[Systems] [Sugar-devel] trac breakage

Samuel Cantero scanterog at gmail.com
Mon Mar 14 16:48:10 EDT 2016


On Mon, Mar 14, 2016 at 5:21 PM, James Cameron <quozl at laptop.org> wrote:

> On Mon, Mar 14, 2016 at 08:49:15AM -0300, Samuel Cantero wrote:
> > On Mon, Mar 14, 2016 at 3:39 AM, James Cameron <[1]quozl at laptop.org>
> wrote:
> >
> >     On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
> >     > Regarding to the inability to access the user page, I've checked
> our
> >     > current users and I found 97426 users. We had a lot of spam
> >     > here. I've checked this by doing:
> >     >
> >     > sqlite> select count(*) from session;
> >     > 97426
> >
> >     Perhaps "session" is wrong table.  My notes on this are;
> >
> >     0. trac.htdigest file is used to form list shown on manage user
> accounts,
> >
> >     1. passphrase is stored in trac.htdigest file,
> >
> >     2. the last login and authenticated flag are taken from session
> table,
> >
> >        select * from session where sid = 'Quozl';
> >
> >     3. name and e-mail are taken from session_attribute table,
> >
> >        select * from session_attribute where sid = 'Quozl';
> >
> > We should delete all information inside session and session_attribute
> tables.
> > We don't have any trac.htdigest file. Maybe 'cause we're storing pwd in
> the
> > trac database (SessionStore) [1].
> >
> > The ideal would be to delete users through the trac-admin utility:
> >
> >   • List users: trac-admin /project session list
> >
> >     I can find here the same users that we find in the session table.
> >
> >   • Delete users: trac-admin /project session delete <username1> ...
> >     <usernameN>
> >
> > But doing this for ~90.000 users is not viable.
>
> I'm guessing that you mean the unviable step is identifying the users.
>

Yes.

>
> Take the entire set of users, then remove the set of users who have
> created tickets or made comments, then use the set in a script that
> deletes each user.
>
> Eventually it should complete.
>

I can only test this kind of procedure on weekends when I usually have more
time. If you have time, go ahead.

>
> Then use whatever tools are necessary to optimise the table.
>
> >
> >     4. deletion of the users via manage user accounts results in removal
> >        from trac.htdigest, removal from session table, removal from
> >        session_attribute table.
> >
> >     Hope that helps.
> >
> >     > [...]
> >     > I tried to remove all suspicious users with the trac-admin utility
> >     > and directly by database but this is almost imposible.
> >
> >     It may require very careful scripting, yes.  Last time I looked at
> >     that, I made a mistake deleted all users.  (3rd March 2014, for
> >     [2]dev.laptop.org).  It hasn't been a problem since.
> >
> >     > I guess we should delete all users and ask them to re-register
> >     > again. However, I don't want to proceed before your approval.
> >
> >     I'm fine with that.  Let's hear from others.
> >
> >     --
> >     James Cameron
> >     [3]http://quozl.netrek.org/
> >
> > [1] [4]https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
> >
> > References:
> >
> > [1] mailto:quozl at laptop.org
> > [2] http://dev.laptop.org/
> > [3] http://quozl.netrek.org/
> > [4] https://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores
>
> --
> James Cameron
> http://quozl.netrek.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20160314/5469f724/attachment.html>


More information about the Systems mailing list