Opened 9 years ago

Last modified 3 years ago

#2571 assigned defect

Removing a user does not remove the session_attributes

Reported by: Jason Trahan Owned by: Ryan J Ollos
Priority: high Component: UserManagerPlugin
Severity: major Keywords: user attribute deletion
Cc: Ryan J Ollos Trac Release: 0.11


I'm not sure if this was by design or not. If it is can you add an option to remove the session_attributes when a user is removed.

Attachments (0)

Change History (4)

comment:1 Changed 9 years ago by Catalin BALAN

Priority: normalhigh
Severity: normalmajor
Status: newassigned

Yes, this was by design ... which is bad and 'trashy', but safe. I'll fix this soon.

Thank you for your feedback.

Best regards, Catalin Balan

comment:2 in reply to:  1 Changed 5 years ago by Steffen Hoffmann

Keywords: user attribute deletion added

Replying to cbalan:

Yes, this was by design ... which is bad and 'trashy', but safe. I'll fix this soon.

Safe. Quite right, indeed. In AccountManagerPlugin there was a bug preventing the db cleanup. Just the user was deleted from the password stores. I fixed it meanwhile, but yesterday I helped someone out on #trac IRC channel, who had to recover from extensive erroneous user account deletion. With his still buggy version his admin had not done much harm. You see?

Anyway, this is code available in AccountManagerPlugin. Let's see how to use it here without re-inventing the wheel.

comment:3 Changed 4 years ago by Steffen Hoffmann

Cc: Ryan J Ollos added; anonymous removed

Closer investigation inside this plugin's source reveals, that UserManager.delete_user for one relies on AccountManager.delete_user that got fixed to delete all attributes since r10526. So all users with a password store entry (recognized by AccountManager as referred to by the term "AccountManager"-managed users) should be sanely wiped.

The other, plugin-native method is still weak, rather disabling user accounts than deleting them, but better leave it that way, hopefully encouraging adoption of the next-generation of AccountManager with UserManager core functions merged, what is planned for the acct_mgr-0.5 release cycle.

Since Catalin will most probably not stay to the promise anymore, I'd read it like wontfix, but leave it open for visibility to prevent duplicates until there is a better alternative thought new, integrated code.

comment:4 Changed 3 years ago by Ryan J Ollos

Owner: changed from Catalin BALAN to Ryan J Ollos

Modify Ticket

Change Properties
Set your email in Preferences
as assigned The owner will remain Ryan J Ollos.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.