Modify

Opened 5 years ago

Closed 4 years ago

#5247 closed defect (fixed)

[patch] Stack trace escapes to user when htdigest file is not writeable

Reported by: reallifesim@… Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: minor Keywords: needinfo htpasswd file
Cc: Trac Release: 0.11

Description

The set_password api function can throw a TracError that web_ui._create_user fails to check for.

This will happen if the HtDigest file used for authentication is not writable by the apache user.

Attached patch with a fix.

Attachments (1)

acctmgr_exception.patch (181 bytes) - added by reallifesim@… 5 years ago.
patch for web_ui.py

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by reallifesim@…

patch for web_ui.py

comment:1 Changed 5 years ago by anonymous

Hmm, that patch seems to be empty/unreadable. Here it is inline:

70c70,74
< mgr.set_password(user, password)
---

try:

mgr.set_password(user, password)

except TracError, e:

e.acctmgr = acctmgr
raise e

It's against web_ui.py

comment:2 Changed 4 years ago by hasienda

  • Keywords htpasswd file added
  • Owner changed from mgood to hasienda
  • Summary changed from Stack trace escapes to user when htdigest file is not writeable to [patch] Stack trace escapes to user when htdigest file is not writeable

Actually there is just an issue with parsing certain diff files by the internal viewer. However I doubt that this will be an problem, as soon as #4276 get's fixed. And this will be really soon. The extra code shouldn't be needed then.

comment:3 Changed 4 years ago by hasienda

  • Keywords needinfo added

Could you please check trunk code, if this issue persists after [9272]?

We should get a proper error already at the time of opening the file for writing (in htfile.py, lin1 149), so this should be obsolete by now. Correct?

comment:4 Changed 4 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [9347]) AccountManagerPlugin: Improve error handling when writing to password files, closes #4040 and #5247, refs #6803.

Some messages without i18n markup were found while examining the code, so
corresponding additions and updates to message catalogs are included as well.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.