Modify

Opened 8 years ago

Closed 7 years ago

#5732 closed defect (duplicate)

Infinite URL redirection when logging in after resetting password

Reported by: siddhu.warrier@… Owned by: John Hampton
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I'm using SessionStore to store the password in the MySQL database. I'm using the 0.11 version of Trac Account Manager

I found that if I were to:

  1. Reset password and have it emailed to me.
  2. Log in with the new password.

I keep getting redirected, infinitely. I fooled about with the code and figured that, in do_account, the session variable 'force_change_passwd' was not being reset if the request method was not 'POST':

This can be fixed by adding the following to acct_mgr/web_ui.py: 250a255,256

del(req.session['force_change_passwd' ])
req.session.save()

However, this does not completely fix the problem (just works around it and allows me to log in), as the chrome warning does not appear. I did a bit of an inspect and walk through (very amateurishly), and found the following function calls occuring in web_ui.py of the AccountManager plugin:

In _post_process_request
In match_request
In get_preference_panel
In render_preference_panel called by ('/usr/lib/python2.5/site-packages/trac/prefs/web_ui.py', 73, 'process_request', template, data = chosen_provider.render_preference_panel(req, panel_id)\n?, 0).

In _do_account as user Superman. called by ('build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py', 196, 'render_preference_panel', None, None).
Resetting session variable...

In _post_process_request
In _post_process_request

As you can see, post_process-request is called twice after I reset the session variable. So the chrome warning is lost. Unfortunately, I could not dig in further due to temporal constraints.

I hope this helps.

Attachments (0)

Change History (1)

comment:1 Changed 7 years ago by John Hampton

Resolution: duplicate
Status: newclosed

duplicate of #3233. Fixed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain John Hampton.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.