Edgewall Software
Modify

Opened 19 years ago

Closed 19 years ago

#2350 closed defect (duplicate)

Can't logout when using auth for whole site

Reported by: robin-trac@… Owned by: Jonas Borgström
Priority: high Milestone:
Component: general Version: 0.9
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Christian Boos)

I've set up a trac install and require authentication for the whole site.

I'm using trac with apache2 + mod_python.

My config is as follows:

    # Re-direct from / to /trac
    RewriteEngine On
    RewriteRule ^/+$ /trac [R]

    Alias /trac/ /usr/share/trac/htdocs/
    <Directory "/usr/share/trac/htdocs">
        Order allow,deny
        Allow from all
    </Directory>

    <Location /trac>
        SetHandler mod_python
       PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir "/var/www/trac/"
        PythonOption TracUriRoot /trac
    </Location>

    <Location />
        AuthType Basic
        AuthName "Projects"
        AuthUserFile /etc/httpd/conf.d/auth/htpasswd
        Require valid-user
    </Location>

This works OK, i.e. users must login to get access to any part of the site.

However, the "logout" link doesn't work.

I'd like for users to be able to logout. This should revoke their browser authentication and force them to login again.

Attachments (0)

Change History (5)

comment:1 by Christian Boos, 19 years ago

Description: modified (diff)

(please, don't forget to use block quotes when inserting configuration data or stack traces)

comment:2 by Emmanuel Blot, 19 years ago

Resolution: duplicate
Status: newclosed

This incident seems to be a duplicate of #791, with the additional issue of setting authentication on the root location (whole site, instead of ../login).

comment:3 by markus, 19 years ago

This is a problem due to Trac's dependence on the authentication mechanisms of the underlying web server. This means that your web browser has to send the authentication information with every request, making it almost impossible to logout.

However, if you just want to be able to switch from one user to another (without closing your browser), you could do something like this (quick'n'dirty & provided "AS IS" with no warranties ;-)):

  • trac/web/auth.py

     
    130130            # Not logged in
    131131            return
    132132
     133        db = self.env.get_db_cnx()
     134        cursor = db.cursor()
     135        cursor.execute("SELECT cookie FROM auth_cookie "
     136                       "WHERE name=%s", (req.authname,))
     137        row = cursor.fetchone() or []
     138
     139        if row != []:
     140            req.send_response(401)
     141            req.end_headers()
     142        else:
     143            req.redirect(self.env.href('/login'))
     144
    133145        # While deleting this cookie we also take the opportunity to delete
    134146        # cookies older than 10 days
    135         db = self.env.get_db_cnx()
    136         cursor = db.cursor()
    137147        cursor.execute("DELETE FROM auth_cookie WHERE name=%s OR time < %s",
    138148                       (req.authname, int(time.time()) - 86400 * 10))
    139149        db.commit()

The patch above changes auth.py so that it sends a 401 - Unauthorized when hitting the logout button. This results in deleting the user credentials stored by your web browser.

comment:4 by mala, 19 years ago

Resolution: duplicate
Status: closedreopened

I have exactly the same problem. I therefore tried the modifications described by markus. But It didn't have any effects at all. Could I have been dont anything wrong? I changed the file and compiled again, restarted Apache and … nothing.

comment:5 by Matthew Good, 19 years ago

Resolution: duplicate
Status: reopenedclosed

As stated before by eblot, this ticket is a duplicate of #791.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.