Ticket #6616 (closed defect: fixed)

Opened 3 years ago

Last modified 6 months ago

Invalid entries for usernames in table

Reported by: rjollos Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: user session invalid
Cc: Trac Release: 0.11

Description

I have users named kangy and kenl on my system. Today I noticed that the UserStats macro is listing two entries that should not be valid:

  • KENL
  • kangy kangy

These are listed in addition to:

  • kenl
  • kangy

Need to investigate the cause of this behavior.

Attachments

Change History

12/07/10 01:56:23 changed by rjollos

I think this is an issue with invalid login attempts being stored in the session table.

(follow-up: ↓ 3 ) 12/07/10 15:07:42 changed by hieroglyph

I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...

This is probably a wontfix...

(in reply to: ↑ 2 ; follow-up: ↓ 4 ) 12/16/10 08:40:38 changed by rjollos

  • status changed from new to closed.
  • resolution set to wontfix.

Replying to hieroglyph:

I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records... This is probably a wontfix...

Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)

(in reply to: ↑ 3 ) 02/26/12 20:54:02 changed by hasienda

  • keywords set to user session invalid.
  • status changed from closed to reopened.
  • resolution deleted.

Replying to rjollos:

Replying to hieroglyph:

... This is probably a wontfix...

Maybe, but this could be done now, see #9852 and wiki:AccountManagerPlugin/WikiMacros for details.

Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)

Good point, and thought much earlier that I did. It took me a long time to see the potential for WikiMacros in that plugin. Now I know, I'm not the only one seeing this. Let's do it then...

02/26/12 20:59:11 changed by hasienda

  • status changed from reopened to new.
  • owner changed from rjollos to hasienda.
  • component changed from UserStatsMacro to AccountManagerPlugin.

Pulling over to the place, where it could be resolved.

Of course we'll not fix UserStatsMacro itself, rather create a fixed version of the UserStats wiki macro. Might have been the right thing, but build on the wrong foundation.

02/29/12 21:15:48 changed by hasienda

(In [11345]) AccountManagerPlugin: Provide user statistics similar to UserStatsMacro and more, refs #6616 and #9852.

UserQuery parameters 'email' and 'name' will add corresponding columns to the result table.

format_author is used to ensure email address obfuscation for web-UI persistence matching Trac core behavior.

The user query link is currently not implemented similar to UserStatsMacro, but users with `ACCTMGR_USER_ADMIN permission will see links to user details instead, like in recent version of the user admin panel.

02/29/12 21:46:08 changed by hasienda

(In [11346]) AccountManagerPlugin: Add flexible date/time rendering for user lists, refs #6616 and #9852.

Now the time stamps are combined with a relative time interval hint (tool-tip). This is an enhancement to the user admin panel too.

Support for bleeding-edge user configurable time in Trac 0.13 is accompanied here by a fallback for Trac 0.11 and 0.12, that looks great and is worth a lot of the effort put into this rather complicated fallback code.

02/29/12 21:49:13 changed by hasienda

(In [11347]) AccountManagerPlugin: Don't give away account/user details without elevated permission, refs #6616 and #9852.

USER_VIEW permission is required, where anonymous users could learn about sensitive information like existing accounts/users. This permission shouldn't be granted lightly in publicly available Trac applications, because it has the potential to encourage efficient brute-force attacks without the need to guess existing accounts.

03/01/12 23:12:04 changed by hasienda

(In [11349]) AccountManagerPlugin: Restore 0.11 compatibility, refs #6616, #9506 and #9852.

Use of user_time (from Trac 0.13) defeated the value of the compat function. The syntax for inheritance of USER_VIEW by ACCTMGR_USER_ADMIN is corrected, and finally ACCTMGR_USER_ADMIN now inherits EMAIL_VIEW from Trac core too, because setting user properties without seeing them by default felt wrong.

12/01/12 16:55:52 changed by hasienda

  • status changed from new to closed.
  • resolution set to fixed.

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

Add/Change #6616 (Invalid entries for usernames in table)




Change Properties
Action