Modify

Opened 5 years ago

Closed 4 years ago

#5732 closed defect (duplicate)

Infinite URL redirection when logging in after resetting password

Reported by: siddhu.warrier@… Owned by: pacopablo
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I'm using SessionStore to store the password in the MySQL database. I'm using the 0.11 version of Trac Account Manager

I found that if I were to:

  1. Reset password and have it emailed to me.
  2. Log in with the new password.

I keep getting redirected, infinitely. I fooled about with the code and figured that, in do_account, the session variable 'force_change_passwd' was not being reset if the request method was not 'POST':

This can be fixed by adding the following to acct_mgr/web_ui.py:
250a255,256

del(req.session['force_change_passwd' ])
req.session.save()

However, this does not completely fix the problem (just works around it and allows me to log in), as the chrome warning does not appear. I did a bit of an inspect and walk through (very amateurishly), and found the following function calls occuring in web_ui.py of the AccountManager plugin:

In _post_process_request
In match_request
In get_preference_panel
In render_preference_panel
called by ('/usr/lib/python2.5/site-packages/trac/prefs/web_ui.py', 73, 'process_request', template, data = chosen_provider.render_preference_panel(req, panel_id)\n?, 0).

In _do_account as user Superman.
called by ('build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py', 196, 'render_preference_panel', None, None).
Resetting session variable...

In _post_process_request
In _post_process_request

As you can see, post_process-request is called twice after I reset the session variable. So the chrome warning is lost. Unfortunately, I could not dig in further due to temporal constraints.

I hope this helps.

Attachments (0)

Change History (1)

comment:1 Changed 4 years ago by pacopablo

  • Resolution set to duplicate
  • Status changed from new to closed

duplicate of #3233. Fixed

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from pacopablo. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.