#10700 closed defect (fixed)
AccountModule._do_reset_password discards errors from _reset_password
| Reported by: | anonymous | Owned by: | Steffen Hoffmann |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | critical | Keywords: | AccountModule |
| Cc: | Ryan J Ollos | Trac Release: |
Description (last modified by )
In web_ui.py, in the AccountModule class is a function _reset_password, which can return an error. _do_reset_password always ignores the error, and instead reports success to the user. As far as I can tell, these errors are always ignored.
This then makes it extremely difficult to diagnose other problems with password reset.
Attachments (0)
Change History (4)
comment:1 Changed 12 years ago by
| Cc: | Ryan J Ollos added; anonymous removed |
|---|---|
| Description: | modified (diff) |
| Keywords: | AccountModule added |
| Summary: | Reset passport discards errors → AccountModule._do_reset_password discards errors from _reset_password |
comment:2 Changed 12 years ago by
comment:3 Changed 12 years ago by
(In [12442]) AccountManagerPlugin: Add more configuration error logging, refs #10700 and #10701.
Ensure proper configuration for SessionStore and derived classes, and
properly disable password reset functionality in AccountModule as well, if
it can't work due to either ResetPwStore being disabled entirely or just
missing the configured IPasswordHashMethod implementation.
comment:4 Changed 12 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.
This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:
- a final fix for Single-Sign-On functionality (refs #9676),
- a long-standing HttpAuth login issue and
- one for
acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.
Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.
Good catch, issue verified here easily with your hint on how to reproduce (in #10701). Thanks for noticing.
As mentioned in my recent comment to the follow-up issue #10701 I'd appreciate disclose of a reporter contact. Anonymous reports just don't work that well for human interaction, you see?