
Editing TracDev/PluginDevelopment/ExtensionPoints/trac.web.api.IAuthenticator
Adjust edit area height:
8
12
16
20
24
28
32
36
40
Edit side-by-side
== Extension Point : ''IAuthenticator'' == ||'''Interface'''||''IAuthenticator''||'''Since'''||0.9|| ||'''Module'''||''trac.web''||'''Source'''||[source:trunk/trac/web/api.py api.py]|| An ''IAuthenticator'' authenticates users' web requests. == Purpose == Trac allows anonymous and authenticated users. Users are by default authenticated when they can login via basic HTTP authentication. This default authentication process can be replaced or augmented by plugins implementing IAuthenticator. == Usage == Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. The only functionality required of an IAuthenticator is to return a username for any given request (or `None` if the request can not be authenticated). Here usually things like `req.remote_addr` (the user's IP address), `req.remote_user` (the user's HTTP name) and `req.incookie` (cookies) are useful. The default implementation `trac.web.auth.LoginModule` also provides authentication cookie management with various [TracIni#trac-section options] and the ''Login'' and '' Logout'' links. To retain this functionality it can be useful to wrap or inherit from `LoginModule`. Trac calls all authenticators via `trac.web.main.RequestDispatcher.authenticate` which lazily initializes the `req.authname` property. == Examples == The following minimal example replaces the entire login process of trac with a simple authenticator module that automatically authenticates only those requests originating from the local IP address 127.0.0.1 as the user named ''local''. {{{#!python from trac.core import * from trac.web.api import IAuthenticator class LocalAuthenticator(Component): implements(IAuthenticator) def authenticate(self, req): if req.remote_addr == '127.0.0.1': return 'local' return None }}} == Available Implementations == In Trac: * [source:trunk/trac/web/auth.py LoginModule] In third-party plugins: * th:AccountManagerPlugin: `acct_mgr.web_ui.LoginModule` * Form-based login * th:HttpAuthPlugin: `httpauth.filter.HTTPAuthFilter` * HTTP authentication (required for th:XmlRpcPlugin) that is compatible with th:AccountManagerPlugin * th:SharedCookieAuthPlugin: `sharedcookieauth.sharedcookieauth.SharedCookieAuth` * See #8486 * th:CaptchaAuthPlugin: `captchaauth.auth.AuthCaptcha` * Captcha-based authentication * [https://github.com/dairiki/authopenid-plugin authopenid-plugin]: `authopenid.authopenid.AuthOpenIdPlugin` * OpenID-based authentication == Additional Information and References == * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.web.auth.IAuthenticator-class.html epydoc] * [http://www.edgewall.org/docs/trac-trunk/html/api/trac_web_auth.html#trac.web.auth.IAuthenticator API Reference] * Related tickets: * [query:keywords~=authentication&group=status authentication in keywords] * TracAuthenticationIntroduction * TracStandalone#Authenticationfortracdbehindaproxy * TracDev/TracSession * Mailing list threads: * [trac-dev:3839 Login name conversion] * [trac-dev:6054 Common logon cookie] * [trac-dev:4809 Why authenticate twice?] (!AccountManager integration) * [trac-dev:2404 Replacing REMOTE_USER]
Note:
See
WikiFormatting
and
TracWiki
for help on editing wiki content.
Change information
Your email or username:
E-mail address and name can be saved in the
Preferences
Comment about this change (optional):
Note:
See
TracWiki
for help on using the wiki.