Opened 7 years ago

Last modified 15 months ago

#2571 assigned defect

Removing a user does not remove the session_attributes

Reported by: jtrahan Owned by: rjollos
Priority: high Component: UserManagerPlugin
Severity: major Keywords: user attribute deletion
Cc: rjollos Trac Release: 0.11


I'm not sure if this was by design or not. If it is can you add an option to remove the session_attributes when a user is removed.

Attachments (0)

Change History (4)

comment:1 follow-up: Changed 7 years ago by cbalan

  • Priority changed from normal to high
  • Severity changed from normal to major
  • Status changed from new to assigned

Yes, this was by design ... which is bad and 'trashy', but safe. I'll fix this soon.

Thank you for your feedback.

Best regards, Catalin Balan

comment:2 in reply to: ↑ 1 Changed 3 years ago by hasienda

  • Keywords user attribute deletion added

Replying to cbalan:

Yes, this was by design ... which is bad and 'trashy', but safe. I'll fix this soon.

Safe. Quite right, indeed. In AccountManagerPlugin there was a bug preventing the db cleanup. Just the user was deleted from the password stores. I fixed it meanwhile, but yesterday I helped someone out on #trac IRC channel, who had to recover from extensive erroneous user account deletion. With his still buggy version his admin had not done much harm. You see?

Anyway, this is code available in AccountManagerPlugin. Let's see how to use it here without re-inventing the wheel.

comment:3 Changed 2 years ago by hasienda

  • Cc rjollos added; anonymous removed

Closer investigation inside this plugin's source reveals, that UserManager.delete_user for one relies on AccountManager.delete_user that got fixed to delete all attributes since r10526. So all users with a password store entry (recognized by AccountManager as referred to by the term "AccountManager"-managed users) should be sanely wiped.

The other, plugin-native method is still weak, rather disabling user accounts than deleting them, but better leave it that way, hopefully encouraging adoption of the next-generation of AccountManager with UserManager core functions merged, what is planned for the acct_mgr-0.5 release cycle.

Since Catalin will most probably not stay to the promise anymore, I'd read it like wontfix, but leave it open for visibility to prevent duplicates until there is a better alternative thought new, integrated code.

comment:4 Changed 15 months ago by rjollos

  • Owner changed from cbalan to rjollos

Add Comment

Modify Ticket

as assigned The owner will remain rjollos.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.