View Issue Details

IDProjectCategoryView StatusLast Update
0001223Main CAcert Websiteaccount administrationpublic2014-11-11 21:31
ReporterWerner Dworak Assigned ToNEOatNHNG  
PrioritynormalSeverityminorReproducibilityhave not tried
Status needs review & testingResolutionopen 
Product Version2013 Q4 
Target Version2014 Q2 
Summary0001223: Handling of deleted accounts, email addresses and domains
DescriptionIn the support case [s20131125.67] a member asked for a deleted account. He could not access it, and searching in the SE console I could not find it either. However if he used the 'Lost password' link on the login website, entered the email address and correct birthdate, he got to step 2 of password recovery. That means, here his account showed up.

This looked strange to me, since normally as SE I can search even for deleted email addresses and I find all accounts this email address belongs to or previously belonged. But in this case I didn't find it.

So I asked Wytze and he told me: "This email address can be found in the table `email`, but with the field `deleted`. It can also be found in the table
`users`, again with `deleted`."

It thus showed up that the handling of the `deleted` field in the software is rather inconsistent. I suggest that this handling should be straightened in the way that an SE always can see all email addresses, domains and accounts that ever existed. If there is more than one account, in the list of the accounts to select, a flag should be added to show if it is an active account, email address or domain or if it is deleted.
TagsNo tags attached.
Reviewed byBenBE
Test Instructionssee below https://bugs.cacert.org/view.php?id=1223#c5073

Relationships

related to 0001259 new Database cleanup regarding deleted accounts 

Activities

INOPIAE

2014-03-16 10:25

updater   ~0004646

I pushed a fix regarding the password reset on a deleted or blocked account to https://github.com/INOPIAE/CAcert/tree/bug-1223

INOPIAE

2014-03-16 12:59

updater   ~0004647

This bug is split into the password recovery which is handled in this bug and the database cleanup which is handled in bug 1257.

Eva

2014-06-17 21:01

updater   ~0004848

Please add some information about what needs to be tested as the description is all about the other part but not about the password recovery itself.

INOPIAE

2014-10-28 11:32

updater   ~0005073

Test instruction:
try to reset a password for a locked or a deleted account. You should not be able reset the password instead there should be a message pointing to support.

INOPIAE

2014-10-28 20:13

updater   ~0005075

Last edited: 2014-10-28 20:16

View 2 revisions

I pushed a new fix to To https://github.com/INOPIAE/CAcert/commit/219bfed801ea16057532a715ffda50d80d1ae459

BenBE

2014-10-29 06:39

updater   ~0005083

Pushed to testserver. Please test and revie.

Eva

2014-11-11 21:31

updater   ~0005102

I verified that the following accounts were neither blocked nor deleted:
285.dez13@acme.com
286.dez13@acme.com

I changed the passwords successfully of both accounts to CAcert!

I locked 285.dez13@acme.com successfully.

When I tried to change the PW with correct entries I got:
"The account is not available, please get in contact with support (support@cacert.org)."
-> ok

I deleted 286.dez13@acme.com successfully with the ticket number a20141111.1.1 so the new email address for this account was set to a20141111.1.1@cacert.org.

When I tried to change the PW with correct entries for the email address 286.dez13@acme.com:
"Unable to match your details with any user accounts on file"

When I tried to change the PW with correct entries for the email address a20141111.1.1@cacert.org I got:
"The account is not available, please get in contact with support (support@cacert.org)."

All PW resets were done from the user interface (and not the support view).

There are some inconsistencies for the behaviour if the account is present, or not. It would be good to harmonise this.

=> ok, as it was not possible to change the password, but should be improved.

Issue History

Date Modified Username Field Change
2013-11-28 10:13 Werner Dworak New Issue
2013-11-28 10:16 Werner Dworak Summary Handling of deleted accounts, email addresse and domains => Handling of deleted accounts, email addresses and domains
2013-11-28 10:16 Werner Dworak Description Updated View Revisions
2014-03-16 09:28 INOPIAE Assigned To => INOPIAE
2014-03-16 10:25 INOPIAE Note Added: 0004646
2014-03-16 10:25 INOPIAE Assigned To INOPIAE => BenBE
2014-03-16 10:25 INOPIAE Status new => fix available
2014-03-16 11:45 INOPIAE Relationship added related to 0001259
2014-03-16 12:59 INOPIAE Note Added: 0004647
2014-06-15 21:50 BenBE Source_changeset_attached => cacert-devel testserver-stable 9312818d
2014-06-15 21:50 BenBE Source_changeset_attached => cacert-devel testserver-stable d59eb67f
2014-06-15 21:50 INOPIAE Source_changeset_attached => cacert-devel testserver-stable ca2c6090
2014-06-15 21:50 INOPIAE Source_changeset_attached => cacert-devel testserver-stable e9251f86
2014-06-15 21:50 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 6c0fa6b8
2014-06-15 22:30 BenBE Assigned To BenBE => NEOatNHNG
2014-06-15 22:30 BenBE Status fix available => needs review & testing
2014-06-15 22:30 BenBE Target Version => 2014 Q2
2014-06-17 21:01 Eva Note Added: 0004848
2014-10-28 11:32 INOPIAE Note Added: 0005073
2014-10-28 13:13 INOPIAE Test Instructions => see below https://bugs.cacert.org/view.php?id=1223#c5073
2014-10-28 20:13 INOPIAE Note Added: 0005075
2014-10-28 20:16 INOPIAE Note Edited: 0005075 View Revisions
2014-10-28 21:00 BenBE Source_changeset_attached => cacert-devel testserver-stable 81900476
2014-10-28 21:00 BenBE Source_changeset_attached => cacert-devel testserver-stable 73cee03f
2014-10-29 06:39 BenBE Reviewed by => BenBE
2014-10-29 06:39 BenBE Note Added: 0005083
2014-11-11 21:31 Eva Note Added: 0005102