On 8/29/13, Matevž Bradač <[email protected]> wrote:
> On 29. Aug, 2013, at 3:54, Olemis Lang wrote:
[...]
>>
>> (My) conclusions are that in spite of making auth compatible with BH
>> default install tracd must be modified in such a way that /login path
>> will be excluded of HTTP digest auth zone , as opposite to everything
>> else under that path e.g. /login/rpc
>>
>> The question is how to achieve this ? By introducing a new parameter
>> in tracd ? By supplying a regular expression ? Any other suggestions ?
>> Does this deserve to be backported to Trac (afaict, this will be an
>> issue for similar Trac deployments too) ?
>
> Would it help to use the HttpAuthPlugin[1] for this?
For running the test suite ? It seems to me it's too much to add
another dependency + config just for this ; and this also implies that
users trying to deploy RPC plugin behind tracd will also have to
install that plugin .
By adding an option in tracd to apply auth for /login/.* and ignore
/login is easy and straightforward .
> At least this seems to
> be
> the recommended procedure[2] when using the XmlRpcPlugin with
> AccountManager.
... not anymore ... [1]_ [2]_
> If that's not a viable option, how about injecting our own (new) middleware
> on
> top of AccountManager in order to intercept and pre-process /login
> requests?
>
I guess this implies removing --auth and let an AccountManagerPlugin
extension handle HTTP auth ? Is this what you mean or maybe I did not
understand your suggestion ?
So I guess I've gathered the following alternatives so far :
1. add an option to tracd to supply a regex for auth match
2. similar to (1) but without a regex , just exclude /login
3. similar to (2) but without exposing the option as a tracd arg
* which reminds me the previous patch suggested for
BH installer script
4. install HttpAuthPlugin , configure it prior to the test run, ...
5. write an AccountManagerPlugin extension to enforce HTTP
digest auth on /login/.*
6. same as (5) but also supporting configurable regex
What would you recommend ? I think I'd choose (1) , (2) or (3) because
all others require yet another dependency in Bloodhound RPC plugin
just to run the test suite . Needless to mention that RPC behind tracd
will not be possible ootb, but that's another subject.
[...]
.. [1]
http://trac-hacks.org/wiki/XmlRpcPlugin#ProblemswhenAccountManagerPluginisenabled
.. [2] http://trac-hacks.org/ticket/3598#comment:2
--
Regards,
Olemis - @olemislc
