0000893: Extend Delete account feature for support

ID	Project	Category	View Status	Date Submitted	Last Update

0000893	Main CAcert Website	Audit issues	public	2010-11-18 21:11	2014-01-08 00:21

Reporter	law	Assigned To	INOPIAE
Priority	high	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	fixed
Product Version	2010 Q4
Target Version	2013 Q2	Fixed in Version	2013 Q3

Summary	0000893: Extend Delete account feature for support
Description	The support interface should be extended to simplify account deletion for Support Engineers. The UI should be extended by additional fields for the delete account button: A textfield for entering an arbitration number in the form aYYYYMMDD.X, a checkbox whether to mark the account as deleted. When hitting the submit button a confirmation page should be displayed containing some information of the user to make sure the right user is deleted (e.g. Names and primary mail address). After positive confirmation all the procedures described under https://wiki.cacert.org/Arbitrations/Training/Lesson20 and https://wiki.cacert.org/comma/Support/SE/Manual should be executed so that no further interaction of the support engineer with the system is required.
Additional Information	Have a checkbox "display all account information" and a button "delete account". When clicking the button a next page is displayed. When the first checkbox is set, all information required to be printed out for an arbitrator is displayed. Then there is a checkbox "I am authorised to delete this account", a textfield entering the arbitration number (or support ticket), and a submit button. When this is clicked all steps are executed automatically. https://lists.cacert.org/wws/arc/cacert-arbitration/2011-02/msg00015.html
Tags	No tags attached.

Reviewed by	Ted, NEOatNHNG, BenBE
Test Instructions

related to	0001025	needs work	NEOatNHNG	Domain Dispute strange behaviour / Domain Dispute issue
related to	0001026	needs work	Uli60	Server Certificate was revoked but not by the user
related to	0001210	new	INOPIAE	Problem with Delete account procedure
parent of	0001177	closed	BenBE	Combine wot.inc.php, notary.inc.php and temp-function.php
related to	0001134	closed	NEOatNHNG	Delete the board flag thourougly in all parts of our software
related to	0000407	closed	Uli60	Need to deal with passing away users
related to	0000482	closed		Certificates are automatically revoked on deletion of email address
child of	0001136	closed	BenBE	Extend SE console with the functionality to revoke all user certificates of an user account
child of	0001138	closed	NEOatNHNG	Implement to log the SE activity

INOPIAE 2012-12-15 13:37 updater ~0003435	pushed the fix to https://github.com/INOPIAE/CAcert/tree/bug-893

INOPIAE 2013-01-08 08:14 updater ~0003600 Last edited: 2013-01-08 08:15	Tested with serveral accounts Create test account log in to test account add features login with SE account delete test account unblock test account reset password login to test account Account 1: primary email adress, German language setting Findings: new email adress arbitrationnumber@c.o. as primary address ->ok name entries set to arbitration number ->ok DoB 1900-01-01 ->ok account blocked ->ok Secret Q&A reset to random values ->ok Logged in account: language setting to English -> ok location set to Denistone East, New South Wales, Australia ->ok Account 2: two email addresses, one domain, several client certificates Findings from Account 1: Additional: only primary email address arbitrationnumber@c.o left ->ok domain deleted -> ok Logged in account: all client sertificates revoked ->ok Account 3: primary email adress, 100 AP, 20 EP, announcements flags on, all flags set Findings from Account 1: Additional: all announcment flags set to 0 ->ok all flags set to 0 ->ok Account 4: primary email address, location Bonn, German as default language, to secondary languages not English, I want to be listed with comment Findings from Account 1: Additional logged in: location set to Denistone East, New South Wales, Australia ->ok language only English as default ->ok I do not want to be listed without comment -> ok Not tested revokation of server certificate Additional findings: CCA is not changed ->ok Trainings are not chnaged ->ok Assurances stay ->ok All tested features work as designed. =>ok Client certificates should have the login flag to 0. The new email address should be checked if it is already in use.

Werner Dworak 2013-01-08 17:47 updater ~0003612	Tested with 2 accounts so far. Account 1: Present account, 1 primary email address, German language setting, Location Ulm, assured to 95 points, valid client certificate, all Announcement flags set. delete test account unblock test account reset password login to test account Basic Findings: new email address arbitrationnumber@c.o. as primary address -> ok name entries set to arbitration number -> ok DoB 1900-01-01 -> ok account blocked -> ok Secret Q&A reset to random values -> ok Logged in account: language setting to English -> ok location set to Denistone East, New South Wales, Australia ->ok CCA is not changed ->ok Additional findings: Client certificate revoked -> ok Announcement flags cleared -> ok Trainings are not changed -> ok Assurances stay -> ok Account 2: 4 email addresses, 4 client certificates, 2 domains, all usual flags were set. Create test account log in to test account add features Renew client certificates, see bug 000429 login with SE account delete test account unblock test account reset password login to test account Basic Findings: a above Additional findings: all other email addresses cleared -> ok all 8 Client certificate revoked -> ok Announcement flags cleared -> ok All other flags cleared -> ok GPG certificates are unchanged -> so far ok, GPG issues not yet processed. domains deleted -> ok Trainings are not changed -> ok Assurances stay -> ok again board flag created strange behaviour, but on live system extinct, so no real problem. Server certificates were not tested All tested features work as designed. => ok One exception: Client certificates should have the login flag cleared.

INOPIAE 2013-01-08 21:07 updater ~0003615	Added new patch with client cert login flag and email check if arbitrationnumber@c.o. exits

Werner Dworak 2013-01-09 09:20 updater ~0003626	Account 3: similar to Account 2 above, really all flags set including "Board Member", "Lock Account" and "Block Assurer". Findings as above, additional: Check if arbitrationnumber@c.o. exists -> ok All flags cleared including board flag -> ok Client cert login flag NOT cleared -> Error

INOPIAE 2013-01-12 23:20 updater ~0003643	Account 1: primary email adress, German language setting, one client cert, one domain, one server cert Findings: new email adress arbitrationnumber@c.o. as primary address ->ok name entries set to arbitration number ->ok DoB 1900-01-01 ->ok account blocked ->ok Secret Q&A reset to random values ->ok no additional email addresses =>ok no domain =>ok Logged in account: language setting to English -> ok location set to Denistone East, New South Wales, Australia ->ok client cert revoked and login disabled =>ok server cert no domains visible =>ok =>ok

Werner Dworak 2013-01-13 02:19 updater ~0003644 Last edited: 2013-01-13 07:14	Account 4: primary email adress, 3 secondary email addresses, German language setting, 4 client cert, 2 domains, no server certs. Account was fully assured, the 4 client certificates were renewed, a mutual assurance was done with the old account werner.dworak@cacert.org. Findings: new email address arbitrationnumber@c.o. as primary address -> ok secondary email addresses removed -> ok name entries set to arbitration number -> ok DoB 1900-01-01 -> ok account blocked -> ok Secret Q&A reset to random values -> ok no domain => ok Logged in account: language setting to English -> ok location set to Denistone East, New South Wales, Australia -> ok all 8 client cert revoked and login disabled => ok in CCA acceptance menu all 3 lines correctly filled for both accounts (bug 1137) -> ok => ok

Uli60 2013-04-30 20:44 updater ~0003931	created test account ap 100, ep 50, cats passed login to admin account, search user starting "Delete Account" form shows: Username from arbitration number.: adding arbitration number: a20130501.1 user form displays fields filled with a20130501.1 => FAIL requires check for correct format of arbitration number + unique sequence number this also should be added to the discription in the form => Arbitration # + sequence number (Z) [aYYYYMMDD.X.Z] Username is missleading in current form, as the form requires the arbitration number + sequence number and not a name of whoever else (Arbitrator? Support engineers name?)

Uli60 2013-04-30 21:51 updater ~0003932	2 users created both 100 AP, 50 EP, CATS passed 2nd user +flags: Support, Codesigning, OA, TTPadmin, LocAdmin delete user1 all name fields have a20130430.1.1 => ok dob -> 1900 => ok announcements OFF => ok all flags reset except locked => ok lost pwd details randomized => ok Account State code: 4 => ok => Ok delete account 0000002 using a20130430.1.1 The email address 'a20130430.1.1@cacert.org' is already in a different account. Can't continue. => OK search again for user 0000002 user has all "old" settings (as not processed previously) => OK delete account 0000002 using a20130430.1.2 resets all field names to a20130430.1.2 => ok dob -> 1900 => ok all flags reset to 0 except locked => ok (OrgAdmin has no links) so therefor ok ... lost pwd details -> randomized => ok Account State code: 4 => ok => OK

MartinGummi 2013-04-30 22:30 updater ~0003933	delete account with a20111122.1.1 ... works => OK

MartinGummi 2013-04-30 22:46 updater ~0003935	Test User with GPG Key bug893@acme.com Konto-Daten von bug893@acme.com E-Mail: bug893@acme.com Vorname: Weitere Vornamen: Familienname: Namenszusatz: Geburtsdatum: CCA accepted: Ja Trainings: show Ist Assurer: 1 Gesperrter Assurer: 0 Konto-Sperrung: 0 Code-Signierung: 0 Organisations-Assurer: 0 TTP-Admin: 0 Ortsdaten-Admin: 0 Admin: 0 Werbungs-Admin: 0 (0 = none, 1 = submit, 2 = approve) Tverify-Konto: 0 Allgemeine Ankündigungen: 1 Landesankündigungen: 1 Regionale Ankündigungen: 1 Ankündigungen innerhalb von 200 km: 1 Kennwort ändern: Kennwort ändern Konto löschen: Konto löschen Zeige Fragen bei verlorenem Kennwort Assurance-Punkte: 100 Konto-Status Zertifikate Zertifikatstyp: Summe Gültig Abgelaufen Widerrufen Zuletzt ablaufend Server: Keine Client: Keine GPG: 1 1 0 2014-05-01 Org-Server: Keine Org-Client: Keine del with a20111122.1.5 string(75) "select from `emailcerts` where `memid`='175066' and `expire`>NOW()-9086400" bool(false) bool(false) string(76) "select from `emailcerts` where `memid`='175066' and `revoked`>NOW()-9086400" bool(false) bool(false) The CCA retention time for at least one certificate is not over. Can't continue.

INOPIAE 2013-04-30 23:07 updater ~0003936	Tried to delete an account: missed to enter a Arbitration # + sequence number => error message => ok entered a non Arbitration # + sequence number => error message => ok entered an Arbitration # + sequence number that is already used => error message => ok try to delete account with org admin => error message =>ok try to delete account with running client cert => error message => ok no server cert, no gpg cert to test delete account without preconditions above => works => =>ok

MartinGummi 2013-04-30 23:15 updater ~0003938	del bug893@acme.com with a20111122.1.6 The CCA retention time for at least one certificate is not over. Can't continue. => ok

Uli60 2013-04-30 23:30 updater ~0003942	created new user #1 100 AP, 50 EP, CATS passed OrgAdmin True add user as OrgAssurer to org with 0 admins after action => 1 org assurer created 1 class3 client cert => 1166, exp 2015-05-01 => ok adding domain to useraccount server cert keysize 512 => error message The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki server cert keysize 1024 server cert class3, serno 1167, expires 2015-04-30 => ok adding domain to org org client cert, class3 bug893.tuser1h, serno 1168, expires 2014-05-01 => ok (1 year) => ok org server cert, class3 server1, serno 1169, expires 2015-04-30 => ok (1 year) => ok delete account using a20130430.1.1 (exists) reports -> exists => ok using a20130430.1 (incomplete) You did not enter an arbitration number entry. => ok (maybe varied in report text Reference number you've added is incomplete or invalid format) using a20130430.2.1.3 (to much numbers) You did not enter an arbitration number entry. => ok using a20130430.3.* => err => ok using a20130430.3.# => err => ok using users email addr => err => ok using a20130430.1.3 (valid arb# syntax) The CCA retention time for at least one certificate is not over. Can't continue. => ok nothing happened (all data remains) revoke all certs => window pops up => accepting => ok admin console, search user again displays all certs as valid as before revoke certs routine doesn't work as expected see bug 0001136 login to user account revoke user client cert revoke user server cert revoke org client cert revoke org server cert login admin user, search + display user certificates table: total all 1, valid all 0, revoked all 1 (except gpg key) => ok, as expected delete account using a20130430.2.1 (valid syntax) The CCA retention time for at least one certificate is not over. Can't continue. => ok, as expected

Werner Dworak 2013-05-01 18:14 updater ~0003970	Tried to delete an account: missed to enter a Arbitration # + sequence number => error message => ok entered a Arbitration # + sequence number with wrong syntax => error message => ok Formal correct arbitration number but with wrong contents is not rejected --> acceptable entered an Arbitration # + sequence number that is already used => error message => ok try to delete account with org admin => error message =>ok try to delete account with running client cert => error message => ok no server cert, no gpg cert have been tested delete account without preconditions above => works => ok

INOPIAE 2013-05-14 23:29 updater ~0004001	please review as at least 3 tester approved the bug

BenBE 2013-07-21 22:28 updater ~0004176	Initial patch of bug 0001177 merged and ready to be tested. This only removes wot.inc.php for now; temp_function.php will follow as soon as the initial patch for bug 0001177 is tested.

Uli60 2013-07-23 23:26 updater ~0004187	bug893.t2user1@w.d 100 AP, 50 EP setting flags: is Org Assurer is Location Admin create client cert class1, name included enable login don't accept CCA Next error msg: You did not accept the CAcert Community Agreement (CCA), hit the back button and try again. => ok hit back create client cert class1, name included enable login add comment text accept CCA Next next page .. keysize option box: high / middle using high -> create cert req popup box .. creating cert result page: 3 links: Install the certificate into your browser https://cacert1.it-sls.de/account.php?id=6&cert=290503&install Download the certificate in PEM format https://cacert1.it-sls.de/account.php?id=6&cert=290503&format=pem Download the certificate in DER format https://cacert1.it-sls.de/account.php?id=6&cert=290503&format=der displaying Begin/End cert block on page Information about cert renew/revoke/delete Status valid Email Serno 4f40 Revoked not revoked expires 2013-08-22 22:19:59 (1 month, ok on testserver) login enabled comment as added in edit form [change settings] button clicking [change settings] returns to "my account" client certs view https://cacert1.it-sls.de/account.php?id=5 login is disabled => fail re-add flag for login response: Certificate settings have been changed. https://cacert1.it-sls.de/account.php?id=5 now displays login -> enabled at this point its ok create client cert ... displaying results page with [change settings] clicking [change settings] removes the "enabled login" flag => this is a problem adding a domain, verifying domain, domain confirmed creating server cert, keysize 2048 new server cert class1 adding comment server cert comment #1 pasting csr no CCA acceptance error: You did not accept the CAcert Community Agreement (CCA), hit the back button and try again. => ok hit back class1 adding comment server cert comment #1 pasting csr CCA acceptance [submit] next page displays common name [Submit] below is your cert [...] view server certs commonName ok serno 4f49 expires 2013-08-22 23:05:03 comment as entered => ok despite the fact, that Org Assurer + Location Admin have been set, there is no Org Assurance section in the menu list checking account under ca-mgr1 shows no longer the expected flags ??? adding flags Org Assurer, Location Admin save flags displays flags set refresh user display doesn't show up org section logout, re-login now shows Org Client Certs Org Server Certs Org Admin => ok to be continued ...

Uli60 2013-07-26 10:43 updater ~0004189	(https://bugs.cacert.org/view.php?id=893#c4187 cont.) Preparing Org-Admin using other OA enabled account add new company, add bug893.t2user1@w.d to company as O-admin gtk added, added bug893.t2user1@w.d as org-admin re-login bug893.t2user1@ new org client certs ... ------------------------ ... adding bug893.t2user1@gtk Install cert ... is different form to the user client cert creation page has no txt, pem, der, cer selection installs direct into FF Click here to install your certificate. https://cacert1.it-sls.de/account.php?id=19&cert=898&install=1 serno 4F4B, expires 2013-08-02 (today + 7d on testserver = 1 year in production) => ok 2nd Org client cert created for admin email serno 4F4C, expires 2013-08-02 (today + 7d on testserver = 1 year in production) => ok Org Client certs view: lists 2 org client certs, => ok new org server cert ------------------- pasted csr Please make sure the following details are correct before proceeding any further lists details as entered for Org [Submit] serno 4f4d, expires 25.8.2013 (? -> 1 month -> 2 years on production) subject as predefined in Org configuration by Org-Assurer => ok Org Server certs view: lists 1 org server cert => ok preparation steps finished. Test 893: The support interface should be extended to simplify account deletion for Support Engineers. -------------------------------------------------------------------------------------------- login to another account with admin (SE) permissions sysadmin - find user - bug893.t2user1@ account state: CCA accepted: Yes Trainings: show Is Assurer: 1 Blocked Assurer: 0 Account Locking: 0 Code Signing: 0 Org Assurer: 1 TTP Admin: 0 Location Admin: 1 Admin: 0 Ad Admin: 0 (0 = none, 1 = submit, 2 = approve) Tverify Account: 0 General Announcements: 1 Country Announcements: 1 Regional Announcements: 1 Within 200km Announcements: 1 Change Password: Change Password Delete Account: Delete Account Show Lost Password Details Assurance Points: 150 1 verified domain assurances user got -> 3 (total 100 AP) => ok assurances user gave -> 25 (total 50 EP) => ok Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 1 1 0 0 2013-08-22 Client: 4 4 0 0 2013-08-22 GPG: None Org Server: 1 1 0 0 2013-08-25 Org Client: 2 2 0 0 2013-08-02 [revoke certs] popup: Are you sure you want to revoke all private certificates? [Ok] new certs state: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 1 0 0 1 2013-08-22 Client: 4 0 0 4 2013-08-22 GPG: None Org Server: 1 1 0 0 2013-08-25 Org Client: 2 2 0 0 2013-08-02 moves 1 user server cert and 4 user client certs to column revoked => ok org client + server certs untouched => ok Procedure "Delete account" --------------------------- new form Email: \| bug893.t2user1@w.d New Username from arbitration number + sequence number a20xxyyzz.a.b: \| [......] enter ticket number -> a20130726.1 -> [Yes] error: You did not enter an arbitration number entry. => ok browser back button enter ticket number -> a20130726.1.1 -> [Yes] error: The CCA retention time for at least one certificate is not over. Can't continue. => ok there are still some other requirements that prevents deletion of the test account but currently this is ok have to be checked separately once the certs expiration date has passed Create test account 0000002 bug893.t2user2@ filled 100 AP set isAssurer flag 0 EP create 1 client (for CATS test) serno 4f4e, expires 2013-08-25 (1 month -> 2 years on production) => ok Create test account 0000003 bug893.t2user3@ filled 100 AP login to an SE enabled account sysadmin - find user - bug893.t2user2@ account state: CCA accepted: Yes Trainings: show Is Assurer: 1 Blocked Assurer: 0 Account Locking: 0 Code Signing: 0 Org Assurer: 0 TTP Admin: 0 Location Admin: 0 Admin: 0 Ad Admin: 0 (0 = none, 1 = submit, 2 = approve) Tverify Account: 0 General Announcements: 1 Country Announcements: 1 Regional Announcements: 1 Within 200km Announcements: 1 Change Password: Change Password Delete Account: Delete Account Show Lost Password Details Assurance Points: 100 0 domains => ok Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: None Client: 1 1 0 0 2013-08-25 GPG: None Org Server: None Org Client: None => ok Delete Account a20130726.1 -> [Yes] error: You did not enter an arbitration number entry. => ok a20130726.1.1 -> [Yes] error: The CCA retention time for at least one certificate is not over. Can't continue. => ok find user bug893.t2user2@ [revoke certs] -> [Ok] Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: None Client: 1 0 0 1 2013-08-25 GPG: None Org Server: None Org Client: None moves 1 client cert from valid to revoked column a20130726.1.1 -> [Yes] error: The CCA retention time for at least one certificate is not over. Can't continue. => ok sysadmin - find user - bug893.t2user3@ CCA accepted: Yes Trainings: show Is Assurer: 0 Blocked Assurer: 0 Account Locking: 0 Code Signing: 0 Org Assurer: 0 TTP Admin: 0 Location Admin: 0 Admin: 0 Ad Admin: 0 (0 = none, 1 = submit, 2 = approve) Tverify Account: 0 General Announcements: 1 Country Announcements: 1 Regional Announcements: 1 Within 200km Announcements: 1 Change Password: Change Password Delete Account: Delete Account Show Lost Password Details Assurance Points: 100 0 domains => ok Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: None Client: None GPG: None Org Server: None Org Client: None [revoke certs] -> sure? -> [OK] passed without errors => ok certs state unchanged => ok [delete account] a20130726.1.1 -> [Yes] results: a20130726.1.1@cacert.org's Account Details => ok Email: a20130726.1.1@cacert.org First Name: a20130726.1.1 Middle Name: a20130726.1.1 Last Name: a20130726.1.1 Suffix: a20130726.1.1 => all ok DoB reset to 1.1.1900 => ok CCA accepted: Yes Trainings: show Is Assurer: 0 Blocked Assurer: 0 Account Locking: 1 <====== !!! Code Signing: 0 Org Assurer: 0 TTP Admin: 0 Location Admin: 0 Admin: 0 Ad Admin: 0 (0 = none, 1 = submit, 2 = approve) Tverify Account: 0 General Announcements: 0 Country Announcements: 0 Regional Announcements: 0 Within 200km Announcements: 0 Change Password: Change Password Delete Account: Delete Account Show Lost Password Details Assurance Points: 100 => ok Account State Account inconsistency: Users record locked set code: 4 => ok certs state => ok overall summary bug 893 works as expected in preparation steps issues with client certs is related to another bug (don't know which one) have to be reported separately one proposal: certs handling results page should be "normalized" all result pages to look similar with 3 selection buttons for different types of signed keys and a text block with the key to copy&paste into a signed-key-certs-file summary of certs info as in current state of signed client cert results page will be helpful this was still a project by dirk (17+4 black jack) later moved over to NEO to centralize 4 sections of 4 different types of certs (user client, user server, org client, org server) into one function, with several steps of actions 1. form to enter data -or- paste csr 2. start signing procedure, select key strength 3. display signed cert page with 3 buttons of different output types 4. optional: display signed cert summary similar bugs: https://bugs.cacert.org/view.php?id=964 (17+4 Black Jack) https://bugs.cacert.org/view.php?id=440 (problem with SubjectAltName) current state: Patch bug 0000440 was defered (timo addtl. work), but this project stalls. What to do with bug 0000440 ? -> ASN.1 extract https://bugs.cacert.org/view.php?id=1017 chrome certs enrollment https://bugs.cacert.org/view.php?id=824 Org client cert UI improvements

NEOatNHNG 2013-08-06 20:50 administrator ~0004211	I have reviewed the patch and added a few fixes. Please retest and do a second review.

NEOatNHNG 2013-08-14 19:59 administrator ~0004227	Yet another fix. Please test and review.

BenBE 2013-08-14 21:54 updater ~0004229	Modified SQL queries look okay

INOPIAE 2013-08-20 20:24 updater ~0004240	I tried to deleted an account with certificates that have just been revoked. The deletion was rejected with the comment retention time not over. => ok I tried to delete an account with no certificates. It was annomized to aXXXX-YY-ZZ.m and locked. => ok =>ok

Uli60 2013-08-27 22:08 updater ~0004255	retest of testseries https://bugs.cacert.org/view.php?id=893#c4187 and https://bugs.cacert.org/view.php?id=893#c4189 login SE account sysadmin, find user: bug893.t2user1@w.d certs status: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 1 0 1 1 2013-08-22 Client: 4 0 4 4 2013-08-22 GPG: None Org Server: 1 0 1 0 2013-08-25 Org Client: 2 0 2 0 2013-08-02 (certs table -> bug-794 ?!?) client certs: total 4, ok but 4 counted expired and 4 counted revoked ?!?!? luckyly we've got the new dev image, that includes these test accounts checking into the emailcerts table, select by memid lists 4 certs all 4 revoked date set: 2013-07-26 11:56 and expired date set: 2013-08-22 22:58 revoked strikes expired (!) why is expired here listed ?!? bug794 fix lists http://git-cacert.it-sls.de/gitweb/?p=cacert-devel.git;a=blob;f=pages/account/43.php;h=51567103578aee619ead0c3a8b058462b084cdc6;hb=833fa287d843e0eae01c11f50f041b6ed7101b96 that expired and revoked will be shown seperated by each individual count assuming result: total: 4 expired: 0 revoked: 4 4 certs revoked 2013-07-26 before regular expire date 2013-08-22 so 4 revoked strikes 4 expire dates -> reopen 794 ?!? back to delete account routine ... delete account reference# -> a20130827.1 a20130827.1' is not a valid arbitration number entry. => ok find user bug893.t2user1@w.d delete account -> a20130827.1.1 The user is listed as Organisation Administrator. Can't continue. => ok find user: bug893.t2user2@ certs table: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: None Client: 1 0 1 1 2013-08-25 GPG: None Org Server: None Org Client: None 43.php show assurances user got (old) https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredto lists 3 (35,35,30) => ok show assurances user got (new) https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredto15 lists 3 (35,35,30) (30 was ok here, automatic assurances via ca-mgr1 adds 35,35,30) => ok show assurances user gave (old) https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredby lists 0 => ok show assurances user gave (new) https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredby15 lists 0 => ok delete account -> a20130827.1.2 returns to admin console with values a20130827.1.2 in it Account Locking: 1 -> ok all other flags 0 -> ok show lost password details -> shows all random data -> ok account state Users record locked set, code: 4 -> ok => ok find user: bug893.t2user3@ shows a20130726.1.1@cacert.org still "deleted" => ok

Ted 2013-09-04 06:47 administrator ~0004275	Reviewed combined bugs branch bug-1177-893-1136-1123-1137, 1a381b8..6a92669 Changes are OK, proposed minor change to make the code more easily readable.

INOPIAE 2013-09-04 19:41 updater ~0004282	I tried to deleted an account with certificates that have just been revoked. The deletion was rejected with the comment retention time not over. => ok I tried to delete an account with no certificates. It was annomized to aXXXX-YY-ZZ.m and locked. => ok =>ok

BenBE 2013-09-06 03:53 updater ~0004296	Tested by several testers and reviewed by two software assessors. Here we go!

wytze 2013-09-06 15:43 developer ~0004297	The jumbo patch for issue 0000893, 0001123, 0001136, 0001137 and 0001177 was installed on the production server on September 6, 2013. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2013-09/msg00003.html

INOPIAE 2013-09-13 20:52 updater ~0004311 Last edited: 2013-09-14 08:28	During an account deletion in the cause of the arbitration case a20100822.2 https://wiki.cacert.org/Arbitrations/a20100822.2 we run into the problem, that the account could not be deleted as one GPG certificate is still running. The solution would be to take out the date restriction for the GPG keys. includes/account.php line 3011

INOPIAE 2013-09-14 09:15 updater ~0004312	follow up problem is handled in bug 1210 https://bugs.cacert.org/view.php?id=1210

Date Modified	Username	Field	Change
2010-11-18 21:11	law	New Issue
2010-11-18 21:12	law	Project	test.cacert.org => Main CAcert Website
2011-02-22 00:07	Uli60	Category	=> Audit issues
2011-02-22 00:07	Uli60	Additional Information Updated
2012-12-15 13:37	INOPIAE	Note Added: 0003435
2012-12-15 13:37	INOPIAE	Assigned To	=> INOPIAE
2012-12-15 13:37	INOPIAE	Status	new => fix available
2012-12-15 13:38	INOPIAE	Assigned To	INOPIAE => BenBE
2013-01-07 00:00	BenBE	Reviewed by	=> BenBE
2013-01-07 00:00	BenBE	Assigned To	BenBE => NEOatNHNG
2013-01-07 00:00	BenBE	Status	fix available => needs review & testing
2013-01-08 08:14	INOPIAE	Note Added: 0003600
2013-01-08 08:15	INOPIAE	Note Edited: 0003600
2013-01-08 17:47	Werner Dworak	Note Added: 0003612
2013-01-08 21:07	INOPIAE	Note Added: 0003615
2013-01-09 04:23	Werner Dworak	Relationship added	related to 0001134
2013-01-09 09:20	Werner Dworak	Note Added: 0003626
2013-01-09 15:34	Werner Dworak	Relationship added	related to 0001136
2013-01-12 23:20	INOPIAE	Note Added: 0003643
2013-01-13 02:19	Werner Dworak	Note Added: 0003644
2013-01-13 02:21	Werner Dworak	Note Edited: 0003644
2013-01-13 07:14	Werner Dworak	Note Edited: 0003644
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 89f2393b
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 1e97dfb8
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 5cc7d23b
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 133c84fe
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 0e6d2f58
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable f527860f
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 3410bfce
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable dbf07cf3
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable d8b91ede
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable c9e6654e
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable dc2d7769
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 7d15d77c
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable a2f9b3f2
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable d2248e06
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 2afe8623
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 7e3f7f84
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 184afe08
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 9f09e36c
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 7327dd4f
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 5cbce719
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 69f4e081
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 1b792a92
2013-01-15 23:17	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 116d79fd
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 0f2ef2f9
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable f18c33b4
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable f5c10832
2013-01-15 23:17	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 247f5fb2
2013-01-17 23:05	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable c357aec3
2013-01-17 23:05	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 4f3dac72
2013-01-17 23:05	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable dd665a53
2013-01-17 23:05	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 89cdb66c
2013-01-17 23:05	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 2a10ade8
2013-01-18 00:05	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 8b720d62
2013-01-18 00:05	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable a0def68d
2013-01-18 00:36	INOPIAE	Relationship added	related to 0000407
2013-01-18 01:06	BenBE	Relationship added	child of 0001138
2013-01-23 00:30	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable ea5039ac
2013-01-23 00:30	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 72f91ec1
2013-02-12 21:45	Uli60	Relationship added	related to 0001025
2013-02-12 21:45	Uli60	Relationship added	related to 0001026
2013-02-12 22:05	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable ce39878d
2013-02-12 22:05	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 20fabacf
2013-02-19 22:25	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 436cd311
2013-02-19 22:25	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 207792cb
2013-04-30 20:44	Uli60	Note Added: 0003931
2013-04-30 21:40	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 885fbbe3
2013-04-30 21:40	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable b5e0f8e1
2013-04-30 21:40	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 25ca1d0a
2013-04-30 21:40	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 03ff2c3c
2013-04-30 21:40	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable d905a44b
2013-04-30 21:40	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable c1171d88
2013-04-30 21:40	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable e05ca1fd
2013-04-30 21:40	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable e8c6fa80
2013-04-30 21:40	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable fff44ca9
2013-04-30 21:51	Uli60	Note Added: 0003932
2013-04-30 22:00	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable fa2505d3
2013-04-30 22:00	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 5402ad76
2013-04-30 22:30	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable b0d02f1f
2013-04-30 22:30	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 8c4068f5
2013-04-30 22:30	MartinGummi	Note Added: 0003933
2013-04-30 22:46	MartinGummi	Note Added: 0003935
2013-04-30 23:00	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable c912f911
2013-04-30 23:00	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 27c8a1c6
2013-04-30 23:00	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable a7e362a2
2013-04-30 23:07	INOPIAE	Note Added: 0003936
2013-04-30 23:15	MartinGummi	Note Added: 0003938
2013-04-30 23:30	Uli60	Note Added: 0003942
2013-05-01 12:20	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 1a7d2027
2013-05-01 12:20	INOPIAE	Source_changeset_attached	=> cacert-devel testserver-stable 35f0ad04
2013-05-01 18:14	Werner Dworak	Note Added: 0003970
2013-05-01 18:55	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable f3949268
2013-05-01 18:55	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 4173e384
2013-05-14 23:29	INOPIAE	Note Added: 0004001
2013-05-14 23:29	INOPIAE	Status	needs review & testing => needs review
2013-05-14 23:30	INOPIAE	Product Version	=> 2010 Q4
2013-05-14 23:30	INOPIAE	Target Version	=> 2013 Q2
2013-05-14 23:43	INOPIAE	Relationship added	related to 0001177
2013-05-21 22:55	INOPIAE	Relationship added	related to 0000482
2013-07-21 15:41	BenBE	Relationship replaced	parent of 0001177
2013-07-21 22:15	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 70c84f82
2013-07-21 22:15	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable c0c47e65
2013-07-21 22:15	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable eb288d6c
2013-07-21 22:28	BenBE	Reviewed by	BenBE =>
2013-07-21 22:28	BenBE	Note Added: 0004176
2013-07-21 22:28	BenBE	Status	needs review => needs review & testing
2013-07-22 05:45	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 23ee6915
2013-07-22 05:45	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 32bec641
2013-07-22 05:53	BenBE	Relationship replaced	child of 0001136
2013-07-23 21:45	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable ac7d1bf8
2013-07-23 21:45	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 3cbac6cc
2013-07-23 21:45	BenBE	Source_changeset_attached	=> cacert-devel testserver-stable 56e83010
2013-07-23 23:26	Uli60	Note Added: 0004187
2013-07-26 10:43	Uli60	Note Added: 0004189
2013-07-31 20:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable e003c9fc
2013-07-31 20:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 945f334c
2013-07-31 20:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 8eda282b
2013-07-31 20:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 5e747610
2013-07-31 20:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 2116db1d
2013-07-31 20:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable ea42d51a
2013-08-06 20:50	NEOatNHNG	Reviewed by	=> NEOatNHNG
2013-08-06 20:50	NEOatNHNG	Note Added: 0004211
2013-08-06 22:05	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 0a982f8b
2013-08-14 19:40	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 7c528031
2013-08-14 19:40	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable acd4f0f9
2013-08-14 19:59	NEOatNHNG	Note Added: 0004227
2013-08-14 20:10	NEOatNHNG	Assigned To	NEOatNHNG => BenBE
2013-08-14 21:54	BenBE	Reviewed by	NEOatNHNG => NEOatNHNG, BenBE
2013-08-14 21:54	BenBE	Note Added: 0004229
2013-08-14 21:54	BenBE	Status	needs review & testing => needs testing
2013-08-20 20:24	INOPIAE	Note Added: 0004240
2013-08-27 14:47	NEOatNHNG	Assigned To	BenBE => Ted
2013-08-27 22:08	Uli60	Note Added: 0004255
2013-09-04 06:46	Ted	Reviewed by	NEOatNHNG, BenBE => Ted, NEOatNHNG, BenBE
2013-09-04 06:47	Ted	Note Added: 0004275
2013-09-04 06:48	Ted	Assigned To	Ted => BenBE
2013-09-04 19:41	INOPIAE	Note Added: 0004282
2013-09-06 03:53	BenBE	Status	needs testing => ready to deploy
2013-09-06 03:53	BenBE	Note Added: 0004296
2013-09-06 05:50	NEOatNHNG	Source_changeset_attached	=> cacert-devel release f543973b
2013-09-06 15:43	wytze	Note Added: 0004297
2013-09-06 15:43	wytze	Status	ready to deploy => solved?
2013-09-06 15:43	wytze	Fixed in Version	=> 2013 Q3
2013-09-06 15:43	wytze	Resolution	open => fixed
2013-09-13 20:52	INOPIAE	Note Added: 0004311
2013-09-13 20:52	INOPIAE	Assigned To	BenBE => INOPIAE
2013-09-13 20:52	INOPIAE	Status	solved? => needs work
2013-09-14 08:28	INOPIAE	Note Edited: 0004311
2013-09-14 09:13	INOPIAE	Relationship added	related to 0001210
2013-09-14 09:15	INOPIAE	Note Added: 0004312
2013-09-14 09:15	INOPIAE	Status	needs work => solved?
2014-01-08 00:21	INOPIAE	Status	solved? => closed

View Issue Details

Relationships

Activities

Issue History