Modify

Opened 2 years ago

Closed 2 years ago

#10701 closed defect (fixed)

Reset password reports Cannot find an implementation of the "IPasswordHashMethod"

Reported by: anonymous Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: major Keywords: password reset
Cc: rjollos Trac Release: 1.0

Description

After fixing #10700 I could see this message:

'Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.'

I know this error report is incorrect, since the configuration is sufficient to create accounts in the admin panel.

Attachments (0)

Change History (5)

comment:1 in reply to: ↑ description Changed 2 years ago by hasienda

  • Cc rjollos added; anonymous removed
  • Keywords password reset added

Replying to anonymous:

After fixing #10700 I could see this message:

'Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.'

I know this error report is incorrect, since the configuration is sufficient to create accounts in the admin panel.

You're wrong here. ResetPwStore is a Trac db based store derived from SessionStore class. So you'll need to have one of the hash methods enabled to have a working password reset procedure.

In this case your configuration is overly narrow in what components are enabled - easy to fix when allowing the error to surface, sure.

I'll further look into that case. Maybe always auto-enabling a default hash method with AccountManager component is the best approach here?

Btw, would you care to share a valid email contact for further conversation on the issue, please? Anonymous reporters tend to become unresponsive in general due to missing notifications on tickets comments.

comment:2 Changed 2 years ago by hasienda

(In [12441]) AccountManagerPlugin: Propagate errors from AccountModule._reset_password, refs #7111, #8927, #10700 and #10701.

Thanks for the recent, anonymous hint on this issue, that originates from [10313] (btw, a fix for a much more serious issue).

comment:3 Changed 2 years ago by hasienda

(In [12442]) AccountManagerPlugin: Add more configuration error logging, refs #10700 and #10701.

Ensure proper configuration for SessionStore and derived classes, and properly disable password reset functionality in AccountModule as well, if it can't work due to either ResetPwStore being disabled entirely or just missing the configured IPasswordHashMethod implementation.

comment:4 Changed 2 years ago by hasienda

Done, but feedback certainly welcomed. Thanks again for taking care and taking the time to report here.

comment:5 Changed 2 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.

This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:

  • a final fix for Single-Sign-On functionality (refs #9676),
  • a long-standing HttpAuth login issue and
  • one for acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.