Edgewall Software

Version 1 (modified by Peter Suter, 12 years ago) ( diff )

Extension Point : IAuthenticator

InterfaceIAuthenticatorSince0.9
Moduletrac.webSourceapi.py

An IAuthenticator authenticates users' web requests.

Purpose

Trac allows anonymous and authenticated users. Users are by default authenticated when they can login via basic HTTP authentication.

This default authentication process can be replaced or augmented by plugins implementing IAuthenticator.

Usage

Implementing the interface follows the standard guidelines found in TracDev/ComponentArchitecture and of course TracDev/PluginDevelopment.

The only functionality required of an IAuthenticator is to return a username for any given request (or None if the request can not be authenticated).

Here usually things like req.remote_addr (the user's IP address), req.remote_user (the user's HTTP name) and req.incookie (cookies) are useful.

The default implementation trac.web.auth.LoginModule also provides authentication cookie management with various options and the Login and Logout links. To retain this functionality it can be useful to wrap or inherit from LoginModule.

Trac calls all authenticators via trac.web.main.RequestDispatcher.authenticate which lazily initializes the req.authname property.

Examples

The following minimal example replaces the entire login process of trac with a simple authenticator module that automatically authenticates only those requests originating from the local IP address 127.0.0.1 as the user named local. 

from trac.core import *
from trac.web.api import IAuthenticator

class LocalAuthenticator(Component):

    implements(IAuthenticator)

    def authenticate(self, req):
        if req.remote_addr == '127.0.0.1':
            return 'local'
        return None

Available Implementations

In Trac:

In third-party plugins:

Additional Information and References

Note: See TracWiki for help on using the wiki.