Files @ 8b47181750a8
Branch filter:

Location: kallithea/docs/usage/troubleshooting.rst

8b47181750a8 2.3 KiB text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Mads Kiilerich
login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350)

htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.

By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.

Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.

The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
.. _troubleshooting:

===============
Troubleshooting
===============

:Q: **Missing static files?**
:A: Make sure either to set the ``static_files = true`` in the .ini file or
   double check the root path for your http setup. It should point to
   for example:
   ``/home/my-virtual-python/lib/python2.7/site-packages/kallithea/public``

|

:Q: **Can't install celery/rabbitmq?**
:A: Don't worry. Kallithea works without them, too. No extra setup is required.
    Try out the great Celery docs for further help.

|

:Q: **Long lasting push timeouts?**
:A: Make sure you set a longer timeout in your proxy/fcgi settings. Timeouts
    are caused by the http server and not Kallithea.

|

:Q: **Large pushes timeouts?**
:A: Make sure you set a proper ``max_body_size`` for the http server. Very often
    Apache, Nginx, or other http servers kill the connection due to to large
    body.

|

:Q: **Apache doesn't pass basicAuth on pull/push?**
:A: Make sure you added ``WSGIPassAuthorization true``.

|

:Q: **Git fails on push/pull?**
:A: Make sure you're using a WSGI http server that can handle chunked encoding
    such as ``waitress`` or ``gunicorn``.

|

:Q: **How can I use hooks in Kallithea?**
:A: It's easy if they are Python hooks: just use advanced link in
    hooks section in Admin panel, that works only for Mercurial. If
    you want to use Git hooks, just install th proper one in the repository,
    e.g., create a file `/gitrepo/hooks/pre-receive`. You can also use
    Kallithea-extensions to connect to callback hooks, for both Git
    and Mercurial.

|

:Q: **Kallithea is slow for me, how can I make it faster?**
:A: See the :ref:`performance` section.

|

:Q: **UnicodeDecodeError on Apache mod_wsgi**
:A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror.

|

:Q: **Requests hanging on Windows**
:A: Please try out with disabled Antivirus software, there are some known problems with Eset Antivirus. Make sure
    you have installed the latest Windows patches (especially KB2789397).


.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _mercurial: https://www.mercurial-scm.org/
.. _celery: http://celeryproject.org/
.. _rabbitmq: http://www.rabbitmq.com/
.. _python-ldap: http://www.python-ldap.org/
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.