Modify

Opened 3 years ago

Closed 2 years ago

#9942 closed defect (fixed)

'Headers Already Set' error after password reset

Reported by: rjollos Owned by: hasienda
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: login password reset
Cc: Trac Release: 0.12

Description (last modified by rjollos)

I'm running the latest version of the AccountManagerPlugin, r11364, and Trac 0.12.3. After creating a user account and logging in as that user (to work around #9252 / #9843), I reset the users password to force them to change it on first login. When the users logs in, they see the following error:

Upon attempting navigate to any other page, they are redirected to the Change password page and prevented from accessing any other page before changing their password:

Traceback:

2012-04-03 16:43:07,069 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 522, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 269, in dispatch
    self._post_process_request(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 365, in _post_process_request
    f.post_process_request(req, *(None,)*extra_arg_count)
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 256, in post_process_request
    req.redirect(redirect_url)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 383, in redirect
    self.end_headers()
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 321, in end_headers
    self._write = self._start_response(self._status, self._outheaders)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/_fcgi.py", line 1241, in start_response
    assert not headers_set, 'Headers already set!'
AssertionError: Headers already set!

Attachments (2)

HeadersAlreadySet.png (18.9 KB) - added by anonymous 3 years ago.
PleaseChangeYourPassword.png (27.8 KB) - added by anonymous 3 years ago.

Download all attachments as: .zip

Change History (12)

Changed 3 years ago by anonymous

Changed 3 years ago by anonymous

comment:1 Changed 3 years ago by rjollos

  • Description modified (diff)
  • Reporter changed from anonymous to rjollos

comment:2 follow-up: Changed 2 years ago by hasienda

  • Keywords needinfo login password reset added

Would you be so kind as to re-check with current trunk code, please.

I suggest, that this had been fixed by changes for other issues as well. Especially #9252 and #9843 might be related.

comment:3 follow-up: Changed 2 years ago by hasienda

  • Priority changed from normal to low

Meanwhile acct_mgr-0.4 has been release, and the workaround for aforementioned, resolved tickets is no longer needed.

I've tried it on Trac-1.0:

  • user is created successfully
  • password reset works
    • with recent trunk revision of TracAnnouncer I even get notifications for both, account/user creation and password reset
  • account attributes are preserved on 1st login
    • no header complaint here, but no wonder, because I use tracd, not Trac served by a fcgi modules
  • password reset works too, again including notification

Do you still see issues with Trac served by fcgi?

comment:4 in reply to: ↑ 2 Changed 2 years ago by rjollos

Replying to hasienda:

Would you be so kind as to re-check with current trunk code, please.

Yes, I'll test now. Sorry for the delay. I haven't been able to keep up on all the email from Trac over the past two weeks due to other commitments. Starting to get caught up now though.

comment:5 follow-up: Changed 2 years ago by rjollos

I upgraded to the 0.4 release. I didn't check what version I was running before the upgrade, but I remember upgrading to the latest trunk very recently, and from looking at the installed eggs, it appears I was at 0.4dev_r12386. That probably isn't relevant though.

I was thinking that that there was an option to force the user to reset their password on first login, but I'm not seeing that now, so maybe I was just imagining it (perhaps a good feature request though? => #10679). Email notifications aren't working for me at the moment, but I think that is because I'm using the AnnouncerPlugin. I only mention in case that is somehow related to the reset on first login behavior that I might be overlooking.

I've tested the following procedure:

  1. Create a new user from the admin page.
  2. Reset their password from the admin page.
  3. Login as that user and verify that a password reset is required.
  4. Reset the password - I'm immediately prompted with a http auth dialog (using HtPasswdStore, full config below) and on entering my new password I'm back on the change password page.

Everything appears to be functioning well. I found two unrelated issues, which I'll open tickets for. I think this ticket can be closed.

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.registrationmodule = disabled
acct_mgr.web_ui.resetpwstore = enabled

comment:6 in reply to: ↑ 3 Changed 2 years ago by rjollos

Replying to hasienda:

Do you still see issues with Trac served by fcgi?

Just to clarify, all of my testing in comment:5 was on my production instance of Trac, running under Apache with mod_wsgi.

comment:7 in reply to: ↑ 5 Changed 2 years ago by hasienda

Replying to rjollos:

I upgraded to the 0.4 release.

Thanks for testing. See some notes to improve/correct your configuration (comments inline).

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled

some accumulated cruft here, only second line is valid, the other have been valid in older versions/development revisions though

acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.registrationmodule = disabled

email verification was moved together with registrations stuff, see AccountManagerPlugin/RegistrationInspector for currently valid settings (or just replace web_ui.emailverificationmodule with register.emailverificationmodule)

same for RegistrationModule, sure

acct_mgr.web_ui.resetpwstore = enabled

Just felt urged to sanitize wiki docs regarding configuration examples. References should be even clearer now, completely removed from the main page and updated in the cookbook.

comment:8 Changed 2 years ago by rjollos

Thanks, I've cleaned it up.

acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.register.basiccheck = enabled
acct_mgr.register.usernamepermcheck = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.resetpwstore = enabled

comment:9 Changed 2 years ago by rjollos

It looks like this ticket can be considered resolved with the release of AccountManager 0.4.0.

comment:10 Changed 2 years ago by hasienda

  • Keywords needinfo removed
  • Resolution set to fixed
  • Status changed from new to closed

So may it be, thanks for the confirmation.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.