Ticket #3233 (new defect)

Opened 5 months ago

Last modified 5 days ago

Infinite redirect loop after resetting the password

Reported by: chutz Assigned to: mgood
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com, sh@jnamic.com, bgladwell@goantiques.com, cvhinten@gmail.com Trac Release: 0.11

Description

After resetting my password on Trac 0.11dev-r7189 (at http://trac.pioto.org/paludis/) I can no longer login. If I try to login with the new password I get in an infinite redirection loop (HTTP 302) to http://trac.pioto.org/paludis/prefs/account

I can only assume that this was introduced with the implementation of Ticket #1427.

I reproduced it by

  1. Creating a new account
  2. Login, post a comment on a ticket
  3. Logout
  4. Reset the password
  5. Try to login with the new password (I could not)

Attachments

redirect-fix.patch (0.6 kB) - added by ryan@acceleration.net on 08/12/08 09:47:20.
coderanger's fix as a diff against the trunk r4132

Change History

06/23/08 19:00:14 changed by anonymous

  • cc set to pioto@pioto.org.

06/24/08 15:15:18 changed by l-th@pgl22.co.uk

  • cc changed from pioto@pioto.org to pioto@pioto.org, l-th@pgl22.co.uk.

I've seen this too.

I'm using Trac with FastCGI, and TRAC_ENV_PARENT_DIR (so that accessing http://trac.mysite.com produces a list of environments)

It is to do with #1427, I've tracked it down to web_ui.py line 188 (correct in r3832) which currently reads 

if req.path_info != redirect_url:

In my case, req.path_info is being set to "/prefs/account" and redirect_url is being set to "/myprojectname/prefs/account". Hence they're different, and the redirect occurs again.

A quick fix to stop the redirect is to change that line to read 

if not redirect_url.endswith(req.path_info):

Howevever, making it correctly incorporate (or strip) the project name would be better!

07/09/08 08:57:02 changed by hoffmanc

I'm also seeing this, and hastily logged #3354, which I suppose someone can resolve as a duplicate now.

I fixed the problem by turning off force_change_passwd, like so

[account-manager] force_change_passwd = false

07/09/08 08:57:50 changed by hoffmanc

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk to pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com.

07/10/08 13:22:36 changed by tjones

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com to pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com.

07/16/08 21:56:22 changed by anonymous

I think line 188 in web_ui.py should actually look like this: 

if req.base_path + req.path_info != redirect_url:

07/17/08 01:36:17 changed by coderanger

Or more correctly: 

if req.href(req.path_info) != redirect_url:

07/23/08 20:30:08 changed by anonymous

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com to pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com.

08/07/08 14:39:13 changed by cschnu

I encountered this as well, will this fix be in the next build of this plugin?

08/07/08 14:41:42 changed by cschnu

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com to pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com.

08/12/08 09:45:44 changed by ryan@acceleration.net

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com to pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net.

I also encounter this error, coderanger's change worked for me.

08/12/08 09:47:20 changed by ryan@acceleration.net

  • attachment redirect-fix.patch added.

coderanger's fix as a diff against the trunk r4132

09/18/08 15:09:07 changed by anonymous

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net to pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org.

09/30/08 06:11:20 changed by anonymous

  • cc changed from pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org to mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org.

(follow-up: ↓ 15 ) 10/01/08 12:04:42 changed by vpolite@socialnetconnect.com

  • cc changed from mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org to mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com.

Hey Ryan, I made an attempt at implementing coderanger's patch on my instance of Trac. I still get the redirect when I attempt to login after changing my password.

I updated the source code and did an easy_install against my new information. I verified the change by unzipping the resultant .egg file and noted the change was there. I removed session_attribute information and even played with toggling the force_password = false flag (which works, but you also have to remove the session_attribute associated with your account --- if it was set to force_password = true and isn't removed, then you get the redirect blues all over again)

What information can I provide that might assist in troubleshooting? Also, my python is not good, but shouldn't the conditional in the patch refer to when the ForceAccount? flag is set to True, not False?

i.e. 

186	186	            if req.session.get('force_change_passwd', False):

should be 

186	186	            if req.session.get('force_change_passwd', True):

Adding myself to the cc: list. Thanks!

(in reply to: ↑ 14 ) 10/02/08 13:06:38 changed by anonymous

Replying to vpolite@socialnetconnect.com:

What information can I provide that might assist in troubleshooting?

I am pretty unfamiliar with trac plugin development, and ended up getting help to install my patched version, and I now forget what I did to get the patch installed. I do recall having to restart apache. I'm afraid I'm not going to be much help in troubleshooting.

Also, my python is not good, but shouldn't the conditional in the patch refer to when the ForceAccount? flag is set to True, not False?

I think the second parameter there is what to use as a default value in case 'force_change_passwd' is not found in req.session. If there's nothing specified, we assume we don't need to force the password change.

10/10/08 19:25:58 changed by drees

  • cc changed from mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com to mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com.
  • owner changed from mgood to drees.
  • status changed from new to assigned.

The patch seems to fix the issue for me using Trac 0.11.1. Any chance to see the fix committed?

10/10/08 20:01:08 changed by drees

  • owner changed from drees to mgood.
  • status changed from assigned to new.

10/18/08 21:50:03 changed by sh@jnamic.com

  • cc changed from mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com to mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com, sh@jnamic.com.

I deeply hope that the patch (or any solution at all) finds the way in the distribution.

I am adding myself to the cc to be informed when something happens here.

PS: I am too dump to create an egg-file including the patch. So I guess I'll have to wait.

10/24/08 10:35:12 changed by anonymous

  • cc changed from mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com, sh@jnamic.com to mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com, sh@jnamic.com, bgladwell@goantiques.com.

11/11/08 12:07:38 changed by anonymous

Can anybody provide a workaround for this problem?

11/11/08 12:08:27 changed by anonymous

  • cc changed from mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com, sh@jnamic.com, bgladwell@goantiques.com to mike.mclean@pobox.com, pioto@pioto.org, l-th@pgl22.co.uk, hoffmanc, chris.c.hoffman@gmail.com, timothy.jones@hp.com, seva_fwd@yahoo.com, csch_nu@hotmail.com, ryan@acceleration.net, roh@openmoko.org, vpolite@socialnetconnect.com, drees@greenhydrant.com, sh@jnamic.com, bgladwell@goantiques.com, cvhinten@gmail.com.

11/21/08 22:04:26 changed by blyth@hep1.phys.ntu.edu.tw

I closed #4140 as it duplicates this

Add/Change #3233 (Infinite redirect loop after resetting the password)




Change Properties
Action