#1890: Can create tickets anonymously using the username of an authenticated
user
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: cboos
Type: defect | Status: new
Priority: normal | Milestone: 0.11
Component: general | Version: 0.8.4
Severity: normal | Resolution:
Keywords: review |
----------------------------------------+-----------------------------------
Comment (by [EMAIL PROTECTED]):
Replying to [comment:47 wkornew]:
> dkg-debian.org: About user-management: of course, this may be optional,
but we really need a unified and pluggable way to associate meta-data with
users (email, password, real name). The current session mechanism is
terrible.
I understand your desire. i don't really have a problem with Trac keeping
additional metadata tagged to a username. In fact it already does: for
example, you can see how many tickets were opened by a particular
username; that's a type of metadata.
What i'm objecting to is the idea of moving the canonical list of
usernames and their associated authenticators (usually passwords) into
Trac itself. Trac ought to gracefully handle requests coming from
authenticated user names (as passed to it from apache) even if it has
never seen the username before. If your proposed user-metadata table
would not choke in the face of a novel username, i have no problem with
it.
Note that this precludes Trac doing any management of authentication
tokens on its own. (i.e. do '''not''' store passwords in the user-metadata
table). How would Trac authenticate a username properly if it had no
record of it before?
The current session mechanism is not terrible; it is actually extremely
flexible. Trac is one of the few projects out there that uses apache's
myriad authentication possibilities correctly, from what i can tell. My
goal here is to avoid Trac becoming YAUDB (yet another user database) that
admins of a large project need to tweak by hand to keep in sync with some
truly-canonical centralized listing. The current mechanism handles this
situation simply and elegantly, with no ongoing work on the admin's part.
(though getting that `is_authenticated` field will be nice).
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1890>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets