[Sugar-devel] [Systems] trac breakage
Walter Bender
walter.bender at gmail.com
Mon Mar 14 19:38:20 EDT 2016
Thanks for digging into this.
FWIW, I am fine with having my account deleted and re-registering. Whatever
is most expedient for the trac maintainers.
-walter
On Mon, Mar 14, 2016 at 4:48 PM, Samuel Cantero <scanterog at gmail.com> wrote:
> On Mon, Mar 14, 2016 at 5:21 PM, James Cameron <quozl at laptop.org> wrote:
>
>> On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:
>> > On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1]quozl at laptop.org>
>> wrote:
>> >
>> > On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
>> > > Regarding to the inability to access the user page, I've checked
>> our
>> > > current users and I found 97426 users. We had a lot of spam
>> > > here. I've checked this by doing:
>> > >
>> > > sqlite> select count(*) from session;
>> > > 97426
>> >
>> > Perhaps "session" is wrong table. My notes on this are;
>> >
>> > 0. trac.htdigest file is used to form list shown on manage user
>> accounts,
>> >
>> > 1. passphrase is stored in trac.htdigest file,
>> >
>> > 2. the last login and authenticated flag are taken from session
>> table,
>> >
>> > select * from session where sid = 'Quozl';
>> >
>> > 3. name and e-mail are taken from session_attribute table,
>> >
>> > select * from session_attribute where sid = 'Quozl';
>> >
>> > We should delete all information inside session and session_attribute
>> tables.
>> > We don't have any trac.htdigest file. Maybe 'cause we're storing pwd in
>> the
>> > trac database (SessionStore) [1].
>> >
>> > The ideal would be to delete users through the trac-admin utility:
>> >
>> > • List users: trac-admin /project session list
>> >
>> > I can find here the same users that we find in the session table.
>> >
>> > • Delete users: trac-admin /project session delete <username1> ...
>> > <usernameN>
>> >
>> > But doing this for ~90.000 users is not viable.
>>
>> I'm guessing that you mean the unviable step is identifying the users.
>>
>
> Yes.
>
>>
>> Take the entire set of users, then remove the set of users who have
>> created tickets or made comments, then use the set in a script that
>> deletes each user.
>>
>> Eventually it should complete.
>>
>
> I can only test this kind of procedure on weekends when I usually have
> more time. If you have time, go ahead.
>
>>
>> Then use whatever tools are necessary to optimise the table.
>>
>> >
>> > 4. deletion of the users via manage user accounts results in removal
>> > from trac.htdigest, removal from session table, removal from
>> > session_attribute table.
>> >
>> > Hope that helps.
>> >
>> > > [...]
>> > > I tried to remove all suspicious users with the trac-admin utility
>> > > and directly by database but this is almost imposible.
>> >
>> > It may require very careful scripting, yes. Last time I looked at
>> > that, I made a mistake deleted all users. (3rd March 2014, for
>> > [2]dev.laptop.org). It hasn't been a problem since.
>> >
>> > > I guess we should delete all users and ask them to re-register
>> > > again. However, I don't want to proceed before your approval.
>> >
>> > I'm fine with that. Let's hear from others.
>> >
>> > --
>> > James Cameron
>> > [3]http://quozl.netrek.org/
>> >
>> > [1] [4]https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
>> >
>> > References:
>> >
>> > [1] mailto:quozl at laptop.org
>> > [2] http://dev.laptop.org/
>> > [3] http://quozl.netrek.org/
>> > [4] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
>>
>> --
>> James Cameron
>> http://quozl.netrek.org/
>>
>
>
--
Walter Bender
Sugar Labs
http://www.sugarlabs.org
<http://www.sugarlabs.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20160314/9cf3f85c/attachment.html>
More information about the Sugar-devel
mailing list