View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000855Main CAcert Websiteaccount administrationpublic2010-09-01 02:182013-01-15 14:48
ReporterUli60 Assigned ToUli60  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Fixed in Version2012 Q3 
Summary0000855: Fix adding TTP assurance method on testserver (was: admin console lists "empty" and "Unknown" ...)
Descriptionworking on https://wiki.cacert.org/Arbitrations/a20091118.1 I've requested a long list of Assurances given of 2 users.
The result set lists an unknown count of "" and "Unknown" assurance types
Steps To Reproduce<website>/account.php?id=42
enter email
<website>/account.php?id=43&userid=<UID>&assuredby=yes
Additional Informationan old /pages/wot/6.php lists
$methods = array("Face to Face Meeting", "Trusted 3rd Parties", "Thawte Points Transfer", "Administrative Increase", "CT Magazine - Germany");
as possible assurance methods
maybe this feature has been disabled in the meanwhile as all special assurance programs are frozen ?!?
Notary: Method (enum) Kind of event, some examples: Face to Face Meeting ("Normal" Assurance), Administrative Increase (2 points for assuring someone else), Thawte Points Transfer, Trusted 3rd Parties
TagsNo tags attached.
Attached Files
diff --git a_pages_wot_6.php b_pages_wot_6.php.txt (838 bytes)    
diff --git a/pages/wot/6.php b/pages/wot/6.php
index bc37aa2..f8be9d7 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -29,9 +29,9 @@
 
        if($_SESSION['profile']['ttpadmin'] == 1 && $_SESSION['profile']['board'] == 1)
        {
-               $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "Thawte Points Transfer", "Administrative Increase", "CT Magazine - Germany");
+               $methods = array("Face to Face Meeting", "Trusted Third Parties", "Thawte Points Transfer", "Administrative Increase", "CT Magazine - Germany");
        } else if($_SESSION['profile']['ttpadmin'] == 1) {
-               $methods = array("Face to Face Meeting", "Trusted 3rd Parties");
+               $methods = array("Face to Face Meeting", "Trusted Third Parties");
        }
 
        $cap = "/cap.php?";
diff --git a_pages_wot_6.php b_pages_wot_6.php.txt (838 bytes)   
Reviewed byTed, NEOatNHNG
Test Instructions

Relationships

related to 0000976 closedUli60 Main CAcert Website List of update request for webdb database structure upgrade with tables / fields 
related to 0000867 closededgarwahn Main CAcert Website code fix in /www/wot.php 
related to 0000863 needs workEva Main CAcert Website limitation to 2 ttp assurances 
related to 0000864 needs workBenBE Main CAcert Website enable TOPUP assurance type into the system (regarding TTP) 
related to 0000888 closedNEOatNHNG Main CAcert Website to add new assurance method TTP 
related to 0000827 closedegal Main CAcert Website Tverify points to be deprecated 
related to 0000980 needs workNEOatNHNG test.cacert.org Add to ca-mgr1 routine for Edit Notary table XYZ entry 
related to 0001074 closedUli60 Main CAcert Website Wrong display of method on points page wot.php?id=10 
related to 0001134 closedNEOatNHNG Main CAcert Website Delete the board flag thourougly in all parts of our software 

Activities

law

2010-09-01 13:22

administrator   ~0001700

Empty fields result from doing TTP asssurances. This is a software bug which probably does not need further investigation because of discontinuation of TTP and all other special assurance programmes.

However, the datatype for the method column of the notary in the database only knows "Trusted Third Parties" and the software uses "Trusted 3rd Parties". If there is a mismatch with the string and the enum type an empty string is inserted by the DBMS.
But the string "Unknown" can be inserted as well. This might be related to historic software (DBMS, DB structure, CAcert) used. In the current version I do not see any chance for the software to insert the string "Unknown" in the method field of the notary table.

A patch is attached.

Uli60

2010-09-11 12:38

updater   ~0001714

from investigations on
https://wiki.cacert.org/Arbitrations/a20091118.1
/pages/wot/6.php has never been changed from start

A form within /pages/wot/6.php links to
/www/wot.php
that lists in line 296 and 297 a switch, to replace
the coded "Trusted 3rd Parties" into "Trusted Third Parties"
but there is also an indication that a string
"Trusted third Parties" (lower Third) has been used some days ...
as this string is or'd in the replacement switch

An investigation on /www/wot.php has been started

Uli60

2010-09-12 22:15

updater   ~0001715

+ } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
+ $query .= ",\n`method`='Trusted Third Parties'";
---
revision 1.34
date: 2006/04/17 12:02:09;

This is the translation from webform "Trusted 3rd Parties" to
transfer-code 'Trusted Third Parties' that is also one of the
values in enum field method within the database.

like

mysql> show columns from cacert.notary like 'method';
+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------+------+-----+----------------------+-------+

| Field | Type | Null | Key | Default | Extra |

+--------+----------------------------------------------------------------------------------------------------------------------------------------------------------------+------+-----+----------------------+-------+

| method | enum('Face to Face Meeting','Trusted Third Parties','Thawte Points Transfer','Administrative Increase','CT Magazine - Germany','Temporary Increase','Unknown') | NO | | Face to Face Meeting | |

on test1.cacert.at

Uli60

2010-09-27 13:23

updater   ~0001724

this bug needs further investigation as TTP-Assisted-Assurance is now back active with the new TTP-Assisted-Assurance subpolicy
https://wiki.cacert.org/PolicyDecisions#p20100913 Draft in effect
also identified on https://bugs.cacert.org/view.php?id=867 testing

Uli60

2010-10-07 22:14

updater   ~0001747

fixing 0000867 did not fix this problem
problem persists
id date name points location method
255428 08.10.2010 someone 115 TTP ""

method field is empty

Uli60

2011-08-31 13:01

updater   ~0002387

line in /www/wot.php

+ } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
+ $query .= ",\n`method`='Trusted Third Parties'";

needs to be advanced with the corrected "Trusted Third Parties" string, otherwise no assurance method will be used in the query to insert the record into the notary table

=>

- } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
+ } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted Third Parties' || $_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {

this works at least on local testserver

Uli60

2011-08-31 13:03

updater   ~0002388

marios fix https://bugs.cacert.org/file_download.php?file_id=127&type=bug
+ fix in /www/wot.php
https://bugs.cacert.org/view.php?id=855#c2387

Uli60

2011-09-13 23:17

updater   ~0002427

Last edited: 2011-09-13 23:24

 new /www/wot.php has the same problem:

line 299

- } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
+ } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted Third Parties' || $_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {


new /includes/wot.inc.php has the same problem (/pages/wot/15.php includes /includes/wot.inc.php)
line 337
- case 'Trusted 3rd Parties': // to be revoked in the future? limit to max 35 pts?
+ case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?

new /includes/notary.inc.php has NOT the same problem:
line 408 is "Third"
* case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?

Ted

2011-10-08 11:56

administrator   ~0002585

Created new branch bug-855, merged into testserver and installed on testserver

Ted

2011-10-08 12:01

administrator   ~0002586

Test results OK:

- Logged in as account with TTPAdmin privilege
- "Assure someone"
- Method list box now includes "Trusted Third Parties" ==> OK
- Assured user with 10 points and method "Trusted Third Parties" ==> OK
- Checked "My Points"/"New Calculation":
  - Assurance is listed as "Trusted Third Parties" ==> OK
  - No experience points awarded ==> OK according bug-827

NEOatNHNG

2011-10-25 16:42

administrator   ~0002641

I have reviewed the changes and found them good to go.

NEOatNHNG

2011-10-25 17:00

administrator   ~0002642

Actually I found a bug: if you have only TTPadmin and not Board flag set the comparison used a string with a wrong case. Please rereview and test.

INOPIAE

2011-11-19 09:52

updater   ~0002708

Adding new Assurance

Logged in as normal assurer => no choice => ok

Logged in as TTP admin => choice between F2F and TTP => ok
Assurance worked => ok
Points listing for assurer and assree shows method TTP => ok


Logged in as board member => no choice => ok

Logged in as TTP admin and Board member => choice between F2F, TTP, Thawte, Administrative Increase and CT => is this desired?

Uli60

2012-01-18 16:21

updater   ~0002778

Last edited: 2012-01-18 16:22

 test made on 2012-01-12:

admin user -> set TTPadmin flag on user with 150 pts (experienced assurer)
login with experienced assurer, ttpadmin flag enabled
assure someone
select a user with 0 pts yet
select box offers "Face 2 Face" and "TTP" assurance => OK
selecting "TTP assurance"
max points that can be given => 35 pts => OK
leaving "you've met the assuree face-2-face" checkbox empty
passing the assurance => OK

Display given assurances (old and new view):
lists last given TTP assurance with method "TTP" => OK

Login with user who received the TTP assurance
Display received assurances (old and new view):
lists received TTP assurance with method "TTP" => OK

overall test => OK

Uli60

2012-01-18 16:23

updater   ~0002779

2 tests done.
needs 2nd review and transfer to critical team

Ted

2012-01-19 18:41

administrator   ~0002780

Re-tested with a simple TTP Assurer Account (see https://bugs.cacert.org/view.php?id=855#c2586)

==> OK

Ted

2012-01-19 19:03

administrator   ~0002781

Did second review, all changes acceptable.

Handed off to critical admins and merged into release branch

wytze

2012-01-19 20:27

developer   ~0002782

The patch has been applied to the production server on January 19,2012. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2012-01/msg00005.html

Uli60

2012-03-27 02:50

updater   ~0002900

while testing several variations of TTPadmin settings under
https://wiki.cacert.org/Arbitrations/a20110118.1
I've discovered several errors with the board=1 flag set:

 * making 3 tests with 3 test accounts, all 100 assurance points, 50 experience points, assurer flag set. N#1 ttpadmin=1, N#2 board=1, N#3 ttpadmin=1 + board=1 set.
  || '''function''' || '''ttpadmin=1''' || '''board=1''' || '''ttpadmin=1, board=1''' ||
  || || user1 || user2 || user3 ||
  || assure someone, method TTP || TTP-a-a passed || TTP-a-a not passed, passed with errors x^1^ || TTP-a-a passed x^2^ ||

   . x^1^) first error: all 3 checkboxes have to be checked, no TTP assurance option (ok), otherwise error/warning message, second error: assurance method displays <empty> ""

   . x^2^) one error: option box lists 4 assurance methods, also Thawte, allows -++ checkboxes selected (ok), method TTP ok

  * TTP-assisted-assurance can only be passed if TTPadmin flag is set. In combination TTPadmin=1 and Board=1 TTP-assisted-assurance passes. there are bugs if board flag is set only (empty assurance method in case of Assurance)

Uli60

2012-03-27 02:55

updater   ~0002901

case re-opened after finding a bug if board flag is set
w/ or w/o TTPadmin flag setting

if board=1 is set, assure someone results in <empty> assurance method assurances
   no option box to select "other" assurance methods

if board=1 and ttpadmin=1 set, assure someone opens a selection box that allows selection of one of 4 assurance methods (eg f2f, ttp, Thawte, C't
TTP assurance results in correct assurance method TTP

recomendation: check critical system if board=1 is set on a user account

INOPIAE

2012-03-27 21:25

updater   ~0002903

I created 3 acounts all 100 EP, 50 AP and CATS passed.
Account 1 TTP Admin Flag
Method TTP:
Certify: no
Confirm assurance: no
Confirm AP: yes
Points: Empty
ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert
=> ok

Certify: no
Confirm assurance: yes
Confirm AP: no
Points: Empty
ERROR: You must enter the number of points you wish to allocate to this person.
=> ok

Certify: no
Confirm assurance: yes
Confirm AP: no
Points: 35
Entered
=> ok

Certify: no
Confirm assurance: yes
Confirm AP: yes
Points: 35
Entered
=> ok

Method F2F:
Shows the same results

Account 2 Board Flag
Only F2F available
All variantions work as desired
The point list of the recipient shows the method correct.

Account 1 TTP Admin Flag
Method TTP:
Certify: no
Confirm assurance: no
Confirm AP: yes
Points: Empty
ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert
=> ok

Certify: no
Confirm assurance: yes
Confirm AP: no
Points: Empty
ERROR: You must enter the number of points you wish to allocate to this person.
=> ok

Certify: no
Confirm assurance: yes
Confirm AP: no
Points: 35
Entered
=> ok

Certify: no
Confirm assurance: yes
Confirm AP: yes
Points: 35
Entered
=> ok

Method F2F:
Shows the same results

I did not test the other option from the dropdown

Uli60

2012-11-28 12:25

updater   ~0003371

Permissions review script / Flags removal under
Arbitration a20110118.1
https://wiki.cacert.org/Arbitrations/a20110118.1
Intermediate Ruling 0000005, 2012-06-23
under patch bug 0001003 dated 2012-06-21 to reset the board and tverify flags
executed by critical team 2012-06-23:
Board flags removed: 2 members affected
Tverify flags removed: 83 (!) members affected

findings under Arbitration a20121127.1
https://wiki.cacert.org/Arbitrations/a20121127.1
TTP-assisted-assurance works on production system as expected

bug is finaly fixed.

Issue History

Date Modified Username Field Change
2010-09-01 02:18 Uli60 New Issue
2010-09-01 13:22 law Note Added: 0001700
2010-09-01 13:23 law File Added: diff --git a_pages_wot_6.php b_pages_wot_6.php.txt
2010-09-11 12:38 Uli60 Note Added: 0001714
2010-09-12 22:15 Uli60 Note Added: 0001715
2010-09-27 13:23 Uli60 Note Added: 0001724
2010-10-07 22:14 Uli60 Note Added: 0001747
2011-08-31 11:47 Uli60 Relationship added related to 0000976
2011-08-31 12:05 Uli60 Relationship added related to 0000863
2011-08-31 12:05 Uli60 Relationship added related to 0000864
2011-08-31 12:06 Uli60 Relationship added related to 0000888
2011-08-31 13:01 Uli60 Note Added: 0002387
2011-08-31 13:03 Uli60 Note Added: 0002388
2011-08-31 13:03 Uli60 Assigned To => Uli60
2011-08-31 13:03 Uli60 Status new => fix available
2011-09-13 23:17 Uli60 Note Added: 0002427
2011-09-13 23:19 Uli60 Note Edited: 0002427
2011-09-13 23:21 Uli60 Note Edited: 0002427
2011-09-13 23:24 Uli60 Note Edited: 0002427
2011-09-14 23:02 Uli60 Relationship added related to 0000827
2011-09-17 12:13 Uli60 Relationship added related to 0000980
2011-09-20 09:05 Uli60 Summary admin console lists "empty" and "Unknown" Assurance types on listing given Assurances => Fix adding TTP assurance method on testserver (was: admin console lists "empty" and "Unknown" ...)
2011-10-08 11:46 Ted Assigned To Uli60 => Ted
2011-10-08 11:55 Ted Source_changeset_attached => cacert-devel testserver 4d6e9db1
2011-10-08 11:56 Ted Note Added: 0002585
2011-10-08 11:56 Ted Status fix available => needs review & testing
2011-10-08 12:01 Ted Note Added: 0002586
2011-10-08 12:01 Ted Assigned To Ted =>
2011-10-08 13:37 Ted Reviewed by => Ted
2011-10-20 20:01 NEOatNHNG Assigned To => NEOatNHNG
2011-10-25 16:42 NEOatNHNG Note Added: 0002641
2011-10-25 16:42 NEOatNHNG Status needs review & testing => needs testing
2011-10-25 17:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver 0db74664
2011-10-25 17:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver 59b48d4d
2011-10-25 17:00 NEOatNHNG Note Added: 0002642
2011-10-25 17:00 NEOatNHNG Assigned To NEOatNHNG => Ted
2011-10-25 17:00 NEOatNHNG Status needs testing => needs review & testing
2011-10-25 17:01 NEOatNHNG Reviewed by Ted => NEOatNHNG
2011-11-19 09:52 INOPIAE Note Added: 0002708
2012-01-18 16:21 Uli60 Note Added: 0002778
2012-01-18 16:22 Uli60 Note Edited: 0002778
2012-01-18 16:23 Uli60 Note Added: 0002779
2012-01-18 16:23 Uli60 Status needs review & testing => needs review
2012-01-19 18:41 Ted Note Added: 0002780
2012-01-19 19:03 Ted Reviewed by NEOatNHNG => Ted, NEOatNHNG
2012-01-19 19:03 Ted Note Added: 0002781
2012-01-19 19:04 Ted Status needs review => ready to deploy
2012-01-19 19:05 Ted Source_changeset_attached => cacert-devel release f7129656
2012-01-19 19:05 Ted Source_changeset_attached => cacert-devel release b87800ef
2012-01-19 20:27 wytze Note Added: 0002782
2012-01-19 20:27 wytze Status ready to deploy => solved?
2012-01-19 20:27 wytze Resolution open => fixed
2012-03-27 02:50 Uli60 Note Added: 0002900
2012-03-27 02:55 Uli60 Note Added: 0002901
2012-03-27 02:55 Uli60 Status solved? => needs work
2012-03-27 20:33 Ted Assigned To Ted =>
2012-03-27 21:25 INOPIAE Note Added: 0002903
2012-06-14 22:51 Uli60 Relationship added related to 0000867
2012-06-14 22:52 Uli60 Relationship added related to 0001074
2012-11-28 12:25 Uli60 Note Added: 0003371
2012-11-28 12:25 Uli60 Status needs work => solved?
2012-11-28 12:25 Uli60 Assigned To => Uli60
2012-11-28 12:25 Uli60 Status solved? => closed
2013-01-09 04:29 Werner Dworak Relationship added related to 0001134
2013-01-15 14:48 Werner Dworak Fixed in Version => 2012 Q3