Tasktracker expects to be wrapped by some sort of authentication middleware which sets certain environment keys that are required by tasktracker.  Two options are provided: TestingEnv and CookieAuth.  (Note: these names may change in the future.)  The functionality of these two middleware options will be described below.

Authentication middleware specification

Additional authentication middleware options can be built according to the following specification.  To use your homegrown authentication middleware, edit tasktracker.config.middleware to check for additional "openplans_wrapper" options, and set "openplans_wrapper" in your development.ini configuration file to the appropriate middleware.  (Note: this process ought to be streamlined in the future.)

Authentication middleware must set the following environment keys:

• REMOTE_USER: a string representing the logged-in user's username
• topp.user_info: a dictionary containing at least 'username' and 'roles' keys:
•   'username': a string representing the logged-in user's username
•   'roles': a list of strings representing the roles that the logged-in user has in the currently-active project; roles that tasktracker cares about are 'Authenticated'(?), 'ProjectMember', and 'ProjectAdmin'; any other roles will be ignored by tasktracker's internal security checks.
  
• topp.project_name: a string representing the name of the currently-active project
• topp.project_permission_level: a string representing the security level of the currently-active project, which must be one of "project-open", "project-medium" or "project-closed."
• topp.project_members: an instance of an object that implements the tasktracker UserMapper interface, which can generate a list of all members in the currently-active project

TestingEnv

TesttingEnv is standalone middleware.  A single project, titled "theproject," is available; any username/password combination is valid; and all users (with a few exceptions) are treated as members of the default project. The special users are:

admin: treated as an administrator on the project
auth: treated as a logged-in user who is not a member of the project
anon: treated as an anonymous user

HTTP basic authentication is used to request the user's name.  This middleware may be fleshed out in the future; for now it should be considered useful only for testing purposes or as the basis for functioning standalone authentication.  For example, tasktracker's database could be modified to remember user information, such as usernames, encoded passwords, and associated projects, and the authentication middleware could query the database.

CookieAuth

CookieAuth is the middleware used in the tasktracker instance that runs on OpenPlans.  It allows any number of projects, each with individual lists of members and member roles, and each with a distinct project security policy.  It requires an external User Manager (UM) to manage user authentication and project information.  Details about the UM and how tasktracker interacts with the UM are available in the SVN repository at https://svn.openplans.org/svn/TaskTracker/trunk/tasktracker/docs/api.txt.  (Note: this filename should change in the future, to something more descriptive.)