Reset password reports Cannot find an implementation of the "IPasswordHashMethod"

[anonymous]

After fixing #10700 I could see this message:

'Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.'

I know this error report is incorrect, since the configuration is sufficient to create accounts in the admin panel.

[Steffen Hoffmann]

Replying to anonymous:

After fixing #10700 I could see this message:

'Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.'

I know this error report is incorrect, since the configuration is sufficient to create accounts in the admin panel.

You're wrong here. ResetPwStore is a Trac db based store derived from SessionStore class. So you'll need to have one of the hash methods enabled to have a working password reset procedure.

In this case your configuration is overly narrow in what components are enabled - easy to fix when allowing the error to surface, sure.

I'll further look into that case. Maybe always auto-enabling a default hash method with AccountManager component is the best approach here?

Btw, would you care to share a valid email contact for further conversation on the issue, please? Anonymous reporters tend to become unresponsive in general due to missing notifications on tickets comments.

[Steffen Hoffmann]

(In [12441]) AccountManagerPlugin: Propagate errors from AccountModule._reset_password, refs #7111, #8927, #10700 and #10701.

Thanks for the recent, anonymous hint on this issue, that originates from [10313] (btw, a fix for a much more serious issue).

[Steffen Hoffmann]

(In [12442]) AccountManagerPlugin: Add more configuration error logging, refs #10700 and #10701.

Ensure proper configuration for SessionStore and derived classes, and properly disable password reset functionality in AccountModule as well, if it can't work due to either ResetPwStore being disabled entirely or just missing the configured IPasswordHashMethod implementation.

[Steffen Hoffmann]

Done, but feedback certainly welcomed. Thanks again for taking care and taking the time to report here.

[Steffen Hoffmann]

(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.

This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:

• a final fix for Single-Sign-On functionality (refs #9676),
• a long-standing HttpAuth login issue and
• one for acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.