View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001221 | Main CAcert Website | web of trust | public | 2013-11-10 22:59 | 2014-10-21 21:05 |
| Reporter | BenBE | Assigned To | BenBE | ||
| Priority | urgent | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 2013 Q4 | ||||
| Target Version | 2013 Q4 | Fixed in Version | 2014 Q2 | ||
| Summary | 0001221: Inconsistency in Assurance Management | ||||
| Description | A software problem has been detected in the way assurances are handled within the software. The issue arises when an assurance is deleted that the assurance is dropped from the database even though for auditability they need to be retained and marked as deleted instead. | ||||
| Steps To Reproduce | Remove an existing assurance The assurance has been dropped from the notary table instead of marking it deleted | ||||
| Tags | No tags attached. | ||||
| Reviewed by | NEOatNHNG, BenBE | ||||
| Test Instructions | |||||
|
|
Fix is now on the test server. |
|
|
- removed an assurance by the assurer - assurance was not visible anymore in the account or the admin-interface - redid the assurance - assuarnce ok - removed an assurance by the assuree - assurance was not visible anymore in the account or the admin-interface - redid the assurance - assurance ok endountered no problem beside of that the administrativ increase was not removed. => ok |
|
|
assurances user gave: 277761 2013-10-22 23:14:04 Wolfgang Schroeter wolfgang@w.d 2 CAcert Test Manager Batch Assurance Administrative Increase Revoke 277762 2013-10-22 23:14:04 John 44 Doe john.doe-044@example.com 0 CAcert Test Manager Batch Assurance Face to Face Meeting Revoke 279316 2013-11-26 bug1221 user1 bug1221.user1@w.d 35 No.2 Face to Face Meeting Revoke 277761 in relation to 277762 revoke 277762 results in 277761 2013-10-22 23:14:04 Wolfgang Schroeter wolfgang@w.d 2 CAcert Test Manager Batch Assurance Administrative Increase Revoke 279316 2013-11-26 bug1221 user1 bug1221.user1@w.d 35 No.2 Face to Face Meeting Revoke there is no automatic removal of "adminstrative increase" points revoke 277761 results in 279316 2013-11-26 bug1221 user1 bug1221.user1@w.d 35 No.2 Face to Face Meeting Revoke |
|
|
The review turned up a few errors: - Names of the Assurers were not displayed in the received points table on the "My Points" page (wot 10) - Deleted Assurances were still counted when determining the certificate validity period - For some modified queries the surrounding syntax was quite different making it hard to read Fixed on the test server. Please test whether the output on "My Points" and the certificate validity period is now correct and do a second review. |
|
|
Having another look into the updated patch the following issues should be noted: - If multiple assurances are removed the assurer flag is adjusted for each one separately. With the somewhat large dataset on the back this might cause some performance hit. - as deleted records are still counted towards the ranking you COULD assure everybody and ask support to remove all those fake assurances guaranteeing you will be on the first place of the ranking for quite some time (Well, you probably will get some other troubles doing this though). You probably want to remove deleted records from the count - even if this is somewhat a hassle to do. - Parts of the functionality still uses mysql_escape_string which should be replaced by mysql_real_escape_string instead. |
|
|
> If multiple assurances are removed the assurer flag is adjusted for each one separately I don't understand. You mean in the support interface (aka account 43)? There only one Assurance can be deleted at a time. > mysql_escape_string Yup, that is addressed by another patch. Saw the merge conflict. |
|
|
As the notes were mainly of cosmetic nature and the interface in 43.php only allows for one entry to be deleted at a time there is no serious reason to reject this patch based on the items in my previous comment. |
|
|
I fixed some issues in the way revoked assurances are handled in the "new" MyPoints page (aka wot 15). Please review and test. |
|
|
I removed an assurance on the new calculation page of the assuree. Before the revoke the assurance was visible at wot10, wot15 of assuree and assurer and in the admin-log (only looked at assuree old and new calculation) After the revoke the assurance was not visible there or at the admin-log-view on the assurer. -> ok Also looked if Thawte revokes were displayed as revoked in wot15. Looked at assurance of m.maengel@inopiae.com over 827@inopiae.com. They assurance was displayed as revoked on WoT of assuree, admin view on assuree. (On assurer side they were displayed with 0 points.) -> ok => ok |
|
|
I looked in SE console into account 2000.jan14@acme.com old and new calculation shows the assurance Revoked the assurance In old calculation the assurance is not visible => ok In new calculation the assurance is visible and marked as revoked => ok In the user view wot.10 and wot.15 does not show the revoked assurance. => ok In the account history the revoked assurance is visible in the user and the SE view. => ok =>ok |
|
|
Review okay through positive review of 1138. |
|
|
A combined fix for this and related issues has been installed on the production server on June 7, 2014. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2014-06/msg00005.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-11-10 22:59 | BenBE | New Issue | |
| 2013-11-10 22:59 | BenBE | Assigned To | => INOPIAE |
| 2013-11-20 21:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 63f28e3f |
| 2013-11-20 21:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable ee50e854 |
| 2013-11-20 21:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 323e617e |
| 2013-11-20 21:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable b8b0d004 |
| 2013-11-20 21:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 1d4a0dec |
| 2013-11-20 21:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 8f72f069 |
| 2013-11-20 21:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 8c702e67 |
| 2013-11-20 22:14 | NEOatNHNG | Note Added: 0004472 | |
| 2013-11-20 22:14 | NEOatNHNG | Status | new => needs review & testing |
| 2013-11-26 22:05 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable f538173e |
| 2013-11-26 22:05 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 1404a1b9 |
| 2013-11-26 22:14 | Eva | Note Added: 0004475 | |
| 2013-11-26 22:30 | Uli60 | Note Added: 0004476 | |
| 2014-01-21 21:49 | BenBE | Assigned To | INOPIAE => NEOatNHNG |
| 2014-01-21 21:49 | BenBE | Status | needs review & testing => needs review |
| 2014-01-28 21:47 | BenBE | Reviewed by | => BenBE |
| 2014-02-18 23:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable effd527f |
| 2014-02-18 23:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable afd9564a |
| 2014-03-21 14:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 56f0ddf3 |
| 2014-03-21 14:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b8e82fe9 |
| 2014-03-21 16:15 | NEOatNHNG | Reviewed by | BenBE => NEOatNHNG |
| 2014-03-21 16:15 | NEOatNHNG | Note Added: 0004667 | |
| 2014-03-21 16:15 | NEOatNHNG | Status | needs review => needs review & testing |
| 2014-03-21 16:16 | NEOatNHNG | Assigned To | NEOatNHNG => BenBE |
| 2014-03-21 16:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable ecd7c103 |
| 2014-03-21 16:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable cff98291 |
| 2014-03-21 16:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable f2e19ca5 |
| 2014-03-21 16:20 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 7aa13b25 |
| 2014-03-21 16:52 | BenBE | Note Added: 0004668 | |
| 2014-03-21 18:58 | NEOatNHNG | Note Added: 0004673 | |
| 2014-03-27 07:01 | BenBE | Reviewed by | NEOatNHNG => NEOatNHNG, BenBE |
| 2014-03-27 07:01 | BenBE | Note Added: 0004686 | |
| 2014-03-27 07:01 | BenBE | Status | needs review & testing => needs testing |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 984efa5d |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 1a119ab8 |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b9972f13 |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable f2a1f6b6 |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable bb16f087 |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable a5876e5a |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 2982bea5 |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b63a8d83 |
| 2014-04-22 02:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b0964eb6 |
| 2014-04-22 02:36 | NEOatNHNG | Reviewed by | NEOatNHNG, BenBE => NEOatNHNG |
| 2014-04-22 02:36 | NEOatNHNG | Note Added: 0004751 | |
| 2014-04-22 02:36 | NEOatNHNG | Status | needs testing => needs review & testing |
| 2014-04-22 21:11 | Eva | Note Added: 0004752 | |
| 2014-04-22 21:14 | Eva | Note Edited: 0004752 | |
| 2014-04-29 20:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable bb11f3a0 |
| 2014-04-29 20:33 | INOPIAE | Note Added: 0004755 | |
| 2014-05-06 20:36 | BenBE | Reviewed by | NEOatNHNG => NEOatNHNG, BenBE |
| 2014-05-06 20:36 | BenBE | Note Added: 0004775 | |
| 2014-05-06 20:36 | BenBE | Status | needs review & testing => ready to deploy |
| 2014-06-07 09:29 | wytze | Note Added: 0004803 | |
| 2014-06-07 09:29 | wytze | Status | ready to deploy => solved? |
| 2014-06-07 09:29 | wytze | Fixed in Version | => 2014 Q2 |
| 2014-06-07 09:29 | wytze | Resolution | open => fixed |
| 2014-06-08 20:11 | MartinGummi | Relationship added | related to 0001281 |
| 2014-06-08 22:24 | BenBE | View Status | private => public |
| 2014-06-08 22:24 | BenBE | Description Updated | |
| 2014-06-08 22:24 | BenBE | Steps to Reproduce Updated | |
| 2014-10-21 21:05 | INOPIAE | Status | solved? => closed |
