Actions
Defect #43350
open
When accessed via smartphone, a NameError occurs: ‘undefined local variable or method no_store’.
Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
Summary
Visiting /login returns 500. AccountController#login raises NameError for an undefined method no_store.
This does not occur on PCs, but when accessed via smartphone,
Steps to reproduce
Visit /login?back_url=https://redmine.example.com/ while logged out
Observe 500 Internal Server Error
Actual result (log excerpt)
(paste the masked log above)
Expected result
Login page renders with 200 OK.
I, [2025-10-13T11:49:22.511469 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Started GET "/login?back_url=https%3A%2F%2Fredmine.example.com%2F" for 0.0.0.0 at 2025-10-13 11:49:22 +0900
I, [2025-10-13T11:49:22.512771 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Processing by AccountController#login as HTML
I, [2025-10-13T11:49:22.512839 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Parameters: {"back_url"=>"https://redmine.example.com/"}
I, [2025-10-13T11:49:22.516355 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Current user: anonymous
I, [2025-10-13T11:49:22.539509 #3949158] INFO -- : [44ae2f65-0842-4be5-a880-4ea141ca635e] Completed 500 Internal Server Error in 27ms (ActiveRecord: 0.8ms | Allocations: 10959)
F, [2025-10-13T11:49:22.541224 #3949158] FATAL -- : [44ae2f65-0842-4be5-a880-4ea141ca635e]
[44ae2f65-0842-4be5-a880-4ea141ca635e] NameError (undefined local variable or method `no_store' for #<AccountController:0x0000000003c2f8>
no_store
^^^^^^^^):
[44ae2f65-0842-4be5-a880-4ea141ca635e]
[44ae2f65-0842-4be5-a880-4ea141ca635e] app/controllers/account_controller.rb:39:in `login'
[44ae2f65-0842-4be5-a880-4ea141ca635e] lib/redmine/sudo_mode.rb:61:in `sudo_mode'
Environment: Redmine version 5.1.10.stable Ruby version 3.1.5-p252 (2024-04-23) [x86_64-linux] Rails version 6.1.7.10 Environment production Database adapter PostgreSQL Mailer queue ActiveJob::QueueAdapters::AsyncAdapter Mailer delivery smtp
We have confirmed that the issue is resolved with the following patch.
grep -R --line-number "\bno_store\b" app plugins app/controllers/twofa_backup_codes_controller.rb:40: no_store app/controllers/twofa_backup_codes_controller.rb:68: no_store app/controllers/auth_sources_controller.rb:35: no_store app/controllers/auth_sources_controller.rb:43: no_store app/controllers/auth_sources_controller.rb:49: no_store app/controllers/auth_sources_controller.rb:58: no_store app/controllers/users_controller.rb:129: no_store app/controllers/users_controller.rb:167: no_store app/controllers/users_controller.rb:182: no_store app/controllers/users_controller.rb:221: no_store app/controllers/my_controller.rb:118: no_store app/controllers/twofa_controller.rb:50: no_store app/controllers/account_controller.rb:39: no_store app/controllers/account_controller.rb:99: no_store app/controllers/account_controller.rb:175: no_store app/controllers/account_controller.rb:225: no_store app/controllers/repositories_controller.rb:44: no_store app/controllers/repositories_controller.rb:51: no_store app/controllers/repositories_controller.rb:57: no_store app/controllers/repositories_controller.rb:65: no_store
# target file list
files=(
"app/controllers/twofa_backup_codes_controller.rb"
"app/controllers/auth_sources_controller.rb"
"app/controllers/users_controller.rb"
"app/controllers/my_controller.rb"
"app/controllers/twofa_controller.rb"
"app/controllers/repositories_controller.rb"
"app/controllers/account_controller.rb"
)
# file bakcup & replace
for file in "${files[@]}"; do
cp "$file" "$file.backup"
sed -i 's/^\(\s*\)no_store$/\1response.headers["Cache-Control"] = "no-store"/' "$file"
echo "Modified: $file"
done
Updated by 
Updated by
Actions