[Sugar-devel] [Systems] trac breakage

[James Cameron]

On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:
> On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1]quozl at laptop.org> wrote:
> 
>     On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
>     > Regarding to the inability to access the user page, I've checked our
>     > current users and I found 97426 users. We had a lot of spam
>     > here. I've checked this by doing:
>     >
>     > sqlite> select count(*) from session;
>     > 97426
> 
>     Perhaps "session" is wrong table.  My notes on this are;
> 
>     0. trac.htdigest file is used to form list shown on manage user accounts,
> 
>     1. passphrase is stored in trac.htdigest file,
> 
>     2. the last login and authenticated flag are taken from session table,
> 
>        select * from session where sid = 'Quozl'; 
> 
>     3. name and e-mail are taken from session_attribute table,
> 
>        select * from session_attribute where sid = 'Quozl';
> 
> We should delete all information inside session and session_attribute tables.
> We don't have any trac.htdigest file. Maybe 'cause we're storing pwd in the
> trac database (SessionStore) [1].
> 
> The ideal would be to delete users through the trac-admin utility:
> 
>   • List users: trac-admin /project session list
> 
>     I can find here the same users that we find in the session table.
> 
>   • Delete users: trac-admin /project session delete <username1> ...
>     <usernameN>
> 
> But doing this for ~90.000 users is not viable.

I'm guessing that you mean the unviable step is identifying the users.

Take the entire set of users, then remove the set of users who have
created tickets or made comments, then use the set in a script that
deletes each user.

Eventually it should complete.

Then use whatever tools are necessary to optimise the table.

> 
>     4. deletion of the users via manage user accounts results in removal
>        from trac.htdigest, removal from session table, removal from
>        session_attribute table. 
> 
>     Hope that helps.
> 
>     > [...]
>     > I tried to remove all suspicious users with the trac-admin utility
>     > and directly by database but this is almost imposible.
> 
>     It may require very careful scripting, yes.  Last time I looked at
>     that, I made a mistake deleted all users.  (3rd March 2014, for
>     [2]dev.laptop.org).  It hasn't been a problem since.
>    
>     > I guess we should delete all users and ask them to re-register
>     > again. However, I don't want to proceed before your approval.
> 
>     I'm fine with that.  Let's hear from others.
> 
>     --
>     James Cameron
>     [3]http://quozl.netrek.org/
> 
> [1] [4]https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
> 
> References:
> 
> [1] mailto:quozl at laptop.org
> [2] http://dev.laptop.org/
> [3] http://quozl.netrek.org/
> [4] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores

-- 
James Cameron
http://quozl.netrek.org/