[RTEMS Project] #3329: Trac Login Failure (bad password) Causes Internal Error

RTEMS trac trac at rtems.org
Fri Mar 9 19:14:47 UTC 2018 

#3329: Trac Login Failure (bad password) Causes Internal Error
----------------------------+--------------------
  Reporter:  Joel Sherrill  |      Owner:  (none)
      Type:  defect         |     Status:  new
  Priority:  normal         |  Milestone:
 Component:  tool/website   |    Version:
  Severity:  normal         |   Keywords:
Blocked By:                 |   Blocking:
----------------------------+--------------------
 Behavior is as expected with a bad user name.

 Try to login to Trac with a bad password:

 Oops…
 Trac detected an internal error:
 ProgrammingError: (1064, "You have an error in your SQL syntax; check the
 manual that corresponds to your MySQL server version for the right syntax
 to use near 'sid='joel.sherrill' AND authenticated=1 AND
 name='failed_logins_count'' at line 1")
 There was an internal error in Trac. It is recommended that you notify
 your local Trac administrator with the information needed to reproduce the
 issue.

 To that end, you could anonymous ProgrammingError: (1064, "You have an
 error in your SQL syntax; check the manual that corresponds to your MySQL
 server version for the right syntax to use near 'sid='joel.sherrill' AND
 authenticated=1 AND name='failed_logins_count'' at line 1") ==== How to
 Reproduce ====

 While doing a POST operation on `/login`, Trac issued an internal error.

 ''(please provide additional details here)''

 Request parameters:
 {{{
 {u'__FORM_TOKEN': u'0dc25ae350c181046ceae015',
  u'password': u'XXX',
  u'referer': u'https://devel.rtems.org/ticket/3328',
  'user_locked': False,
  u'username': u'joel.sherrill'}
 }}}

 User agent: `Mozilla/5.0 (X11; Linux x86_64) KHTML/4.14.8 (like Gecko)
 Konqueror/4.14 Fedora/4.14.8-6.el7_3`

 ==== System Information ====
 ''System information not available''

 ==== Enabled Plugins ====
 ''Plugin information not available''

 ==== Interface Customization ====
 ''Interface customization information not available''

 ==== Python Traceback ====
 {{{
 Traceback (most recent call last):
   File "/data/src/trac/trac/web/main.py", line 620, in _dispatch_request
     dispatcher.dispatch(req)
   File "/data/src/trac/trac/web/main.py", line 220, in dispatch
     chosen_handler = self._pre_process_request(req, chosen_handler)
   File "/data/src/trac/trac/web/main.py", line 429, in
 _pre_process_request
     chosen_handler = filter_.pre_process_request(req, chosen_handler)
   File
 "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/api.py",
 line 478, in pre_process_request
     if not req.session.authenticated or \
   File "/data/src/trac/trac/web/api.py", line 491, in __getattr__
     value = self.callbacks[name](self)
   File "/data/src/trac/trac/web/main.py", line 354, in _get_session
     return Session(self.env, req)
   File "/data/src/trac/trac/web/session.py", line 243, in __init__
     if req.authname == 'anonymous':
   File "/data/src/trac/trac/web/api.py", line 491, in __getattr__
     value = self.callbacks[name](self)
   File "/data/src/trac/trac/web/main.py", line 172, in authenticate
     authname = authenticator.authenticate(req)
   File
 "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/util.py",
 line 81, in wrap
     return func(self, *args, **kwds)
   File
 "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/web_ui.py",
 line 395, in authenticate
     guard.failed_count(f_user, req.remote_addr)
   File
 "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/guard.py",
 line 107, in failed_count
     set_user_attribute(self.env, user, key, count)
   File
 "/data/trac/plugins/TracAccountManager-0.5.dev0-py2.7.egg/acct_mgr/model.py",
 line 509, in set_user_attribute
     (value, username, attribute))
   File "/data/src/trac/trac/db/util.py", line 128, in execute
     cursor.execute(query, params if params is not None else [])
   File "/data/src/trac/trac/db/util.py", line 72, in execute
     return self.cursor.execute(sql_escape_percent(sql), args)
   File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line
 205, in execute
     self.errorhandler(self, exc, value)
   File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py",
 line 36, in defaulterrorhandler
     raise errorclass, errorvalue
 ProgrammingError: (1064, "You have an error in your SQL syntax; check the
 manual that corresponds to your MySQL server version for the right syntax
 to use near 'sid='joel.sherrill' AND authenticated=1 AND
 name='failed_logins_count'' at line 1")
 }}}  Create  a ticket.

 The action that triggered the error was:
 POST: /login
 TracGuide — The Trac User and Administration Guide

--
Ticket URL: <http://devel.rtems.org/ticket/3329>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list