Opened 9 years ago
Last modified 7 years ago
#12053 new defect
Users without password aren't displayed in dialogs
| Reported by: | Dirk Stöcker | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: |
Description
When a username has no password in PWD database, then it is not displayed in the auth-manager admin panels. This especially makes in impossible to delete or fix such accounts.
Fix these accounts should be displayed (e.g. in red) and it should be possible to remove them and also to set passwords for them.
Attachments (0)
Change History (5)
comment:1 Changed 9 years ago by
comment:2 follow-up: 3 Changed 9 years ago by
When you have a username in session and emails ins session_attribute, but both are not displayed in the user overview than something is broken:
- I want to add a new user and get told the user already exists, but it is not in the list
- I want to set an email for an user and get told email already exists, but it is nowhere in the list.
If there is no way to list available users other than querying Trac db table session, this would still only reveal those, who logged-in at least once. So what do you have in mind here, fix-up for incomplete account deletion as done by previous account manager versions?
That's not true. The session entry contains data even when users have never logged in.
I simply want a consistent user interface. It should not present me error messages, which are not fixable at all and hidden in some strange database details.
comment:3 Changed 9 years ago by
Replying to stoecker:
When you have a username in session and emails ins session_attribute, but both are not displayed in the user overview than something is broken:
- I want to add a new user and get told the user already exists, but it is not in the list
- I want to set an email for an user and get told email already exists, but it is nowhere in the list.
If there is no way to list available users other than querying Trac db table session, this would still only reveal those, who logged-in at least once. So what do you have in mind here, fix-up for incomplete account deletion as done by previous account manager versions?
That's not true. The session entry contains data even when users have never logged in.
True, point taken, i. e. for (only) administratively added or (self-)registered user accounts.
I simply want a consistent user interface. It should not present me error messages, which are not fixable at all and hidden in some strange database details.
Will take care of this. It might fit into changes required by #11879 anyway.
comment:4 Changed 9 years ago by
| Cc: | anonymous removed |
|---|
comment:5 Changed 7 years ago by
| Owner: | Steffen Hoffmann deleted |
|---|
Replying to stoecker:
Password stores do not necessarily reveal, for which username they hold a password. IIRC this has been true for LDAP-backed stores, maybe others too.
If there is no way to list available users other than querying Trac db table
session, this would still only reveal those, who logged-in at least once. So what do you have in mind here, fix-up for incomplete account deletion as done by previous account manager versions?Again, none of these actions might work with these LDAP-backed stores mentioned above. But you're not looking at such a store here, right?