Modify

Opened 8 years ago

Closed 5 years ago

#6616 closed defect (fixed)

Invalid entries for usernames in table

Reported by: Ryan J Ollos Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: user session invalid
Cc: Trac Release: 0.11

Description

I have users named kangy and kenl on my system. Today I noticed that the UserStats macro is listing two entries that should not be valid:

  • KENL
  • kangy kangy

These are listed in addition to:

  • kenl
  • kangy

Need to investigate the cause of this behavior.

Attachments (0)

Change History (10)

comment:1 Changed 7 years ago by Ryan J Ollos

I think this is an issue with invalid login attempts being stored in the session table.

comment:2 Changed 7 years ago by Mark Cooke

I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...

This is probably a wontfix...

comment:3 in reply to:  2 ; Changed 7 years ago by Ryan J Ollos

Resolution: wontfix
Status: newclosed

Replying to hieroglyph:

I agree but I do not think this is a problem with the UserStatsMacro ~ it is more a need for a User Session Management plugin to allow you to create / update / delete session records...

This is probably a wontfix...

Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)

comment:4 in reply to:  3 Changed 6 years ago by Steffen Hoffmann

Keywords: user session invalid added
Resolution: wontfix
Status: closedreopened

Replying to rjollos:

Replying to hieroglyph:

... This is probably a wontfix...

Maybe, but this could be done now, see #9852 and wiki:AccountManagerPlugin/WikiMacros for details.

Perhaps as a feature of the AccountManagerPlugin? (if it does not already exist)

Good point, and thought much earlier that I did. It took me a long time to see the potential for WikiMacros in that plugin. Now I know, I'm not the only one seeing this. Let's do it then...

comment:5 Changed 6 years ago by Steffen Hoffmann

Component: UserStatsMacroAccountManagerPlugin
Owner: changed from Ryan J Ollos to Steffen Hoffmann
Status: reopenednew

Pulling over to the place, where it could be resolved.

Of course we'll not fix UserStatsMacro itself, rather create a fixed version of the UserStats wiki macro. Might have been the right thing, but build on the wrong foundation.

comment:6 Changed 6 years ago by Steffen Hoffmann

(In [11345]) AccountManagerPlugin: Provide user statistics similar to UserStatsMacro and more, refs #6616 and #9852.

UserQuery parameters 'email' and 'name' will add corresponding columns to the result table.

format_author is used to ensure email address obfuscation for web-UI persistence matching Trac core behavior.

The user query link is currently not implemented similar to UserStatsMacro, but users with `ACCTMGR_USER_ADMIN permission will see links to user details instead, like in recent version of the user admin panel.

comment:7 Changed 6 years ago by Steffen Hoffmann

(In [11346]) AccountManagerPlugin: Add flexible date/time rendering for user lists, refs #6616 and #9852.

Now the time stamps are combined with a relative time interval hint (tool-tip). This is an enhancement to the user admin panel too.

Support for bleeding-edge user configurable time in Trac 0.13 is accompanied here by a fallback for Trac 0.11 and 0.12, that looks great and is worth a lot of the effort put into this rather complicated fallback code.

comment:8 Changed 6 years ago by Steffen Hoffmann

(In [11347]) AccountManagerPlugin: Don't give away account/user details without elevated permission, refs #6616 and #9852.

USER_VIEW permission is required, where anonymous users could learn about sensitive information like existing accounts/users. This permission shouldn't be granted lightly in publicly available Trac applications, because it has the potential to encourage efficient brute-force attacks without the need to guess existing accounts.

comment:9 Changed 6 years ago by Steffen Hoffmann

(In [11349]) AccountManagerPlugin: Restore 0.11 compatibility, refs #6616, #9506 and #9852.

Use of user_time (from Trac 0.13) defeated the value of the compat function. The syntax for inheritance of USER_VIEW by ACCTMGR_USER_ADMIN is corrected, and finally ACCTMGR_USER_ADMIN now inherits EMAIL_VIEW from Trac core too, because setting user properties without seeing them by default felt wrong.

comment:10 Changed 5 years ago by Steffen Hoffmann

Resolution: fixed
Status: newclosed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.