Thilo-Alexander Ginkel wrote: > On Fri, Jul 31, 2009 at 13:27, > rupert.thurner<rupert.thur...@gmail.com> wrote: >> just as a side note, edgewall trac supports it by just taking the >> webservers authentication, see: >> * http://trac.edgewall.org/browser/trunk/trac/web/auth.py. >> * >> http://trac-hacks.org/browser/sslauthenticationplugin/0.11/sslauthentication/__init__.py >> * http://trac-hacks.org/wiki/SslAuthenticationPlugin > > Thanks for the pointer. I agree, using the Apache mod_ssl client > authentication feature to do the dirty work definitely makes sense > (and this is already working for me). I am however still somewhat lost > with regards to the authentication backend implementation. While I > could theoretically implement a backend, which just evaluates the > environment variables set by mod_ssl (and ignores the password > supplied to the 'authenticate' method), this would probably still > require the user to click on the "Login" hyperlink in the RB web UI. > What I would prefer is some implementation, which is mostly > transparent and automagically signs in the user when he performs the > first page hit. > > Do you think that's technically feasible with the current > authentication architecture (or would it require a major rewrite)? I have an implementation of x.509 authentication working that bypasses the "Login" screen. I had to add a middleware class to the django site settings (I copied the MIDDLEWARE_CLASSES from settings.py to my settings_local.py and added my own middleware class). My middleware class has a process_request() function that uses the mod_ssl-set environment variables to figure out the user name, and then directly calls the login() function in my backend. I also haven't figured out how to get multiple authentication backends working nicely with Django; it seemed that when I didn't explicitly call the backend login() implementation I wanted, I randomly got the login screen anyway without being able to log in using my password.
There is a remaining problem that I have yet to resolve, and that is authenticating with my certificate from the post-review tool. I'd like to use a password-protected, but Python doesn't make that easy at all; I end up having to enter my password each time python makes a web request. Having post-review is definitely nice, but the web UI doesn't seem as opaque any more :). Nathan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "reviewboard" group. To post to this group, send email to reviewboard@googlegroups.com To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -~----------~----~----~----~------~----~------~--~---