Ticket #10701 (closed defect: fixed)

Opened 5 months ago

Last modified 5 months ago

Reset password reports Cannot find an implementation of the "IPasswordHashMethod"

Reported by: anonymous Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: major Keywords: password reset
Cc: rjollos Trac Release: 1.0

Description

After fixing #10700 I could see this message:

'Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod?". Please update the option account-manager.hash_method in trac.ini.'

I know this error report is incorrect, since the configuration is sufficient to create accounts in the admin panel.

Attachments

Change History

(in reply to: ↑ description ) 12/12/12 22:59:36 changed by hasienda

  • keywords set to password reset.
  • cc set to rjollos.

Replying to anonymous:

After fixing #10700 I could see this message: 'Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.' I know this error report is incorrect, since the configuration is sufficient to create accounts in the admin panel.

You're wrong here. ResetPwStore is a Trac db based store derived from SessionStore class. So you'll need to have one of the hash methods enabled to have a working password reset procedure.

In this case your configuration is overly narrow in what components are enabled - easy to fix when allowing the error to surface, sure.

I'll further look into that case. Maybe always auto-enabling a default hash method with AccountManager component is the best approach here?

Btw, would you care to share a valid email contact for further conversation on the issue, please? Anonymous reporters tend to become unresponsive in general due to missing notifications on tickets comments.

12/13/12 00:08:02 changed by hasienda

(In [12441]) AccountManagerPlugin: Propagate errors from AccountModule._reset_password, refs #7111, #8927, #10700 and #10701.

Thanks for the recent, anonymous hint on this issue, that originates from [10313] (btw, a fix for a much more serious issue).

12/13/12 02:31:37 changed by hasienda

(In [12442]) AccountManagerPlugin: Add more configuration error logging, refs #10700 and #10701.

Ensure proper configuration for SessionStore and derived classes, and properly disable password reset functionality in AccountModule as well, if it can't work due to either ResetPwStore? being disabled entirely or just missing the configured IPasswordHashMethod implementation.

12/13/12 02:34:00 changed by hasienda

Done, but feedback certainly welcomed. Thanks again for taking care and taking the time to report here.

12/26/12 22:22:18 changed by hasienda

  • status changed from new to closed.
  • resolution set to fixed.

(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.

This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:

  • a final fix for Single-Sign-On functionality (refs #9676),
  • a long-standing HttpAuth? login issue and
  • one for acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.

Add/Change #10701 (Reset password reports Cannot find an implementation of the "IPasswordHashMethod")




Change Properties
Action