Infinite URL redirection when logging in after resetting password

[siddhu.warrier@…]

I'm using SessionStore to store the password in the MySQL database. I'm using the 0.11 version of Trac Account Manager

I found that if I were to:

1. Reset password and have it emailed to me.
2. Log in with the new password.

I keep getting redirected, infinitely. I fooled about with the code and figured that, in do_account, the session variable 'force_change_passwd' was not being reset if the request method was not 'POST':

This can be fixed by adding the following to acct_mgr/web_ui.py: 250a255,256

del(req.session['force_change_passwd' ])
req.session.save()

However, this does not completely fix the problem (just works around it and allows me to log in), as the chrome warning does not appear. I did a bit of an inspect and walk through (very amateurishly), and found the following function calls occuring in web_ui.py of the AccountManager plugin:

In _post_process_request
In match_request
In get_preference_panel
In render_preference_panel called by ('/usr/lib/python2.5/site-packages/trac/prefs/web_ui.py', 73, 'process_request', template, data = chosen_provider.render_preference_panel(req, panel_id)\n?, 0).

In _do_account as user Superman. called by ('build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py', 196, 'render_preference_panel', None, None).
Resetting session variable...

In _post_process_request
In _post_process_request

As you can see, post_process-request is called twice after I reset the session variable. So the chrome warning is lost. Unfortunately, I could not dig in further due to temporal constraints.

I hope this helps.

[John Hampton]

duplicate of #3233. Fixed