| | 1 | == Extension Point : ''IAuthenticator'' == |
| | 2 | |
| | 3 | ||'''Interface'''||''IAuthenticator''||'''Since'''||0.9|| |
| | 4 | ||'''Module'''||''trac.web''||'''Source'''||[source:trunk/trac/web/api.py api.py]|| |
| | 5 | |
| | 6 | An ''IAuthenticator'' authenticates users' web requests. |
| | 7 | |
| | 8 | == Purpose == |
| | 9 | |
| | 10 | Trac allows anonymous and authenticated users. Users are by default authenticated when they can login via basic HTTP authentication. |
| | 11 | |
| | 12 | This default authentication process can be replaced or augmented by plugins implementing IAuthenticator. |
| | 13 | |
| | 14 | == Usage == |
| | 15 | |
| | 16 | Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. |
| | 17 | |
| | 18 | The only functionality required of an IAuthenticator is to return a username for any given request (or `None` if the request can not be authenticated). |
| | 19 | |
| | 20 | Here usually things like `req.remote_addr` (the user's IP address), `req.remote_user` (the user's HTTP name) and `req.incookie` (cookies) are useful. |
| | 21 | |
| | 22 | The default implementation `trac.web.auth.LoginModule` also provides authentication cookie management with various [TracIni#trac-section options] and the ''Login'' and '' Logout'' links. To retain this functionality it can be useful to wrap or inherit from `LoginModule`. |
| | 23 | |
| | 24 | Trac calls all authenticators via `trac.web.main.RequestDispatcher.authenticate` which lazily initializes the `req.authname` property. |
| | 25 | |
| | 26 | == Examples == |
| | 27 | |
| | 28 | The following minimal example replaces the entire login process of trac with a simple authenticator module that automatically authenticates only those requests originating from the local IP address 127.0.0.1 as the user named ''local''. |
| | 29 | |
| | 30 | {{{#!python |
| | 31 | from trac.core import * |
| | 32 | from trac.web.api import IAuthenticator |
| | 33 | |
| | 34 | class LocalAuthenticator(Component): |
| | 35 | |
| | 36 | implements(IAuthenticator) |
| | 37 | |
| | 38 | def authenticate(self, req): |
| | 39 | if req.remote_addr == '127.0.0.1': |
| | 40 | return 'local' |
| | 41 | return None |
| | 42 | }}} |
| | 43 | |
| | 44 | == Available Implementations == |
| | 45 | |
| | 46 | In Trac: |
| | 47 | * [source:trunk/trac/web/auth.py LoginModule] |
| | 48 | |
| | 49 | In third-party plugins: |
| | 50 | * th:AccountManagerPlugin: `acct_mgr.web_ui.LoginModule` |
| | 51 | * Form-based login |
| | 52 | * th:HttpAuthPlugin: `httpauth.filter.HTTPAuthFilter` |
| | 53 | * HTTP authentication (required for th:XmlRpcPlugin) that is compatible with th:AccountManagerPlugin |
| | 54 | * th:SharedCookieAuthPlugin: sharedcookieauth.sharedcookieauth.SharedCookieAuth |
| | 55 | * See #8486 |
| | 56 | * th:CaptchaAuthPlugin: `captchaauth.auth.AuthCaptcha` |
| | 57 | * Captcha-based authentication |
| | 58 | * [https://github.com/dairiki/authopenid-plugin authopenid-plugin]: `authopenid.authopenid.AuthOpenIdPlugin` |
| | 59 | * OpenID-based authentication |
| | 60 | |
| | 61 | == Additional Information and References == |
| | 62 | * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.web.auth.IAuthenticator-class.html epydoc] |
| | 63 | * [http://www.edgewall.org/docs/trac-trunk/html/api/trac_web_auth.html#trac.web.auth.IAuthenticator API Reference] |
| | 64 | * Related tickets: |
| | 65 | * [query:keywords~=authentication&group=status authentication in keywords] |
| | 66 | |
| | 67 | * TracAuthenticationIntroduction |
| | 68 | * TracStandalone#Authenticationfortracdbehindaproxy |
| | 69 | * TracDev/TracSession |
| | 70 | |
| | 71 | * Mailing list threads: |
| | 72 | * [trac-dev:3839 Login name conversion] |
| | 73 | * [trac-dev:6054 Common logon cookie] |
| | 74 | * [trac-dev:4809 Why authenticate twice?] (!AccountManager integration) |
| | 75 | * [trac-dev:2404 Replacing REMOTE_USER] |
