Issue 1067690
Created on 2004-11-16 22:41 by jlgijsbers, last changed 2012-10-10 14:22 by admin.
|
| msg2726 |
Author: [hidden] (jlgijsbers) |
Date: 2004-11-16 22:41 |
|
A colleague of mine wanted to write a small desktop
time-registration program for use with our (new and
shiny!) project management Roundup tracker. Our tracker
is available over the internet for those that work at
home, so we disallow all viewing by anonymous users.
Unfortunately this means his program will also have to
authenticate. He obivously doesn't want to bother with
cookies for such a program. I found that Roundup only
supported HTTP Basic Authentication done by a front-end
Apache server. While we done run Apache in front of
Roundup, that's not where we do authentication. We
probably should, some day, but it was easier to
implement HTTP Basic Authentication in Roundup for now.
I did a small bit of refactoring to avoid duplicating
code already in LoginAction. Before refactoring, I
wrote some tests for the LoginAction, so if you decide
you don't want to accept this whole patch, you should
probably apply the tests anyway.
BTW: I also came across a catch clause for Unauthorised
in roundup_server, but I don't think any Unauthorised
exceptions will ever come there. A remnant of the HTTP
Basic Authentication Roundup used long ago?
|
| msg2727 |
Author: [hidden] (a1s) |
Date: 2004-11-18 16:10 |
|
Logged In: YES
user_id=8719
what is BasicUnauthorised exception? i cannot find it
anywhere...
|
| msg2728 |
Author: [hidden] (jlgijsbers) |
Date: 2004-11-18 16:15 |
|
Logged In: YES
user_id=469548
Ah, that was left over from another approach I tried. Patch
without that hunk is attached.
|
| msg2729 |
Author: [hidden] (a1s) |
Date: 2004-11-18 16:35 |
|
Logged In: YES
user_id=8719
checked in. thank you.
|
| msg2730 |
Author: [hidden] (jlgijsbers) |
Date: 2004-11-23 15:59 |
|
Logged In: YES
user_id=469548
Another patch to fix two issues:
* Apparently HEAD needs a bunch more attributes on the
Client class than maint-0-7, so I've added those.
* The previous patch didn't work when a tracker overrides
the action used for logging in (as we do, for LDAP
authentication). This patch factors out a get_action_class
method from handle_action, and determine_user now calls it
to determine what class it should call verifyLogin on.
|
| msg2731 |
Author: [hidden] (richard) |
Date: 2004-11-23 22:43 |
|
Logged In: YES
user_id=6405
Seems a reasonable change to me - applied.
I think I'd like to get some form of LDAP authentication
mechanism documented (preferrably as a drop-in module for
"extensions" ;) as a number of people are using it now.
Having the LDAP login auto-register people in Roundup is a
nice-to-have (which someone else mentioned they'd done, but
for 0.7).
Johannes - are you sure you don't want CVS access (again? :)
|
| msg2732 |
Author: [hidden] (jlgijsbers) |
Date: 2004-11-24 13:54 |
|
Logged In: YES
user_id=469548
Hmm, maybe I'll try to come up with something around LDAP
and authentication in general when we need some more changes
in the authentication at work.
About CVS: I didn't want to ask because I can't really
commit to working on Roundup. I'll be travelling from
somewhere around September 2005 and I'm just contributing
stuff I write for work and Python, not working for Roundup
by itself. If that's good enough for CVS access, I would
love to have it.
|
|
| Date |
User |
Action |
Args |
| 2004-11-16 22:41:37 | jlgijsbers | create | |
|