[kforge-dev] http auth

Wed Apr 25 12:12:05 UTC 2007

To follow up John's response ...

Tristan Rivoallan wrote:
> Hello,
> 
> i discovered kforge yesterday and it is definitely what my company needs 
> to manage projects (we already have a trac farm, along with some python 
> utils for easy deployment).
> 
> Instead of continuing developing our homebrew solution, i would prefer 
> to contribute to kforge.
> 
> The critical bit we need and that i could not find in kforge is ldap auth.

The authentication (who you are) and authorization (access control, i.e. 
given who you are are you allowed to access/do X) are separated.

Currently access control is handled by:

http://p.knowledgeforge.net/kforge/svn/trunk/src/kforge/accesscontrol.py

This in turn uses the base access control functionality provided by 
domainmodel (see more on this below):

http://p.knowledgeforge.net/domainmodel/svn/trunk/src/dm/accesscontrol.py

Authentication (which seems to be what you are after) is currently done 
in kforge.handlers.

On the 'project' host side of things (i.e. where trac/svn/etc live) we 
use a combination of cookie authentication and apache basic auth. Basic 
auth code is at bottom of:

http://p.knowledgeforge.net/kforge/svn/trunk/src/kforge/handlers/modpython.py

You don't really need to worry about that since ultimately all 
authentication of users goes through:

kforge.command.PersonAuthenticate(personName, password) which actually 
is dm.command.person.PersonAuthenticate:

http://p.knowledgeforge.net/domainmodel/svn/trunk/src/dm/command/person.py

So to get your ldap authentication you'd need to override/replace this 
command (or do something in apache so that the username is set when it 
comes through to the modpython handlers).

> Is it possible to manage authentification using http auth, while 
> delegating perms and prefs management to kforge (as in trac) ?
 >
> All i found on the subject is this thread : 
> http://lists.okfn.org/pipermail/kforge-dev/2006-February/000152.html
> 
> i still does not understand where the SystemAccessControl class can be 
> found :S

It can be found in the domainmodel package:

http://p.knowledgeforge.net/domainmodel/svn/trunk/src/dm/accesscontrol.py

It is perhaps a little confusing that it is not in KForge but a lot of 
common components are factored out into the separate dm package (which 
in turn is used by projects other than KForge).

> I would be happy to code that and contribute it back to the project, but 
> some pointers would help.

That would be fantastic. Please just ask about anything that isn't clear.

Regards,

Rufus