| 1 | == Extension Point : ''IAuthenticator'' == |
| 2 | |
| 3 | ||'''Interface'''||''IAuthenticator''||'''Since'''||0.9|| |
| 4 | ||'''Module'''||''trac.web''||'''Source'''||[source:trunk/trac/web/api.py api.py]|| |
| 5 | |
| 6 | An ''IAuthenticator'' authenticates users' web requests. |
| 7 | |
| 8 | == Purpose == |
| 9 | |
| 10 | Trac allows anonymous and authenticated users. Users are by default authenticated when they can login via basic HTTP authentication. |
| 11 | |
| 12 | This default authentication process can be replaced or augmented by plugins implementing IAuthenticator. |
| 13 | |
| 14 | == Usage == |
| 15 | |
| 16 | Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. |
| 17 | |
| 18 | The only functionality required of an IAuthenticator is to return a username for any given request (or `None` if the request can not be authenticated). |
| 19 | |
| 20 | Here usually things like `req.remote_addr` (the user's IP address), `req.remote_user` (the user's HTTP name) and `req.incookie` (cookies) are useful. |
| 21 | |
| 22 | The default implementation `trac.web.auth.LoginModule` also provides authentication cookie management with various [TracIni#trac-section options] and the ''Login'' and '' Logout'' links. To retain this functionality it can be useful to wrap or inherit from `LoginModule`. |
| 23 | |
| 24 | Trac calls all authenticators via `trac.web.main.RequestDispatcher.authenticate` which lazily initializes the `req.authname` property. |
| 25 | |
| 26 | == Examples == |
| 27 | |
| 28 | The following minimal example replaces the entire login process of trac with a simple authenticator module that automatically authenticates only those requests originating from the local IP address 127.0.0.1 as the user named ''local''. |
| 29 | |
| 30 | {{{#!python |
| 31 | from trac.core import * |
| 32 | from trac.web.api import IAuthenticator |
| 33 | |
| 34 | class LocalAuthenticator(Component): |
| 35 | |
| 36 | implements(IAuthenticator) |
| 37 | |
| 38 | def authenticate(self, req): |
| 39 | if req.remote_addr == '127.0.0.1': |
| 40 | return 'local' |
| 41 | return None |
| 42 | }}} |
| 43 | |
| 44 | == Available Implementations == |
| 45 | |
| 46 | In Trac: |
| 47 | * [source:trunk/trac/web/auth.py LoginModule] |
| 48 | |
| 49 | In third-party plugins: |
| 50 | * th:AccountManagerPlugin: `acct_mgr.web_ui.LoginModule` |
| 51 | * Form-based login |
| 52 | * th:HttpAuthPlugin: `httpauth.filter.HTTPAuthFilter` |
| 53 | * HTTP authentication (required for th:XmlRpcPlugin) that is compatible with th:AccountManagerPlugin |
| 54 | * th:SharedCookieAuthPlugin: sharedcookieauth.sharedcookieauth.SharedCookieAuth |
| 55 | * See #8486 |
| 56 | * th:CaptchaAuthPlugin: `captchaauth.auth.AuthCaptcha` |
| 57 | * Captcha-based authentication |
| 58 | * [https://github.com/dairiki/authopenid-plugin authopenid-plugin]: `authopenid.authopenid.AuthOpenIdPlugin` |
| 59 | * OpenID-based authentication |
| 60 | |
| 61 | == Additional Information and References == |
| 62 | * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.web.auth.IAuthenticator-class.html epydoc] |
| 63 | * [http://www.edgewall.org/docs/trac-trunk/html/api/trac_web_auth.html#trac.web.auth.IAuthenticator API Reference] |
| 64 | * Related tickets: |
| 65 | * [query:keywords~=authentication&group=status authentication in keywords] |
| 66 | |
| 67 | * TracAuthenticationIntroduction |
| 68 | * TracStandalone#Authenticationfortracdbehindaproxy |
| 69 | * TracDev/TracSession |
| 70 | |
| 71 | * Mailing list threads: |
| 72 | * [trac-dev:3839 Login name conversion] |
| 73 | * [trac-dev:6054 Common logon cookie] |
| 74 | * [trac-dev:4809 Why authenticate twice?] (!AccountManager integration) |
| 75 | * [trac-dev:2404 Replacing REMOTE_USER] |