View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001065 | Main CAcert Website | web of trust | public | 2012-06-02 09:27 | 2013-11-26 23:10 |
| Reporter | INOPIAE | Assigned To | NEOatNHNG | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | needs work | Resolution | open | ||
| Product Version | 2013 Q2 | ||||
| Summary | 0001065: Wrong wording when sending mails during the assurance process | ||||
| Description | The mail confirming the assurance show the following: You issued 35 points and they now have 35 points in total. This should be either You issued 35 points and he/she now has 35 points in total. or You issued 35 points and John Doe now has 35 points in total. line 359 wot.php Line 357 wot.php You issued 35 points however the system has rounded this down to 0 and they now have 150 points in total. New: You issued 35 points however the system will only count 100 assurance points and 50 experience points. Line 325 wot.php You were issued 35 points however the system has rounded this down to 0 and you now have 150 points in total. New: You were issued 35 points however however the system will only count 100 assurance points and 50 experience points. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
pushed fix to https://github.com/INOPIAE/CAcert/commit/a1b7678c4ad46aae4c3e647bfbef173dd2f0695c |
|
|
The text looks good for assurer and assuree --> ok |
|
|
Got two languages in one email in one case: "You are receiving this email because you have been assured by . Ihnen wurden 10 Punkte vergeben. Sie haben nun insgesamt 70 Punkte." Otherwise, the wordings look as described. However, using the word "however" without any commas around it sounds very strange to me. May I suggest using "but" instead of "however": "You issued 35 points, but the system will only count..." |
|
|
You issued 10 points however the system only counts up to 100 assurance points. User Name has now 100 countable assurance points and 100 countable expierence points. => fail |
|
|
Reminder sent to: MartinGummi re test |
|
|
I assured 317,seo13@acme.com with 0 points and got the following mail: "You are receiving this email because you have assured 317 sep13 (317.sep13@acme.com). You issued 35 points and 317 sep13 now has 35 points in total.[...]" -> ok I assured KatziTest1@cacert.org who had 70 points before. The mail of the Assuree is: "You are receiving this email because you have been assured by Admin Katzi (KatziAdmin@cacert.org). Ihnen wurden 35 Punkte vergeben. Sie haben nun insgesamt 100 Punkte. Sie haben mindestens 100 Assurancepunkte erhalten. Sie können versuchen die CAcert Assurer Challenge zu bestehen, um CAcert Assurer zu werden. ( https://cats.cacert.org ) [...]" -> No rounding down or however part mentioned The mail the Assurer got: "You are receiving this email because you have assured Test1 Katzi (KatziTest1@cacert.org). You issued 35 points and Test1 Katzi now has 100 points in total. [...]" -> No rounding down or however part mentioned I'm not sure what the intended wording is, but this looks as a fine way to do it. (It's not relevant for anybody if a rounding took place, especially not for the assurer.) |
|
|
I have added a few changes. Please test and review. |
|
|
I assured an acc with 70 points before the assurance. The assurer got the following mail: "You are receiving this email because you have assured Test1 Katzi (KatziTest1@cacert.org). You issued 35 points. Best regards, CAcert Support Team" -> no mention of the total points of the assuree or the rounding (which is consistent) The assuree got the following mail: "You are receiving this email because you have been assured by Admin Katzi (KatziAdmin@cacert.org). You were issued 35 points. However the system only counts up to 100 assurance points. Sie haben mindestens 100 Assurancepunkte erhalten. Sie können versuchen die CAcert Assurer Challenge zu bestehen, um CAcert Assurer zu werden. ( https://cats.cacert.org ) [...]" -> the rounding down is not mentioned, the information for max-points is there => ok |
|
|
The if-Conditions in the changed locations should use block markers {} for better source formatting. Apart from this the patch looks reasonable. Regarding the wording I don't think you need to tell the assurer how many experience points the assuree already got - if you really wanted to close the information leakage. |
|
|
Regarding current source there's some weird code I don't think is right. Let's consider: --- @@ -249,23 +249,24 @@ $iecho= "c"; if($oldid == 6) { $max = maxpoints(); $awarded = $newpoints = intval($_POST['points']); if($newpoints > $max) $newpoints = $awarded = $max; if($newpoints < 0) $newpoints = $awarded = 0; $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; $res = mysql_query($query); $drow = mysql_fetch_assoc($res); + $oldpoints = intval($drow['total']); $_POST['expire'] = 0; - if(($drow['total'] + $newpoints) > 100 && $max < 100) - $newpoints = 100 - $drow['total']; - if(($drow['total'] + $newpoints) > $max && $max >= 100) - $newpoints = $max - $drow['total']; + if(($oldpoints + $newpoints) > 100 && $max < 100) + $newpoints = 100 - $oldpoints; + if(($oldpoints + $newpoints) > $max && $max >= 100) + $newpoints = $max - $oldpoints; if($newpoints < 0) $newpoints = 0; --- The second group of additions doesn't make much send and is hard to read. Wouldn't it be better to have something like this? // Get number of new points, based on points awarded and limit to at most 100 Points. $newpoints = min($oldpoints + $awarded, 100); // Retrieve number of actually awarded points, and ensure at least 0 as lower bound $newpoints = max($newpoints - $oldpoints, 0); Much more readable and at least not as utterly broken as the current code. Simular could be done for the $max variable at the top (simular to above): $awarded = $newpoints = min($max, $awarded); $awarded = $newpoints = max(0, $awarded); Review NACK. |
|
|
assurances given ------------------------------------------------------------------------------ You are receiving this email because you have assured xyz (xyz email). You issued 10 points. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ You are receiving this email because you have assured xyz (xyz email). You issued 35 points. ------------------------------------------------------------------------------ assurance received ------------------------------------------------------------------------------ You are receiving this email because you have been assured by xyz (xyz email). You were issued 35 points and you now have 35 points in total. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ You are receiving this email because you have been assured by xyz (xyz email). You were issued 35 points and you now have 80 points in total. You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ You are receiving this email because you have been assured by xyz (xyz email). You were issued 35 points. However the system only counts up to 100 assurance points. You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge ( https://cats.cacert.org ) To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to: https://www.cacert.org/wot.php?id=8 You can list your location by going to: https://www.cacert.org/wot.php?id=13 ------------------------------------------------------------------------------ checked F2F -> ok checked TTP -> problems, see bug 1216 |
|
|
comment on https://bugs.cacert.org/view.php?id=1065#c4411 $awarded = $newpoints = min($max, $awarded); $awarded = $newpoints = max(0, $awarded); limits the boundaries minimum 0 points, maximum the assurer can award this makes it to awarded and newpoints this is clarified and ok the previous code in at least following line is wrong: if(($oldpoints + $newpoints) > $max && $max >= 100) oldpoints is current received points of an assuree eg 80 AP now we add 35 new points I do not need to add 35 points as 80 AP is still over maximum max ! and max (35 points) never can reach the && part max >= 100 but doesn't have the two blocks to be switched around? first check awarded/points to their boundaries then check the awarded/new points with the assurances the assuree still received ? the 2 lines then makes the final assurance: $newpoints = min($oldpoints + $awarded, 100); $newpoints = max($newpoints - $oldpoints, 0); Awarded is still the value the assurer enters wether the fact the assuree has enough points or not. The validity range check of awarded depends on experience points the assurer received. The newpoints may be adjusted by that, but not the awarded points. ?!? newpoints is assigned twice, first in awarded verification section, later in the newpoints calculation lets simplify =:) $awarded = min($max, $awarded); $awarded = max(0, $awarded); $newpoints = min($oldpoints + $awarded, 100); $newpoints = max($newpoints - $oldpoints, 0); |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-06-02 09:27 | INOPIAE | New Issue | |
| 2012-06-02 09:28 | INOPIAE | Relationship added | related to 0001050 |
| 2013-05-01 11:27 | INOPIAE | Note Added: 0003951 | |
| 2013-05-01 11:27 | INOPIAE | Assigned To | => BenBE |
| 2013-05-01 11:27 | INOPIAE | Status | new => fix available |
| 2013-05-01 12:50 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable f6744f8e |
| 2013-05-01 12:50 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 20163e4c |
| 2013-05-01 12:50 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable a1b7678c |
| 2013-05-01 12:51 | BenBE | Reviewed by | => BenBE |
| 2013-05-01 12:51 | BenBE | Status | fix available => needs review & testing |
| 2013-05-01 12:51 | BenBE | Product Version | => 2013 Q2 |
| 2013-05-01 16:05 | Werner Dworak | Note Added: 0003966 | |
| 2013-05-01 16:08 | Werner Dworak | Note Edited: 0003966 | |
| 2013-05-06 13:04 | JensK | Note Added: 0003974 | |
| 2013-05-06 13:05 | JensK | Note Edited: 0003974 | |
| 2013-06-15 09:18 | MartinGummi | Note Added: 0004058 | |
| 2013-06-15 09:20 | MartinGummi | Note Added: 0004059 | |
| 2013-09-10 21:16 | Eva | Note Added: 0004304 | |
| 2013-09-10 21:17 | Eva | Note Edited: 0004304 | |
| 2013-09-10 22:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable bb149f72 |
| 2013-09-10 22:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 502b87fd |
| 2013-09-10 22:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable e3a3015c |
| 2013-09-10 22:48 | NEOatNHNG | Reviewed by | BenBE => NEOatNHNG |
| 2013-09-10 22:48 | NEOatNHNG | Note Added: 0004307 | |
| 2013-09-10 23:15 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 5cca88e0 |
| 2013-09-10 23:15 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable f80065bc |
| 2013-09-10 23:18 | Eva | Note Added: 0004309 | |
| 2013-09-21 05:34 | BenBE | Note Added: 0004343 | |
| 2013-09-21 06:00 | BenBE | Assigned To | BenBE => egal |
| 2013-09-24 22:45 | Eva | Note Edited: 0004309 | |
| 2013-10-23 19:19 | BenBE | Note Added: 0004411 | |
| 2013-10-23 19:30 | BenBE | Assigned To | egal => INOPIAE |
| 2013-10-24 13:45 | Uli60 | Note Added: 0004412 | |
| 2013-10-24 14:11 | Uli60 | Note Added: 0004413 | |
| 2013-10-24 14:15 | Uli60 | Note Edited: 0004413 | |
| 2013-11-26 23:09 | NEOatNHNG | Reviewed by | NEOatNHNG => |
| 2013-11-26 23:09 | NEOatNHNG | Status | needs review & testing => needs work |
| 2013-11-26 23:10 | NEOatNHNG | Assigned To | INOPIAE => NEOatNHNG |
