Account delete does not purge user's auth cookie

[gary.martin@…]

I would expect that if a specific user is logged at the point just prior to their account being deleted, they should lose the authenticated status in future requests. This does not appear to be the case (0.11 branch of AccountManagerPlugin and Trac 0.13dev).

[gary.martin@…]

The attached patch is just part of what I found that might just contribute to a possible fix that seems to work for me. I hope it is of some use.

[hasienda]

Thank you for the hint and inspiration. I'm testing a modified version of your patch right now. Please allow some comments on your patch:

Invalidation of authentication cookie data is not done in trunk development branch as well. This is the more appropriate place to discuss, since all ongoing development is happening there and that code is subsequently merged back into the stable branch(es), currently 0.11 that you referred to. For this reason I prefer patches against trunk too.

env.db_transaction is top, but I defer adoption of the latest Trac db API until I did a final 0.11 release. Switching towards a 0.13 branch means maintenance of significant diverging code or leaving 0.11 backwards-compatibility behind, that I personally still value very high these days. I know of Trac applications, that even can't go beyond Python2.4 for various reasons, that I don't feel authorized to argue with.

The additional DELETE statement will interrupt any of possibly multiple parallel authenticated sessions for the deleted user, but of course this is rightful table cleanup anyway.

[hasienda]

(In [11554]) AccountManagerPlugin: Improve db cleanup on user deletion, refs #10028.

Thanks to Gary Martin from WanDisco for pointing out this weak spot.

[anonymous]

Fantastic.. the trunk development branch code now works well against my test 0.13 based system.

Thanks for making time to look at this so quickly.

[hasienda]

Replying to anonymous:

Fantastic.. the trunk development branch code now works well against my test 0.13 based system.

Good new. Thank you for reporting back.

Thanks for making time to look at this so quickly.

You're welcome. I've been lucky to use some free time last night, more than within the last ten week together. And code rules: With a plausible description and a patch everything is much easier.
If you happen to get more observations, fixes and improvements, I'd be eager to have a look too.

[hasienda]

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release
closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution,
refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress,
but known to require more work to resolve them satisfactorily,
refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good
portion of this development work.