Opened 6 years ago

Closed 4 years ago

#8770 closed defect (fixed)

AttributeError: Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.

Reported by: admin Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: option
Cc: Olemis Lang Trac Release: 0.11


How to Reproduce

While doing a GET operation on /admin/accounts/config, Trac issued an internal error.

(please provide additional details here)

Request parameters:

{'cat_id': u'accounts', 'panel_id': u'config', 'path_info': None}

User agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16

System Information

Trac 0.13dev-r10688
Babel 0.9.6
Docutils 0.7
Genshi 0.6
mod_python 3.3.1
Pygments 1.4
pysqlite 2.6.0
Python 2.5 (r25:51908, Sep 19 2006, 09:52:17) [MSC v.1310 32 bit (Intel)]
pytz 2011e
setuptools 0.6c11
SQLite 3.6.2
Subversion 1.4.6 (r28521)
jQuery 1.5.1

Enabled Plugins

tracaccountmanager 0.3dev-r10113

Python Traceback

Traceback (most recent call last):
  File "build\bdist.win32\egg\trac\web\", line 473, in _dispatch_request
  File "build\bdist.win32\egg\trac\web\", line 193, in dispatch
    resp = chosen_handler.process_request(req)
  File "build\bdist.win32\egg\trac\admin\", line 124, in process_request
  File "build\bdist.win32\egg\acct_mgr\", line 130, in render_admin_panel
    return self._do_config(req)
  File "build\bdist.win32\egg\acct_mgr\", line 159, in _do_config
    opt_val = option.__get__(store, store)
  File "build\bdist.win32\egg\trac\", line 691, in __get__
AttributeError: Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod".  Please update the option account-manager.hash_method in trac.ini.

Attachments (0)

Change History (9)

comment:1 Changed 5 years ago by Ryan J Ollos

Component: SELECT A HACKAccountManagerPlugin
Owner: changed from anonymous to Steffen Hoffmann

Yet another incorrectly filed ticket.

comment:2 Changed 5 years ago by Steffen Hoffmann

Keywords: option added
Resolution: worksforme
Status: newclosed

See the end of the traceback message:

Please update the option account-manager.hash_method in trac.ini.

We could hardly be more explicit about how to fix this issue, couldn't we?

Sorry, but this is showing to me very clearly, that at the reporters side not much effort has been put into research about proper configuration. Especially make sure in your trac.ini you have

acct_mgr.pwhash.htdigesthashmethod = enabled

comment:3 in reply to:  2 ; Changed 5 years ago by anonymous

I am receiving the same error as rjollos, but via a different method. I receive the error when clicking "Reset Passwords" on the "Manage User Accounts" page. I am using HtPasswdStore rather than SessionStore or SvnServePasswordStore. Enabling the pwhash.htdigesthashmethod component as suggested does not solve the problem. The documentation doesn't say anything about using pwhash in conjunction with HtPasswdStore, or at least not that I was able to find.

Here are my account-manager settings:

allow_delete_account = false
force_passwd_change = true
htpasswd_hash_type = crypt
password_file = <redacted>
password_store = HtPasswdStore
persistent_sessions = true
refresh_passwd = False
user_lock_max_time = 0
verify_email = true
acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled

comment:4 in reply to:  3 Changed 5 years ago by nmschulte@…

Resolution: worksforme
Status: closedreopened

I made the prior post; apologies for not leaving contact information. I assume I should reopen the ticket as well...

comment:5 Changed 5 years ago by Steffen Hoffmann

No offense intended, but what's the issue with following advice given by a rather trustworthy plugin? I don't get that, really.

If you're curious enough, or security conscious or both, a look into changelog, the commit log or some closer looks at the source will tell you, that the reset password process has dramatically changed, and that using a modified SessionStore for the interim reset passwords has been part of the current solution to prevent DOS attacks by false faked request request from a third party.

Nevertheless I appreciate your hint about this being not obvious in current wiki documentation. I'll try to improve relevant places (AccountModule and SessionStore) before closing this ticket again.

comment:6 Changed 4 years ago by Steffen Hoffmann

Status: reopenednew

#10406 has been closed as a duplicate. The patch by Jun Omae seems a bit unrelated, but deserves further investigation, even if not applying to current trunk anymore.

comment:7 Changed 4 years ago by Steffen Hoffmann

(In [12097]) AccountManagerPlugin: Send notification for password reset only after storing it, refs #8770.

Unsuccessful attempts to store a new password will no longer yield misleading user notification about unsaved, effectively invalid passwords.

Beware though, that the password reset procedure has been changed to prevent premature password invalidation, so the old password will continue to exist until next successful login for that user account anyway.

(hand-added, because it seems to not have landed here even with appropriate commit message)

comment:8 Changed 4 years ago by Olemis Lang

Cc: Olemis Lang added; anonymous removed

comment:9 Changed 4 years ago by Steffen Hoffmann

Resolution: fixed
Status: newclosed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.