Modify

Opened 5 years ago

Closed 5 years ago

#5732 closed defect (duplicate)

Infinite URL redirection when logging in after resetting password

Reported by: siddhu.warrier@… Owned by: pacopablo
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I'm using SessionStore to store the password in the MySQL database. I'm using the 0.11 version of Trac Account Manager

I found that if I were to:

  1. Reset password and have it emailed to me.
  2. Log in with the new password.

I keep getting redirected, infinitely. I fooled about with the code and figured that, in do_account, the session variable 'force_change_passwd' was not being reset if the request method was not 'POST':

This can be fixed by adding the following to acct_mgr/web_ui.py: 250a255,256

del(req.session['force_change_passwd' ])
req.session.save()

However, this does not completely fix the problem (just works around it and allows me to log in), as the chrome warning does not appear. I did a bit of an inspect and walk through (very amateurishly), and found the following function calls occuring in web_ui.py of the AccountManager plugin:

In _post_process_request
In match_request
In get_preference_panel
In render_preference_panel called by ('/usr/lib/python2.5/site-packages/trac/prefs/web_ui.py', 73, 'process_request', template, data = chosen_provider.render_preference_panel(req, panel_id)\n?, 0).

In _do_account as user Superman. called by ('build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py', 196, 'render_preference_panel', None, None).
Resetting session variable...

In _post_process_request
In _post_process_request

As you can see, post_process-request is called twice after I reset the session variable. So the chrome warning is lost. Unfortunately, I could not dig in further due to temporal constraints.

I hope this helps.

Attachments (0)

Change History (1)

comment:1 Changed 5 years ago by pacopablo

  • Resolution set to duplicate
  • Status changed from new to closed

duplicate of #3233. Fixed

Add Comment

Modify Ticket

Action
as closed The owner will remain pacopablo.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.