Opened 13 years ago
Closed 12 years ago
#9942 closed defect (fixed)
'Headers Already Set' error after password reset
| Reported by: | Ryan J Ollos | Owned by: | Steffen Hoffmann |
|---|---|---|---|
| Priority: | low | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | login password reset |
| Cc: | Trac Release: | 0.12 |
Description (last modified by )
I'm running the latest version of the AccountManagerPlugin, r11364, and Trac 0.12.3. After creating a user account and logging in as that user (to work around #9252 / #9843), I reset the users password to force them to change it on first login. When the users logs in, they see the following error:
Upon attempting navigate to any other page, they are redirected to the Change password page and prevented from accessing any other page before changing their password:
Traceback:
2012-04-03 16:43:07,069 Trac[main] ERROR: Internal Server Error:
Traceback (most recent call last):
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 522, in _dispatch_request
dispatcher.dispatch(req)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 269, in dispatch
self._post_process_request(req)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/main.py", line 365, in _post_process_request
f.post_process_request(req, *(None,)*extra_arg_count)
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 256, in post_process_request
req.redirect(redirect_url)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 383, in redirect
self.end_headers()
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/api.py", line 321, in end_headers
self._write = self._start_response(self._status, self._outheaders)
File "/usr/local/python26_trac12/lib/python2.6/site-packages/Trac-0.12.3-py2.6.egg/trac/web/_fcgi.py", line 1241, in start_response
assert not headers_set, 'Headers already set!'
AssertionError: Headers already set!
Attachments (2)
Change History (12)
Changed 13 years ago by
| Attachment: | HeadersAlreadySet.png added |
|---|
Changed 13 years ago by
| Attachment: | PleaseChangeYourPassword.png added |
|---|
comment:1 Changed 13 years ago by
| Description: | modified (diff) |
|---|---|
| Reporter: | changed from anonymous to Ryan J Ollos |
comment:2 follow-up: 4 Changed 12 years ago by
| Keywords: | needinfo login password reset added |
|---|
comment:3 follow-up: 6 Changed 12 years ago by
| Priority: | normal → low |
|---|
Meanwhile acct_mgr-0.4 has been release, and the workaround for aforementioned, resolved tickets is no longer needed.
I've tried it on Trac-1.0:
- user is created successfully
- password reset works
- with recent
trunkrevision of TracAnnouncer I even get notifications for both, account/user creation and password reset
- with recent
- account attributes are preserved on 1st login
- no header complaint here, but no wonder, because I use
tracd, not Trac served by a fcgi modules
- no header complaint here, but no wonder, because I use
- password reset works too, again including notification
Do you still see issues with Trac served by fcgi?
comment:4 Changed 12 years ago by
Replying to hasienda:
Would you be so kind as to re-check with current
trunkcode, please.
Yes, I'll test now. Sorry for the delay. I haven't been able to keep up on all the email from Trac over the past two weeks due to other commitments. Starting to get caught up now though.
comment:5 follow-up: 7 Changed 12 years ago by
I upgraded to the 0.4 release. I didn't check what version I was running before the upgrade, but I remember upgrading to the latest trunk very recently, and from looking at the installed eggs, it appears I was at 0.4dev_r12386. That probably isn't relevant though.
I was thinking that that there was an option to force the user to reset their password on first login, but I'm not seeing that now, so maybe I was just imagining it (perhaps a good feature request though? => #10679). Email notifications aren't working for me at the moment, but I think that is because I'm using the AnnouncerPlugin. I only mention in case that is somehow related to the reset on first login behavior that I might be overlooking.
I've tested the following procedure:
- Create a new user from the admin page.
- Reset their password from the admin page.
- Login as that user and verify that a password reset is required.
- Reset the password - I'm immediately prompted with a http auth dialog (using
HtPasswdStore, full config below) and on entering my new password I'm back on the change password page.
Everything appears to be functioning well. I found two unrelated issues, which I'll open tickets for. I think this ticket can be closed.
acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.admin.accountmanageradminpanel = enabled acct_mgr.admin.accountmanageradminpanels = enabled acct_mgr.api.accountmanager = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.htpasswdstore = enabled acct_mgr.macros.accountmanagerwikimacros = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpanel = enabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = disabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.registrationmodule = disabled acct_mgr.web_ui.resetpwstore = enabled
comment:6 Changed 12 years ago by
comment:7 Changed 12 years ago by
Replying to rjollos:
I upgraded to the 0.4 release.
Thanks for testing. See some notes to improve/correct your configuration (comments inline).
acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.admin.accountmanageradminpanel = enabled acct_mgr.admin.accountmanageradminpanels = enabled
some accumulated cruft here, only second line is valid, the other have been valid in older versions/development revisions though
acct_mgr.api.accountmanager = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.htpasswdstore = enabled acct_mgr.macros.accountmanagerwikimacros = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpanel = enabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = disabled acct_mgr.web_ui.registrationmodule = disabled
email verification was moved together with registrations stuff, see AccountManagerPlugin/RegistrationInspector for currently valid settings (or just replace web_ui.emailverificationmodule with register.emailverificationmodule)
same for RegistrationModule, sure
acct_mgr.web_ui.resetpwstore = enabled
Just felt urged to sanitize wiki docs regarding configuration examples. References should be even clearer now, completely removed from the main page and updated in the cookbook.
comment:8 Changed 12 years ago by
Thanks, I've cleaned it up.
acct_mgr.admin.accountmanageradminpanel = enabled acct_mgr.api.accountmanager = enabled acct_mgr.guard.accountguard = enabled acct_mgr.htfile.htpasswdstore = enabled acct_mgr.macros.accountmanagerwikimacros = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpanel = enabled acct_mgr.pwhash.htpasswdhashmethod = enabled acct_mgr.register.basiccheck = enabled acct_mgr.register.usernamepermcheck = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.resetpwstore = enabled
comment:9 Changed 12 years ago by
It looks like this ticket can be considered resolved with the release of AccountManager 0.4.0.
comment:10 Changed 12 years ago by
| Keywords: | needinfo removed |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
So may it be, thanks for the confirmation.
Would you be so kind as to re-check with current
trunkcode, please.I suggest, that this had been fixed by changes for other issues as well. Especially #9252 and #9843 might be related.