FatBug and Trac Authentication


Basic vs. Digest Authentication

For more information about basic and digest authentication and Trac, see TracAuthenticationIntroduction. FatBug can send basic, digest or both types of credentials when authenticating against your Trac instance (click the screenshot below). The best choice depends on your server configuration. Watch the Sync Status window to see if your current settings allow FatBug to operate.



Basic Site uses 'Login' link

Certain Trac server configurations allow anonymous access to Trac while having a 'Login' link available that causes a browser login dialog to appear, and after that you are authenticated to Trac. If your server is configured this way, select this checkbox in addition to the Basic checkbox.







Apache Web Server and Digest Authentication

You may receive an error when syncing with this configuration: Bad Request. To use FatBug with Apache Digest authentication, you will need to ensure the following Apache configuration setting is in effect:

BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On 

Please see mod_auth_digest.html for more details.

Forms-Based Authentication

FatBug works with Trac easiest when the Trac installation is configured to request authentication via the browser login dialog. In this situation, no additional configuration is required to allow FatBug (or other API clients) to access Trac programmatically. FatBug will work with forms-based login trac sites, but you must be aware of the following:

If your Trac Installation uses the AccountManagerPlugin to enable forms-based login, you must use the HttpAuthPlugin to allow any XmlRpcPlugin client to authenticate. The HttpAuthPlugin enables Trac to force browser authentication when it sees a path (example: /xmlrpc, /login/xmlrpc ) that looks like an XmlRpcPlugin path.

However, forcing authentication for only the XmlRpcPlugin paths is not adequate for full FatBug functionality. FatBug also programmatically accesses ticket and wiki pages. It is not feasible to simply add /ticket and /wiki to the paths list in the httpauth config section in trac.ini. While this solution *would* force HTTP authentication for those ticket and wiki pages and allow FatBug to work, this solution means that normal users that expect the forms-based login would now also get a browser login popup.

To resolve this problem for AccountManagerPlugin Trac instances, you need to install a patched HttpAuthPlugin that allows FatBug to access ticket and wiki pages along with making API calls. The patch is a simple 2-line change that allows API clients to identify themselves via a request parameter, and the plugin will then force HTTP authentication for those requests. You can review the patch here: filter.py.patch

To install the patched plugin, download HttpAuthPluginPatched.zip and build the Python egg for your platform using instructions at TracPlugins (reference the section: If you have downloaded a source distribution of a plugin, and want to build the .egg file). Then install the plugin .egg normally.

Utilize the following trac.ini configuration: (note the new apiclients entry)

[httpauth]
paths = /xmlrpc, /login/xmlrpc
apiclients = fatbug


What if I can't install the patched HttpAuthPlugin?
You can still use FatBug in reduced functionality mode. In this mode you can display and filter tickets, update tickets and list wiki pages. However you cannot use the Search functionality which full-text indexes all your Trac instances' tickets and wiki pages. This functionality depends on the patched HttpAuthPlugin referenced above.