Opened 15 months ago
Closed 6 months ago
#9942 closed defect (fixed)
'Headers Already Set' error after password reset
| Reported by: | rjollos | Owned by: | hasienda |
|---|---|---|---|
| Priority: | low | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | login password reset |
| Cc: | Trac Release: | 0.12 |
Description (last modified by rjollos)
I'm running the latest version of the AccountManagerPlugin, r11364, and Trac 0.12.3. After creating a user account and logging in as that user (to work around #9252 / #9843), I reset the users password to force them to change it on first login. When the users logs in, they see the following error:
Upon attempting navigate to any other page, they are redirected to the Change password page and prevented from accessing any other page before changing their password:
Traceback:
2012-04-03 16:43:07,069 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 522, in _dispatch_request
dispatcher.dispatch(req)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 269, in dispatch
self._post_process_request(req)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 365, in _post_process_request
f.post_process_request(req, *(None,)*extra_arg_count)
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 256, in post_process_request
req.redirect(redirect_url)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 383, in redirect
self.end_headers()
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 321, in end_headers
self._write = self._start_response(self._status, self._outheaders)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/_fcgi.py", line 1241, in start_response
assert not headers_set, 'Headers already set!'
AssertionError: Headers already set!
Attachments (2)
Change History (12)
Changed 15 months ago by anonymous
Changed 15 months ago by anonymous
comment:1 Changed 15 months ago by rjollos
- Description modified (diff)
- Reporter changed from anonymous to rjollos
comment:2 follow-up: ↓ 4 Changed 7 months ago by hasienda
- Keywords needinfo login password reset added
comment:3 follow-up: ↓ 6 Changed 7 months ago by hasienda
- Priority changed from normal to low
Meanwhile acct_mgr-0.4 has been release, and the workaround for aforementioned, resolved tickets is no longer needed.
I've tried it on Trac-1.0:
- user is created successfully
- password reset works
- with recent trunk revision of TracAnnouncer I even get notifications for both, account/user creation and password reset
- account attributes are preserved on 1st login
- no header complaint here, but no wonder, because I use tracd, not Trac served by a fcgi modules
- password reset works too, again including notification
Do you still see issues with Trac served by fcgi?
comment:4 in reply to: ↑ 2 Changed 7 months ago by rjollos
Replying to hasienda:
Would you be so kind as to re-check with current trunk code, please.
Yes, I'll test now. Sorry for the delay. I haven't been able to keep up on all the email from Trac over the past two weeks due to other commitments. Starting to get caught up now though.
comment:5 follow-up: ↓ 7 Changed 7 months ago by rjollos
I upgraded to the 0.4 release. I didn't check what version I was running before the upgrade, but I remember upgrading to the latest trunk very recently, and from looking at the installed eggs, it appears I was at 0.4dev_r12386. That probably isn't relevant though.
I was thinking that that there was an option to force the user to reset their password on first login, but I'm not seeing that now, so maybe I was just imagining it (perhaps a good feature request though? => #10679). Email notifications aren't working for me at the moment, but I think that is because I'm using the AnnouncerPlugin. I only mention in case that is somehow related to the reset on first login behavior that I might be overlooking.
I've tested the following procedure:
- Create a new user from the admin page.
- Reset their password from the admin page.
- Login as that user and verify that a password reset is required.
- Reset the password - I'm immediately prompted with a http auth dialog (using HtPasswdStore, full config below) and on entering my new password I'm back on the change password page.
Everything appears to be functioning well. I found two unrelated issues, which I'll open tickets for. I think this ticket can be closed.
acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.admin.accountmanageradminpanel = enabled acct_mgr.admin.accountmanageradminpanels = enabled acct_mgr.api.accountmanager = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.htpasswdstore = enabled acct_mgr.macros.accountmanagerwikimacros = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpanel = enabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = disabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.registrationmodule = disabled acct_mgr.web_ui.resetpwstore = enabled
comment:6 in reply to: ↑ 3 Changed 7 months ago by rjollos
comment:7 in reply to: ↑ 5 Changed 7 months ago by hasienda
Replying to rjollos:
I upgraded to the 0.4 release.
Thanks for testing. See some notes to improve/correct your configuration (comments inline).
acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.admin.accountmanageradminpanel = enabled acct_mgr.admin.accountmanageradminpanels = enabled
some accumulated cruft here, only second line is valid, the other have been valid in older versions/development revisions though
acct_mgr.api.accountmanager = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.htpasswdstore = enabled acct_mgr.macros.accountmanagerwikimacros = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpanel = enabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = disabled acct_mgr.web_ui.registrationmodule = disabled
email verification was moved together with registrations stuff, see AccountManagerPlugin/RegistrationInspector for currently valid settings (or just replace web_ui.emailverificationmodule with register.emailverificationmodule)
same for RegistrationModule, sure
acct_mgr.web_ui.resetpwstore = enabled
Just felt urged to sanitize wiki docs regarding configuration examples. References should be even clearer now, completely removed from the main page and updated in the cookbook.
comment:8 Changed 7 months ago by rjollos
Thanks, I've cleaned it up.
acct_mgr.admin.accountmanageradminpanel = enabled acct_mgr.api.accountmanager = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.htpasswdstore = enabled acct_mgr.macros.accountmanagerwikimacros = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpanel = enabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.register.basiccheck = enabled acct_mgr.register.usernamepermcheck = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.resetpwstore = enabled
comment:9 Changed 6 months ago by rjollos
It looks like this ticket can be considered resolved with the release of AccountManager 0.4.0.
comment:10 Changed 6 months ago by hasienda
- Keywords needinfo removed
- Resolution set to fixed
- Status changed from new to closed
So may it be, thanks for the confirmation.
Would you be so kind as to re-check with current trunk code, please.
I suggest, that this had been fixed by changes for other issues as well. Especially #9252 and #9843 might be related.