View Issue Details

IDProjectCategoryView StatusLast Update
0000823Main CAcert Websiteaccount administrationpublic2012-01-30 14:47
ReporterBas van den Dikkenberg Assigned ToUli60  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status needs workResolutionopen 
Summary0000823: No warning when removing e-mail adres from acount that certificates wil be revoked
DescriptionWhen i remove an e-mail adres from my account, automaticly my certs with that email adres wil be revoked (that correct) and i don't recive a waring about that, als don't get messages are you sure!!!
TagsNo tags attached.
Reviewed byTed
Test Instructions

Relationships

related to 0000990 fix availableBenBE While revoking client certificate set login flag to false and block setting it back to true 
related to 0001006 closed When an email address is deleted from an account the message has an error 

Activities

Uli60

2011-09-01 10:12

updater   ~0002396

Last edited: 2011-09-01 11:03

View 4 revisions

currently there is no code provided to confirm the delete request
the code processes the delete email address straight forward
/pages/account/2.php
/includes/account.php
  line ~ 137 ff.
      if($process != "" && $oldid == 2)


existing sample code (for confirmations)
25 -> 31 trigger -> account.php?id=31
32 -> 34 trigger -> account.php?id=34
26 -> 30 trigger -> account.php?id=30

3 -> account trigger -> process=delete
needs a process flow update with new id

id = 18 delete org email certs -> no confirmation
id = 12 delete org server certs -> no confirmation

it seems that in general confirmation of delete/revoke requests
is unusual
only in delete admin from org (34),
delete org (31),
delete domain from org (30)
will be requested

delete user account email address within (account) id=2
delete user account client cert within (account) id=5
delete user account domain within (account) id=9
delete org client certs within (account) id=18
delete org server certs within (account) id=22

Uli60

2011-09-01 11:01

updater   ~0002397

problem with the confirmation request is, that all infos regarding the delete/revoke request needs to be saved and transfered to the
confirmation page, then also transfered back to the /includes/account.php
to be handled accordingly
with a list of client certs selected to revoke, this may become tricky
the values affected from the delete/revoke request needs to be displayed
first, that in the next step needs to be confirmed by the user
for a single email address, a single cert or a single domain this might be ok, but for a list of values to delete/revoke, the transfer process becomes a bottleneck. Where to store all these variables ? how many ? (-> dimensioning)
ok, transfering to account.php works, so transfering to another script should also work, but needs to be renewed at this step

Uli60

2011-09-01 13:24

updater  

account.php (119,279 bytes)

Uli60

2011-09-01 13:24

updater  

60.php (5,321 bytes)

Uli60

2011-09-01 13:31

updater   ~0002398

Last edited: 2011-09-01 13:32

View 2 revisions

proposal for adding confirmation steps to all delete / revoke requests
adding new confirmation page (as in examples
delete admin from org (32->34), delete org (25->31), delete domain from org (26->30))
original id=2 in /includes/account.php redirects to new id=60 page for delete email confirmation (thats /pages/account/60.php)
new oldid=60 handling section in /includes/account.php at the end of the file
original delete email handling section moved in /includes/account.php from section oldid==2 to section oldid==60

this fix can be applied to all other delete/revoke requests too by adding new confirmation page 61, 62 and so on

Ted

2011-09-25 22:12

administrator   ~0002516

Created branch bug-823, merged into master and installed on testserver

Ted

2011-09-25 22:13

administrator   ~0002517

Did first review. Modified a few texts, otherwise acceptable.

illuminat

2011-09-27 20:15

reporter   ~0002541

Last edited: 2011-09-27 20:16

View 2 revisions

German translation missing completely or in parts for all shown forms.

Deletion (with/without cancellation) of verified and non-verified mail-addresses tested.

Everything works as intended.

INOPIAE

2011-10-01 07:24

updater   ~0002557

Delete verfied mail address
Cancel => nothing happens =>ok
Delete => mail address deleted and client certs revoked =>ok
NB: see https://bugs.cacert.org/view.php?id=990 for problem with login flag with for revoked certificates.

Delete non-verfied mail address
Cancel => nothing happens =>ok
Delete => mail address deleted =>ok

Uli60

2011-10-01 13:38

updater   ~0002558

adding 3 addtl. email addresses bug823.user#@wiamail.de where # := {1,2,3}
confirmed new email addresses
re-login to test account
creating client certs: (1.10.2011 13:30-15:00)
1. user1, class1, no name, no-login (10A5)
2. user1, class1, incl name, no-login (10A6)
3. user1, class1, no name, login (10A7)
4. user1, class1, incl name, login (10A8)

5. user1, class3, no name, no-login (107E)
6. user1, class3, incl name, no-login (107F)
7. user1, class3, no name, login (1080)
8. user1, class3, incl name, login (1081)

9. user2, class1, no name, no-login (10A9)
10. user2, class1, incl name, no-login (10AA)
11. user2, class1, no name, login (10AB)
12. user2, class1, incl name, login (10AC)

13. user2, class3, no name, no-login (1082)
14. user2, class3, incl name, no-login (1083)
15. user2, class3, no name, login (1084)
16. user2, class3, incl name, login (1085)

17. user3, class1, no name, no-login (10AD)
18. user3, class1, incl name, no-login (10AE)
19. user3, class1, no name, login (10AF)
20. user3, class1, incl name, login (10B0)

21. user3, class3, no name, no-login (1086)
22. user3, class3, incl name, no-login (1087)
23. user3, class3, no name, login (1088)
24. user3, class3, incl name, login (1089)


cert login tests with
a) (10A5) client-cert#1 -> failed => ok
b) (10A6) client-cert#2 -> failed => ok
c) (1082) client-cert#13 -> failed => ok
d) (10AC) client-cert#12 -> pass => ok

logged-in
email accounts - view
delete bug823.user2@wiamail.de -> Delete

displays:
Delete User Account Email(s)
Default Status Delete Address
      Verified X bug823.user2@wiamail.de
Are you really sure you want to remove above listed emails from your account?
This revokes also all client certificates for above listed email addresses.
-> Cancel
returns to main entry page
email accounts - view
record bug823.user2@wiamail.de still exist => ok
client certs - view
client certs for bug823.user2@wiamail.de still exist => ok



cert login
-> (10AC) client-cert#12 -> pass => ok

logged-in
email accounts - view
delete bug823.user2@wiamail.de -> Delete

displays:
Delete User Account Email(s)
Default Status Delete Address
      Verified X bug823.user2@wiamail.de
Are you really sure you want to remove above listed emails from your account?
This revokes also all client certificates for above listed email addresses.
-> Delete

displays
The following email addresses and associated client certificates have been removed:
bug823.user2@wiamail.de
1 email address(es) and associated client certificates have been removed.
=> ok

email accounts - view
record bug823.user2@wiamail.de no longer exist => ok

client certs - view
client certs for bug823.user2@wiamail.de no longer exist => ok

client certs - view - View all certificates
8 client certs related to bug823.user2@wiamail.de
displays as revoked
certs for other related email addresses are not effected
=> ok

list of revoked certs for email bug823.user2@wiamail.de
displays for client certs 0000011, 0000012, 0000015, 0000016
serNo's: (10AB), (10AC), (1084), (1085)
still enabled for login

logout

re-login
client cert login test with
a) (10AB) client-cert#11 -> failed => ok
b) (1085) client-cert#16 -> failed => ok
c) (1089) client-cert#24 -> pass => ok

Uli60

2011-10-11 11:49

updater   ~0002589

checked by 4, needs 2nd review, deploy

NEOatNHNG

2011-10-11 20:15

administrator   ~0002590

Ugly code, needs to be formatted, old code should be deleted instead of commented -> reduce clutter. That's why we have version management. Also there's code that doesn't have any effect (e.g. $id=2;...$id=60;)

Issue History

Date Modified Username Field Change
2010-06-14 21:07 Bas van den Dikkenberg New Issue
2011-09-01 10:12 Uli60 Note Added: 0002396
2011-09-01 10:44 Uli60 Note Edited: 0002396 View Revisions
2011-09-01 10:50 Uli60 Note Edited: 0002396 View Revisions
2011-09-01 11:01 Uli60 Note Added: 0002397
2011-09-01 11:03 Uli60 Note Edited: 0002396 View Revisions
2011-09-01 13:23 Uli60 Assigned To => Uli60
2011-09-01 13:24 Uli60 File Added: account.php
2011-09-01 13:24 Uli60 File Added: 60.php
2011-09-01 13:31 Uli60 Note Added: 0002398
2011-09-01 13:31 Uli60 Status new => fix available
2011-09-01 13:32 Uli60 Note Edited: 0002398 View Revisions
2011-09-25 22:01 Ted Assigned To Uli60 => Ted
2011-09-25 22:12 Ted Note Added: 0002516
2011-09-25 22:12 Ted Status fix available => needs review & testing
2011-09-25 22:13 Ted Reviewed by => Ted
2011-09-25 22:13 Ted Note Added: 0002517
2011-09-25 22:15 Ted Source_changeset_attached => cacert-devel master 1fe69165
2011-09-27 20:15 illuminat Note Added: 0002541
2011-09-27 20:16 illuminat Note Edited: 0002541 View Revisions
2011-09-27 23:12 NEOatNHNG Source_changeset_attached => cacert-devel testserver 7a9f8e71
2011-10-01 07:24 INOPIAE Note Added: 0002557
2011-10-01 13:38 Uli60 Note Added: 0002558
2011-10-01 13:47 Uli60 Relationship added related to 0000990
2011-10-11 11:49 Uli60 Note Added: 0002589
2011-10-11 11:49 Uli60 Assigned To Ted => Uli60
2011-10-11 11:49 Uli60 Status needs review & testing => ready to deploy
2011-10-11 20:15 NEOatNHNG Note Added: 0002590
2011-10-11 20:15 NEOatNHNG Status ready to deploy => needs work
2011-11-24 17:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver 2407784c
2011-11-24 17:20 NEOatNHNG Source_changeset_attached => cacert-devel testserver f0fcdada
2012-01-21 14:00 NEOatNHNG Relationship added related to 0001006