[Sugar-devel] [Systems] trac breakage

James Cameron quozl at laptop.org
Thu Mar 17 16:38:38 EDT 2016


Thanks, it worked fine for me.

On Thu, Mar 17, 2016 at 04:07:49PM -0300, Samuel Cantero wrote:
> Hi all, 
> 
> I just recently removed all users. I've tested it by registering one user for
> me. Apparently all is working.
> 
> You must register with the same username you've had in order to get all your
> privileges again. This is very important for the ticket moderators' users and
> trac admin users.
> 
> Please, if you find something broken just let me know. In the worst case
> scenario, we have a backup of our previous database.
> 
> Best regards,
> 
> Samuel Cantero.
> 
> On Mon, Mar 14, 2016 at 8:38 PM, Walter Bender <[1]walter.bender at gmail.com>
> wrote:
> 
>     Thanks for digging into this.
> 
>     FWIW, I am fine with having my account deleted and re-registering. Whatever
>     is most expedient for the trac maintainers.
>    
>     -walter
>    
>     On Mon, Mar 14, 2016 at 4:48 PM, Samuel Cantero <[2]scanterog at gmail.com>
>     wrote:
> 
>         On Mon, Mar 14, 2016 at 5:21 PM, James Cameron <[3]quozl at laptop.org>
>         wrote:
> 
>             On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:
>             > On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1][4]
>             quozl at laptop.org> wrote:
>             >
>             >     On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero
>             wrote:
>             >     > Regarding to the inability to access the user page, I've
>             checked our
>             >     > current users and I found 97426 users. We had a lot of spam
>             >     > here. I've checked this by doing:
>             >     >
>             >     > sqlite> select count(*) from session;
>             >     > 97426
>             >
>             >     Perhaps "session" is wrong table.  My notes on this are;
>             >
>             >     0. trac.htdigest file is used to form list shown on manage
>             user accounts,
>             >
>             >     1. passphrase is stored in trac.htdigest file,
>             >
>             >     2. the last login and authenticated flag are taken from
>             session table,
>             >
>             >        select * from session where sid = 'Quozl'; 
>             >
>             >     3. name and e-mail are taken from session_attribute table,
>             >
>             >        select * from session_attribute where sid = 'Quozl';
>             >
>             > We should delete all information inside session and
>             session_attribute tables.
>             > We don't have any trac.htdigest file. Maybe 'cause we're storing
>             pwd in the
>             > trac database (SessionStore) [1].
>             >
>             > The ideal would be to delete users through the trac-admin
>             utility:
>             >
>             >   • List users: trac-admin /project session list
>             >
>             >     I can find here the same users that we find in the session
>             table.
>             >
>             >   • Delete users: trac-admin /project session delete <username1>
>             ...
>             >     <usernameN>
>             >
>             > But doing this for ~90.000 users is not viable.
> 
>             I'm guessing that you mean the unviable step is identifying the
>             users.
> 
>         Yes.
>        
> 
>             Take the entire set of users, then remove the set of users who have
>             created tickets or made comments, then use the set in a script that
>             deletes each user.
> 
>             Eventually it should complete.
> 
>         I can only test this kind of procedure on weekends when I usually have
>         more time. If you have time, go ahead.
> 
>             Then use whatever tools are necessary to optimise the table.
>            
>             >
>             >     4. deletion of the users via manage user accounts results in
>             removal
>             >        from trac.htdigest, removal from session table, removal
>             from
>             >        session_attribute table. 
>             >
>             >     Hope that helps.
>             >
>             >     > [...]
>             >     > I tried to remove all suspicious users with the trac-admin
>             utility
>             >     > and directly by database but this is almost imposible.
>             >
>             >     It may require very careful scripting, yes.  Last time I
>             looked at
>             >     that, I made a mistake deleted all users.  (3rd March 2014,
>             for
>             >     [2][5]dev.laptop.org).  It hasn't been a problem since.
>             >
>             >     > I guess we should delete all users and ask them to
>             re-register
>             >     > again. However, I don't want to proceed before your
>             approval.
>             >
>             >     I'm fine with that.  Let's hear from others.
>             >
>             >     --
>             >     James Cameron
>             >     [3][6]http://quozl.netrek.org/
>             >
>             > [1] [4][7]https://trac-hacks.org/wiki/AccountManagerPlugin/
>             AuthStores
>             >
>             > References:
>             >
>             > [1] mailto:[8]quozl at laptop.org
>             > [2] [9]http://dev.laptop.org/
>             > [3] [10]http://quozl.netrek.org/
>             > [4] [11]https://trac-hacks.org/wiki/AccountManagerPlugin/
>             AuthStores
> 
>             --
>             James Cameron
>             [12]http://quozl.netrek.org/
> 
>     --
>     Walter Bender
>     Sugar Labs
>     [13]http://www.sugarlabs.org
>     [14]
> 
> References:
> 
> [1] mailto:walter.bender at gmail.com
> [2] mailto:scanterog at gmail.com
> [3] mailto:quozl at laptop.org
> [4] mailto:quozl at laptop.org
> [5] http://dev.laptop.org/
> [6] http://quozl.netrek.org/
> [7] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
> [8] mailto:quozl at laptop.org
> [9] http://dev.laptop.org/
> [10] http://quozl.netrek.org/
> [11] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
> [12] http://quozl.netrek.org/
> [13] http://www.sugarlabs.org/
> [14] http://www.sugarlabs.org/

-- 
James Cameron
http://quozl.netrek.org/


More information about the Sugar-devel mailing list