<div dir="ltr"><div>Hi all, </div><div><br></div><div>I just recently removed all users. I've tested it by registering one user for me. Apparently all is working.</div><div><br></div><div>You must register with the same username you've had in order to get all your privileges again. This is very important for the ticket moderators' users and trac admin users.</div><div><br></div><div>Please, if you find something broken just let me know. In the worst case scenario, we have a backup of our previous database.</div><div><br></div><div>Best regards,</div><div><br></div><div>Samuel Cantero.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 14, 2016 at 8:38 PM, Walter Bender <span dir="ltr"><<a href="mailto:walter.bender@gmail.com" target="_blank">walter.bender@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks for digging into this.<div><br></div><div>FWIW, I am fine with having my account deleted and re-registering. Whatever is most expedient for the trac maintainers.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-walter</div></font></span></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Mon, Mar 14, 2016 at 4:48 PM, Samuel Cantero <span dir="ltr"><<a href="mailto:scanterog@gmail.com" target="_blank">scanterog@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div>On Mon, Mar 14, 2016 at 5:21 PM, James Cameron <span dir="ltr"><<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:<br>
<span>> On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1]<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a>> wrote:<br>
><br>
> On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:<br>
> > Regarding to the inability to access the user page, I've checked our<br>
> > current users and I found 97426 users. We had a lot of spam<br>
> > here. I've checked this by doing:<br>
> ><br>
> > sqlite> select count(*) from session;<br>
> > 97426<br>
><br>
> Perhaps "session" is wrong table. My notes on this are;<br>
><br>
> 0. trac.htdigest file is used to form list shown on manage user accounts,<br>
><br>
> 1. passphrase is stored in trac.htdigest file,<br>
><br>
> 2. the last login and authenticated flag are taken from session table,<br>
><br>
> select * from session where sid = 'Quozl'; <br>
><br>
> 3. name and e-mail are taken from session_attribute table,<br>
><br>
> select * from session_attribute where sid = 'Quozl';<br>
><br>
> We should delete all information inside session and session_attribute tables.<br>
> We don't have any trac.htdigest file. Maybe 'cause we're storing pwd in the<br>
> trac database (SessionStore) [1].<br>
><br>
> The ideal would be to delete users through the trac-admin utility:<br>
><br>
> • List users: trac-admin /project session list<br>
><br>
> I can find here the same users that we find in the session table.<br>
><br>
> • Delete users: trac-admin /project session delete <username1> ...<br>
> <usernameN><br>
><br>
> But doing this for ~90.000 users is not viable.<br>
<br>
</span>I'm guessing that you mean the unviable step is identifying the users.<br></blockquote><div><br></div></div></div><div>Yes.</div><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Take the entire set of users, then remove the set of users who have<br>
created tickets or made comments, then use the set in a script that<br>
deletes each user.<br>
<br>
Eventually it should complete.<br></blockquote><div><br></div></span><div>I can only test this kind of procedure on weekends when I usually have more time. If you have time, go ahead.</div><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Then use whatever tools are necessary to optimise the table.<br>
<span><br>
><br>
> 4. deletion of the users via manage user accounts results in removal<br>
> from trac.htdigest, removal from session table, removal from<br>
> session_attribute table. <br>
><br>
> Hope that helps.<br>
><br>
> > [...]<br>
> > I tried to remove all suspicious users with the trac-admin utility<br>
> > and directly by database but this is almost imposible.<br>
><br>
> It may require very careful scripting, yes. Last time I looked at<br>
> that, I made a mistake deleted all users. (3rd March 2014, for<br>
</span>> [2]<a href="http://dev.laptop.org" rel="noreferrer" target="_blank">dev.laptop.org</a>). It hasn't been a problem since.<br>
<span>><br>
> > I guess we should delete all users and ask them to re-register<br>
> > again. However, I don't want to proceed before your approval.<br>
><br>
> I'm fine with that. Let's hear from others.<br>
><br>
> --<br>
> James Cameron<br>
</span>> [3]<a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
><br>
> [1] [4]<a href="https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores" rel="noreferrer" target="_blank">https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores</a><br>
><br>
> References:<br>
><br>
> [1] mailto:<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a><br>
> [2] <a href="http://dev.laptop.org/" rel="noreferrer" target="_blank">http://dev.laptop.org/</a><br>
> [3] <a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
> [4] <a href="https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores" rel="noreferrer" target="_blank">https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores</a><br>
<div><div><br>
--<br>
James Cameron<br>
<a href="http://quozl.netrek.org/" rel="noreferrer" target="_blank">http://quozl.netrek.org/</a><br>
</div></div></blockquote></div></div></div><br></div></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="">-- <br><div><div dir="ltr"><div><font><font>Walter Bender</font></font><br><font><font>Sugar Labs</font></font></div><div><font><a href="http://www.sugarlabs.org" target="_blank"><font>http://www.sugarlabs.org</font></a></font><br><a href="http://www.sugarlabs.org" target="_blank"><font></font></a><br></div></div></div>
</span></div>
</blockquote></div><br></div>