AttributeError: Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod". Please update the option account-manager.hash_method in trac.ini.

[admin]

How to Reproduce

While doing a GET operation on /admin/accounts/config, Trac issued an internal error.

(please provide additional details here)

Request parameters:

{'cat_id': u'accounts', 'panel_id': u'config', 'path_info': None}

User agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16

System Information

Trac	0.13dev-r10688
Babel	0.9.6
Docutils	0.7
Genshi	0.6
mod_python	3.3.1
Pygments	1.4
pysqlite	2.6.0
Python	2.5 (r25:51908, Sep 19 2006, 09:52:17) [MSC v.1310 32 bit (Intel)]
pytz	2011e
setuptools	0.6c11
SQLite	3.6.2
Subversion	1.4.6 (r28521)
jQuery	1.5.1

Enabled Plugins

tracaccountmanager

0.3dev-r10113

Python Traceback

Traceback (most recent call last):
  File "build\bdist.win32\egg\trac\web\main.py", line 473, in _dispatch_request
    dispatcher.dispatch(req)
  File "build\bdist.win32\egg\trac\web\main.py", line 193, in dispatch
    resp = chosen_handler.process_request(req)
  File "build\bdist.win32\egg\trac\admin\web_ui.py", line 124, in process_request
    path_info)
  File "build\bdist.win32\egg\acct_mgr\admin.py", line 130, in render_admin_panel
    return self._do_config(req)
  File "build\bdist.win32\egg\acct_mgr\admin.py", line 159, in _do_config
    opt_val = option.__get__(store, store)
  File "build\bdist.win32\egg\trac\config.py", line 691, in __get__
    self.section, self.name))
AttributeError: Cannot find an implementation of the "IPasswordHashMethod" interface named "HtDigestHashMethod".  Please update the option account-manager.hash_method in trac.ini.

[Ryan J Ollos]

Yet another incorrectly filed ticket.

[Steffen Hoffmann]

See the end of the traceback message:

Please update the option account-manager.hash_method in trac.ini.

We could hardly be more explicit about how to fix this issue, couldn't we?

Sorry, but this is showing to me very clearly, that at the reporters side not much effort has been put into research about proper configuration. Especially make sure in your trac.ini you have

[components]
acct_mgr.pwhash.htdigesthashmethod = enabled

[anonymous]

I am receiving the same error as rjollos, but via a different method. I receive the error when clicking "Reset Passwords" on the "Manage User Accounts" page. I am using HtPasswdStore rather than SessionStore or SvnServePasswordStore. Enabling the pwhash.htdigesthashmethod component as suggested does not solve the problem. The documentation doesn't say anything about using pwhash in conjunction with HtPasswdStore, or at least not that I was able to find.

Here are my account-manager settings:

[account-manager]
allow_delete_account = false
force_passwd_change = true
htpasswd_hash_type = crypt
password_file = <redacted>
password_store = HtPasswdStore
persistent_sessions = true
refresh_passwd = False
user_lock_max_time = 0
verify_email = true

[components]
acct_mgr.admin.accountmanageradminpages = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled

[nmschulte@…]

I made the prior post; apologies for not leaving contact information. I assume I should reopen the ticket as well...

[Steffen Hoffmann]

No offense intended, but what's the issue with following advice given by a rather trustworthy plugin? I don't get that, really.

If you're curious enough, or security conscious or both, a look into changelog, the commit log or some closer looks at the source will tell you, that the reset password process has dramatically changed, and that using a modified SessionStore for the interim reset passwords has been part of the current solution to prevent DOS attacks by false faked request request from a third party.

Nevertheless I appreciate your hint about this being not obvious in current wiki documentation. I'll try to improve relevant places (AccountModule and SessionStore) before closing this ticket again.

[Steffen Hoffmann]

#10406 has been closed as a duplicate. The patch by Jun Omae seems a bit unrelated, but deserves further investigation, even if not applying to current trunk anymore.

[Steffen Hoffmann]

(In [12097]) AccountManagerPlugin: Send notification for password reset only after storing it, refs #8770.

Unsuccessful attempts to store a new password will no longer yield misleading user notification about unsaved, effectively invalid passwords.

Beware though, that the password reset procedure has been changed to prevent premature password invalidation, so the old password will continue to exist until next successful login for that user account anyway.

(hand-added, because it seems to not have landed here even with appropriate commit message)

[Steffen Hoffmann]

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.