Ticket #9942 (closed defect: fixed)

Opened 1 year ago

Last modified 5 months ago

'Headers Already Set' error after password reset

Reported by: rjollos Assigned to: hasienda
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: login password reset
Cc: Trac Release: 0.12

Description (Last modified by rjollos)

I'm running the latest version of the AccountManagerPlugin, r11364, and Trac 0.12.3. After creating a user account and logging in as that user (to work around #9252 / #9843), I reset the users password to force them to change it on first login. When the users logs in, they see the following error:

Upon attempting navigate to any other page, they are redirected to the Change password page and prevented from accessing any other page before changing their password:

Traceback: 

2012-04-03 16:43:07,069 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 522, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 269, in dispatch
    self._post_process_request(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 365, in _post_process_request
    f.post_process_request(req, *(None,)*extra_arg_count)
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 256, in post_process_request
    req.redirect(redirect_url)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 383, in redirect
    self.end_headers()
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 321, in end_headers
    self._write = self._start_response(self._status, self._outheaders)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/_fcgi.py", line 1241, in start_response
    assert not headers_set, 'Headers already set!'
AssertionError: Headers already set!

Attachments

HeadersAlreadySet.png (18.9 kB) - added by anonymous on 04/04/12 00:24:22.
PleaseChangeYourPassword.png (27.8 kB) - added by anonymous on 04/04/12 00:24:43.

Change History

04/04/12 00:24:22 changed by anonymous

  • attachment HeadersAlreadySet.png added.

04/04/12 00:24:43 changed by anonymous

  • attachment PleaseChangeYourPassword.png added.

04/09/12 05:06:34 changed by rjollos

  • description changed.
  • reporter changed from anonymous to rjollos.

(follow-up: ↓ 4 ) 11/24/12 00:05:59 changed by hasienda

  • keywords set to needinfo login password reset.

Would you be so kind as to re-check with current trunk code, please.

I suggest, that this had been fixed by changes for other issues as well. Especially #9252 and #9843 might be related.

(follow-up: ↓ 6 ) 12/04/12 22:54:28 changed by hasienda

  • priority changed from normal to low.

Meanwhile acct_mgr-0.4 has been release, and the workaround for aforementioned, resolved tickets is no longer needed.

I've tried it on Trac-1.0:

  • user is created successfully
  • password reset works
    • with recent trunk revision of TracAnnouncer I even get notifications for both, account/user creation and password reset
  • account attributes are preserved on 1st login
    • no header complaint here, but no wonder, because I use tracd, not Trac served by a fcgi modules
  • password reset works too, again including notification

Do you still see issues with Trac served by fcgi?

(in reply to: ↑ 2 ) 12/05/12 05:36:24 changed by rjollos

Replying to hasienda:

Would you be so kind as to re-check with current trunk code, please.

Yes, I'll test now. Sorry for the delay. I haven't been able to keep up on all the email from Trac over the past two weeks due to other commitments. Starting to get caught up now though.

(follow-up: ↓ 7 ) 12/05/12 07:17:19 changed by rjollos

I upgraded to the 0.4 release. I didn't check what version I was running before the upgrade, but I remember upgrading to the latest trunk very recently, and from looking at the installed eggs, it appears I was at 0.4dev_r12386. That probably isn't relevant though.

I was thinking that that there was an option to force the user to reset their password on first login, but I'm not seeing that now, so maybe I was just imagining it (perhaps a good feature request though? => #10679). Email notifications aren't working for me at the moment, but I think that is because I'm using the AnnouncerPlugin. I only mention in case that is somehow related to the reset on first login behavior that I might be overlooking.

I've tested the following procedure:

  1. Create a new user from the admin page.
  2. Reset their password from the admin page.
  3. Login as that user and verify that a password reset is required.
  4. Reset the password - I'm immediately prompted with a http auth dialog (using HtPasswdStore, full config below) and on entering my new password I'm back on the change password page.

Everything appears to be functioning well. I found two unrelated issues, which I'll open tickets for. I think this ticket can be closed. 

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.registrationmodule = disabled
acct_mgr.web_ui.resetpwstore = enabled

(in reply to: ↑ 3 ) 12/05/12 08:45:40 changed by rjollos

Replying to hasienda:

Do you still see issues with Trac served by fcgi?

Just to clarify, all of my testing in comment:5 was on my production instance of Trac, running under Apache with mod_wsgi.

(in reply to: ↑ 5 ) 12/06/12 03:05:41 changed by hasienda

Replying to rjollos:

I upgraded to the 0.4 release.

Thanks for testing. See some notes to improve/correct your configuration (comments inline). 

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled

some accumulated cruft here, only second line is valid, the other have been valid in older versions/development revisions though 

acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.registrationmodule = disabled

email verification was moved together with registrations stuff, see AccountManagerPlugin/RegistrationInspector for currently valid settings (or just replace web_ui.emailverificationmodule with register.emailverificationmodule)

same for RegistrationModule, sure 

acct_mgr.web_ui.resetpwstore = enabled

Just felt urged to sanitize wiki docs regarding configuration examples. References should be even clearer now, completely removed from the main page and updated in the cookbook.

12/06/12 07:19:05 changed by rjollos

Thanks, I've cleaned it up. 

acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.register.basiccheck = enabled
acct_mgr.register.usernamepermcheck = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.resetpwstore = enabled

01/03/13 16:19:14 changed by rjollos

It looks like this ticket can be considered resolved with the release of AccountManager 0.4.0.

01/03/13 20:40:32 changed by hasienda

  • keywords changed from needinfo login password reset to login password reset.
  • status changed from new to closed.
  • resolution set to fixed.

So may it be, thanks for the confirmation.

Add/Change #9942 ('Headers Already Set' error after password reset)




Change Properties
Action