Modify

Opened 2 years ago

Closed 2 years ago

#10094 closed defect (worksforme)

SessionStore and user verification

Reported by: bucienator Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: SessionStore
Cc: Trac Release: 0.12

Description

In my setup I store passwords with SessionStore, and I have a sql view, that is appropriate for apache db based authentication module. Authentication is then done by HTTP auth, and required on the whole site (not only /login path). This works perfectly for existing users.

AccountManagerPlugin is used to create users, and to do email verification. When I create a new user, 3 new records are created in session_attribute, and none in session. When the new user logs in, these does not change. (I guess session table should have changed.) Also, when the user switches to the preferences panel, nothing is filled, although, name and email were given when creating the user.

And the biggest problem is, that when the user types her name, email address, and presses submit, a new record is created in session table, and the name and email are inserted into session_attributes, but password is removed, thus the user won't be able to log in again until I fix it manually.

I might have misinterpreted something, but I am stuck now. Do you have any idea?

version: latest svn trunk and 0.11 branch as well.

Actually this setup worked with an earlier version, but after an update this error occurred. Unfortunately I don't know, which version I had before the update...

config:

[account-manager]
account_changes_notify_addresses =
hash_method = HtPasswdHashMethod
notify_actions = new,delete
password_store = SessionStore
user_lock_max_time = 0

[components]
acct_mgr.admin.accountmanageradminpage = enabled
acct_mgr.db.sessionstore = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.abstractpasswordfilestore = disabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.htfile.htpasswdstore = disabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.loginmodule = disabled
acct_mgr.web_ui.registrationmodule = disabled
acct_mgr.web_ui.resetpwstore = disabled
trac.web.auth.loginmodule = enabled

Attachments (0)

Change History (4)

comment:1 Changed 2 years ago by hasienda

  • Keywords SessionStore added

This is most probably a duplicate of #9843.

Would you be so kind as to re-check with code from [11826] or (preferably) a more recent revision?

comment:2 Changed 2 years ago by bucienator

Actually, the issue disappeared when our server provider updated the core Trac setup to a presumably newer version. So probably the whole issue was more related to Trac itself then the AccountManagerPlugin.

comment:3 Changed 2 years ago by bucienator

Thank you for looking into it, anyways!

comment:4 Changed 2 years ago by hasienda

  • Resolution set to worksforme
  • Status changed from new to closed

Ok then, let's settle the case.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.