Modify

Opened 4 years ago

Closed 20 months ago

#6616 closed defect (fixed)

Invalid entries for usernames in table

Reported by: rjollos Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: user session invalid
Cc: Trac Release: 0.11

Description

I have users named kangy and kenl on my system. Today I noticed that the UserStats macro is listing two entries that should not be valid:

  • KENL
  • kangy kangy

These are listed in addition to:

  • kenl
  • kangy

Need to investigate the cause of this behavior.

Attachments (0)

Change History (10)

comment:1 Changed 4 years ago by rjollos

I think this is an issue with invalid login attempts being stored in the session table.

comment:2 follow-up: Changed 4 years ago by hieroglyph

I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...

This is probably a wontfix...

comment:3 in reply to: ↑ 2 ; follow-up: Changed 4 years ago by rjollos

  • Resolution set to wontfix
  • Status changed from new to closed

Replying to hieroglyph:

I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...

This is probably a wontfix...

Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)

comment:4 in reply to: ↑ 3 Changed 2 years ago by hasienda

  • Keywords user session invalid added
  • Resolution wontfix deleted
  • Status changed from closed to reopened

Replying to rjollos:

Replying to hieroglyph:

...
This is probably a wontfix...

Maybe, but this could be done now, see #9852 and wiki:AccountManagerPlugin/WikiMacros for details.

Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)

Good point, and thought much earlier that I did. It took me a long time to see the potential for WikiMacros in that plugin. Now I know, I'm not the only one seeing this. Let's do it then...

comment:5 Changed 2 years ago by hasienda

  • Component changed from UserStatsMacro to AccountManagerPlugin
  • Owner changed from rjollos to hasienda
  • Status changed from reopened to new

Pulling over to the place, where it could be resolved.

Of course we'll not fix UserStatsMacro itself, rather create a fixed version of the UserStats wiki macro. Might have been the right thing, but build on the wrong foundation.

comment:6 Changed 2 years ago by hasienda

(In [11345]) AccountManagerPlugin: Provide user statistics similar to UserStatsMacro and more, refs #6616 and #9852.

UserQuery parameters 'email' and 'name' will add corresponding columns to
the result table.

format_author is used to ensure email address obfuscation for web-UI
persistence matching Trac core behavior.

The user query link is currently not implemented similar to UserStatsMacro,
but users with `ACCTMGR_USER_ADMIN permission will see links to user details
instead, like in recent version of the user admin panel.

comment:7 Changed 2 years ago by hasienda

(In [11346]) AccountManagerPlugin: Add flexible date/time rendering for user lists, refs #6616 and #9852.

Now the time stamps are combined with a relative time interval hint (tool-tip).
This is an enhancement to the user admin panel too.

Support for bleeding-edge user configurable time in Trac 0.13 is accompanied
here by a fallback for Trac 0.11 and 0.12, that looks great and is worth a lot
of the effort put into this rather complicated fallback code.

comment:8 Changed 2 years ago by hasienda

(In [11347]) AccountManagerPlugin: Don't give away account/user details without elevated permission, refs #6616 and #9852.

USER_VIEW permission is required, where anonymous users could learn about
sensitive information like existing accounts/users. This permission
shouldn't be granted lightly in publicly available Trac applications,
because it has the potential to encourage efficient brute-force attacks
without the need to guess existing accounts.

comment:9 Changed 2 years ago by hasienda

(In [11349]) AccountManagerPlugin: Restore 0.11 compatibility, refs #6616, #9506 and #9852.

Use of user_time (from Trac 0.13) defeated the value of the compat function.
The syntax for inheritance of USER_VIEW by ACCTMGR_USER_ADMIN is corrected,
and finally ACCTMGR_USER_ADMIN now inherits EMAIL_VIEW from Trac core too,
because setting user properties without seeing them by default felt wrong.

comment:10 Changed 20 months ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release
closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution,
refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress,
but known to require more work to resolve them satisfactorily,
refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good
portion of this development work.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from hasienda. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.