Details

Modular authentication code - particularly http authentication - performs some hard-coded manipulation of authentication data - for instance accepting Basic, Digest, Negotiate & NTLM AUTH_TYPE; dropping username domain/realm components; converting usernames to title-case

This patch attempts to make this necessary authentication data manipulation modular like the authentication code. Administrators may add methods to cfg.authfilter to accept, reject, or manipulate AUTH_TYPE & username

Additionally, it includes a MoinMoin/authfilter.py module with existing methods for administrators to use -

This patch based extensively on JoergWendland's Negotiate authentication patch - http://moinmoin.wikiwikiweb.de/MoinMoinPatch#head-bad1e4e1fd1b4d52a4051784d6d7abb8cb2d581b

Patch

http://cgi.sfu.ca/~jdbates/tmp/moin/200603160/patch

Discussion

That's a nice idea and should be included when ready. Some ideas for the code:

(!) Another idea: the latest MoinMoin.auth stuff passes a user object parameter to the auth methods it calls. This is either None or the user object returned by some previous auth method call. So we could just have those "name filtering" functions moved to separate auth methods that change the user object they get.

Plan


CategoryMoinMoinPatch

MoinMoin: MoinMoinPatch/ConfigurableAuthNormalization (last edited 2007-10-29 19:06:49 by localhost)