Modify

Opened 4 years ago

Closed 2 years ago

#8770 closed defect (fixed)

AttributeError: Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.

Reported by: admin Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: option
Cc: olemis Trac Release: 0.11

Description

How to Reproduce

While doing a GET operation on /admin/accounts/config, Trac issued an internal error.

(please provide additional details here)

Request parameters:

{'cat_id': u'accounts', 'panel_id': u'config', 'path_info': None}

User agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16

System Information

Trac 0.13dev-r10688
Babel 0.9.6
Docutils 0.7
Genshi 0.6
mod_python 3.3.1
Pygments 1.4
pysqlite 2.6.0
Python 2.5 (r25:51908, Sep 19 2006, 09:52:17) [MSC v.1310 32 bit (Intel)]
pytz 2011e
setuptools 0.6c11
SQLite 3.6.2
Subversion 1.4.6 (r28521)
jQuery 1.5.1

Enabled Plugins

tracaccountmanager 0.3dev-r10113

Python Traceback

Traceback (most recent call last):
  File "build\bdist.win32\egg\trac\web\main.py", line 473, in _dispatch_request
    dispatcher.dispatch(req)
  File "build\bdist.win32\egg\trac\web\main.py", line 193, in dispatch
    resp = chosen_handler.process_request(req)
  File "build\bdist.win32\egg\trac\admin\web_ui.py", line 124, in process_request
    path_info)
  File "build\bdist.win32\egg\acct_mgr\admin.py", line 130, in render_admin_panel
    return self._do_config(req)
  File "build\bdist.win32\egg\acct_mgr\admin.py", line 159, in _do_config
    opt_val = option.__get__(store, store)
  File "build\bdist.win32\egg\trac\config.py", line 691, in __get__
    self.section, self.name))
AttributeError: Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod".  Please update the option account-manager.hash_method in trac.ini.

Attachments (0)

Change History (9)

comment:1 Changed 3 years ago by rjollos

  • Component changed from SELECT A HACK to AccountManagerPlugin
  • Owner changed from anonymous to hasienda

Yet another incorrectly filed ticket.

comment:2 follow-up: Changed 3 years ago by hasienda

  • Keywords option added
  • Resolution set to worksforme
  • Status changed from new to closed

See the end of the traceback message:

Please update the option account-manager.hash_method in trac.ini.

We could hardly be more explicit about how to fix this issue, couldn't we?

Sorry, but this is showing to me very clearly, that at the reporters side not much effort has been put into research about proper configuration. Especially make sure in your trac.ini you have

[components]
acct_mgr.pwhash.htdigesthashmethod = enabled

comment:3 in reply to: ↑ 2 ; follow-up: Changed 2 years ago by anonymous

I am receiving the same error as rjollos, but via a different method. I receive the error when clicking "Reset Passwords" on the "Manage User Accounts" page. I am using HtPasswdStore rather than SessionStore or SvnServePasswordStore. Enabling the pwhash.htdigesthashmethod component as suggested does not solve the problem. The documentation doesn't say anything about using pwhash in conjunction with HtPasswdStore, or at least not that I was able to find.

Here are my account-manager settings:

[account-manager]
allow_delete_account = false
force_passwd_change = true
htpasswd_hash_type = crypt
password_file = <redacted>
password_store = HtPasswdStore
persistent_sessions = true
refresh_passwd = False
user_lock_max_time = 0
verify_email = true
[components]
acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled

comment:4 in reply to: ↑ 3 Changed 2 years ago by nmschulte@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I made the prior post; apologies for not leaving contact information. I assume I should reopen the ticket as well...

comment:5 Changed 2 years ago by hasienda

No offense intended, but what's the issue with following advice given by a rather trustworthy plugin? I don't get that, really.

If you're curious enough, or security conscious or both, a look into changelog, the commit log or some closer looks at the source will tell you, that the reset password process has dramatically changed, and that using a modified SessionStore for the interim reset passwords has been part of the current solution to prevent DOS attacks by false faked request request from a third party.

Nevertheless I appreciate your hint about this being not obvious in current wiki documentation. I'll try to improve relevant places (AccountModule and SessionStore) before closing this ticket again.

comment:6 Changed 2 years ago by hasienda

  • Status changed from reopened to new

#10406 has been closed as a duplicate. The patch by Jun Omae seems a bit unrelated, but deserves further investigation, even if not applying to current trunk anymore.

comment:7 Changed 2 years ago by hasienda

(In [12097]) AccountManagerPlugin: Send notification for password reset only after storing it, refs #8770.

Unsuccessful attempts to store a new password will no longer yield misleading user notification about unsaved, effectively invalid passwords.

Beware though, that the password reset procedure has been changed to prevent premature password invalidation, so the old password will continue to exist until next successful login for that user account anyway.

(hand-added, because it seems to not have landed here even with appropriate commit message)

comment:8 Changed 2 years ago by olemis

  • Cc olemis added; anonymous removed

comment:9 Changed 2 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.