Yes we are handling authentication in front of Trac through Apache.
Unfortunately, we are on 1.0.5. I have attempted to update to 1.2, but
alas the many plugins we utilize were not ready at the time. I'll try
again later.
I was wondering if it would be simpler to do the work in
IAuthenticator.authenticate or would that still leave me in the same boat.
For the Apache redirect, I honestly have not looked in to the method, but
it is on my list.
On Wednesday, September 26, 2018 at 1:42:35 PM UTC-4, RjOllos wrote:
>
>
>
> On Wednesday, September 26, 2018 at 5:17:00 AM UTC-7, Adam Howell wrote:
>>
>> I did some testing & noted that since we authenticate through active
>> directory, our users never seem to hit '/login' from a debug print 'req.
>> path_info'
>>
>
> Are you using AccountManagerPlugin with one of the LDAP plugins?
>
> I expect that you'd still hit /login if you are navigating to the "Login"
> link in Trac's meta navigation menu. Or do you have an authentication
> method in front of Trac, handled through Apache?
>
> If the latter is the case, maybe you can direct to a URL like
> /handle_login after authenticating in Active directory (by configuring
> Apache to redirect), do the work in IRequestHandler.process_request and
> then redirect back to the default handler. Ideally you don't want the code
> you've implemented in pre_process_request to run on every request, which
> appears to be the case as you've written it.
>
> Are you running Trac 1.2 or later? Environment.get_known_users has an
> "as_dict" parameter, so you can get a dictionary and avoid iterating over
> an entire list.
>
> Other minor things:
>
> updateScript and updateScript != ''
>
> can be replaced with just "updateScript", the latter comparison is
> redundant.
>
> Similarly,
>
> display is None or len(display) == 0
>
> can be just:
>
> not display
>
>
>
>> I implemented the IRequestFilter & was wondering if this method was too
>> invasive
>> def pre_process_request(self, req, handler):
>>
>> updateScript = self.config.get('updateusersession',
>> 'update_script_location', '');
>>
>> self.log.debug("updateusersession entered for evaluation for
>> '%s'" % req.authname);
>> if (updateScript and updateScript != ''):
>> updateDisplay = self.config.get('updateusersession',
>> 'update_when_display_is_empty', False);
>> updateEmail = self.config.get('updateusersession',
>> 'update_when_email_is_empty' , False);
>>
>> for user, display, email in self.env.get_known_users():
>> if user != req.authname:
>> continue;
>>
>> if (updateDisplay and (display is None or len(display) ==
>> 0) ) or (updateEmail and (email is None or len(email) == 0) ):
>> self.log.debug("updateusersession calling script
>> '%s' with arguments:'%s' '%s'" % ( updateScript, self.env.path, user ) );
>> results = subprocess.Popen("%s %s %s" % (updateScript
>> , self.env.path, user ),
>> shell=True,stdout=subprocess.PIPE,
>> stderr=subprocess.PIPE)
>> results.communicate()
>>
>> return handler
>>
>
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
