Modify

Opened 2 years ago

Closed 2 years ago

#10134 closed defect (fixed)

httpauth login throws traceback

Reported by: tekknokrat Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: traceback recursion httpauth loginform
Cc: gunnar_thielebein@…, rjollos Trac Release: 0.11

Description

Current trunk throws a traceback like attached if a wrong password is supplied.

Attachments (2)

traceback.log (81.4 KB) - added by tekknokrat 2 years ago.
20120705_acctmgr_http-auth_t10134.patch (1.8 KB) - added by hasienda 2 years ago.
split basic and digest authentication attempts to prevent recusion from second to previous method

Download all attachments as: .zip

Change History (11)

Changed 2 years ago by tekknokrat

comment:1 Changed 2 years ago by tekknokrat

Btw. everythings fine with a correct password given. Configuration snippets of my setup...

apache2 config:

  <Location /trac>                                                              
     SetHandler mod_python                                                      
     PythonInterpreter main_interpreter                                         
     PythonHandler trac.web.modpython_frontend                                  
     # PythonOption TracEnvParentDir /var/trac                                  
     PythonOption TracUriRoot /trac                                             
     PythonOption TracEnv /var/trac/test                                 
     PythonOption TracLocale en_US.UTF8                                         
     PythonOption PYTHON_EGG_CACHE /var/trac/tmp                                
     Order allow,deny                                                           
     Allow from all                                                             
  </Location>    

trac.ini:

[account-manager]                                                               
authentication_url = /http_auth                                                 
password_store = HttpAuthStore   
...
[components]                                                                    
acct_mgr.admin.accountmanageradminpages = enabled                               
acct_mgr.api.accountmanager = enabled                                           
acct_mgr.http.HttpAuthStore = enabled                                           
acct_mgr.web_ui.loginmodule = enabled                                           
trac.web.auth.loginmodule = disabled                                            
tracfullblog.admin.fullblogadminpanel = enabled                                 
tracfullblog.core.fullblogcore = enabled                                        
tracfullblog.db.fullblogsetup = enabled                                         
tracfullblog.macros.bloglistmacro = enabled                                     
tracfullblog.web_ui.fullblogmodule = enabled                                    
tractab.tractab.tractab = enabled                                               
tractags.api.tagsystem = enabled                                                
tractags.macros.listtaggedmacro = enabled                                       
tractags.macros.tagcloudmacro = enabled                                         
tractags.model.tagmodelprovider = enabled                                       
tractags.ticket.tickettagprovider = enabled                                     
tractags.web_ui.tagrequesthandler = enabled                                     
tractags.web_ui.tagtemplateprovider = enabled                                   
tractags.wiki.tagwikisyntaxprovider = enabled                                   
tractags.wiki.wikitaginterface = enabled                                        
tractags.wiki.wikitagprovider = enabled                                         
tracwysiwyg.templateprovider = enabled                                          
tracwysiwyg.wysiwygwikifilter = enabled                

comment:2 Changed 2 years ago by hasienda

What I see from your traceback is an recursion in urllib2.

Maybe there is something wrong in the way we call both, simple and digest auth handlers at once. The HTTP401 on digest authentication seems to recall the previous request to basic auth, so it could help to call them in separate try..catch parts. Although I'm not sure how such a grave bug should have survived more than 6 years since the initial implementation in r1534.

Any more insights how your (web server) configuration could be different from many others?

Changed 2 years ago by hasienda

split basic and digest authentication attempts to prevent recusion from second to previous method

comment:3 Changed 2 years ago by hasienda

Try this patch please, even if it looks like a clumsy solution and probably could be coded more elegant.

comment:4 Changed 2 years ago by hasienda

  • Cc rjollos added
  • Keywords needinfo added
  • Priority changed from normal to low

Ping.

Not often, that you get a patch within a day after the report, but no feedback afterwards, even not after half a year by now. That's really a disappointment to me.

Anyone remaining interested in fixing this issue? It's unreasonable to assume, that I'll push code I've provided for good, but can't verify on my own. Even if the issue meanwhile has been resolved by other means, it would be fair at minimum to tell it to me.

Drop a comment, please, or I'll certainly drop the issue.

comment:5 Changed 2 years ago by jun66j5

According to http://bugs.python.org/issue8797, it seems the Python issue. Also, Bitten has the same issue and has fixed in bitten:changeset:974. See bitten:ticket:658.

But I couldn't reproduce it....

comment:6 Changed 2 years ago by hasienda

  • Keywords needinfo removed
  • Priority changed from low to normal

Wonderful, thanks Jun.

That finally casts some light up-on the scenery. So this is a Python bug. Strange encounter, but you gave me valuable pointers, that I'll use to verify my interim solution.

comment:7 Changed 2 years ago by hasienda

(In [12408]) AccountManagerPlugin: Use own HTTPBasicAuthHandler under Python 2.6 to avoid recursion in urllib2 (http://bugs.python.org/issue8797), refs #10134.

Special thanks to Jun Omae for pointing at hodgestar's changes to fix this issue for Bitten (bitten:r974).

comment:8 Changed 2 years ago by hasienda

Test feedback would be much appreciated.

comment:9 Changed 2 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.

This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:

  • a final fix for Single-Sign-On functionality (refs #9676),
  • a long-standing HttpAuth login issue and
  • one for acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.