Modify

Opened 2 years ago

Closed 21 months ago

#9942 closed defect (fixed)

'Headers Already Set' error after password reset

Reported by: rjollos Owned by: hasienda
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: login password reset
Cc: Trac Release: 0.12

Description (last modified by rjollos)

I'm running the latest version of the AccountManagerPlugin, r11364, and Trac 0.12.3. After creating a user account and logging in as that user (to work around #9252 / #9843), I reset the users password to force them to change it on first login. When the users logs in, they see the following error:

Upon attempting navigate to any other page, they are redirected to the Change password page and prevented from accessing any other page before changing their password:


Traceback:

2012-04-03 16:43:07,069 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 522, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 269, in dispatch
    self._post_process_request(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 365, in _post_process_request
    f.post_process_request(req, *(None,)*extra_arg_count)
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 256, in post_process_request
    req.redirect(redirect_url)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 383, in redirect
    self.end_headers()
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 321, in end_headers
    self._write = self._start_response(self._status, self._outheaders)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/_fcgi.py", line 1241, in start_response
    assert not headers_set, 'Headers already set!'
AssertionError: Headers already set!

Attachments (2)

HeadersAlreadySet.png (18.9 KB) - added by anonymous 2 years ago.
PleaseChangeYourPassword.png (27.8 KB) - added by anonymous 2 years ago.

Download all attachments as: .zip

Change History (12)

Changed 2 years ago by anonymous

Changed 2 years ago by anonymous

comment:1 Changed 2 years ago by rjollos

  • Description modified (diff)
  • Reporter changed from anonymous to rjollos

comment:2 follow-up: Changed 22 months ago by hasienda

  • Keywords needinfo login password reset added

Would you be so kind as to re-check with current trunk code, please.

I suggest, that this had been fixed by changes for other issues as well. Especially #9252 and #9843 might be related.

comment:3 follow-up: Changed 22 months ago by hasienda

  • Priority changed from normal to low

Meanwhile acct_mgr-0.4 has been release, and the workaround for aforementioned, resolved tickets is no longer needed.

I've tried it on Trac-1.0:

  • user is created successfully
  • password reset works
    • with recent trunk revision of TracAnnouncer I even get notifications for both, account/user creation and password reset
  • account attributes are preserved on 1st login
    • no header complaint here, but no wonder, because I use tracd, not Trac served by a fcgi modules
  • password reset works too, again including notification

Do you still see issues with Trac served by fcgi?

comment:4 in reply to: ↑ 2 Changed 22 months ago by rjollos

Replying to hasienda:

Would you be so kind as to re-check with current trunk code, please.

Yes, I'll test now. Sorry for the delay. I haven't been able to keep up on all the email from Trac over the past two weeks due to other commitments. Starting to get caught up now though.

comment:5 follow-up: Changed 22 months ago by rjollos

I upgraded to the 0.4 release. I didn't check what version I was running before the upgrade, but I remember upgrading to the latest trunk very recently, and from looking at the installed eggs, it appears I was at 0.4dev_r12386. That probably isn't relevant though.

I was thinking that that there was an option to force the user to reset their password on first login, but I'm not seeing that now, so maybe I was just imagining it (perhaps a good feature request though? => #10679). Email notifications aren't working for me at the moment, but I think that is because I'm using the AnnouncerPlugin. I only mention in case that is somehow related to the reset on first login behavior that I might be overlooking.

I've tested the following procedure:

  1. Create a new user from the admin page.
  2. Reset their password from the admin page.
  3. Login as that user and verify that a password reset is required.
  4. Reset the password - I'm immediately prompted with a http auth dialog (using HtPasswdStore, full config below) and on entering my new password I'm back on the change password page.

Everything appears to be functioning well. I found two unrelated issues, which I'll open tickets for. I think this ticket can be closed.

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.registrationmodule = disabled
acct_mgr.web_ui.resetpwstore = enabled

comment:6 in reply to: ↑ 3 Changed 22 months ago by rjollos

Replying to hasienda:

Do you still see issues with Trac served by fcgi?

Just to clarify, all of my testing in comment:5 was on my production instance of Trac, running under Apache with mod_wsgi.

comment:7 in reply to: ↑ 5 Changed 22 months ago by hasienda

Replying to rjollos:

I upgraded to the 0.4 release.

Thanks for testing. See some notes to improve/correct your configuration (comments inline).

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled

some accumulated cruft here, only second line is valid, the other have been valid in older versions/development revisions though

acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.registrationmodule = disabled

email verification was moved together with registrations stuff, see AccountManagerPlugin/RegistrationInspector for currently valid settings (or just replace web_ui.emailverificationmodule with register.emailverificationmodule)

same for RegistrationModule, sure

acct_mgr.web_ui.resetpwstore = enabled

Just felt urged to sanitize wiki docs regarding configuration examples. References should be even clearer now, completely removed from the main page and updated in the cookbook.

comment:8 Changed 22 months ago by rjollos

Thanks, I've cleaned it up.

acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.register.basiccheck = enabled
acct_mgr.register.usernamepermcheck = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.resetpwstore = enabled

comment:9 Changed 21 months ago by rjollos

It looks like this ticket can be considered resolved with the release of AccountManager 0.4.0.

comment:10 Changed 21 months ago by hasienda

  • Keywords needinfo removed
  • Resolution set to fixed
  • Status changed from new to closed

So may it be, thanks for the confirmation.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.