View Issue Details

IDProjectCategoryView StatusLast Update
0000893Main CAcert WebsiteAudit issuespublic2014-01-08 00:21
ReporterlawAssigned ToINOPIAE 
PriorityhighSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version2010 Q4 
Target Version2013 Q2Fixed in Version2013 Q3 
Summary0000893: Extend Delete account feature for support
DescriptionThe support interface should be extended to simplify account deletion for Support Engineers.

The UI should be extended by additional fields for the delete account button: A textfield for entering an arbitration number in the form aYYYYMMDD.X, a checkbox whether to mark the account as deleted.

When hitting the submit button a confirmation page should be displayed containing some information of the user to make sure the right user is deleted (e.g. Names and primary mail address).

After positive confirmation all the procedures described under
https://wiki.cacert.org/Arbitrations/Training/Lesson20 and
https://wiki.cacert.org/comma/Support/SE/Manual
should be executed so that no further interaction of the support engineer with the system is required.
Additional InformationHave a checkbox "display all account information" and a button "delete
account". When clicking the button a next page is displayed. When the
first checkbox is set, all information required to be printed out for an
arbitrator is displayed.
Then there is a checkbox "I am authorised to delete this account", a
textfield entering the arbitration number (or support ticket), and a
submit button. When this is clicked all steps are executed automatically.
https://lists.cacert.org/wws/arc/cacert-arbitration/2011-02/msg00015.html
TagsNo tags attached.
Reviewed byTed, NEOatNHNG, BenBE
Test Instructions

Relationships

related to 0001025 needs workNEOatNHNG Domain Dispute strange behaviour / Domain Dispute issue 
related to 0001026 needs workUli60 Server Certificate was revoked but not by the user 
related to 0001210 newINOPIAE Problem with Delete account procedure 
parent of 0001177 closedBenBE Combine wot.inc.php, notary.inc.php and temp-function.php 
related to 0001134 closedNEOatNHNG Delete the board flag thourougly in all parts of our software 
related to 0000407 closedUli60 Need to deal with passing away users 
related to 0000482 closed Certificates are automatically revoked on deletion of email address 
child of 0001136 closedBenBE Extend SE console with the functionality to revoke all user certificates of an user account 
child of 0001138 closedNEOatNHNG Implement to log the SE activity 

Activities

INOPIAE

2012-12-15 13:37

updater   ~0003435

pushed the fix to https://github.com/INOPIAE/CAcert/tree/bug-893

INOPIAE

2013-01-08 08:14

updater   ~0003600

Last edited: 2013-01-08 08:15

View 2 revisions

Tested with serveral accounts
Create test account
log in to test account
add features
login with SE account
delete test account
unblock test account
reset password
login to test account

Account 1: primary email adress, German language setting

Findings:
new email adress arbitrationnumber@c.o. as primary address ->ok
name entries set to arbitration number ->ok
DoB 1900-01-01 ->ok
account blocked ->ok
Secret Q&A reset to random values ->ok
Logged in account:
language setting to English -> ok
location set to Denistone East, New South Wales, Australia ->ok

Account 2: two email addresses, one domain, several client certificates

Findings from Account 1:
Additional:
only primary email address arbitrationnumber@c.o left ->ok
domain deleted -> ok
Logged in account:
all client sertificates revoked ->ok

Account 3: primary email adress, 100 AP, 20 EP, announcements flags on, all flags set

Findings from Account 1:
Additional:
all announcment flags set to 0 ->ok
all flags set to 0 ->ok

Account 4: primary email address, location Bonn, German as default language, to secondary languages not English, I want to be listed with comment

Findings from Account 1:
Additional logged in:
location set to Denistone East, New South Wales, Australia ->ok
language only English as default ->ok
I do not want to be listed without comment -> ok

Not tested revokation of server certificate

Additional findings:
CCA is not changed ->ok
Trainings are not chnaged ->ok
Assurances stay ->ok

All tested features work as designed. =>ok


Client certificates should have the login flag to 0.
The new email address should be checked if it is already in use.

Werner Dworak

2013-01-08 17:47

updater   ~0003612

Tested with 2 accounts so far.

Account 1: Present account, 1 primary email address, German language setting, Location Ulm, assured to 95 points, valid client certificate, all Announcement flags set.

delete test account
unblock test account
reset password
login to test account

Basic Findings:
new email address arbitrationnumber@c.o. as primary address -> ok
name entries set to arbitration number -> ok
DoB 1900-01-01 -> ok
account blocked -> ok
Secret Q&A reset to random values -> ok
Logged in account:
language setting to English -> ok
location set to Denistone East, New South Wales, Australia ->ok
CCA is not changed ->ok

Additional findings:
Client certificate revoked -> ok
Announcement flags cleared -> ok
Trainings are not changed -> ok
Assurances stay -> ok

Account 2: 4 email addresses, 4 client certificates, 2 domains, all usual flags were set.

Create test account
log in to test account
add features
Renew client certificates, see bug 000429
login with SE account
delete test account
unblock test account
reset password
login to test account

Basic Findings: a above

Additional findings:
all other email addresses cleared -> ok
all 8 Client certificate revoked -> ok
Announcement flags cleared -> ok
All other flags cleared -> ok
GPG certificates are unchanged -> so far ok, GPG issues not yet processed.
domains deleted -> ok
Trainings are not changed -> ok
Assurances stay -> ok
again board flag created strange behaviour, but on live system extinct, so no real problem.

Server certificates were not tested

All tested features work as designed. => ok

One exception: Client certificates should have the login flag cleared.

INOPIAE

2013-01-08 21:07

updater   ~0003615

Added new patch with client cert login flag and email check if arbitrationnumber@c.o. exits

Werner Dworak

2013-01-09 09:20

updater   ~0003626

Account 3: similar to Account 2 above, really all flags set including "Board Member", "Lock Account" and "Block Assurer".

Findings as above, additional:
Check if arbitrationnumber@c.o. exists -> ok
All flags cleared including board flag -> ok
Client cert login flag NOT cleared -> Error

INOPIAE

2013-01-12 23:20

updater   ~0003643

Account 1: primary email adress, German language setting, one client cert, one domain, one server cert

Findings:
new email adress arbitrationnumber@c.o. as primary address ->ok
name entries set to arbitration number ->ok
DoB 1900-01-01 ->ok
account blocked ->ok
Secret Q&A reset to random values ->ok
no additional email addresses =>ok
no domain =>ok
Logged in account:
language setting to English -> ok
location set to Denistone East, New South Wales, Australia ->ok
client cert revoked and login disabled =>ok
server cert no domains visible =>ok

=>ok

Werner Dworak

2013-01-13 02:19

updater   ~0003644

Last edited: 2013-01-13 07:14

View 3 revisions

Account 4: primary email adress, 3 secondary email addresses, German language setting, 4 client cert, 2 domains, no server certs.

Account was fully assured, the 4 client certificates were renewed, a mutual assurance was done with the old account werner.dworak@cacert.org.

Findings:
new email address arbitrationnumber@c.o. as primary address -> ok
secondary email addresses removed -> ok
name entries set to arbitration number -> ok
DoB 1900-01-01 -> ok
account blocked -> ok
Secret Q&A reset to random values -> ok
no domain => ok
Logged in account:
language setting to English -> ok
location set to Denistone East, New South Wales, Australia -> ok
all 8 client cert revoked and login disabled => ok
in CCA acceptance menu all 3 lines correctly filled for both accounts (bug 1137) -> ok

=> ok

Uli60

2013-04-30 20:44

updater   ~0003931

created test account
ap 100, ep 50, cats passed

login to admin account, search user
starting "Delete Account"

form shows:
Username from arbitration number.:

adding arbitration number: a20130501.1

user form displays fields filled with a20130501.1

=> FAIL


requires check for correct format of arbitration number + unique sequence number

this also should be added to the discription in the form =>

Arbitration # + sequence number (Z) [aYYYYMMDD.X.Z]

Username is missleading in current form, as the form requires the arbitration number + sequence number and not a name of whoever else (Arbitrator? Support engineers name?)

Uli60

2013-04-30 21:51

updater   ~0003932

2 users created
both 100 AP, 50 EP, CATS passed
2nd user +flags: Support, Codesigning, OA, TTPadmin, LocAdmin

delete user1

all name fields have a20130430.1.1 => ok
dob -> 1900 => ok
announcements OFF => ok
all flags reset except locked => ok
lost pwd details randomized => ok
Account State code: 4 => ok
=> Ok

delete account 0000002
using a20130430.1.1
The email address 'a20130430.1.1@cacert.org' is already in
a different account. Can't continue.
=> OK

search again for user 0000002
user has all "old" settings (as not processed previously)
=> OK

delete account 0000002
using a20130430.1.2
resets all field names to a20130430.1.2 => ok
dob -> 1900 => ok
all flags reset to 0 except locked => ok
(OrgAdmin has no links) so therefor ok ...
lost pwd details -> randomized => ok
Account State code: 4 => ok
=> OK

MartinGummi

2013-04-30 22:30

updater   ~0003933

delete account with a20111122.1.1 ... works => OK

MartinGummi

2013-04-30 22:46

updater   ~0003935

Test User with GPG Key bug893@acme.com

Konto-Daten von bug893@acme.com
E-Mail: bug893@acme.com
Vorname:
Weitere Vornamen:
Familienname:
Namenszusatz:
Geburtsdatum:
CCA accepted: Ja
Trainings: show
Ist Assurer: 1
Gesperrter Assurer: 0
Konto-Sperrung: 0
Code-Signierung: 0
Organisations-Assurer: 0
TTP-Admin: 0
Ortsdaten-Admin: 0
Admin: 0
Werbungs-Admin: 0 (0 = none, 1 = submit, 2 = approve)
Tverify-Konto: 0
Allgemeine Ankündigungen: 1
Landesankündigungen: 1
Regionale Ankündigungen: 1
Ankündigungen innerhalb von 200 km: 1
Kennwort ändern: Kennwort ändern
Konto löschen: Konto löschen
Zeige Fragen bei verlorenem Kennwort
Assurance-Punkte: 100

Konto-Status

Zertifikate
Zertifikatstyp: Summe Gültig Abgelaufen Widerrufen Zuletzt ablaufend
Server: Keine
Client: Keine
GPG: 1 1 0 2014-05-01
Org-Server: Keine
Org-Client: Keine

del with a20111122.1.5

string(75) "select from `emailcerts` where `memid`='175066' and `expire`>NOW()-90*86400" bool(false) bool(false) string(76) "select from `emailcerts` where `memid`='175066' and `revoked`>NOW()-90*86400" bool(false) bool(false)

The CCA retention time for at least one certificate is not over. Can't continue.

INOPIAE

2013-04-30 23:07

updater   ~0003936

Tried to delete an account:
missed to enter a Arbitration # + sequence number => error message => ok
entered a non Arbitration # + sequence number => error message => ok
entered an Arbitration # + sequence number that is already used => error message => ok
try to delete account with org admin => error message =>ok
try to delete account with running client cert => error message => ok
no server cert, no gpg cert to test
delete account without preconditions above => works =>
=>ok

MartinGummi

2013-04-30 23:15

updater   ~0003938

del bug893@acme.com with a20111122.1.6

The CCA retention time for at least one certificate is not over. Can't continue.

=> ok

Uli60

2013-04-30 23:30

updater   ~0003942

created new user #1
100 AP, 50 EP, CATS passed
OrgAdmin True

add user as OrgAssurer to org with 0 admins
after action => 1 org assurer

created 1 class3 client cert => 1166, exp 2015-05-01 => ok
adding domain to useraccount
server cert keysize 512 => error message
The keys that you use are very small and therefore insecure.
Please generate stronger keys. More information about this
issue can be found in the wiki

server cert keysize 1024
server cert class3, serno 1167, expires 2015-04-30 => ok

adding domain to org
org client cert, class3
bug893.tuser1h, serno 1168, expires 2014-05-01 => ok (1 year) => ok

org server cert, class3
server1, serno 1169, expires 2015-04-30 => ok (1 year) => ok

delete account
using a20130430.1.1 (exists)
reports -> exists => ok

using a20130430.1 (incomplete)
You did not enter an arbitration number entry. => ok
(maybe varied in report text
 Reference number you've added is incomplete or invalid format)

using a20130430.2.1.3 (to much numbers)
You did not enter an arbitration number entry. => ok

using a20130430.3.* => err => ok
using a20130430.3.# => err => ok
using users email addr => err => ok

using a20130430.1.3 (valid arb# syntax)
The CCA retention time for at least one certificate is not over. Can't continue. => ok

nothing happened (all data remains)

revoke all certs => window pops up => accepting => ok
  admin console, search user again
  displays all certs as valid as before
  revoke certs routine doesn't work as expected
  see bug 0001136

login to user account
revoke user client cert
revoke user server cert
revoke org client cert
revoke org server cert

login admin user, search + display user
certificates table: total all 1, valid all 0, revoked all 1
(except gpg key)
=> ok, as expected

delete account using a20130430.2.1 (valid syntax)
The CCA retention time for at least one certificate
is not over. Can't continue.
=> ok, as expected

Werner Dworak

2013-05-01 18:14

updater   ~0003970

Tried to delete an account:
missed to enter a Arbitration # + sequence number => error message => ok
entered a Arbitration # + sequence number with wrong syntax => error message => ok
Formal correct arbitration number but with wrong contents is not rejected --> acceptable
entered an Arbitration # + sequence number that is already used => error message => ok
try to delete account with org admin => error message =>ok
try to delete account with running client cert => error message => ok
no server cert, no gpg cert have been tested
delete account without preconditions above => works => ok

INOPIAE

2013-05-14 23:29

updater   ~0004001

please review as at least 3 tester approved the bug

BenBE

2013-07-21 22:28

updater   ~0004176

Initial patch of bug 0001177 merged and ready to be tested. This only removes wot.inc.php for now; temp_function.php will follow as soon as the initial patch for bug 0001177 is tested.

Uli60

2013-07-23 23:26

updater   ~0004187

bug893.t2user1@w.d
100 AP, 50 EP

setting flags:
is Org Assurer
is Location Admin

create client cert
class1, name included
enable login
don't accept CCA
Next

error msg:
You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.
=> ok

hit back
create client cert
class1, name included
enable login
add comment text
accept CCA
Next

next page .. keysize
option box: high / middle
using high -> create cert req

popup box .. creating cert

result page:

3 links:
    Install the certificate into your browser
         https://cacert1.it-sls.de/account.php?id=6&cert=290503&install
    Download the certificate in PEM format
         https://cacert1.it-sls.de/account.php?id=6&cert=290503&format=pem
    Download the certificate in DER format
         https://cacert1.it-sls.de/account.php?id=6&cert=290503&format=der

displaying Begin/End cert block on page

Information about cert
renew/revoke/delete
Status valid
Email
Serno 4f40
Revoked not revoked
expires 2013-08-22 22:19:59 (1 month, ok on testserver)
login enabled
comment as added in edit form
[change settings] button

clicking [change settings] returns to "my account"


client certs view
https://cacert1.it-sls.de/account.php?id=5
login is disabled => fail

re-add flag for login
response: Certificate settings have been changed.

https://cacert1.it-sls.de/account.php?id=5
now displays login -> enabled
    at this point its ok

create client cert ...
displaying results page
with [change settings]
clicking [change settings]
removes the "enabled login" flag
=> this is a problem


adding a domain, verifying domain, domain confirmed

creating server cert, keysize 2048

new server cert
class1
adding comment server cert comment #1
pasting csr
no CCA acceptance

error:
You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.
=> ok

hit back

class1
adding comment server cert comment #1
pasting csr
CCA acceptance
[submit]

next page displays common name
[Submit]

below is your cert
[...]

view server certs
commonName ok
serno 4f49
expires 2013-08-22 23:05:03
comment as entered
=> ok


despite the fact, that Org Assurer + Location Admin
have been set, there is no Org Assurance section
in the menu list

checking account under ca-mgr1
shows no longer the expected flags ???

adding flags Org Assurer, Location Admin
save flags
displays flags set

refresh user display doesn't show up
org section

logout, re-login

now shows Org Client Certs
          Org Server Certs
          Org Admin
=> ok

to be continued ...

Uli60

2013-07-26 10:43

updater   ~0004189

(https://bugs.cacert.org/view.php?id=893#c4187 cont.)

Preparing Org-Admin
using other OA enabled account
add new company, add bug893.t2user1@w.d to company as O-admin
gtk added, added bug893.t2user1@w.d as org-admin

re-login bug893.t2user1@

new org client certs ...
------------------------
... adding bug893.t2user1@gtk
  Install cert ... is different form to the user client cert creation page
  has no txt, pem, der, cer selection
  installs direct into FF
  Click here to install your certificate.
  https://cacert1.it-sls.de/account.php?id=19&cert=898&install=1
  serno 4F4B, expires 2013-08-02 (today + 7d on testserver = 1 year in production) => ok

2nd Org client cert created for admin email
  serno 4F4C, expires 2013-08-02 (today + 7d on testserver = 1 year in production) => ok

Org Client certs view:
  lists 2 org client certs, => ok


new org server cert
-------------------
pasted csr
Please make sure the following details are correct before proceeding any further
lists details as entered for Org
[Submit]

  serno 4f4d, expires 25.8.2013 (? -> 1 month -> 2 years on production)
  subject as predefined in Org configuration by Org-Assurer => ok

Org Server certs view:
  lists 1 org server cert => ok


preparation steps finished.


Test 893: The support interface should be extended to simplify account deletion for Support Engineers.
--------------------------------------------------------------------------------------------

login to another account with admin (SE) permissions

sysadmin - find user - bug893.t2user1@

account state:
CCA accepted: Yes
Trainings: show
Is Assurer: 1
Blocked Assurer: 0
Account Locking: 0
Code Signing: 0
Org Assurer: 1
TTP Admin: 0
Location Admin: 1
Admin: 0
Ad Admin: 0 (0 = none, 1 = submit, 2 = approve)
Tverify Account: 0
General Announcements: 1
Country Announcements: 1
Regional Announcements: 1
Within 200km Announcements: 1
Change Password: Change Password
Delete Account: Delete Account
Show Lost Password Details
Assurance Points: 150

1 verified domain

assurances user got -> 3 (total 100 AP) => ok
assurances user gave -> 25 (total 50 EP) => ok


Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: 1 1 0 0 2013-08-22
Client: 4 4 0 0 2013-08-22
GPG: None
Org Server: 1 1 0 0 2013-08-25
Org Client: 2 2 0 0 2013-08-02

[revoke certs]

popup: Are you sure you want to revoke all private certificates?
[Ok]

new certs state:
Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: 1 0 0 1 2013-08-22
Client: 4 0 0 4 2013-08-22
GPG: None
Org Server: 1 1 0 0 2013-08-25
Org Client: 2 2 0 0 2013-08-02

moves 1 user server cert and 4 user client certs to column revoked => ok

org client + server certs untouched => ok

Procedure "Delete account"
---------------------------
new form
Email: | bug893.t2user1@w.d
New Username from arbitration number + sequence number a20xxyyzz.a.b: | [......]

enter ticket number -> a20130726.1 -> [Yes]
error: You did not enter an arbitration number entry. => ok

browser back button

enter ticket number -> a20130726.1.1 -> [Yes]
error: The CCA retention time for at least one certificate is not over. Can't continue. => ok


there are still some other requirements that prevents deletion of the test account
but currently this is ok
have to be checked separately once the certs expiration date has passed





Create test account 0000002 bug893.t2user2@
filled 100 AP
set isAssurer flag
0 EP
create 1 client (for CATS test)
  serno 4f4e, expires 2013-08-25 (1 month -> 2 years on production) => ok

Create test account 0000003 bug893.t2user3@
filled 100 AP


login to an SE enabled account
sysadmin - find user - bug893.t2user2@

account state:
CCA accepted: Yes
Trainings: show
Is Assurer: 1
Blocked Assurer: 0
Account Locking: 0
Code Signing: 0
Org Assurer: 0
TTP Admin: 0
Location Admin: 0
Admin: 0
Ad Admin: 0 (0 = none, 1 = submit, 2 = approve)
Tverify Account: 0
General Announcements: 1
Country Announcements: 1
Regional Announcements: 1
Within 200km Announcements: 1
Change Password: Change Password
Delete Account: Delete Account
Show Lost Password Details
Assurance Points: 100

0 domains
=> ok

Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: None
Client: 1 1 0 0 2013-08-25
GPG: None
Org Server: None
Org Client: None
=> ok

Delete Account
a20130726.1 -> [Yes]
error: You did not enter an arbitration number entry. => ok

a20130726.1.1 -> [Yes]
error: The CCA retention time for at least one certificate is not over. Can't continue. => ok

find user bug893.t2user2@
[revoke certs] -> [Ok]


Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: None
Client: 1 0 0 1 2013-08-25
GPG: None
Org Server: None
Org Client: None

moves 1 client cert from valid to revoked column

a20130726.1.1 -> [Yes]
error: The CCA retention time for at least one certificate is not over. Can't continue. => ok



sysadmin - find user - bug893.t2user3@

CCA accepted: Yes
Trainings: show
Is Assurer: 0
Blocked Assurer: 0
Account Locking: 0
Code Signing: 0
Org Assurer: 0
TTP Admin: 0
Location Admin: 0
Admin: 0
Ad Admin: 0 (0 = none, 1 = submit, 2 = approve)
Tverify Account: 0
General Announcements: 1
Country Announcements: 1
Regional Announcements: 1
Within 200km Announcements: 1
Change Password: Change Password
Delete Account: Delete Account
Show Lost Password Details
Assurance Points: 100

0 domains
=> ok

Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: None
Client: None
GPG: None
Org Server: None
Org Client: None

[revoke certs] -> sure? -> [OK]
passed without errors => ok

certs state unchanged => ok

[delete account]
a20130726.1.1 -> [Yes]

results:
a20130726.1.1@cacert.org's Account Details => ok
Email: a20130726.1.1@cacert.org
First Name: a20130726.1.1
Middle Name: a20130726.1.1
Last Name: a20130726.1.1
Suffix: a20130726.1.1
=> all ok

DoB reset to 1.1.1900 => ok

CCA accepted: Yes
Trainings: show
Is Assurer: 0
Blocked Assurer: 0
Account Locking: 1 <====== !!!
Code Signing: 0
Org Assurer: 0
TTP Admin: 0
Location Admin: 0
Admin: 0
Ad Admin: 0 (0 = none, 1 = submit, 2 = approve)
Tverify Account: 0
General Announcements: 0
Country Announcements: 0
Regional Announcements: 0
Within 200km Announcements: 0
Change Password: Change Password
Delete Account: Delete Account
Show Lost Password Details
Assurance Points: 100
=> ok

Account State
Account inconsistency: Users record locked set
code: 4
=> ok

certs state => ok


overall summary
bug 893 works as expected
in preparation steps issues with client certs
is related to another bug (don't know which one)
have to be reported separately

one proposal:
certs handling results page
should be "normalized"
all result pages to look similar
with 3 selection buttons for different types
of signed keys
and a text block with the key to copy&paste
into a signed-key-certs-file
summary of certs info as in current state of
signed client cert results page will be
helpful

this was still a project by dirk (17+4 black jack)
later moved over to NEO
to centralize 4 sections of 4 different types of
certs (user client, user server, org client, org server)
into one function, with several steps of actions
1. form to enter data
   -or-
   paste csr
2. start signing procedure, select key strength
3. display signed cert page
   with 3 buttons of different output types
4. optional: display signed cert summary

similar bugs:
https://bugs.cacert.org/view.php?id=964 (17+4 Black Jack)
https://bugs.cacert.org/view.php?id=440 (problem with SubjectAltName)
  current state: Patch bug 0000440 was defered (timo addtl. work), but this project stalls. What to do with bug 0000440 ?
                 -> ASN.1 extract
https://bugs.cacert.org/view.php?id=1017 chrome certs enrollment
https://bugs.cacert.org/view.php?id=824 Org client cert UI improvements

NEOatNHNG

2013-08-06 20:50

administrator   ~0004211

I have reviewed the patch and added a few fixes. Please retest and do a second review.

NEOatNHNG

2013-08-14 19:59

administrator   ~0004227

Yet another fix. Please test and review.

BenBE

2013-08-14 21:54

updater   ~0004229

Modified SQL queries look okay

INOPIAE

2013-08-20 20:24

updater   ~0004240

I tried to deleted an account with certificates that have just been revoked. The deletion was rejected with the comment retention time not over. => ok

I tried to delete an account with no certificates.
It was annomized to aXXXX-YY-ZZ.m and locked. => ok

=>ok

Uli60

2013-08-27 22:08

updater   ~0004255

retest of testseries https://bugs.cacert.org/view.php?id=893#c4187
and https://bugs.cacert.org/view.php?id=893#c4189

login SE account
sysadmin, find user: bug893.t2user1@w.d
certs status:
Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: 1 0 1 1 2013-08-22
Client: 4 0 4 4 2013-08-22
GPG: None
Org Server: 1 0 1 0 2013-08-25
Org Client: 2 0 2 0 2013-08-02

(certs table -> bug-794 ?!?)

client certs: total 4, ok
but 4 counted expired and 4 counted revoked ?!?!?
luckyly we've got the new dev image, that includes these test accounts
checking into the emailcerts table, select by memid lists 4 certs
all 4 revoked date set: 2013-07-26 11:56
and expired date set: 2013-08-22 22:58
revoked strikes expired (!)
why is expired here listed ?!?

bug794 fix lists
http://git-cacert.it-sls.de/gitweb/?p=cacert-devel.git;a=blob;f=pages/account/43.php;h=51567103578aee619ead0c3a8b058462b084cdc6;hb=833fa287d843e0eae01c11f50f041b6ed7101b96
that expired and revoked will be shown seperated by each individual count

assuming result:
total: 4
expired: 0
revoked: 4 4 certs revoked 2013-07-26 before regular expire date 2013-08-22
               so 4 revoked strikes 4 expire dates
-> reopen 794 ?!?

back to delete account routine ...

delete account reference# -> a20130827.1
a20130827.1' is not a valid arbitration number entry.
=> ok

find user bug893.t2user1@w.d
delete account -> a20130827.1.1
The user is listed as Organisation Administrator. Can't continue.
=> ok


find user: bug893.t2user2@
certs table:
Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: None
Client: 1 0 1 1 2013-08-25
GPG: None
Org Server: None
Org Client: None

43.php
show assurances user got (old)
https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredto
lists 3 (35,35,30)
=> ok

show assurances user got (new)
https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredto15
lists 3 (35,35,30) (30 was ok here, automatic assurances via ca-mgr1 adds 35,35,30)
=> ok

show assurances user gave (old)
https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredby
lists 0
=> ok

show assurances user gave (new)
https://cacert1.it-sls.de/account.php?id=43&userid=189142&shownotary=assuredby15
lists 0
=> ok

delete account -> a20130827.1.2
returns to admin console with values a20130827.1.2 in it
Account Locking: 1 -> ok
all other flags 0 -> ok
show lost password details -> shows all random data -> ok
account state Users record locked set, code: 4 -> ok
=> ok


find user: bug893.t2user3@
shows a20130726.1.1@cacert.org
still "deleted"
=> ok

Ted

2013-09-04 06:47

administrator   ~0004275

Reviewed combined bugs branch bug-1177-893-1136-1123-1137, 1a381b8..6a92669

Changes are OK, proposed minor change to make the code more easily readable.

INOPIAE

2013-09-04 19:41

updater   ~0004282

I tried to deleted an account with certificates that have just been revoked. The deletion was rejected with the comment retention time not over. => ok

I tried to delete an account with no certificates.
It was annomized to aXXXX-YY-ZZ.m and locked. => ok

=>ok

BenBE

2013-09-06 03:53

updater   ~0004296

Tested by several testers and reviewed by two software assessors. Here we go!

wytze

2013-09-06 15:43

developer   ~0004297

The jumbo patch for issue 0000893, 0001123, 0001136, 0001137 and 0001177 was installed on the production server on September 6, 2013. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2013-09/msg00003.html

INOPIAE

2013-09-13 20:52

updater   ~0004311

Last edited: 2013-09-14 08:28

View 2 revisions

During an account deletion in the cause of the arbitration case a20100822.2 https://wiki.cacert.org/Arbitrations/a20100822.2 we run into the problem, that the account could not be deleted as one GPG certificate is still running.
The solution would be to take out the date restriction for the GPG keys.

includes/account.php line 3011

INOPIAE

2013-09-14 09:15

updater   ~0004312

follow up problem is handled in bug 1210 https://bugs.cacert.org/view.php?id=1210

Issue History

Date Modified Username Field Change
2010-11-18 21:11 law New Issue
2010-11-18 21:12 law Project test.cacert.org => Main CAcert Website
2011-02-22 00:07 Uli60 Category => Audit issues
2011-02-22 00:07 Uli60 Additional Information Updated
2012-12-15 13:37 INOPIAE Note Added: 0003435
2012-12-15 13:37 INOPIAE Assigned To => INOPIAE
2012-12-15 13:37 INOPIAE Status new => fix available
2012-12-15 13:38 INOPIAE Assigned To INOPIAE => BenBE
2013-01-07 00:00 BenBE Reviewed by => BenBE
2013-01-07 00:00 BenBE Assigned To BenBE => NEOatNHNG
2013-01-07 00:00 BenBE Status fix available => needs review & testing
2013-01-08 08:14 INOPIAE Note Added: 0003600
2013-01-08 08:15 INOPIAE Note Edited: 0003600 View Revisions
2013-01-08 17:47 Werner Dworak Note Added: 0003612
2013-01-08 21:07 INOPIAE Note Added: 0003615
2013-01-09 04:23 Werner Dworak Relationship added related to 0001134
2013-01-09 09:20 Werner Dworak Note Added: 0003626
2013-01-09 15:34 Werner Dworak Relationship added related to 0001136
2013-01-12 23:20 INOPIAE Note Added: 0003643
2013-01-13 02:19 Werner Dworak Note Added: 0003644
2013-01-13 02:21 Werner Dworak Note Edited: 0003644 View Revisions
2013-01-13 07:14 Werner Dworak Note Edited: 0003644 View Revisions
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 89f2393b
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 1e97dfb8
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 5cc7d23b
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 133c84fe
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 0e6d2f58
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable f527860f
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 3410bfce
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable dbf07cf3
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable d8b91ede
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable c9e6654e
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable dc2d7769
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 7d15d77c
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable a2f9b3f2
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable d2248e06
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 2afe8623
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 7e3f7f84
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 184afe08
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 9f09e36c
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 7327dd4f
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 5cbce719
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 69f4e081
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 1b792a92
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 116d79fd
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 0f2ef2f9
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable f18c33b4
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable f5c10832
2013-01-15 23:17 BenBE Source_changeset_attached => cacert-devel testserver-stable 247f5fb2
2013-01-17 23:05 BenBE Source_changeset_attached => cacert-devel testserver-stable c357aec3
2013-01-17 23:05 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 4f3dac72
2013-01-17 23:05 INOPIAE Source_changeset_attached => cacert-devel testserver-stable dd665a53
2013-01-17 23:05 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 89cdb66c
2013-01-17 23:05 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 2a10ade8
2013-01-18 00:05 BenBE Source_changeset_attached => cacert-devel testserver-stable 8b720d62
2013-01-18 00:05 INOPIAE Source_changeset_attached => cacert-devel testserver-stable a0def68d
2013-01-18 00:36 INOPIAE Relationship added related to 0000407
2013-01-18 01:06 BenBE Relationship added child of 0001138
2013-01-23 00:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable ea5039ac
2013-01-23 00:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 72f91ec1
2013-02-12 21:45 Uli60 Relationship added related to 0001025
2013-02-12 21:45 Uli60 Relationship added related to 0001026
2013-02-12 22:05 BenBE Source_changeset_attached => cacert-devel testserver-stable ce39878d
2013-02-12 22:05 BenBE Source_changeset_attached => cacert-devel testserver-stable 20fabacf
2013-02-19 22:25 BenBE Source_changeset_attached => cacert-devel testserver-stable 436cd311
2013-02-19 22:25 BenBE Source_changeset_attached => cacert-devel testserver-stable 207792cb
2013-04-30 20:44 Uli60 Note Added: 0003931
2013-04-30 21:40 BenBE Source_changeset_attached => cacert-devel testserver-stable 885fbbe3
2013-04-30 21:40 BenBE Source_changeset_attached => cacert-devel testserver-stable b5e0f8e1
2013-04-30 21:40 BenBE Source_changeset_attached => cacert-devel testserver-stable 25ca1d0a
2013-04-30 21:40 BenBE Source_changeset_attached => cacert-devel testserver-stable 03ff2c3c
2013-04-30 21:40 BenBE Source_changeset_attached => cacert-devel testserver-stable d905a44b
2013-04-30 21:40 INOPIAE Source_changeset_attached => cacert-devel testserver-stable c1171d88
2013-04-30 21:40 INOPIAE Source_changeset_attached => cacert-devel testserver-stable e05ca1fd
2013-04-30 21:40 INOPIAE Source_changeset_attached => cacert-devel testserver-stable e8c6fa80
2013-04-30 21:40 INOPIAE Source_changeset_attached => cacert-devel testserver-stable fff44ca9
2013-04-30 21:51 Uli60 Note Added: 0003932
2013-04-30 22:00 BenBE Source_changeset_attached => cacert-devel testserver-stable fa2505d3
2013-04-30 22:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 5402ad76
2013-04-30 22:30 BenBE Source_changeset_attached => cacert-devel testserver-stable b0d02f1f
2013-04-30 22:30 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 8c4068f5
2013-04-30 22:30 MartinGummi Note Added: 0003933
2013-04-30 22:46 MartinGummi Note Added: 0003935
2013-04-30 23:00 BenBE Source_changeset_attached => cacert-devel testserver-stable c912f911
2013-04-30 23:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 27c8a1c6
2013-04-30 23:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable a7e362a2
2013-04-30 23:07 INOPIAE Note Added: 0003936
2013-04-30 23:15 MartinGummi Note Added: 0003938
2013-04-30 23:30 Uli60 Note Added: 0003942
2013-05-01 12:20 BenBE Source_changeset_attached => cacert-devel testserver-stable 1a7d2027
2013-05-01 12:20 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 35f0ad04
2013-05-01 18:14 Werner Dworak Note Added: 0003970
2013-05-01 18:55 BenBE Source_changeset_attached => cacert-devel testserver-stable f3949268
2013-05-01 18:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 4173e384
2013-05-14 23:29 INOPIAE Note Added: 0004001
2013-05-14 23:29 INOPIAE Status needs review & testing => needs review
2013-05-14 23:30 INOPIAE Product Version => 2010 Q4
2013-05-14 23:30 INOPIAE Target Version => 2013 Q2
2013-05-14 23:43 INOPIAE Relationship added related to 0001177
2013-05-21 22:55 INOPIAE Relationship added related to 0000482
2013-07-21 15:41 BenBE Relationship replaced parent of 0001177
2013-07-21 22:15 BenBE Source_changeset_attached => cacert-devel testserver-stable 70c84f82
2013-07-21 22:15 BenBE Source_changeset_attached => cacert-devel testserver-stable c0c47e65
2013-07-21 22:15 BenBE Source_changeset_attached => cacert-devel testserver-stable eb288d6c
2013-07-21 22:28 BenBE Reviewed by BenBE =>
2013-07-21 22:28 BenBE Note Added: 0004176
2013-07-21 22:28 BenBE Status needs review => needs review & testing
2013-07-22 05:45 BenBE Source_changeset_attached => cacert-devel testserver-stable 23ee6915
2013-07-22 05:45 BenBE Source_changeset_attached => cacert-devel testserver-stable 32bec641
2013-07-22 05:53 BenBE Relationship replaced child of 0001136
2013-07-23 21:45 BenBE Source_changeset_attached => cacert-devel testserver-stable ac7d1bf8
2013-07-23 21:45 BenBE Source_changeset_attached => cacert-devel testserver-stable 3cbac6cc
2013-07-23 21:45 BenBE Source_changeset_attached => cacert-devel testserver-stable 56e83010
2013-07-23 23:26 Uli60 Note Added: 0004187
2013-07-26 10:43 Uli60 Note Added: 0004189
2013-07-31 20:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable e003c9fc
2013-07-31 20:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 945f334c
2013-07-31 20:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 8eda282b
2013-07-31 20:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 5e747610
2013-07-31 20:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 2116db1d
2013-07-31 20:35 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable ea42d51a
2013-08-06 20:50 NEOatNHNG Reviewed by => NEOatNHNG
2013-08-06 20:50 NEOatNHNG Note Added: 0004211
2013-08-06 22:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 0a982f8b
2013-08-14 19:40 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 7c528031
2013-08-14 19:40 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable acd4f0f9
2013-08-14 19:59 NEOatNHNG Note Added: 0004227
2013-08-14 20:10 NEOatNHNG Assigned To NEOatNHNG => BenBE
2013-08-14 21:54 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2013-08-14 21:54 BenBE Note Added: 0004229
2013-08-14 21:54 BenBE Status needs review & testing => needs testing
2013-08-20 20:24 INOPIAE Note Added: 0004240
2013-08-27 14:47 NEOatNHNG Assigned To BenBE => Ted
2013-08-27 22:08 Uli60 Note Added: 0004255
2013-09-04 06:46 Ted Reviewed by NEOatNHNG, BenBE => Ted, NEOatNHNG, BenBE
2013-09-04 06:47 Ted Note Added: 0004275
2013-09-04 06:48 Ted Assigned To Ted => BenBE
2013-09-04 19:41 INOPIAE Note Added: 0004282
2013-09-06 03:53 BenBE Status needs testing => ready to deploy
2013-09-06 03:53 BenBE Note Added: 0004296
2013-09-06 05:50 NEOatNHNG Source_changeset_attached => cacert-devel release f543973b
2013-09-06 15:43 wytze Note Added: 0004297
2013-09-06 15:43 wytze Status ready to deploy => solved?
2013-09-06 15:43 wytze Fixed in Version => 2013 Q3
2013-09-06 15:43 wytze Resolution open => fixed
2013-09-13 20:52 INOPIAE Note Added: 0004311
2013-09-13 20:52 INOPIAE Assigned To BenBE => INOPIAE
2013-09-13 20:52 INOPIAE Status solved? => needs work
2013-09-14 08:28 INOPIAE Note Edited: 0004311 View Revisions
2013-09-14 09:13 INOPIAE Relationship added related to 0001210
2013-09-14 09:15 INOPIAE Note Added: 0004312
2013-09-14 09:15 INOPIAE Status needs work => solved?
2014-01-08 00:21 INOPIAE Status solved? => closed