SessionStore and user verification
|Reported by:||Peter Bolla||Owned by:||Steffen Hoffmann|
In my setup I store passwords with SessionStore, and I have a sql view, that is appropriate for apache db based authentication module. Authentication is then done by HTTP auth, and required on the whole site (not only /login path). This works perfectly for existing users.
AccountManagerPlugin is used to create users, and to do email verification. When I create a new user, 3 new records are created in session_attribute, and none in session. When the new user logs in, these does not change. (I guess session table should have changed.) Also, when the user switches to the preferences panel, nothing is filled, although, name and email were given when creating the user.
And the biggest problem is, that when the user types her name, email address, and presses submit, a new record is created in session table, and the name and email are inserted into session_attributes, but password is removed, thus the user won't be able to log in again until I fix it manually.
I might have misinterpreted something, but I am stuck now. Do you have any idea?
version: latest svn trunk and 0.11 branch as well.
Actually this setup worked with an earlier version, but after an update this error occurred. Unfortunately I don't know, which version I had before the update...
[account-manager] account_changes_notify_addresses = hash_method = HtPasswdHashMethod notify_actions = new,delete password_store = SessionStore user_lock_max_time = 0 [components] acct_mgr.admin.accountmanageradminpage = enabled acct_mgr.db.sessionstore = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.abstractpasswordfilestore = disabled acct_mgr.htfile.htdigeststore = disabled acct_mgr.htfile.htpasswdstore = disabled acct_mgr.http.httpauthstore = disabled acct_mgr.pwhash.htdigesthashmethod = disabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.svnserve.svnservepasswordstore = disabled acct_mgr.web_ui.loginmodule = disabled acct_mgr.web_ui.registrationmodule = disabled acct_mgr.web_ui.resetpwstore = disabled trac.web.auth.loginmodule = enabled