invalid cookies in reset password URL give an exception

Wed, 31 Mar 2010 12:40:55 +0200 

Hi to all,
I just realized that there is no useful feedback to the end user when an invalid/deleted cookies is handled by Invenio. Instead, one gets a "500 Internal Server Error"... 


Replication steps: Use "lost my password", give a valid email address, 
click the appropriate URL in the mail to change the password and then 
click AGAIN in the URL in the mail,
or just use a 
http://yourinvenioserver/youraccount/resetpassword?k=write_here_any_bogus_characters



It will give a 500 Internal Server Error in v0.99.90.20091222 and an 
exception that says (among other things)

[...]
InvenioWebAccessMailCookieDeletedError: Cookie has been deleted
[...]
Traceback (most recent call last):

  File 
"/usr/lib/python2.6/site-packages/invenio/webinterface_handler_wsgi.py", 
line 352, in application

    ret = invenio_handler(req)

  File 
"/usr/lib/python2.6/site-packages/invenio/webinterface_handler.py", line 
296, in _profiler

    return _handler(req)

  File 
"/usr/lib/python2.6/site-packages/invenio/webinterface_handler.py", line 
338, in _handler

    return root._traverse(req, path, False, guest_p)

  File 
"/usr/lib/python2.6/site-packages/invenio/webinterface_handler.py", line 
191, in _traverse

    return obj._traverse(req, path, do_head, guest_p)

  File 
"/usr/lib/python2.6/site-packages/invenio/webinterface_handler.py", line 
202, in _traverse

    result = _check_result(req, obj(req, form))

  File 
"/usr/lib/python2.6/site-packages/invenio/websession_webinterface.py", 
line 151, in resetpassword

    email = mail_cookie_check_pw_reset(args['k'])

  File 
"/usr/lib/python2.6/site-packages/invenio/access_control_mailcookie.py", 
line 159, in mail_cookie_check_pw_reset

    (kind, email) = mail_cookie_check_generic(cookie)

  File 
"/usr/lib/python2.6/site-packages/invenio/access_control_mailcookie.py", 
line 133, in mail_cookie_check_generic

    raise InvenioWebAccessMailCookieDeletedError, "Cookie has been deleted"
InvenioWebAccessMailCookieDeletedError: Cookie has been deleted


It's not vital or urgent in any way, but I thought it would be nice to 
have a small information box saying something like "Invalid Cookie" 
inside invenio (or something similar), and refrain from producing an 
exception and sending an email to the admin...


Best regards,
Theodoros






















					Reply via email to