Modify

Opened 5 years ago

Closed 5 years ago

#10094 closed defect (worksforme)

SessionStore and user verification

Reported by: Peter Bolla Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: SessionStore
Cc: Trac Release: 0.12

Description

In my setup I store passwords with SessionStore, and I have a sql view, that is appropriate for apache db based authentication module. Authentication is then done by HTTP auth, and required on the whole site (not only /login path). This works perfectly for existing users.

AccountManagerPlugin is used to create users, and to do email verification. When I create a new user, 3 new records are created in session_attribute, and none in session. When the new user logs in, these does not change. (I guess session table should have changed.) Also, when the user switches to the preferences panel, nothing is filled, although, name and email were given when creating the user.

And the biggest problem is, that when the user types her name, email address, and presses submit, a new record is created in session table, and the name and email are inserted into session_attributes, but password is removed, thus the user won't be able to log in again until I fix it manually.

I might have misinterpreted something, but I am stuck now. Do you have any idea?

version: latest svn trunk and 0.11 branch as well.

Actually this setup worked with an earlier version, but after an update this error occurred. Unfortunately I don't know, which version I had before the update...

config:

[account-manager]
account_changes_notify_addresses =
hash_method = HtPasswdHashMethod
notify_actions = new,delete
password_store = SessionStore
user_lock_max_time = 0

[components]
acct_mgr.admin.accountmanageradminpage = enabled
acct_mgr.db.sessionstore = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.abstractpasswordfilestore = disabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.htfile.htpasswdstore = disabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.loginmodule = disabled
acct_mgr.web_ui.registrationmodule = disabled
acct_mgr.web_ui.resetpwstore = disabled
trac.web.auth.loginmodule = enabled

Attachments (0)

Change History (4)

comment:1 Changed 5 years ago by Steffen Hoffmann

Keywords: SessionStore added

This is most probably a duplicate of #9843.

Would you be so kind as to re-check with code from [11826] or (preferably) a more recent revision?

comment:2 Changed 5 years ago by Peter Bolla

Actually, the issue disappeared when our server provider updated the core Trac setup to a presumably newer version. So probably the whole issue was more related to Trac itself then the AccountManagerPlugin.

comment:3 Changed 5 years ago by Peter Bolla

Thank you for looking into it, anyways!

comment:4 Changed 5 years ago by Steffen Hoffmann

Resolution: worksforme
Status: newclosed

Ok then, let's settle the case.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.