AccountManager: Reset Password problem
84 views
Skip to first unread message
Andreas
Aug 19, 2017, 9:06:32 AM8/19/17
to Trac Users
Hello!
I am currently running Trac 1.2.2 with AccountManager installed (I'm using the current under development version, as there is no stable version available for Trac >1.0)
In the admin panel of Trac, I can create users, change their password and delete users - all these things are working well. When I want to reset the password in the admin panel, I get an email with my new credentials, but the problem is that these credentials from the email do not work - Trac doesn't change the password and I can still only logon with the old password.
I think all the necessary modules are enabled (for testing, I have activated almost everything). Is this a known bug or is there something wrong in my configuration? If it's a bug, is it working in older versions of Trac?
Thank you!
My trac.ini looks like this:
[account-manager]
allow_delete_account = disabled
htdigest_file = /var/lib/trac/test/.htdigest
htdigest_realm = test
login_attempt_max_count = 0
password_store = HtDigestStore, ResetPwStore
user_lock_max_time = 86400
user_lock_time = 0
user_lock_time_progression = 1
reset_password = enabled
hash_method = HtDigestHashMethod
[components]
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htdigeststore = enabled
acct_mgr.model.attachmentuseridchanger = enabled
acct_mgr.model.authcookieuseridchanger = enabled
acct_mgr.model.componentuseridchanger = enabled
acct_mgr.model.permissionuseridchanger = enabled
acct_mgr.model.reportuseridchanger = enabled
acct_mgr.model.revisionuseridchanger = enabled
acct_mgr.model.ticketuseridchanger = enabled
acct_mgr.model.wikiuseridchanger = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.pwhash.htdigesthashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.resetpwstore = enabled
trac.web.auth.loginmodule = disabled
tracopt.ticket.deleter = enabled
I am currently running Trac 1.2.2 with AccountManager installed (I'm using the current under development version, as there is no stable version available for Trac >1.0)
In the admin panel of Trac, I can create users, change their password and delete users - all these things are working well. When I want to reset the password in the admin panel, I get an email with my new credentials, but the problem is that these credentials from the email do not work - Trac doesn't change the password and I can still only logon with the old password.
I think all the necessary modules are enabled (for testing, I have activated almost everything). Is this a known bug or is there something wrong in my configuration? If it's a bug, is it working in older versions of Trac?
Thank you!
My trac.ini looks like this:
[account-manager]
allow_delete_account = disabled
htdigest_file = /var/lib/trac/test/.htdigest
htdigest_realm = test
login_attempt_max_count = 0
password_store = HtDigestStore, ResetPwStore
user_lock_max_time = 86400
user_lock_time = 0
user_lock_time_progression = 1
reset_password = enabled
hash_method = HtDigestHashMethod
[components]
acct_mgr.admin.accountmanageradminpanel = enabled
acct_mgr.guard.accountguard = enabled
acct_mgr.htfile.htdigeststore = enabled
acct_mgr.model.attachmentuseridchanger = enabled
acct_mgr.model.authcookieuseridchanger = enabled
acct_mgr.model.componentuseridchanger = enabled
acct_mgr.model.permissionuseridchanger = enabled
acct_mgr.model.reportuseridchanger = enabled
acct_mgr.model.revisionuseridchanger = enabled
acct_mgr.model.ticketuseridchanger = enabled
acct_mgr.model.wikiuseridchanger = enabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.pwhash.htdigesthashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.resetpwstore = enabled
trac.web.auth.loginmodule = disabled
tracopt.ticket.deleter = enabled
Andreas
Aug 19, 2017, 2:40:46 PM8/19/17
to Trac Users
Another error I just noticed is when I reset a password, the user has to change the password when he logs in with the old credentials the next time, which is working - but the user always has to verify the email address, but did not receive any email with a verification token:
Is there a way to deactivate this?
I have the following setting right now, which is not working:
[components]
acct_mgr.notification.accountchangelistener = disabled
acct_mgr.web_ui.EmailVerificationModule = disabled
I found some entries in the Account Attributes ('email_verification_token', 'password_reset', 'email_verification_sent_to'), but even when I delete them, the user still gets the message and has no rights to change anything.
Same question as before: Did I do something wrong or is it a bug? Does this work with older versions?
Thank you!
Warning: Your permissions have been limited until you verify your email address.
Is there a way to deactivate this?
I have the following setting right now, which is not working:
[components]
acct_mgr.notification.accountchangelistener = disabled
acct_mgr.web_ui.EmailVerificationModule = disabled
I found some entries in the Account Attributes ('email_verification_token', 'password_reset', 'email_verification_sent_to'), but even when I delete them, the user still gets the message and has no rights to change anything.
Same question as before: Did I do something wrong or is it a bug? Does this work with older versions?
Thank you!
Jun Omae
Aug 19, 2017, 5:56:12 PM8/19/17
to trac-...@googlegroups.com
On Sun, Aug 20, 2017 at 3:40 AM, Andreas <muffe...@gmail.com> wrote:
>> Warning: Your permissions have been limited until you verify your email
>> address.
>
> Is there a way to deactivate this?
Use option to disable it.
>> Warning: Your permissions have been limited until you verify your email
>> address.
>
> Is there a way to deactivate this?
See:
* https://trac-hacks.org/wiki/AccountManagerPlugin#Installation
* https://trac-hacks.org/wiki/AccountManagerPlugin/RegistrationInspector#EmailVerificationModule
--
Jun Omae <jun...@gmail.com> (大前 潤)
Andreas
Aug 20, 2017, 3:18:44 PM8/20/17
to Trac Users
thank you, seems like I forgot to add
Does anyone know something about the not working email reset in Trac 1.2.2? (my first question)
verify_email = false
Does anyone know something about the not working email reset in Trac 1.2.2? (my first question)
RjOllos
Aug 21, 2017, 5:15:12 AM8/21/17
to Trac Users
On Sunday, August 20, 2017 at 3:18:44 PM UTC-4, Andreas wrote:
thank you, seems like I forgot to addverify_email = false
Does anyone know something about the not working email reset in Trac 1.2.2? (my first question)
Probably:
https://trac-hacks.org/ticket/11869
I haven't had time to investigate and don't know when I will have time. Patch welcome.
- Ryan
RjOllos
Oct 12, 2017, 4:06:23 PM10/12/17
to Trac Users
On Sunday, August 20, 2017 at 12:18:44 PM UTC-7, Andreas wrote:
thank you, seems like I forgot to addverify_email = false
Does anyone know something about the not working email reset in Trac 1.2.2? (my first question)
First, please upgrade to the latest TracAccountManager 0.5dev. Your issue may be fixed by recent changes.
If the issue persists, please describe in more detail what you mean by "not working".
- Ryan
Andreas
Oct 24, 2017, 6:59:02 AM10/24/17
to Trac Users
Hi Ryan,
thanks for your reply.
I just upgraded to the latest 0.5dev-Version of AccountManager and still have the same issue as previously mentioned:
thanks for your reply.
I just upgraded to the latest 0.5dev-Version of AccountManager and still have the same issue as previously mentioned:
In the admin panel of Trac, I can create users, change their password and delete users - all these things are working well. When I want to reset the password in the admin panel, I get an email with my new credentials, but the problem is that these credentials from the email do not work - Trac doesn't change the password and I can still only logon with the old password.
RjOllos
Nov 4, 2017, 11:02:44 PM11/4/17
to Trac Users
On Tuesday, October 24, 2017 at 3:59:02 AM UTC-7, Andreas wrote:
Hi Ryan,
thanks for your reply.
I just upgraded to the latest 0.5dev-Version of AccountManager and still have the same issue as previously mentioned:
I will take a look again sometime next week. Can you confirm that you are using form-based login and not having Apache or another webserver handling authentication? This means you won't have a Location directive for a path like "/login", as show in:
https://trac.edgewall.org/wiki/TracModWSGI#UsingDigestAuthentication
https://trac.edgewall.org/wiki/TracModWSGI#UsingDigestAuthentication
- Ryan
Andreas
Nov 6, 2017, 3:17:42 PM11/6/17
to Trac Users
I am using the
htdigest method to logon, so I would say Apache is handling the authentification! Ryan Ollos
Nov 6, 2017, 4:36:46 PM11/6/17
to Trac Users
You can use HtDigest as a password store, but you cannot have the Apache web server handling authentication if you wish to use password reset. Authentication must be delegated to TracAccountManager. As noted before, you may need to modify your Apache configuration to remove the Location directive that results in Apache intercepting the request to /login.
- Ryan
Reply all
Reply to author
Forward
0 new messages