[Sugar-devel] [Systems] trac breakage

[Walter Bender]

Thanks for digging into this.

FWIW, I am fine with having my account deleted and re-registering. Whatever
is most expedient for the trac maintainers.

-walter

On Mon, Mar 14, 2016 at 4:48 PM, Samuel Cantero <scanterog at gmail.com> wrote:

> On Mon, Mar 14, 2016 at 5:21 PM, James Cameron <quozl at laptop.org> wrote:
>
>> On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:
>> > On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1]quozl at laptop.org>
>> wrote:
>> >
>> >     On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
>> >     > Regarding to the inability to access the user page, I've checked
>> our
>> >     > current users and I found 97426 users. We had a lot of spam
>> >     > here. I've checked this by doing:
>> >     >
>> >     > sqlite> select count(*) from session;
>> >     > 97426
>> >
>> >     Perhaps "session" is wrong table.  My notes on this are;
>> >
>> >     0. trac.htdigest file is used to form list shown on manage user
>> accounts,
>> >
>> >     1. passphrase is stored in trac.htdigest file,
>> >
>> >     2. the last login and authenticated flag are taken from session
>> table,
>> >
>> >        select * from session where sid = 'Quozl';
>> >
>> >     3. name and e-mail are taken from session_attribute table,
>> >
>> >        select * from session_attribute where sid = 'Quozl';
>> >
>> > We should delete all information inside session and session_attribute
>> tables.
>> > We don't have any trac.htdigest file. Maybe 'cause we're storing pwd in
>> the
>> > trac database (SessionStore) [1].
>> >
>> > The ideal would be to delete users through the trac-admin utility:
>> >
>> >   • List users: trac-admin /project session list
>> >
>> >     I can find here the same users that we find in the session table.
>> >
>> >   • Delete users: trac-admin /project session delete <username1> ...
>> >     <usernameN>
>> >
>> > But doing this for ~90.000 users is not viable.
>>
>> I'm guessing that you mean the unviable step is identifying the users.
>>
>
> Yes.
>
>>
>> Take the entire set of users, then remove the set of users who have
>> created tickets or made comments, then use the set in a script that
>> deletes each user.
>>
>> Eventually it should complete.
>>
>
> I can only test this kind of procedure on weekends when I usually have
> more time. If you have time, go ahead.
>
>>
>> Then use whatever tools are necessary to optimise the table.
>>
>> >
>> >     4. deletion of the users via manage user accounts results in removal
>> >        from trac.htdigest, removal from session table, removal from
>> >        session_attribute table.
>> >
>> >     Hope that helps.
>> >
>> >     > [...]
>> >     > I tried to remove all suspicious users with the trac-admin utility
>> >     > and directly by database but this is almost imposible.
>> >
>> >     It may require very careful scripting, yes.  Last time I looked at
>> >     that, I made a mistake deleted all users.  (3rd March 2014, for
>> >     [2]dev.laptop.org).  It hasn't been a problem since.
>> >
>> >     > I guess we should delete all users and ask them to re-register
>> >     > again. However, I don't want to proceed before your approval.
>> >
>> >     I'm fine with that.  Let's hear from others.
>> >
>> >     --
>> >     James Cameron
>> >     [3]http://quozl.netrek.org/
>> >
>> > [1] [4]https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
>> >
>> > References:
>> >
>> > [1] mailto:quozl at laptop.org
>> > [2] http://dev.laptop.org/
>> > [3] http://quozl.netrek.org/
>> > [4] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
>>
>> --
>> James Cameron
>> http://quozl.netrek.org/
>>
>
>


-- 
Walter Bender
Sugar Labs
http://www.sugarlabs.org
<http://www.sugarlabs.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20160314/9cf3f85c/attachment.html>