On 05/09/2017 21:11, RjOllos wrote:
On Tuesday, September 5, 2017 at 5:40:01 AM UTC-7, Nicolas MARTIN wrote:
Hello Trac users,
Few months ago, we moved in our project from HTTP to HTML
authentication
with AccountManager. No particular issue since then except a
warning in
the log "Trac[web_ui] WARNING: ResetPwStore is disabled, therefore
password reset won't work." but with no evident effect
('ResetPwStore'
was still enabled under 'Plugins' and the password reset procedure
was
working).
But recently several users got the following error at the login page
with the temporary password received by email, when they tried to set
their own password after the account creation:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/trac/web/api.py", line
514, in send_error
data, 'text/html')
File "/usr/lib/python2.7/site-packages/trac/web/chrome.py",
line 968, in render_template
message = Markup(req.session.pop('chrome.%s.%d'
File "/usr/lib/python2.7/site-packages/trac/web/api.py", line
316, in __getattr__
value = self.callbacks[name](self)
File "/usr/lib/python2.7/site-packages/trac/web/main.py", line
268, in _get_session
return Session(self.env, req)
File "/usr/lib/python2.7/site-packages/trac/web/session.py",
line 200, in __init__
if req.authname == 'anonymous':
File "/usr/lib/python2.7/site-packages/trac/web/api.py", line
316, in __getattr__
value = self.callbacks[name](self)
File "/usr/lib/python2.7/site-packages/trac/web/main.py", line
135, in authenticate
authname = authenticator.authenticate(req)
File "build/bdist.linux-x86_64/egg/acct_mgr/util.py", line 81,
in wrap
return func(self, *args, **kwds)
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line
451, in authenticate
username = self._remote_user(req)
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line
766, in _remote_user
if acctmgr.check_password(username, password) is True:
File "build/bdist.linux-x86_64/egg/acct_mgr/api.py", line 287,
in check_password
valid = store.check_password(user, password)
File "build/bdist.linux-x86_64/egg/acct_mgr/htfile.py", line
69, in check_password
return self._check_userline(user, password, line)
File "build/bdist.linux-x86_64/egg/acct_mgr/htfile.py", line
207, in _check_userline
return suffix == htpasswd(password, suffix)
File "build/bdist.linux-x86_64/egg/acct_mgr/pwhash.py", line
140, in htpasswd
available."""))
NotImplementedError: Neither are "sha2" hash algorithms supported
by the
"crypt" module on this platform nor is "passlib"
available.
The tricky thing is that at the same time other users did not
encounter
this issue and were able to complete the procedure, I received few
email
notifications of password reset since the first feedback of the
problem.
This occurred during my vacations and at first glance I does not
have to
blame my colleagues of a change in the plugin configuration.
Regarding the plugin version, we use the very last revision of the
trunk
branch (r16720) on our Trac 1.0.1 installation.
Here is an extract of trac.ini
[account-manager]
htpasswd_file = ../auth/trac.passwd
htpasswd_hash_type = sha512
login_attempt_max_count = 3
notify_actions = new,change,delete
password_store = HtPasswdStore
refresh_passwd = true
user_lock_time = 3600
username_regexp = (?i)^[a-z0-9]{5,}$
...
[components]
acct_mgr.admin.useradminpanel = disabled
acct_mgr.db.sessionstore = disabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.http.* = disabled
acct_mgr.register.* = disabled
acct_mgr.svnserve.svnservepasswordstore = disabled
trac.web.auth.loginmodule = disabled
tracopt.ticket.commit_updater.* = enabled
tracopt.ticket.deleter.ticketdeleter = disabled
tracopt.versioncontrol.svn.svn_fs.subversionconnector = enabled
xmail.xmailmainview.xmailmainview = enabled
xmail.xmailpermissions.xmailpermission = enabled
I was able to reproduce the bug by myself with my personal
account, then
I installed passlib module and finally add 'ResetPwStore' to
'password_store' option (remove the warning in the Trac log) but the
issue remains...
Regards,
Nicolas
Try adding:
[account-manager]
hash_method = HtPasswdHashMethod
Done.
No apparent change, the reset procedure continues to end prematurely.
What Linux distro are you running?
Mageia 3 (fork of former Mandriva, RHEL derivative), the OS is as
up-to-date as our Trac installation...
What does the following yield on your system?
>>> from passlib.apps import custom_app_context as passlib_ctxt
>>> passlib_ctxt.policy.schemes()
['sha512_crypt', 'sha256_crypt']
Seems to be a dead-end because passlib was not installed when we
initially moved to AccountManager to handle the server authentication.
Anyway, I have installed passlib-1.7.1 and I got what we could expect:
$ python
Python 2.7.6 (default, Mar 18 2014, 22:18:46)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from passlib.apps import custom_app_context as passlib_ctxt
>>> passlib_ctxt.policy.schemes()
['sha512_crypt', 'sha256_crypt']
- Ryan
For my part, I was able to reset my user password from the
administration interface without problem.
Also I realized that the login module crashes in all cases (void, wrong
or temporary password from email) except of course the good one from the
hash passwords file.
Nicolas
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
