trac.web.auth
– Trac Authentication¶
This module deals with web request authentication, and provides the
default implementation for the IAuthenticator
interface.
Component¶
-
class
trac.web.auth.
LoginModule
¶ Bases:
trac.core.Component
User authentication manager.
This component implements user authentication based on HTTP authentication provided by the web-server, combined with cookies for communicating the login information across the whole site.
This mechanism expects that the web-server is setup so that a request to the path ‘/login’ requires authentication (such as Basic or Digest). The login name is then stored in the database and associated with a unique key that gets passed back to the user agent using the ‘trac_auth’ cookie. This cookie is used to identify the user in subsequent requests to non-protected resources.
Auth cookie domain attribute.
The auth cookie can be shared among multiple subdomains by setting the value to the domain. (//since 1.2//)
Lifetime of the authentication cookie, in seconds.
This value determines how long the browser will cache authentication information, and therefore, after how much inactivity a user will have to log in again. The value of 0 makes the cookie expire at the end of the browsing session.
Path for the authentication cookie. Set this to the common base path of several Trac instances if you want them to share the cookie.
-
check_ip
¶ Whether the IP address of the user should be checked for authentication.
-
ignore_case
¶ Whether login names should be converted to lower case.
Support Classes¶
A few classes are provided for directly computing the REMOTE_USER
information from the HTTP headers for Basic or Digest authentication.
This will be used by the
AuthenticationMiddleware
.
-
class
trac.web.auth.
BasicAuthentication
(htpasswd, realm)¶ Bases:
trac.web.auth.PasswordFileAuthentication
-
class
trac.web.auth.
DigestAuthentication
(htdigest, realm)¶ Bases:
trac.web.auth.PasswordFileAuthentication
A simple HTTP digest authentication implementation (RFC 2617).
-
load
(filename)¶ Load account information from apache style htdigest files, only users from the specified realm are used
-
send_auth_request
(environ, start_response, stale='false')¶ Send a digest challange to the browser. Record used nonces to avoid replay attacks.
-