#4182 closed defect (invalid)
changeset 4153 breaks custom script
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | 0.10.1 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
This isn't a defect in trac exactly.
I have a script that is triggered via the postcommit hook in subversion.
The script put together the http post necessary for creating a new ticket in trac. We use basic apache authentication so it was easy enough to drop in the apache authoritation token in the header (which doesn't change between sessions).
However the new the FORM_TOKEN is a hash that is generated for every new session.
The error that's thrown in the script is the same one that would occur if I logged into our trac instance then cleared my cookies then tried to create a new ticket. Trac throws an internal error complaining that I don't have cookies enabled because the cookie doesn't exist anymore and doesn't match the session object trac had stored.
I guess from a security perspective the change made in 4153 was necessary and I might be the only one encoutering this problem.
Does trac have a API that I can use directly to create the new tickets? Then I wouldn't have to use the Http post method in my python script?
closing this ticket…
this wasn't really a trac defect.
The solution (if anyone is interested) is I parsed the request header and manually stick in the Cookie tag and the FORM_TOKEN attributes that trac is looking for.