MoinSingleSignOnForTrac

Using this FCGI handler, you can use a MoinMoin instance as a single sign on master. You will have to configure cookie_path (see HelpOnConfiguration) to be to use it.

Users will be directly logged in into the trac when visiting the Trac while the MoinMoin cookie is set. This has been tested using MoinMoin 1.6dev and Trac 0.11dev.

If you do not set the string "WikiUserGroup" to "", it will be used to check if the user is in the specified group.

   1     from trac import __version__ as VERSION
   2     from trac.web.main import dispatch_request
   3 
   4     from trac.web import _fcgi
   5 
   6     import sys
   7 
   8     #sys.path.insert(0, "/path/to/wikiconfig")
   9     #sys.path.append("/path/to/directory/where/MoinMoin/lies/in")
  10 
  11     from MoinMoin.auth import moin_session
  12     from MoinMoin.request.CLI import Request as RequestCLI
  13 
  14     def moin_authenticator_app(function, user_group_name):
  15         def moin_authenticator(environ, start_response):
  16             request = RequestCLI(url="URL that you want to authenticate against")
  17             request.saved_cookie = environ.get("HTTP_COOKIE", "")
  18             user = moin_session(request)[0]
  19             if user and (not user_group_name or request.dicts.has_member(user_group_name, user.name)):
  20                 environ["REMOTE_USER"] = user.name
  21 
  22             return function(environ, start_response)
  23         return moin_authenticator
  24 
  25 
  26     _fcgi.WSGIServer(moin_authenticator_app(dispatch_request, "WikiUserGroup")).run()

With MoinMoin versions >=1.7.0, the function moin_session is no longer avaible [1]. The following code is working with MoinMoin 1.8.0 and trac 0.11.2 (both via FastCGI).

   1 def moin_authenticator_app(function, user_group_name):
   2     def moin_authenticator(environ, start_response):
   3         request = RequestCLI()
   4 
   5         request.saved_cookie = environ.get("HTTP_COOKIE")
   6         request.parse_cookie()
   7         user_obj = request.cfg.session_handler.start(request, request.cfg.session_id_handler)
   8 
   9         shfinisher = lambda request: request.cfg.session_handler.finish(request, request.user, request.cfg.session_id_handler)
  10         request.add_finisher(shfinisher)
  11         # set request.user even if _handle_auth_form raises an Exception
  12         request.user = None
  13         request.user = request._handle_auth_form(user_obj)
  14         del user_obj
  15         request.cfg.session_handler.after_auth(request, request.cfg.session_id_handler, request.user)
  16         if not request.user:
  17              request.user = MoinUser.User(request, auth_method='request:invalid')
  18 
  19 
  20         user = request.user
  21         if user  and (not user_group_name or request.dicts.has_member(user_group_name, user.name)):
  22              environ["REMOTE_USER"] = user.name
  23 
  24         return function(environ, start_response)
  25     return moin_authenticator

Some tips:

set the cookie_path to cookie_path='/'
you must be running moin and trac with the same Operating System user (which should be the one you are running the http server).
From an IRC chat in #moin, it seems that this code it's likely to be broken in versions +=1.9 versions (API changes due to WSGI migration).

[1] - CHANGES file, 1.7.0 version, authentication issues.

MoinMoin: MoinSingleSignOnForTrac (last edited 2008-11-16 11:58:35 by ThomasWaldmann)