Hi,

when invoking trac-admin upgrade, this will show up:

$trac-admin /data/trac upgrade
The upgrade failed. Please fix the issue and try again.

OperationalError: (1071, 'Specified key was too long; max key length is 767 bytes')

config details:

//trac.ini
[components]
trac.web.auth.* = disabled
authopenid.* = enabled

//mysql
mysql> CREATE DATABASE trac DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;

$mysql --help
mysql Ver 14.14 Distrib 5.5.32, for debian-linux-gnu (x86_64) using readline 6.2

// OS
$uname -a
Linux rex 3.2.0-40-virtual #64-Ubuntu SMP Mon Mar 25 21:42:18 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

// trac version 1.1.1

Hi,

I'm an administrator for trac-hacks.org. We've created an organization on GitHub and are inviting authors of trac-hacks plugins to join the organization. Your repository could be transferred into the organization as described in the GitHub docs. You'd retain full control over the repository, but the hope is that it will be easier for users on GitHub to fine trac-hacks plugins, including yours, by viewing the trac-hacks organization.

In the future, if you choose to no longer maintain the plugin, the organization would be able to provide commit access to new developers. This would only be done with your permission, as has been the policy for plugins hosted on trac-hacks.org. If you've already decided to no longer maintain the plugin, we would particularly appreciate you transferring the plugin to the trac-hacks organization so that we can help find new maintainers for it.

Finally, creating the trac-hacks organization is a work in progress. I appreciate if you have any suggestions on how to best support the community of trac plugin developers on GitHub. I'll be writing a blog post soon with more information and will follow-up here with a link to that post.

Kind regards,

• Ryan

@dairiki Every time I login via VeriSign OpenID on Trac to open any new ticket, the Trac system automatically signs me out.

The plugin will need some changes to be compatible with Trac 1.2. The code needs to be modified to use the new database API.

Oops…
Trac detected an internal error:

OperationalError: no such table: oid_associations

There was an internal error in Trac. It is recommended that you notify your local Trac administrator with the information needed to reproduce the issue.

To that end, you could a ticket.

The action that triggered the error was:

POST: /openidverify

---- trac.log ----
2012-06-25 10:18:16,837 Trac[authopenid] DEBUG: beginning OpenID authentication.
2012-06-25 10:18:17,839 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
File "build/bdist.macosx-10.7-intel/egg/trac/web/main.py", line 480, in _dispatch_request
dispatcher.dispatch(req)
File "build/bdist.macosx-10.7-intel/egg/trac/web/main.py", line 198, in dispatch
resp = chosen_handler.process_request(req)
File "build/bdist.macosx-10.7-intel/egg/authopenid/authopenid.py", line 298, in process_request
return self._do_verify(req)
File "build/bdist.macosx-10.7-intel/egg/authopenid/authopenid.py", line 393, in _do_verify request = oidconsumer.begin(openid_url)
File "build/bdist.macosx-10.7-intel/egg/openid/consumer/consumer.py", line 353, in begin
return self.beginWithoutDiscovery(service, anonymous)
File "build/bdist.macosx-10.7-intel/egg/openid/consumer/consumer.py", line 376, in beginWithoutDiscovery
auth_req = self.consumer.begin(service)
File "build/bdist.macosx-10.7-intel/egg/openid/consumer/consumer.py", line 598, in begin
assoc = self._getAssociation(service_endpoint)
File "build/bdist.macosx-10.7-intel/egg/openid/consumer/consumer.py", line 1158, in _getAssociation
assoc = self.store.getAssociation(endpoint.server_url)
File "build/bdist.macosx-10.7-intel/egg/openid/store/sqlstore.py", line 18, in wrapped
return self._callInTransaction(func, self, _args, *_kwargs)
File "build/bdist.macosx-10.7-intel/egg/openid/store/sqlstore.py", line 172, in _callInTransaction
ret = func(_args, *_kwargs)
File "build/bdist.macosx-10.7-intel/egg/openid/store/sqlstore.py", line 220, in txn_getAssociation
self.db_get_assocs(server_url)
File "build/bdist.macosx-10.7-intel/egg/openid/store/sqlstore.py", line 156, in func
return self._execSQL(sql_name, *args)
File "build/bdist.macosx-10.7-intel/egg/openid/store/sqlstore.py", line 147, in _execSQL
self.cur.execute(sql, str_args)
OperationalError: no such table: oid_associations
2012-06-25 10:18:17,840 Trac[perm] DEBUG: No policy allowed anonymous performing EMAIL_VIEW on None

Hi,

These are the steps I did:

1. create trac database and user
2. create trac environment
3. give admin user the TRAC_ADMIN rights
4. installed https://github.com/openid/python-openid from source
5. installed authopenid-plugin from source
6. run tracd

$tracd -p 10002 --protocol=http -s /opt/trac
Server starting in PID 2086.
Serving on 0.0.0.0:10002 view at http://127.0.0.1:10002/
Using HTTP/1.1 protocol version

1. open the trac website and click OpenID Login --> Google
2. bellow are the logs:

103.11.50.232 - - [15/Sep/2013 14:54:08] "GET / HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/css/trac.css HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/css/wiki.css HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/js/jquery.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/js/folding.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/js/search.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/js/babel.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/js/trac.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/js/messages/en_US.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/css/code.css HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/trac.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/trac_logo_mini.png HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/site/my-logo.png HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/topbar_gradient2.png HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:08] "GET /chrome/common/topbar_gradient.png HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:16] "GET /openidlogin HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/css/openid.css HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/js/openid-jquery.js HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/myopenid.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/openid.gif HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/livejournal.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/google.gif HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/yahoo.gif HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/aol.gif HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/flickr.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/technorati.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/blogger.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/wordpress.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/verisign.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/vidoop.ico HTTP/1.1" 200 -
103.11.50.232 - - [15/Sep/2013 14:54:17] "GET /chrome/authopenid/images/claimid.ico HTTP/1.1" 200 -
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing EMAIL_VIEW on None
103.11.50.232 - - [15/Sep/2013 14:54:23] "POST /openidverify HTTP/1.1" 200 -
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:Dispatching <RequestWithSession "GET '/favicon.ico'">
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No OpenId authenticated user.
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:Retrieving session for ID 'a2dc23672ca843db4f140324'
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:Negotiated locale: None -> en_US
WARNING:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:Unable to find repository '(default)' for synchronization
WARNING:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:[103.11.50.232] HTTPNotFound: 404 Not Found (No handler matched request to /favicon.ico)
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:Prepare chrome data for request
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No OpenId authenticated user.
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing TRAC_ADMIN on None
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing PERMISSION_GRANT on None
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing PERMISSION_REVOKE on None
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing TICKET_ADMIN on None
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing VERSIONCONTROL_ADMIN on None
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing TICKET_CREATE on None
DEBUG:Trac.5762023066ff8e081e159075b74aa4c92736f7b6:No policy allowed anonymous performing EMAIL_VIEW on None
103.11.50.232 - - [15/Sep/2013 14:54:24] "GET /favicon.ico HTTP/1.1" 404 -

-- Goole shows this error:

Error:invalid_request
Error in parsing the OpenID auth request.

When I do login generate in session table a new record with SID as my fullname.

Can I change it to save my email (for compatibility with my old tickets)?

I get a 'No handler matched request to /openidprocess' error on returning from the authenticating peer.
Using trac-authopenid 0.4.1-2 (Debian 8 package) with Trac 1.0.1.

Ideas ?

Hi,

I am interested in using your plugin, but asking in #trac (irc.freenode.net), they told me that thought actually might work, it wont in next versions.

Here I paste a transcript of the irc explanation the gave me:

txomon: I've just taken a look at its source.
txomon: Sees quite elaborated, so give it a try.
txomon: It should work with Trac 0.12 .. 1.0,
txomon: but is not ready for upcoming 1.1.x/1.2 that is meant to finally drop old db API
txomon: but a lot of Trac plugins currently share this state, the Trac 1.0 db API is not widely adopted yet.
txomon: what could become more of a problem is the version-free db schema of AuthOpenidPlugin
txomon: If you care, please urge the author/maintainers to move to a versioned schema (with 'authopenid_version' stored in Trac db table 'sysem')
txomon: the issue is with https://github.com/dairiki/authopenid-plugin/blob/master/authopenid/authopenid.py#L241 ff
txomon: this check for table existence has been discussed quite a lot lately. It must be avoided, because it breaks the whole upgrade check procedure in recent Trac versions,
txomon: and will probably even prevent Trac core itself from upgrading its db
ok
txomon: But this is all known, and a fix could be implemented similar to what has been discussed in http://trac-hacks.org/ticket/9521

Hope this helps you identify the issue (I am not familiarized with the API yet),

Cheers,

Javier Domingo

Hi

If I use myopenid and don't enter any email get the following error while trying to login:

2013-06-26 20:01:03,318 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/Trac-1.0.1-py2.7.egg/trac/web/main.py", line 497, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/local/lib/python2.7/dist-packages/Trac-1.0.1-py2.7.egg/trac/web/main.py", line 214, in dispatch
    resp = chosen_handler.process_request(req)
  File "/usr/local/lib/python2.7/dist-packages/TracAuthOpenId-0.4.5-py2.7.egg/authopenid/authopenid.py", line 328, in process_request
    return self._do_process(req)
  File "/usr/local/lib/python2.7/dist-packages/TracAuthOpenId-0.4.5-py2.7.egg/authopenid/authopenid.py", line 579, in _do_process
    or email.split('@',1)[0].replace('.', ' ').title())
AttributeError: 'NoneType' object has no attribute 'split'

Line 92 authopenid.py:
if config.has_option('trac', 'check_auth_ip', defaults=False):

The third option "defaults" doesn't work on my install. Not sure what exactly the issue is, given that I don't have much experience with Python and even less with trac and this plugin code. I didn't get any great insight out of the APIs, only the two-arg prototype.

My resolution was just to patch the file to remove the third option. Doesn't look like critical functionality being modified.

Posting in case anybody else runs into this issue. Up to you what if anything to do about it, if it is in fact a backwards-compatibility issue.

OpenID loses a lot of its functionality for me when you define a static list of providers. There could be an option to allow the user to input their OpenID URL from an unlisted provider.

see http://stackexchange.com/users/login for an example.

EDA: sorry, I'm noticing now on VLC's trac install the option to use 'OpenID' as a provider, which allows me to enter a custom URL. I went right past it the first time :( I'm assuming this is not the 'openid' provider in the 'providers' list from the config, as that would be openid.net? Did they add a custom provider or is this an option I'm missing somewhere?

For every authentication via OpenID, the plugin generates the trac user name (authname) from the information in the OpenID response (using full name, email etc., see the code in _do_process() ).

While this mostly works, there is one problem:

If the data from the OpenID provider changes (e.g. changed full name or new email address), the plugin will login the user under a new user name, which is probably not what the user wants.

To fix this, the plugin should first try to look up an existing account via the OpenID identifier; the user name generation should only kick in if this fails (i.e. for a new user).

The plugin will generate usernames with spaces or other problematic characters, if they are part of the data from the OpenID provider.
This will probably cause problems in trac later on: At least spaces and commas will break the CC funtionality of trac (see http://trac.edgewall.org/ticket/9740 ). Other special characters are likely to cause problems as well.
The plugin should restrict usernames suitably.
Maybe only allow ascii letters and digits, and possibly underscore and hyphen.

I installed this plugin and enabled it in trac.ini file. The "Name" field of OpenID account (which could be set to anything) is used as SID by default.

I managed to login my trac installation as admin with a trivial OpenID account by setting "User Name" field as "admin" in the OpenID options in my OpenID provider's page.

I am not able to use my unique OpenID address as SID.

Platform: Debian Jessie

If you are logged into Trac using Google OpenID and go to "View Tickets" at the bottom of the page you'll see the ability to "Download in other formats" choosing Comma-delimited text or Tab-delimited text those features work fine, but if you choose RSS it does not work. This issue also occurs when going to "Roadmap" and at the bottom of the screen it has a similar option to download in iCalendar this also does not work and I believe it's because this may be a bug in the authopenid-plugin.

Hello,

during my experiments, I used /trac as the base_url, and wasted quite some time on attempting to debug why Google and Yahoo both rejected my OpenID login attempts.

Trac itself didn't both much about the domain name not being present. My I suggest that you point it out more clearly in the documentation.

E.g. "Beware, for OpenID to work, base_url must be a full URL with FQN hostname included."

I will agree it's obvious, but only in hindsight. :-)

Hey,

I've tried to use your plugin, however, I'm pretty much stumped how it is supposed to work and how to integrate it with existing user accounts.

First, as a user I usually expect that I can somehow link an account to an existing OpenID. However, I couldn't find anything after having logged on on Trac with my user/password. I only see an "Login with OpenID" link when I'm logged off.

So I though "OK cool, let's try that one". I successfully logged in via myopenid.com and trac created a new account for me. This would be OK if I did not have an account on Trac already, however, I'd like to continue using my old account.

Making matters worse my existing account shares the same email address that the newly created account uses -- but they're different user names. Therefore Trac seems to have created a new account, and it has already sent me the activation email, but I cannot activate the new account because says that the email address has already been activated. Bummer.

I can also not see that newly created account on the Trac admin panel in the users list.

Therefore I'm really hoping you can write some more documentation on how both the admin and the user part of your plugin are supposed to work, which features should work and which shouldn't.

Thanks.

Hi,

Authentication agains www.<mydomain>/trac/<myproject>/ and <mydomain>/trac/<myproject>/ yields different user names, namely 'my name' and 'my name (2)' respectively.
So when I give permissions to 'my name', those permissions are not present when the non-www version.
I am aware that this is more of a feature for OpenID, authentication tokens are for a specific domain. Still I don't really know how to handle this problem in practice.

Thanks,

I tried logging into trac (the mpc-hc project) using my Google Account (OpenID Login), and hit this screen:

"OpenID 2.0 for Google Accounts has gone away"

Which means that I can't login :(

Google has a migration guide here: https://developers.google.com/identity/protocols/OpenID2Migration