View Issue Details

IDProjectCategoryView StatusLast Update
0001221Main CAcert Websiteweb of trustpublic2014-10-21 21:05
ReporterBenBE Assigned ToBenBE  
PriorityurgentSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2013 Q4 
Target Version2013 Q4Fixed in Version2014 Q2 
Summary0001221: Inconsistency in Assurance Management
DescriptionA software problem has been detected in the way assurances are handled within the software.

The issue arises when an assurance is deleted that the assurance is dropped from the database even though for auditability they need to be retained and marked as deleted instead.
Steps To ReproduceRemove an existing assurance
The assurance has been dropped from the notary table instead of marking it deleted
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructions

Relationships

related to 0001281 closedegal Internal Error on training page 

Activities

NEOatNHNG

2013-11-20 22:14

administrator   ~0004472

Fix is now on the test server.

Eva

2013-11-26 22:14

updater   ~0004475

- removed an assurance by the assurer
- assurance was not visible anymore in the account or the admin-interface
- redid the assurance
- assuarnce ok

- removed an assurance by the assuree
- assurance was not visible anymore in the account or the admin-interface
- redid the assurance
- assurance ok

endountered no problem beside of that the administrativ increase was not removed.

=> ok

Uli60

2013-11-26 22:30

updater   ~0004476

assurances user gave:
277761 2013-10-22 23:14:04 Wolfgang Schroeter wolfgang@w.d 2 CAcert Test Manager Batch Assurance Administrative Increase Revoke
277762 2013-10-22 23:14:04 John 44 Doe john.doe-044@example.com 0 CAcert Test Manager Batch Assurance Face to Face Meeting Revoke
279316 2013-11-26 bug1221 user1 bug1221.user1@w.d 35 No.2 Face to Face Meeting Revoke

277761 in relation to 277762

revoke 277762

results in

277761 2013-10-22 23:14:04 Wolfgang Schroeter wolfgang@w.d 2 CAcert Test Manager Batch Assurance Administrative Increase Revoke
279316 2013-11-26 bug1221 user1 bug1221.user1@w.d 35 No.2 Face to Face Meeting Revoke

there is no automatic removal of "adminstrative increase" points

revoke 277761

results in

279316 2013-11-26 bug1221 user1 bug1221.user1@w.d 35 No.2 Face to Face Meeting Revoke

NEOatNHNG

2014-03-21 16:15

administrator   ~0004667

The review turned up a few errors:
- Names of the Assurers were not displayed in the received points table on the "My Points" page (wot 10)
- Deleted Assurances were still counted when determining the certificate validity period
- For some modified queries the surrounding syntax was quite different making it hard to read

Fixed on the test server. Please test whether the output on "My Points" and the certificate validity period is now correct and do a second review.

BenBE

2014-03-21 16:52

updater   ~0004668

Having another look into the updated patch the following issues should be noted:
- If multiple assurances are removed the assurer flag is adjusted for each one separately. With the somewhat large dataset on the back this might cause some performance hit.

- as deleted records are still counted towards the ranking you COULD assure everybody and ask support to remove all those fake assurances guaranteeing you will be on the first place of the ranking for quite some time (Well, you probably will get some other troubles doing this though). You probably want to remove deleted records from the count - even if this is somewhat a hassle to do.

- Parts of the functionality still uses mysql_escape_string which should be replaced by mysql_real_escape_string instead.

NEOatNHNG

2014-03-21 18:58

administrator   ~0004673

> If multiple assurances are removed the assurer flag is adjusted for each one separately

I don't understand. You mean in the support interface (aka account 43)? There only one Assurance can be deleted at a time.

> mysql_escape_string

Yup, that is addressed by another patch. Saw the merge conflict.

BenBE

2014-03-27 07:01

updater   ~0004686

As the notes were mainly of cosmetic nature and the interface in 43.php only allows for one entry to be deleted at a time there is no serious reason to reject this patch based on the items in my previous comment.

NEOatNHNG

2014-04-22 02:36

administrator   ~0004751

I fixed some issues in the way revoked assurances are handled in the "new" MyPoints page (aka wot 15). Please review and test.

Eva

2014-04-22 21:11

updater   ~0004752

Last edited: 2014-04-22 21:14

View 2 revisions

I removed an assurance on the new calculation page of the assuree.

Before the revoke the assurance was visible at wot10, wot15 of assuree and assurer and in the admin-log (only looked at assuree old and new calculation)

After the revoke the assurance was not visible there or at the admin-log-view on the assurer.
-> ok

Also looked if Thawte revokes were displayed as revoked in wot15.
Looked at assurance of m.maengel@inopiae.com over 827@inopiae.com.
They assurance was displayed as revoked on WoT of assuree, admin view on assuree. (On assurer side they were displayed with 0 points.)
-> ok
=> ok

INOPIAE

2014-04-29 20:33

updater   ~0004755

I looked in SE console into account 2000.jan14@acme.com
old and new calculation shows the assurance
Revoked the assurance
In old calculation the assurance is not visible => ok
In new calculation the assurance is visible and marked as revoked => ok

In the user view wot.10 and wot.15 does not show the revoked assurance. => ok

In the account history the revoked assurance is visible in the user and the SE view. => ok
=>ok

BenBE

2014-05-06 20:36

updater   ~0004775

Review okay through positive review of 1138.

wytze

2014-06-07 09:29

developer   ~0004803

A combined fix for this and related issues has been installed on the production server on June 7, 2014. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2014-06/msg00005.html

Issue History

Date Modified Username Field Change
2013-11-10 22:59 BenBE New Issue
2013-11-10 22:59 BenBE Assigned To => INOPIAE
2013-11-20 21:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 63f28e3f
2013-11-20 21:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable ee50e854
2013-11-20 21:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 323e617e
2013-11-20 21:55 BenBE Source_changeset_attached => cacert-devel testserver-stable b8b0d004
2013-11-20 21:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 1d4a0dec
2013-11-20 21:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 8f72f069
2013-11-20 21:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 8c702e67
2013-11-20 22:14 NEOatNHNG Note Added: 0004472
2013-11-20 22:14 NEOatNHNG Status new => needs review & testing
2013-11-26 22:05 BenBE Source_changeset_attached => cacert-devel testserver-stable f538173e
2013-11-26 22:05 BenBE Source_changeset_attached => cacert-devel testserver-stable 1404a1b9
2013-11-26 22:14 Eva Note Added: 0004475
2013-11-26 22:30 Uli60 Note Added: 0004476
2014-01-21 21:49 BenBE Assigned To INOPIAE => NEOatNHNG
2014-01-21 21:49 BenBE Status needs review & testing => needs review
2014-01-28 21:47 BenBE Reviewed by => BenBE
2014-02-18 23:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable effd527f
2014-02-18 23:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable afd9564a
2014-03-21 14:40 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 56f0ddf3
2014-03-21 14:40 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b8e82fe9
2014-03-21 16:15 NEOatNHNG Reviewed by BenBE => NEOatNHNG
2014-03-21 16:15 NEOatNHNG Note Added: 0004667
2014-03-21 16:15 NEOatNHNG Status needs review => needs review & testing
2014-03-21 16:16 NEOatNHNG Assigned To NEOatNHNG => BenBE
2014-03-21 16:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable ecd7c103
2014-03-21 16:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable cff98291
2014-03-21 16:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable f2e19ca5
2014-03-21 16:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 7aa13b25
2014-03-21 16:52 BenBE Note Added: 0004668
2014-03-21 18:58 NEOatNHNG Note Added: 0004673
2014-03-27 07:01 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2014-03-27 07:01 BenBE Note Added: 0004686
2014-03-27 07:01 BenBE Status needs review & testing => needs testing
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 984efa5d
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 1a119ab8
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b9972f13
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable f2a1f6b6
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable bb16f087
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable a5876e5a
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 2982bea5
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b63a8d83
2014-04-22 02:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b0964eb6
2014-04-22 02:36 NEOatNHNG Reviewed by NEOatNHNG, BenBE => NEOatNHNG
2014-04-22 02:36 NEOatNHNG Note Added: 0004751
2014-04-22 02:36 NEOatNHNG Status needs testing => needs review & testing
2014-04-22 21:11 Eva Note Added: 0004752
2014-04-22 21:14 Eva Note Edited: 0004752 View Revisions
2014-04-29 20:25 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable bb11f3a0
2014-04-29 20:33 INOPIAE Note Added: 0004755
2014-05-06 20:36 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2014-05-06 20:36 BenBE Note Added: 0004775
2014-05-06 20:36 BenBE Status needs review & testing => ready to deploy
2014-06-07 09:29 wytze Note Added: 0004803
2014-06-07 09:29 wytze Status ready to deploy => solved?
2014-06-07 09:29 wytze Fixed in Version => 2014 Q2
2014-06-07 09:29 wytze Resolution open => fixed
2014-06-08 20:11 MartinGummi Relationship added related to 0001281
2014-06-08 22:24 BenBE View Status private => public
2014-06-08 22:24 BenBE Description Updated View Revisions
2014-06-08 22:24 BenBE Steps to Reproduce Updated View Revisions
2014-10-21 21:05 INOPIAE Status solved? => closed