Use logged in credentials to smtp-auth

[graeme.hilton@…]

It would be great if we could use the current users username and password for the smtp auth connections.

I.e. Bob logs in and modifies a ticket. Trac then connects to the smtp server and uses Bobs username and password to authenticate with the server and sends the notifications.

Could this be achieved with $USER_NAME and $USER_PASSWORD variables in the trac.ini file?

[r.sokoll@…]

I don't see any advantages here, since the mail will not be sent from bob, but from the configured "smtp_from"

[sid]

And big downsides are that you now have to match up the Trac login (both username and password) exactly with the mail server login.

[graeme.hilton@…]

I don't see matching up the logins as a downside. In my situation I authenticate against a remote LDAP directory and use the same credentials for sending my mail. I'm not allowed a general login to the SMTP server (corporate rules), so I must use my personal login. I don't want to, nor am I allowed to, save my personal credentials in the ini file, besides which they change every six months.

I don't care what the smtp_from is set to, nor should it make any difference.

I've never hacked on python before, but if you give me some pointers where to look in the code I can have a go at a patch.

[Emmanuel Blot]

What about the notifications that occur when a post-commit hook is used, for example ? There is no "password" available when such a notification is triggered.

Notification will be triggered by other events in the upcoming Trac releases, so I really don't think relying on the remote user credentials is the way to go.

There are other reasons why relying on the user password is a bad thing: user password may not be available at all: the user/password credentials are only available when HTTP Basic authentication is used. If another scheme is used, such as a digest, the password is not made available to Trac.