Opened 4 years ago

Closed 4 years ago

# Trac listing 132 users and not the rest of users

Reported by: Owned by: matt@… hasienda normal AccountManagerPlugin major user attributes 0.11

### Description

I use 1.0 version.

Would result in server 500 error and crash of the process: there is too much data (I don't even know how many users but we have but more than 10,000 I think)

Now going to this page I see 132 users and the page listing stops. I cannot see the other users. At the bottom I see the footer etc. so the listing is complete. But obviously not because we have many more users not listed.

See attached file. for sample of these users which we have hundreds of: result of automated spam software.

My ultimate goal is not to list all users on the page (I guess you need to implement paging but I don't expect that) but I simply want to see one particular user's email address. I have super admin on the trac, but I cannot find a way to view this user's email since the list stops at 132 users (strange number isn't it).

Thanks!

PS: Thanks so much for trac, which we run for our popular open source project!

### comment:1 follow-up: ↓ 4 Changed 4 years ago by rjollos

The image doesn't seem to have successfully uploaded, or somehow otherwise became corrupted.

yet another try

### comment:2 follow-up: ↓ 5 Changed 4 years ago by anonymous

apparently I found a bug in trac that it corrupts the uploaded images when they have somehow long names.... It works here: http://trac-hacks.org/attachment/ticket/10873/users.png

thx for the help!

Actually we have major trouble with Trac at this stage. Today I got 4 emails with this bug report:

 I'm getting strange Trac errors when being logged in... At first I couldn't log in -> did a password reset... Now I'm getting errors like

Trac detected an internal error:
AttributeError: 'MessageWrapper' object has no attribute 'replace'



The only solution I find is to delete the account and re-create.

Hopefully this bug is familiar.... We have upgraded from very old trac over the years so maybe an issue?

### comment:3 Changed 4 years ago by rjollos

Which version of AccountManagerPlugin are you running? hasienda pushed out 0.4.3 with some critical fixes just a day or two back.

### comment:4 in reply to: ↑ 1 Changed 4 years ago by hasienda

The image doesn't seem to have successfully uploaded, or somehow otherwise became corrupted.

Don't worry, this is a rather old Trac installation, that will hopefully get upgraded soon.

### comment:5 in reply to: ↑ 2 ; follow-up: ↓ 10 Changed 4 years ago by hasienda

Actually we have major trouble with Trac at this stage. Today I got 4 emails with this bug report:

I'm getting strange Trac errors when being logged in... At first I couldn't log in -> did a password reset... Now I'm getting errors like

Trac detected an internal error: AttributeError: 'MessageWrapper' object has no attribute 'replace'

The only solution I find is to delete the account and re-create.

Hopefully this bug is familiar.... We have upgraded from very old trac over the years so maybe an issue?

Not familiar at all, sorry. But you should really upgrade as already recommended by Ryan. And Please watch out for changes and required actions in README.update too. Additional nit-pick: I'd appreciate the question being posted to the mainling-list instead of messing with the original subject of this ticket. It's already complicated enough to check its background and root-cause. Thanks for consideration further on.

### comment:6 follow-up: ↓ 8 Changed 4 years ago by hasienda

yet another try

It was a nasty spin to talk users into creation of file names and directories with spaces in their name. This is spelling trouble all around, for no real gain. Just avoid it, even if it has been fixed in Trac 1.0 by converting all names to sha1 hashes for internal storage.

### comment:7 in reply to: ↑ description ; follow-up: ↓ 9 Changed 4 years ago by hasienda

I use 1.0 version.

Would result in server 500 error and crash of the process: there is too much data (I don't even know how many users but we have but more than 10,000 I think)

Now going to this page I see 132 users and the page listing stops. I cannot see the other users. At the bottom I see the footer etc. so the listing is complete. But obviously not because we have many more users not listed.

Seem like you installed a development version with new filter functionality. See, if you find the filter section at the top of the list, folded by default. And make sure not to check 'active', or you'll be thrown back to a non-functional listing again.

And yes, paging should help, and it'll be the ultimate way to deal with such over-crowded installations. From the screen shot its obvious, that someone tried to find ways into the system by trying a lot of interestingly-looking names. I'd be eager to get my hands on that Trac db table 'session_attribute' of yours for more in-deep study of wanna-be hackers attempts on breaking in by tricking user registration code, if there is a way.

### comment:8 in reply to: ↑ 6 Changed 4 years ago by anonymous

yet another try

It was a nasty spin to talk users into creation of file names and directories with spaces in their name. This is spelling trouble all around, for no real gain. Just avoid it, even if it has been fixed in Trac 1.0 by converting all names to sha1 hashes for internal storage.

if this is spelling trouble, the app should say so, it's OK to force users not to use spaces as long as it's explained to users (rather than fail silently)

### comment:9 in reply to: ↑ 7 Changed 4 years ago by anonymous

Seem like you installed a development version with new filter functionality. See, if you find the filter section at the top of the list, folded by default. And make sure not to check 'active', or you'll be thrown back to a non-functional listing again.

I can do that but will that really fix any of the 2 bugs I reported?

I'd be eager to get my hands on that Trac db table 'session_attribute' of yours for more in-deep study of wanna-be hackers attempts on breaking in by tricking user registration code, if there is a way.

I'd be happy to send to you. Could you send me an email from an official looking trac email & I can send you the dump (as long as it does not have passwords or pwd hashes).

### comment:10 in reply to: ↑ 5 ; follow-up: ↓ 13 Changed 4 years ago by anonymous

R

Trac detected an internal error: AttributeError: 'MessageWrapper' object has no attribute 'replace'

The only solution I find is to delete the account and re-create.

Hopefully this bug is familiar.... We have upgraded from very old trac over the years so maybe an issue?

Not familiar at all, sorry. But you should really upgrade as already recommended by Ryan. And Please watch out for changes and required actions in README.update too.

We are using AccountManager version 0.2.1dev-r4679 and most likely this was upgraded from an even earlier version, and very likely we didn't do any of the things in: http://trac-hacks.org/browser/accountmanagerplugin/trunk/README.update

I guess that explains these bugs. I've asked our sysadmin to update the plugin and hopefully this will fix both issues (listing only 132 users and all existing users having the error message AttributeError: 'MessageWrapper' object has no attribute 'replace' on login).

### comment:11 in reply to: ↑ description Changed 4 years ago by hasienda

I use 1.0 version.

Would result in server 500 error and crash of the process: there is too much data (I don't even know how many users but we have but more than 10,000 I think)

Hm, I've seen another instance like that before. This was the major motivation to get a decent infrastructure for the new user registration process. Please, with a cherry on top, set it up correctly as soon as possible to not get more of this obvious spam accounts.

### comment:12 Changed 4 years ago by hasienda

• Priority changed from high to normal

Btw, I wouldn't call it "user", rather "cruft". And I'll try to help you to deal with that issue independently of proving your point or not on this user list issue. Just allow me to take the lead regarding development decisions. After all your standing on "my ground" here in the development ticket area, ok?

### comment:13 in reply to: ↑ 10 Changed 4 years ago by hasienda

• Trac Release changed from 1.0 to 0.11

We are using AccountManager version 0.2.1dev-r4679 and most likely this was upgraded from an even earlier version, and very likely we didn't do any of the things in: http://trac-hacks.org/browser/accountmanagerplugin/trunk/README.update

Oh no! This is a true nightmare, and it seemingly never stops. This invalidates your issue claims against (current) plugin code on it's own.

Tell your admins, if they run a manager version that old, actually ancient, they should better RUN for an appropriate upgrade now. This code is about 5-6 years old code, and the changelog mentions more than 125 fixed issues since than, not to mention an almost equal number of enhancements and new features.

### comment:14 Changed 4 years ago by anonymous

This invalidates your issue claims against (current) plugin code on it's own.

I didn't mean to report a bug against current plugin code sorry if my report was wrong...

they should better RUN for an appropriate upgrade now

by "run an appropriate upgrade" do you mean upgrading the accountmanager plugin to the latest version? we'll do that on Monday hopefully! thx

### comment:15 follow-up: ↓ 16 Changed 4 years ago by anonymous

Update: we have now upgraded to AccountManager 0.4.3 and Trac 1.0.1. In the UI all AccountManager's components are enabled except EmailVerificationModule and SvnServePasswordStore.

The User listing now lists 200 users.

If I edit a particular user that currently cannot login (we had few users reporting they cant login), I get the message No store provides credentials for this user, so the user currently can't be authenticated and access to this account is effectively blocked, while account details may still be available.

I tried cat * | grep john in the trac/auth and in \$project/conf but it didn't return any record. I looked in backup and somehow, 2 days ago, the trac.htdigest lost nearly all records.

I restored now the trac.htdigest to its previous OK state: apparently there are 24,847 users. of course most of them are spam & automated attack softwares which we see most days on the server.

it looks like the new plugin is full of options and possibilities.

Trac now re-works so our first problem is solved. Thank you very much for the hints

Also I have a final request: can we see a user email address with the UI? going to /trac/admin/accounts/users?user=john does not list his email it seems.

Thanks! Keep up the good work ;)

### comment:16 in reply to: ↑ 15 ; follow-up: ↓ 17 Changed 4 years ago by hasienda

Update: we have now upgraded to AccountManager 0.4.3 and Trac 1.0.1.

I restored now the trac.htdigest to its previous OK state: apparently there are 24,847 users. of course most of them are spam & automated attack softwares which we see most days on the server.

it looks like the new plugin is full of options and possibilities.

Yes indeed. Enjoy, and make sure to have a look at #8930 for making your life easier with all these possibilities.

Also I have a final request: can we see a user email address with the UI? going to /trac/admin/accounts/users?user=john does not list his email it seems.

You should be able to see it in the user list. In user details it is only shown, if the email verification procedure is enabled. I did not notice this, so thanks for asking. It may be worth to see it unconditionally.

### comment:17 in reply to: ↑ 16 Changed 4 years ago by anonymous

• Resolution set to worksforme
• Status changed from new to closed

Also I have a final request: can we see a user email address with the UI? going to /trac/admin/accounts/users?user=john does not list his email it seems.

You should be able to see it in the user list. In user details it is only shown, if the email verification procedure is enabled. I did not notice this, so thanks for asking. It may be worth to see it unconditionally.

Would be great for admin user to see email. In my case, I wanted to email user about specific important bug as I think user would like to be notified of the fix.

Btw it does not show the email in the list neither since it only lists top N users and john not one of them.

Thanks!

PS: closing, works for me after upgrading to latest accountmanager.

### comment:18 Changed 4 years ago by hasienda

(In [12664]) AccountManagerPlugin: Always show associated email in user details, refs #10873.

Revised existing code for login tracking and related account locks, added more code for fresh account banning feature and did a major template reorganization and clean-up of Genshi XML Template directives as well.

### comment:19 Changed 4 years ago by matt

FYI Update: now when I visit trac/admin/accounts/users

I get {{{ The connection was reset The connection to the server was reset while the page was loading. }}}

In the access log I see: "GET /trac/admin/accounts/users HTTP/1.1" 200 40490 "http://dev.piwik.org/trac/admin" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0"

It returns status 200. There is no error logged in the error.log.

Because there are 20,000+ users, maybe this is the problem?

Do you know how I could get the page to display ie. maybe the code should select first 500 users and then stop trying, so the page loads in all cases?

Also would be nice to have the error logged, I'm not sure why there is no error logged.

Using trac 1.0.1 with user manager

### comment:20 Changed 4 years ago by hasienda

(In [12738]) AccountManagerPlugin: Move pager to user list in accounts admin panel, refs #809, #9946, #10682, #10745, #10754 and #10873.

This should fix broken display of extra-long user lists, and it makes selections from user list useful for the clean-up page as requested.

Dumped access to anonymous session attributes for the current solution, so these are no longer available for clean-up in the admin web-UI, but I'll re-implement this later on, if it will be missed too much.

### comment:21 follow-up: ↓ 22 Changed 4 years ago by anonymous

so nice to see the fixes! Maybe you could ping here when the new plugin will be released so we know then to update (not urgent!), thanks.

### comment:22 in reply to: ↑ 21 Changed 4 years ago by hasienda

so nice to see the fixes! Maybe you could ping here when the new plugin will be released so we know then to update (not urgent!), thanks.

Following my release procedure, all resolved tickets get closed on release time explicitly, some others get mentioned for pending changes, not too often already closed ones. But an exception is sensible here, and I'll draft a preliminary commit message for next release this evening to not forget about this ticket. Thank you for your interest, and I really hope, that this will be usable for you.