Modify

Opened 8 years ago

Closed 8 years ago

#5732 closed defect (duplicate)

Infinite URL redirection when logging in after resetting password

Reported by: siddhu.warrier@… Owned by: John Hampton
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I'm using SessionStore to store the password in the MySQL database. I'm using the 0.11 version of Trac Account Manager

I found that if I were to:

  1. Reset password and have it emailed to me.
  2. Log in with the new password.

I keep getting redirected, infinitely. I fooled about with the code and figured that, in do_account, the session variable 'force_change_passwd' was not being reset if the request method was not 'POST':

This can be fixed by adding the following to acct_mgr/web_ui.py: 250a255,256

del(req.session['force_change_passwd' ])
req.session.save()

However, this does not completely fix the problem (just works around it and allows me to log in), as the chrome warning does not appear. I did a bit of an inspect and walk through (very amateurishly), and found the following function calls occuring in web_ui.py of the AccountManager plugin:

In _post_process_request
In match_request
In get_preference_panel
In render_preference_panel called by ('/usr/lib/python2.5/site-packages/trac/prefs/web_ui.py', 73, 'process_request', template, data = chosen_provider.render_preference_panel(req, panel_id)\n?, 0).

In _do_account as user Superman. called by ('build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py', 196, 'render_preference_panel', None, None).
Resetting session variable...

In _post_process_request
In _post_process_request

As you can see, post_process-request is called twice after I reset the session variable. So the chrome warning is lost. Unfortunately, I could not dig in further due to temporal constraints.

I hope this helps.

Attachments (0)

Change History (1)

comment:1 Changed 8 years ago by John Hampton

Resolution: duplicate
Status: newclosed

duplicate of #3233. Fixed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain John Hampton.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.