View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000894 | Main CAcert Website | Audit issues | public | 2010-11-21 23:40 | 2013-01-15 15:16 |
| Reporter | Uli60 | Assigned To | NEOatNHNG | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2011 Q4 | ||||
| Summary | 0000894: problems with check-boxes on website forms (Assure someone) -> a20091118.3 | ||||
| Description | (C) dirk (i would NOT publish this in detail on the wiki until the bug is fixed ... but it's not my decision ... ;-) ) after some assurances where done on openrheinruhr last weekend, i watched alexander b. and joost s. entering the caps into the system. ... see https://wiki.cacert.org/Arbitrations/a20091118.3 | ||||
| Steps To Reproduce | Assure someone leave checkboxes blang continue Assurance | ||||
| Additional Information | Ruling As Martin already wrote in his initial mailing we will be required to work together after this arbitration, so we should maintain a positive and helpful spirit at all times. This especially applies to this case. I do not see a violation against Assurance Policy. The data submitted to the system has to be checked by the assurer, not the system. It is the assurers obligation to make sure, his assurance conforms to the assurance policy. Then there is a claim that Philipp Gühring violated SP. The violation is dated April 2009. How fix is the date mentioned here? How do we know that the violation took place exactly then. Or could the change have been made earlier and it is just the date the source code was checked in? Nevertheless, SP went into draft and so became binding one week before the mentioned date. Looking at the Software Assessment Project today, there are no working procedures in place to apply software changes one and a half year after that. So this violation might be seen in a grace period before the necessary procedures could be established or the new requirements realised. However, as already done so in a20090810.1 (https://wiki.cacert.org/Arbitrations/a20090810.1) which was after the claimed SP violation happened, Philipp should feel reminded again to follow SP regarding software changes. Then, there is a bug in the CAcert software. However, it is not the intention of arbitration to have bugs in the CAcert software fixed. Searching bugs.cacert.org did not show any records, regarding this. This might be a private bug which cannot accessed by A or not entered. If not entered, C is now obliged to report the bug using the bug tracking system, not arbitration. Since the bug is misleading for our users and anti-supporting our policies, being an active member of the software team, C is further obliged to get this bug fixed and get the fix applied to the production system with high priority, following the regular update requirements as of SP Execution C to document bug at bugs.cacert.org and report back to arbitrator with bug number for documentation. C should fix bug later. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | dastrath, NEOatNHNG | ||||
| Test Instructions | |||||
|
|
Problem starts around April / June 2009 |
|
|
assure someone (wot.php?id=5) fill form all except setting checkboxes results in error => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert CAcert Web of Trust CAcert.org was designed to be by the community for the community, and instead of placing all the labour on a central authority and in turn increasing the cost of certificates, the idea was to get community in conjunction with this website to have trust maintained in a dispersed and automated manner! => ok 1 checkbox set (I believe ...) results in error message => ok 1 checkbox set (I have read ...) results in error message => ok 2 checkboxes set (I believe ... + I have read ...) Shortly you and the person you were assuring will receive an email confirmation. => ok |
|
|
only transfer to testserver not yet reviewed |
|
|
!!! to test all other processes starting with wot.php !!! checked main website - no link with wot.php login with assurer account (with thawte points + 80 assurance pts) checked main entry page (after login) - no link with wot.php walking thru menues CAcert.org - no links My Details: My Listing - https://cacert1.it-sls.de/wot.php?id=8 My Location - https://cacert1.it-sls.de/wot.php?id=13 My Points - https://cacert1.it-sls.de/wot.php?id=10 My Listing - switch from not listed to listed Your account information has been updated. => ok My Location - selecting "Frankfurt am Main, Hessen, Germany" (606058) displays "Frankfurt am Main, Hessen, Germany" => ok switching to "New York (Bronx), New York, United States" displays "New York (Bronx), New York, United States" => ok re-switching back to "Frankfurt am Main, Hessen, Germany" => ok My Points (10.php) looks ok => ok new calculation (15.php) Thawte -> Revoked => ok 80 more pts (less then 100) => ok 60 experience pts on hold => ok remark: Points on hold due to less assurance points => ok 10.php and 15.php have links to other users eg -> https://cacert1.it-sls.de/wot.php?id=9&userid=171101 trying to contact "John 1 Doe" "Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer. " => ok contact other assurer -> enter message => ok results in "Your email has been sent to Ulrich." => ok |
|
|
Email Accounts - no links Client Certs - no links GPG keys - no links Domains - no links Server certs - no links CAcert Web of Trust About -> https://cacert1.it-sls.de/wot.php?id=0 Find an Assurer -> https://cacert1.it-sls.de/wot.php?id=12 Rules -> https://cacert1.it-sls.de/wot.php?id=3 Assure Someone -> https://cacert1.it-sls.de/wot.php?id=5 Trusted Third Party -> https://cacert1.it-sls.de/wot.php?id=4 About - https://cacert1.it-sls.de/wot.php?id=0 results in text "CAcert Web of Trust" within webdb (probably needs redirect to wiki ?!?) => ok Find an Assurer -> https://cacert1.it-sls.de/wot.php?id=12 Search Frankfurt 10km 3 assurers listed "Email me" links to https://cacert1.it-sls.de/wot.php?id=9&userid=170914 ends in "Your email has been sent to Ulrich." => ok Rules -> https://cacert1.it-sls.de/wot.php?id=3 results in text "CAcert Web of Trust Rules" within webdb (probably needs redirect to wiki ?!?) => ok Assure Someone -> https://cacert1.it-sls.de/wot.php?id=5 search user bug846.user2@wiamail all checkboxes unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I certify .." checked, 2 other checkboxes unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I believe .." checked, 2 other checkboxes unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I have read.." checked, 2 other checkboxes unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I certify.." + "I believe.." checked, "I have read.." unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I certify.." + "I have read.." checked, "I believe.." unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I believe.." + "I have read.." checked, "I certify.." unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok "I certify.." + "I believe.." + "I have read.." (all 3) checked -> finishes assurance with message and new field to enter next assurance: "Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this." => ok Trusted Third Party -> https://cacert1.it-sls.de/wot.php?id=4 switches to text page: "Note that the TTP programme is effectively Frozen Until a subsidiary policy under AP is written, it is against AP rules." within webdb (probably needs redirect to wiki ?!?) => ok |
|
|
Menues (cont.) CAP Forms - no links Disputes/Abuses - no links Advertising - no links |
|
|
login with admin account with all admin flags enabled addtl. menues: Org Client Certs - no links Org Server Certs - no links Org Assurer - no links System Admin - no links Summarize (all links starting with wot.php) My Details: My Listing - https://cacert1.it-sls.de/wot.php?id=8 My Location - https://cacert1.it-sls.de/wot.php?id=13 My Points - https://cacert1.it-sls.de/wot.php?id=10 My Points has sublinks https://cacert1.it-sls.de/wot.php?id=9&.. CAcert Web of Trust About -> https://cacert1.it-sls.de/wot.php?id=0 Find an Assurer -> https://cacert1.it-sls.de/wot.php?id=12 Rules -> https://cacert1.it-sls.de/wot.php?id=3 Assure Someone -> https://cacert1.it-sls.de/wot.php?id=5 Trusted Third Party -> https://cacert1.it-sls.de/wot.php?id=4 |
|
|
Assurer someone as admin I certify empty I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have ticked => assurance could be entered => ok as admin is able to grant points without meeting people eg. TTP I certify ticked I believe ticked I have ticked => Assurance could be entered =>ok Assurer someone as non admin I certify empty I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok I certify ticked I believe ticked I have ticked => Assurance could be entered =>ok |
|
|
assure someone with admin account (200 pts, all admin flags set) "I believe.." + "I have read.." checked, "I certify.." unchecked -> finishes assurance with message and new field to enter next assurance: "Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this." -> Error / Problem ? answer given in meeting 2011-09-24: is used in TTP (no F2F meeting!) => ok assure someone with regular assurer account (150 pts, CATS passed) "I believe.." + "I have read.." checked, "I certify.." unchecked -> ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok |
|
|
tested by 2 testers needs 2nd review + deploy to critical team |
|
|
There is no field to send a reminder on the page after entering an unknown email address. Instead it shows up the next time you go to the Assure someone page. |
|
|
fix transfered to cacert-devel 2011-10-18 23:00 |
|
|
transfered to testserver by NEO |
|
|
login as assurer WoT - assure someone bug894.test894@wiamail.de email address not found displays checkbox "send reminder notice" lang selection box, setting to german send reminder => ok login to ca-mgr1 with assurer account - mail reminder mail not found (email address not avail) => ok login to not existing email doesn't work under ca-mgr1 => ok mail sending cannot be verified |
|
|
0000894:0002605: Mail sending can be verified. Just create an account on the test server with the email address _after_ the reminder should have been send. The mail will show up in the test management system. |
|
|
I have reviewed the changes and stumbled over some minor issues. I have corrected them and put the corrections on the test server. Most relevant: - I have changed how the message "A reminder notice has been sent." is displayed -> needs to be tested whether it works as intended under all circumstances - If a user hasn't yet verified his account the assurance can't continue (this was also present in the previous code but was not triggered because of assignment instead of comparison) - "points" still have to be limited otherwise an ordinary user might accumulate more than 150 points which in turn means he can issue more than 35 points Please rereview the changes I have made and test them. |
|
|
Dirk has reviewed the patch needs some more testing then it's good to go. |
|
|
Assurer someone as admin I certify empty I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have ticked => assurance could be entered => ok as admin is able to grant points without meeting people eg. TTP I certify ticked I believe ticked I have ticked => Assurance could be entered =>ok Assurer someone as non admin I certify empty I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe ticked I have empty => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify ticked I believe empty I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert =>ok I certify empty I believe ticked I have ticked => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok I certify ticked I believe ticked I have ticked => Assurance could be entered =>ok Entering an email adress not in the system => Error message, dropdown box for langauage and send button visible => ok |
|
|
Dirk has added a patch which allows leaving out the Assurance policy check box because that would hinder the reentering of old assurances as needed by 0000827. I have reviewed the changes, they are good to go. |
|
|
relating to https://bugs.cacert.org/view_user_page.php?id=635 tests were made and reported by Inopiae within the Software-Assessment project team meeting https://wiki.cacert.org/Software/Assessment/20111129-S-A-MiniTOP |
|
|
Patch sent to critical admins. |
|
|
The fix has been applied to the production server on December 12, 2011. See also https://lists.cacert.org/wws/arc/cacert-systemlog/2011-12/msg00002.html |
|
|
More than 3 month fixed and no complaints |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-11-21 23:40 | Uli60 | New Issue | |
| 2010-11-21 23:42 | Uli60 | Severity | minor => major |
| 2010-11-21 23:42 | Uli60 | Reproducibility | have not tried => always |
| 2010-11-21 23:42 | Uli60 | Description Updated | |
| 2010-11-21 23:42 | Uli60 | Steps to Reproduce Updated | |
| 2010-11-21 23:44 | Uli60 | Note Added: 0001792 | |
| 2011-09-06 21:30 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 982471df |
| 2011-09-06 21:40 | moh | Assigned To | => moh |
| 2011-09-06 21:54 | Uli60 | Note Added: 0002413 | |
| 2011-09-06 21:56 | Uli60 | Note Added: 0002414 | |
| 2011-09-06 21:56 | Uli60 | Assigned To | moh => NEOatNHNG |
| 2011-09-06 21:56 | Uli60 | Status | new => needs review & testing |
| 2011-09-20 22:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 63f2e2a4 |
| 2011-09-20 22:00 | Source_changeset_attached | => cacert-devel master 4d67b741 | |
| 2011-09-20 22:00 | Source_changeset_attached | => cacert-devel master 7e3b37c7 | |
| 2011-09-20 22:00 | Source_changeset_attached | => cacert-devel master 5f396519 | |
| 2011-09-24 19:36 | Uli60 | Note Added: 0002501 | |
| 2011-09-24 19:58 | Uli60 | Note Added: 0002503 | |
| 2011-09-24 20:00 | Uli60 | Note Added: 0002504 | |
| 2011-09-24 20:03 | Uli60 | Note Added: 0002505 | |
| 2011-09-24 20:07 | Uli60 | Note Edited: 0002505 | |
| 2011-09-27 09:19 | INOPIAE | Note Added: 0002532 | |
| 2011-09-27 09:30 | INOPIAE | Note Edited: 0002532 | |
| 2011-09-27 09:31 | Uli60 | Note Added: 0002533 | |
| 2011-09-27 23:12 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver e2cef7bc |
| 2011-10-04 12:14 | Uli60 | Note Edited: 0002533 | |
| 2011-10-04 12:15 | Uli60 | Note Added: 0002569 | |
| 2011-10-04 12:15 | Uli60 | Status | needs review & testing => ready to deploy |
| 2011-10-11 23:47 | Uli60 | Priority | normal => high |
| 2011-10-12 14:22 | NEOatNHNG | Note Added: 0002594 | |
| 2011-10-12 14:22 | NEOatNHNG | Assigned To | NEOatNHNG => egal |
| 2011-10-12 14:22 | NEOatNHNG | Status | ready to deploy => needs work |
| 2011-10-18 21:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 29f660bd |
| 2011-10-18 21:05 | Source_changeset_attached | => cacert-devel testserver c35b6629 | |
| 2011-10-18 23:57 | Uli60 | Note Added: 0002603 | |
| 2011-10-18 23:57 | Uli60 | Status | needs work => fix available |
| 2011-10-18 23:58 | Uli60 | Note Added: 0002604 | |
| 2011-10-18 23:58 | Uli60 | Status | fix available => needs review & testing |
| 2011-10-19 00:03 | Uli60 | Note Added: 0002605 | |
| 2011-10-20 17:56 | NEOatNHNG | Reviewed by | => dastrath |
| 2011-10-20 17:56 | NEOatNHNG | Assigned To | egal => NEOatNHNG |
| 2011-10-22 23:00 | NEOatNHNG | Note Added: 0002630 | |
| 2011-10-23 00:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver c9a6be56 |
| 2011-10-23 00:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver efe89417 |
| 2011-10-23 00:25 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver 5c12fb42 |
| 2011-10-23 00:39 | NEOatNHNG | Note Added: 0002631 | |
| 2011-10-23 00:41 | NEOatNHNG | Reviewed by | dastrath => NEOatNHNG |
| 2011-10-23 00:41 | NEOatNHNG | Assigned To | NEOatNHNG => egal |
| 2011-10-25 21:57 | NEOatNHNG | Note Added: 0002646 | |
| 2011-10-25 21:57 | NEOatNHNG | Status | needs review & testing => needs testing |
| 2011-10-25 22:04 | NEOatNHNG | Reviewed by | NEOatNHNG => dastrath, NEOatNHNG |
| 2011-11-19 08:30 | INOPIAE | Note Added: 0002706 | |
| 2011-11-19 08:38 | INOPIAE | Note Edited: 0002706 | |
| 2011-11-29 22:10 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver f60821f1 |
| 2011-11-29 22:10 | Source_changeset_attached | => cacert-devel testserver 5bcd2df2 | |
| 2011-11-29 22:10 | Source_changeset_attached | => cacert-devel testserver 7dd8b7a0 | |
| 2011-11-29 22:10 | Source_changeset_attached | => cacert-devel testserver 490f6a8d | |
| 2011-11-29 22:10 | Source_changeset_attached | => cacert-devel testserver ebe60f69 | |
| 2011-11-30 12:15 | NEOatNHNG | Note Added: 0002731 | |
| 2011-11-30 13:41 | Uli60 | Note Added: 0002732 | |
| 2011-11-30 13:42 | Uli60 | Assigned To | egal => NEOatNHNG |
| 2011-11-30 13:42 | Uli60 | Status | needs testing => ready to deploy |
| 2011-12-10 17:46 | NEOatNHNG | Note Added: 0002740 | |
| 2011-12-12 09:55 | wytze | Note Added: 0002743 | |
| 2011-12-12 09:55 | wytze | Status | ready to deploy => solved? |
| 2011-12-12 09:55 | wytze | Resolution | open => fixed |
| 2012-12-21 05:09 | Werner Dworak | Note Added: 0003511 | |
| 2012-12-21 05:09 | Werner Dworak | Status | solved? => closed |
| 2013-01-15 15:16 | Werner Dworak | Fixed in Version | => 2011 Q4 |
