Modify

Opened 12 years ago

Closed 11 years ago

#9942 closed defect (fixed)

'Headers Already Set' error after password reset

Reported by: Ryan J Ollos Owned by: Steffen Hoffmann
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: login password reset
Cc: Trac Release: 0.12

Description (last modified by Ryan J Ollos)

I'm running the latest version of the AccountManagerPlugin, r11364, and Trac 0.12.3. After creating a user account and logging in as that user (to work around #9252 / #9843), I reset the users password to force them to change it on first login. When the users logs in, they see the following error:

Upon attempting navigate to any other page, they are redirected to the Change password page and prevented from accessing any other page before changing their password:

Traceback:

2012-04-03 16:43:07,069 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 522, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 269, in dispatch
    self._post_process_request(req)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 365, in _post_process_request
    f.post_process_request(req, *(None,)*extra_arg_count)
  File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 256, in post_process_request
    req.redirect(redirect_url)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 383, in redirect
    self.end_headers()
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 321, in end_headers
    self._write = self._start_response(self._status, self._outheaders)
  File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/_fcgi.py", line 1241, in start_response
    assert not headers_set, 'Headers already set!'
AssertionError: Headers already set!

Attachments (2)

HeadersAlreadySet.png (18.9 KB) - added by anonymous 12 years ago.
PleaseChangeYourPassword.png (27.8 KB) - added by anonymous 12 years ago.

Download all attachments as: .zip

Change History (12)

Changed 12 years ago by anonymous

Attachment: HeadersAlreadySet.png added

Changed 12 years ago by anonymous

comment:1 Changed 12 years ago by Ryan J Ollos

Description: modified (diff)
Reporter: changed from anonymous to Ryan J Ollos

comment:2 Changed 11 years ago by Steffen Hoffmann

Keywords: needinfo login password reset added

Would you be so kind as to re-check with current trunk code, please.

I suggest, that this had been fixed by changes for other issues as well. Especially #9252 and #9843 might be related.

comment:3 Changed 11 years ago by Steffen Hoffmann

Priority: normallow

Meanwhile acct_mgr-0.4 has been release, and the workaround for aforementioned, resolved tickets is no longer needed.

I've tried it on Trac-1.0:

  • user is created successfully
  • password reset works
    • with recent trunk revision of TracAnnouncer I even get notifications for both, account/user creation and password reset
  • account attributes are preserved on 1st login
    • no header complaint here, but no wonder, because I use tracd, not Trac served by a fcgi modules
  • password reset works too, again including notification

Do you still see issues with Trac served by fcgi?

comment:4 in reply to:  2 Changed 11 years ago by Ryan J Ollos

Replying to hasienda:

Would you be so kind as to re-check with current trunk code, please.

Yes, I'll test now. Sorry for the delay. I haven't been able to keep up on all the email from Trac over the past two weeks due to other commitments. Starting to get caught up now though.

comment:5 Changed 11 years ago by Ryan J Ollos

I upgraded to the 0.4 release. I didn't check what version I was running before the upgrade, but I remember upgrading to the latest trunk very recently, and from looking at the installed eggs, it appears I was at 0.4dev_r12386. That probably isn't relevant though.

I was thinking that that there was an option to force the user to reset their password on first login, but I'm not seeing that now, so maybe I was just imagining it (perhaps a good feature request though? => #10679). Email notifications aren't working for me at the moment, but I think that is because I'm using the AnnouncerPlugin. I only mention in case that is somehow related to the reset on first login behavior that I might be overlooking.

I've tested the following procedure:

  1. Create a new user from the admin page.
  2. Reset their password from the admin page.
  3. Login as that user and verify that a password reset is required.
  4. Reset the password - I'm immediately prompted with a http auth dialog (using HtPasswdStore, full config below) and on entering my new password I'm back on the change password page.

Everything appears to be functioning well. I found two unrelated issues, which I'll open tickets for. I think this ticket can be closed.

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.registrationmodule = disabled
acct_mgr.web_ui.resetpwstore = enabled

comment:6 in reply to:  3 Changed 11 years ago by Ryan J Ollos

Replying to hasienda:

Do you still see issues with Trac served by fcgi?

Just to clarify, all of my testing in comment:5 was on my production instance of Trac, running under Apache with mod_wsgi.

comment:7 in reply to:  5 Changed 11 years ago by Steffen Hoffmann

Replying to rjollos:

I upgraded to the 0.4 release.

Thanks for testing. See some notes to improve/correct your configuration (comments inline).

acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.admin.accountmanageradminpanels = enabled

some accumulated cruft here, only second line is valid, the other have been valid in older versions/development revisions though

acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.registrationmodule = disabled

email verification was moved together with registrations stuff, see AccountManagerPlugin/RegistrationInspector for currently valid settings (or just replace web_ui.emailverificationmodule with register.emailverificationmodule)

same for RegistrationModule, sure

acct_mgr.web_ui.resetpwstore = enabled

Just felt urged to sanitize wiki docs regarding configuration examples. References should be even clearer now, completely removed from the main page and updated in the cookbook.

comment:8 Changed 11 years ago by Ryan J Ollos

Thanks, I've cleaned it up.

acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.macros.accountmanagerwikimacros = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.register.basiccheck = enabled
acct_mgr.register.usernamepermcheck = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.resetpwstore = enabled

comment:9 Changed 11 years ago by Ryan J Ollos

It looks like this ticket can be considered resolved with the release of AccountManager 0.4.0.

comment:10 Changed 11 years ago by Steffen Hoffmann

Keywords: needinfo removed
Resolution: fixed
Status: newclosed

So may it be, thanks for the confirmation.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.