On 01/15/2013 08:23 PM, Steffen Hoffmann wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 15.01.2013 18:17, Falcon EndorphinE wrote:
Hello, when I try to get the password using "Forgot your password?" url
with account module TracAccountManager 0.4.2 the password is being sent
to provided email but the password in Trac is not being changed and I am
unable to login with the provided password.
Can anyone advise on this please?
Here we go:
Check and make sure you've the necessary components [1] enabled, please.
Probably the ResetPwStore is missing in your case? The
lost-password-procedure has been explained in very detailed for
convenience lately [2].
By "password in Trac" you mean exactly what password store? You must
have at least one writable password store enabled and specified in your
configuration. Again the wiki docs will be helpful to tell you, how to
get it working [3]. If you've followed the link to the password reset
procedure, you'll already know now, that the password is no longer
overwritten on reset, only after successful login. This is a feature,
not a defect, see the request "'forgot password' should not reset
password directly" [4], if you don't understand it right-way. In short
its a countermeasure against malicious credential invalidation attempts.
Steffen Hoffmann
I also had the same issue with 0.4.2.
It was not really about htpasswd not updated, as Steffen explained, but
about AccountManager thinking that a temporary password was not set for
the user (if I well understood the code)
I proposed a patch (http://trac-hacks.org/ticket/8927#comment:33) that
solved the issue, at least for me. I have however no idea if it's "the"
correct fix...
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
