Opened 14 years ago
Closed 11 years ago
#6616 closed defect (fixed)
Invalid entries for usernames in table
| Reported by: | Ryan J Ollos | Owned by: | Steffen Hoffmann |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | user session invalid |
| Cc: | Trac Release: | 0.11 |
Description
I have users named kangy and kenl on my system. Today I noticed that the UserStats macro is listing two entries that should not be valid:
KENLkangy kangy
These are listed in addition to:
kenlkangy
Need to investigate the cause of this behavior.
Attachments (0)
Change History (10)
comment:1 Changed 13 years ago by
comment:2 follow-up: 3 Changed 13 years ago by
I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...
This is probably a wontfix...
comment:3 follow-up: 4 Changed 13 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Replying to hieroglyph:
I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...
This is probably a
wontfix...
Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)
comment:4 Changed 12 years ago by
| Keywords: | user session invalid added |
|---|---|
| Resolution: | wontfix |
| Status: | closed → reopened |
Replying to rjollos:
Replying to hieroglyph:
... This is probably a
wontfix...
Maybe, but this could be done now, see #9852 and wiki:AccountManagerPlugin/WikiMacros for details.
Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)
Good point, and thought much earlier that I did. It took me a long time to see the potential for WikiMacros in that plugin. Now I know, I'm not the only one seeing this. Let's do it then...
comment:5 Changed 12 years ago by
| Component: | UserStatsMacro → AccountManagerPlugin |
|---|---|
| Owner: | changed from Ryan J Ollos to Steffen Hoffmann |
| Status: | reopened → new |
Pulling over to the place, where it could be resolved.
Of course we'll not fix UserStatsMacro itself, rather create a fixed version of the UserStats wiki macro. Might have been the right thing, but build on the wrong foundation.
comment:6 Changed 12 years ago by
(In [11345]) AccountManagerPlugin: Provide user statistics similar to UserStatsMacro and more, refs #6616 and #9852.
UserQuery parameters 'email' and 'name' will add corresponding columns to
the result table.
format_author is used to ensure email address obfuscation for web-UI
persistence matching Trac core behavior.
The user query link is currently not implemented similar to UserStatsMacro, but users with `ACCTMGR_USER_ADMIN permission will see links to user details instead, like in recent version of the user admin panel.
comment:7 Changed 12 years ago by
(In [11346]) AccountManagerPlugin: Add flexible date/time rendering for user lists, refs #6616 and #9852.
Now the time stamps are combined with a relative time interval hint (tool-tip). This is an enhancement to the user admin panel too.
Support for bleeding-edge user configurable time in Trac 0.13 is accompanied here by a fallback for Trac 0.11 and 0.12, that looks great and is worth a lot of the effort put into this rather complicated fallback code.
comment:8 Changed 12 years ago by
(In [11347]) AccountManagerPlugin: Don't give away account/user details without elevated permission, refs #6616 and #9852.
USER_VIEW permission is required, where anonymous users could learn about
sensitive information like existing accounts/users. This permission
shouldn't be granted lightly in publicly available Trac applications,
because it has the potential to encourage efficient brute-force attacks
without the need to guess existing accounts.
comment:9 Changed 12 years ago by
(In [11349]) AccountManagerPlugin: Restore 0.11 compatibility, refs #6616, #9506 and #9852.
Use of user_time (from Trac 0.13) defeated the value of the compat function.
The syntax for inheritance of USER_VIEW by ACCTMGR_USER_ADMIN is corrected,
and finally ACCTMGR_USER_ADMIN now inherits EMAIL_VIEW from Trac core too,
because setting user properties without seeing them by default felt wrong.
comment:10 Changed 11 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.
Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.
Some more issues have been worked-on, yet without confirmed resolution,
refs #5464 (for JiraToTracIntegration), #8927 and #10134.
And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.
Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.
I think this is an issue with invalid login attempts being stored in the session table.