#3329 closed infra (fixed)

Trac Login Failure (bad password) Causes Internal Error

Reported by: Joel Sherrill Owned by: Amar Takhar
Priority: normal Milestone: 5.1
Component: tool/website Version:
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

Behavior is as expected with a bad user name.

Try to login to Trac with a bad password:

Oops…
Trac detected an internal error:
ProgrammingError?: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sid='joel.sherrill' AND authenticated=1 AND name='failed_logins_count at line 1")
There was an internal error in Trac. It is recommended that you notify your local Trac administrator with the information needed to reproduce the issue.

To that end, you could anonymous ProgrammingError?: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sid='joel.sherrill' AND authenticated=1 AND name='failed_logins_count
at line 1") ==== How to Reproduce ====

While doing a POST operation on /login, Trac issued an internal error.

(please provide additional details here)

Request parameters:

{u'__FORM_TOKEN': u'0dc25ae350c181046ceae015',
 u'password': u'XXX',
 u'referer': u'https://devel.rtems.org/ticket/3328',
 'user_locked': False,
 u'username': u'joel.sherrill'}

User agent: Mozilla/5.0 (X11; Linux x86_64) KHTML/4.14.8 (like Gecko) Konqueror/4.14 Fedora/4.14.8-6.el7_3

System Information

System information not available

Enabled Plugins

Plugin information not available

Interface Customization

Interface customization information not available

Python Traceback

Traceback (most recent call last):
  File "/data/src/trac/trac/web/main.py", line 620, in _dispatch_request
    dispatcher.dispatch(req)
  File "/data/src/trac/trac/web/main.py", line 220, in dispatch
    chosen_handler = self._pre_process_request(req, chosen_handler)
  File "/data/src/trac/trac/web/main.py", line 429, in _pre_process_request
    chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/api.py", line 478, in pre_process_request
    if not req.session.authenticated or \
  File "/data/src/trac/trac/web/api.py", line 491, in __getattr__
    value = self.callbacks[name](self)
  File "/data/src/trac/trac/web/main.py", line 354, in _get_session
    return Session(self.env, req)
  File "/data/src/trac/trac/web/session.py", line 243, in __init__
    if req.authname == 'anonymous':
  File "/data/src/trac/trac/web/api.py", line 491, in __getattr__
    value = self.callbacks[name](self)
  File "/data/src/trac/trac/web/main.py", line 172, in authenticate
    authname = authenticator.authenticate(req)
  File "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/util.py", line 81, in wrap
    return func(self, *args, **kwds)
  File "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/web_ui.py", line 395, in authenticate
    guard.failed_count(f_user, req.remote_addr)
  File "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/guard.py", line 107, in failed_count
    set_user_attribute(self.env, user, key, count)
  File "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/model.py", line 509, in set_user_attribute
    (value, username, attribute))
  File "/data/src/trac/trac/db/util.py", line 128, in execute
    cursor.execute(query, params if params is not None else [])
  File "/data/src/trac/trac/db/util.py", line 72, in execute
    return self.cursor.execute(sql_escape_percent(sql), args)
  File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
    self.errorhandler(self, exc, value)
  File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
    raise errorclass, errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sid='joel.sherrill' AND authenticated=1 AND name='failed_logins_count'' at line 1")
}}}  Create  a ticket.
 
The action that triggered the error was:
POST: /login
TracGuide — The Trac User and Administration Guide

Change History (2)

comment:1 Changed on Mar 9, 2018 at 10:40:22 PM by Amar Takhar

Owner: set to Amar Takhar
Status: newaccepted
Type: defectinfra

Sigh this is a part of why upgrading trac is so annoying anytime I fix something another part breaks I really need to redo the entire system.

Thanks for the report I've put it on the list since it's not critical I'm not worried about it.

comment:2 Changed on Oct 20, 2018 at 4:08:31 PM by Amar Takhar

Milestone: 5.1
Resolution: fixed
Status: acceptedclosed

I upgraded TracAccountManager? this should no longer happen.

Note: See TracTickets for help on using tickets.