View Issue Details

IDProjectCategoryView StatusLast Update
0000975Main CAcert Websiteaccount administrationpublic2013-01-15 17:42
ReporterUli60 Assigned ToUli60  
PrioritynormalSeveritymajorReproducibilityN/A
Status closedResolutionfixed 
Fixed in Version2012 Q4 
Summary0000975: report potential database inconsistency in SE console (debug infos)
Descriptionseveral reports receives support, where users complains that they cannot access their account.
SE searches the account and cannot find the account
SE goes thru Assure Someone interface and finds an account
SE searches the account by userid and gets the user account listed

Potential problem is a database inconsistency with a record in user table and a missing record in email table
If such a condition happens, this can be displayed in Admin console so SE can trigger a dispute for manualy account correction

display error message if find user-email from user table email in table email
  if a record exist display a remark "deleted" if record is marked deleted
  if a record doesn't exist display a remark "email record missing"
this gives enough infos about a users record, but doesn't disclose PII, so an SE can decide to start a dispute filing or another problem persists

related infos from user record table -> users.verified {0|1}
related infos from email record table -> email.modified {!= 0000-00-00 00:00:00 ?)
     -> email.hash != "" ?

if all is ok, no info to display


if inconsistency exist ? display message line in admin console, otherwise skip

eg
if email.hash != "" && email.deleted!="0000-00-00 00:00:00" && users.verified!=1 => display
 "inconsitency exist. email verified. verified flag not set in users record"



TagsNo tags attached.
Reviewed byTed, NEOatNHNG
Test Instructions

Relationships

related to 0000882 closedUli60 display Assurance when field in list of assurances received, assurances given by a user in admin console interface 
related to 0000794 closedegal visibility over certificates for sysadm in account administration 
related to 0000103 closedINOPIAE Administrative interface doesn't show certificates 
related to 0000123 closedINOPIAE Find user does not show unverified users 
related to 0000859 needs workNEOatNHNG feature request: show activity on an account in the admin interface. 

Activities

Uli60

2011-08-24 21:24

updater   ~0002344

Last edited: 2011-08-25 13:03

View 6 revisions

// potential db inconsistency like in a20110804.1
  // Admin console -> don't list user account
  // User login -> impossible
  // Assurer, assure someone -> user displayed
  /* regular user account search with regular settings

    --- Admin Console find user query
    $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
        where `users`.`id`=`email`.`memid` and
        (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
        `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
        group by `users`.`id` limit 100";
     => requirements
       1. email.hash = ''
       2. email.deleted = 0
       3. users.deleted = 0
       4. email.email = primary-email (???) or'd
      not covered by admin console find user routine, but may block users login
       5. users.verified = 0|1
      further "special settings"
       6. users.locked (setting displayed in display form)
       7. users.assurer_blocked (setting displayed in display form)

    --- Admin console find domain query
    $query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
                where `users`.`id`=`domains`.`memid` and
                (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
                `domains`.`deleted`=0 and `users`.`deleted`=0 and
                `users`.`verified`=1
                group by `users`.`id` limit 100";
     => requirements
       1. users.deleted = 0
       2. users.verified = 1

    --- User login user query
    select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
                        `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
        => requirements
       1. users.verified = 1
       2. users.deleted = 0
       3. users.locked = 0
       4. users.email = primary-email

    --- Assurer, assure someone find user query
    select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
           and `deleted`=0
        => requirements
       1. users.deleted = 0
       2. users.email = primary-email

 . . . . . . . . . . . . . .| Admin . . | User. . . | Assurer
 . . . . . . . . . . . . . .| Console . | Login . . | assure someone
 . . . . . . . . . . . . . .| E . . D . | . . . . . | . . . . . . . .
1. email.hash = '' . . . . .| Yes . No. | No. . . . | No
2. email.deleted = 0 . . . .| Yes . No. | No. . . . | No
3. users.deleted = 0 . . . .| Yes . Yes | Yes . . . | Yes
4. users.verified = 1. . . .| No. . Yes | Yes . . . | No
5. users.locked = 0. . . . .| No. . No. | Yes . . . | No
6. users.email = prim-email | No. . No. | Yes . . . | Yes
7. email.email = prim-email | Yes . No. | No. . . . | No


    full usable account needs all 7 requirements fulfilled
    so if one setting isn't set/cleared there is an inconsistency either way
    if eg email.email is not avail, admin console cannot open user info
    but user can login and assurer can display user info
    if user verified is not set to 1, admin console displays user record
    but user cannot login, but assurer can search for the user and the data displays

    consistency check:
    1. search primary-email in users.email
    2. search primary-email in email.email
    3. userid = email.memid
    4. check settings from table 1. - 5.

Uli60

2011-08-25 10:12

updater  

43.php (30,048 bytes)

Uli60

2011-08-25 10:16

updater   ~0002345

including fixes for
https://bugs.cacert.org/view.php?id=794
  certificates state listing in admin console
https://bugs.cacert.org/view.php?id=859
  account created, last activity
https://bugs.cacert.org/view.php?id=975
  account inconstency info (if any)

/pages/account/43.php

Uli60

2011-08-25 10:26

updater   ~0002347

Last edited: 2011-08-25 10:30

View 5 revisions

inconsistency codes:
(1) users.deleted=1 instead of 0
(2) users.verified=0 instead of 1
(3) users.deleted=1 instead of 0
    users.verified=0 instead of 1
(4) users.locked=1 instead of 0
(5) users.locked=1 instead of 0
    users.deleted=1 instead of 0
(6) users.locked=1 instead of 0
    users.verified=0 instead of 1
(7) users.deleted=1 instead of 0
    users.locked=1 instead of 0
    users.verified=0 instead of 1
(8) email.deleted!=0 instead of 0
(16) email.hash != '' (empty) instead of '' (empty) (confirmation not executed yet)
(32) email record for primary email address doesn't exist/missing

(numbers between 8 and 16 and 16 and 32 are the combination of the other error codes added)

in admin console individual text will be displayed, addtl. inconsistency code for further analyse by critical team/arbitration

an info will be shown only if there is at least one inconsistency set, otherwise no inconstency is given

Ted

2011-08-25 20:21

administrator   ~0002348

I do not follow your analysis, at least as far as a20110804.1 is concerned.

According to my analysis the problem is that no mail address starting with digits can be found in admin interface.

Culprit are the lines

    if(intval($email) > 0)
      $emailsearch = "";

    $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
        where `users`.`id`=`email`.`memid` and
        (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
        `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
        group by `users`.`id` limit 100";

(line numbers 41 in pages/account/43.php of commit 8e5648c663a5b...).

Let's assume $email="42@answers.com'.

intval($email) evaluates to 42 and is bigger than 0 ==> $emailsearch is set to empty string and the correct email record is not found.

Implicit casting of string to integer in the id='$email'-clauses leads to the situation where the account whith id 42 and the account for the email.id 42 is found, which matches the support report from a20110804.1

If, on the other hand, you search for "%@answers.com", the correct account is found, which also matches the support report from a20110804.1

Conclusion: No database inconsistency, but a bug in pages/account/43.php!

Proposed fix checked in to branch bug-975

Ted

2011-08-25 20:22

administrator  

43_ted_proposal.php (17,440 bytes)

Ted

2011-08-25 20:30

administrator   ~0002349

Error could be provoked on testsystem, try searching for "42@answers.net" and "%answers.net"

Ted

2011-08-25 20:52

administrator   ~0002350

Fix installed on the testsystem, first tests are successful (after a typo fix that is).

Uli60

2011-08-26 10:03

updater  

43_975_110826.php (23,214 bytes)

Uli60

2011-08-26 10:12

updater   ~0002351

line 52 in 43_ted_proposal.php
from `users` left oter join `email` on (`users`.`id`=`email`.`memid`)
should probably
from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) ???
right?

addtl. note from dirk:
find user account by SE should not blocked by potential wrong settings, that prevents SE the user account to display. That is:
and `email`.`hash`='' and `email`.`deleted`=0
check to prevent in find user account query

addtl. fix + prev potential 7 parameters that prevents an account from working/displaying/usage to display debug infos in admin console

based on code revision:
commit ce4bfbaf0c2babb5bba2568d3b8712e1615aa651

Uli60

2011-08-26 10:53

updater  

43-975-diff-20110826.diff (6,895 bytes)   
41,43c41,43
<     if(intval($email) > 0)
<       $emailsearch = "";
< 
---
>  // bug-975 ted+uli changes --- begin
>     if(preg_match("/^[0-9]+$/", $email)) {
>       // $email consists of digits only ==> search for IDs
45,47c45,56
<         where `users`.`id`=`email`.`memid` and
<         (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
<         `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
---
>           where `users`.`id`=`email`.`memid` 
>             and (`email`.`id`='$email' or `users`.`id`='$email')
>             and `users`.`deleted`=0
>           group by `users`.`id` limit 100";
>     } else {
>       // $email contains non-digits ==> search for mail addresses
>       // Be defensive here (outer join) if primary mail is not listed in email table
>       $query = "select `users`.`id` as `id`, `email`.`email` as `email` 
>           from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
>           where ((`email`.`email` like '$emailsearch')
>                  or `users`.`email` like '$emailsearch')
>             and `users`.`deleted`=0
48a58,59
>     }
>  // bug-975 ted+uli changes --- end        
319a331,464
> 
> <? //  Begin - Debug infos ?>
> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
>   <tr>
>     <td colspan="2" class="title"><?=_("Account State")?></td>
>   </tr>
> 
> <?  
>   // ---  bug-975 begin ---
>   //  potential db inconsistency like in a20110804.1
>   //    Admin console -> don't list user account
>   //    User login -> impossible
>   //    Assurer, assure someone -> user displayed
>   /*  regular user account search with regular settings
> 
>     --- Admin Console find user query
>     $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
>         where `users`.`id`=`email`.`memid` and
>         (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
>         `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
>         group by `users`.`id` limit 100";
>      => requirements
>        1.  email.hash = ''
>        2.  email.deleted = 0
>        3.  users.deleted = 0
>        4.  email.email = primary-email       (???) or'd
>       not covered by admin console find user routine, but may block users login
>        5.  users.verified = 0|1
>       further "special settings"   
>        6.  users.locked  (setting displayed in display form)
>        7.  users.assurer_blocked   (setting displayed in display form)
> 
>     --- User login user query
>     select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
> 						`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
> 		=> requirements
>        1. users.verified = 1
>        2. users.deleted = 0
>        3. users.locked = 0
>        4. users.email = primary-email 				
> 
>     --- Assurer, assure someone find user query
>     select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
>            and `deleted`=0
> 		=> requirements
>        1. users.deleted = 0
>        2. users.email = primary-email
>                                      Admin      User        Assurer
>       bit                            Console    Login       assure someone
> 
>        1.  email.hash = ''            Yes        No           No
>        2.  email.deleted = 0          Yes        No           No
>        3.  users.deleted = 0          Yes        Yes          Yes
>        4.  users.verified = 1         No         Yes          No       
>        5.  users.locked = 0           No         Yes          No
>        6.  users.email = prim-email   No         Yes          Yes
>        7.  email.email = prim-email   Yes        No           No
>                  
>     full usable account needs all 7 requirements fulfilled
>     so if one setting isn't set/cleared there is an inconsistency either way
>     if eg email.email is not avail, admin console cannot open user info
>     but user can login and assurer can display user info
>     if user verified is not set to 1, admin console displays user record
>     but user cannot login, but assurer can search for the user and the data displays
> 
>     consistency check:
>     1. search primary-email in users.email
>     2. search primary-email in email.email
>     3. userid = email.memid
>     4. check settings from table 1. - 5.
> 
>    */
> 
>   $inconsistency = 0;
>   $inconsistencydisp = "";
>   $inccause = "";
>    // current userid  intval($row['id'])
>   $query = "select email as uemail, deleted as udeleted, verified, locked from `users` where `id`='".intval($row['id'])."' ";
>   $dres = mysql_query($query);
>   $drow = mysql_fetch_assoc($dres);
>   $uemail    = $drow['uemail'];
>   $udeleted  = $drow['udeleted'];
>   $uverified = $drow['verified'];
>   $ulocked   = $drow['locked'];
> 
>   $query = "select hash, deleted as edeleted, email as eemail from `email` where `memid`='".intval($row['id'])."' and email='".$uemail."' ";
>   $dres = mysql_query($query);
>   if ($drow = mysql_fetch_assoc($dres)) {
>     $eemail    = $drow['eemail'];
>     $edeleted  = $drow['edeleted'];
>     $ehash     = $drow['hash'];
>     if ($udeleted!=0) {
>       $inconsistency += 1;
>       $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
>     }
>     if ($uverified!=1) {
>       $inconsistency += 2;
>       $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
>     }
>     if ($ulocked!=0) {
>       $inconsistency += 4;
>       $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
>     }
>     if ($edeleted!=0) {
>       $inconsistency += 8;
>       $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");    
>     }
>     if ($ehash!='') {
>       $inconsistency += 16;
>       $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");        
>     }
>   } else {
>     $inconsistency = 32;
>     $inccause = _("Prim. email, Email record doesn't exist");
>   }
>   if ($inconsistency>0) {
>      // $inconsistencydisp = _("Yes");
> ?>
>   <tr>
>     <td class="DataTD"><?=_("Account inconsistency")?>:</td>
>     <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
>   </tr>
>   <tr>
>     <td colspan="2" class="DataTD"><?=_("Account inconsistency can cause problems in daily account operations<br>that needs to be fixed manualy thru arbitration/critical team.")?></td>
>   </tr>  
> <? }
> 
>   // ---  bug-975 end ---
> ?>
> </table>
> <br>
> <?    
>  //  End - Debug infos
> ?>
43-975-diff-20110826.diff (6,895 bytes)   

Ted

2011-09-14 17:27

administrator   ~0002432

Checked in proposed changes to branch bug-975, merged into master and installed on testserver

NEOatNHNG

2011-09-16 02:32

administrator   ~0002448

Last edited: 2011-09-16 02:35

View 2 revisions

I have reviewed the proposed fix and corrected some problems:
- the outer join which allows viewing accounts where no corresponding entry exists in the email table should also be applied when searching by id
- if a primary email address had been deleted and readded before then the debug table incorrectly showed that the primary email entry is marked as deleted. Steps to reproduce:
1) add a secondary email address
2) delete the secondary email address
3) re-add the secondary email address
4) mark the secondary email address as primary
- other minor fixes

Please re-review and test

Ted

2011-09-18 19:37

administrator   ~0002460

Re-reviewed changes, changes are acceptable.

Ted

2011-09-18 21:08

administrator   ~0002461

Did some tests:

Created account 123@convey.de
- Account can be found in SE console by email ==> OK
- Account can be found by ID 171199 ==> OK

Created account deleted@convey.de, used sql to delete corresponding entry in table email
- Account can be found by email ==> OK
- Account can be found by ID 171200 ==> OK
- Debug warning is shown "Prim. email, Email record doesn't exist/code: 32" ==> OK

Created account unfinished@convey.de but did not verify account creation
- Account can be found by email ==> OK
- Account can be found by ID 171201 ==> OK
- Debug warning is shown "Users record verified not set/Email record hash not unset/code: 18" ==> OK

Created account switch1@convey.de, added email switch2@convey.de , set to primary and deleted switch1@convey.de
- Account can be found by deleted email switch1@convey.de ==> OK
- Account can be found ba new email switch2@convey.de ==> OK
- Account can be found by ID ==> OK

Created another account switch1@convey.de
- Searching for switch1@convey.de lists both accounts ==> OK (Minor issue: deleted email is not marked)

Created account deleted2@convey.de, used mysql to set delete timestamp in table email
- Account can be found by email ==> OK
- Debug warning is shown "Email record set deleted/code: 8" ==> OK

Search any account in SE console (example switch2@convey.de), click "Account Locking"-Flag
- Debug warning is shown "Users record locked set/code: 4" ==> Hmm, a bit misleading, but acceptable
- Account can be found by email ==> OK
- Account can be found by ID ==> OK

Created account deleted3@convey.de, deleted account in SE console
- Account cannot be found by email ==> OK (?)
- Account cannot be found by ID ==> OK (?)

Summary: Tests are passed

Uli60

2011-09-25 23:42

updater   ~0002518

added new user account: bug975.user1@wiamail.de
not yet confirmed:
Account State
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18
=> ok

having 2 support emails for confirmation
1st sent: Wed, 14 Sep 2011 23:59:44 +0200 (CEST)
2nd sent: Sun, 25 Sep 2011 23:59:30 +0200 (CEST)
confirmed with 2nd sent link
success

Account state: no info avail
=> ok

added secondary email: bug975.test1@wiamail.de
confirmed 2nd email

email view now lists 2 emails, test1 as secondary

deleted secondary email

email view: only primary bug975.user1@wiamail.de listed

readding bug975.test1@wiamail.de
confirmed 2nd email

login with admin account
search account: bug975.user1@wiamail.de
Account State: clean

login bug975.user1@wiamail.de
email view:
primary: bug975.user1@wiamail.de
secondary: bug975.test1@wiamail.de
switching primary to bug975.test1@wiamail.de

login admin
search user bug975.user1@wiamail.de (now secondary)
Account State: clean (!)

find user bug975.test1@wiamail.de (primary)
Account State: clean
=> all ok
report https://bugs.cacert.org/view.php?id=975#c2448
I cannot confirm.

find user 123@convey.de
Account State: clean
=> ok

find user (id) 171199
Account State: clean
=> ok

find user deleted@convey.de
Account State
Account inconsistency: Prim. email, Email record doesn't exist
code: 32
=> ok

find user: unfinished@convey.de
No users found matching unfinished@convey.de
find user: 171201
No users found matching 171201
=> ????
   don't know what I can expect here
   if the user record has been deleted
   this matches the query regarding
   current active sql query line
   where ... deleted=0

find user: switch1@convey.de
lists 2 entries
171202 switch1@convey.de
171203 switch1@convey.de
selecting 171202
results:
primary email: switch2@convey.de
secondary email not listed
Account State: clean

find user: switch1@convey.de
lists 2 entries
171202 switch1@convey.de
171203 switch1@convey.de
selecting 171203
results:
primary email: switch1@convey.de
secondary email not listed
Account State: clean
=> ok

find user: deleted2@convey.de
Account State
Account inconsistency: Email record set deleted
code: 8
=> ok

find user: switch2@convey.de
Account State: clean
switching Account locked switch to locked
refresh
Account State
Account inconsistency: Users record locked set
code: 4
=>ok
reset account lock state to unlocked
=> ok

find user: deleted3@convey.de
No users found matching deleted3@convey.de
current state of 43.php (as of 2011-09-25)
line 51 and line 60 disqualifies listing
of deleted records ->
 "... and `users`.`deleted`=0"
=> ok

continue with bug975 test account tests:
adding new account bug975.user2@wiamail.de
not yet confirmed

login admin
find user: bug975.user1@wiamail.de
Account State: clean

find user: bug975.user2@wiamail.de
Account State
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18


login bug975.user1@wiamail.de
problems in login to account:
account or password wrong (?!?)
login to admin: works
logout
login to bug975.user1@wiamail.de
account or password wrong (0000002)
login to admin:
find user: bug975.user1@wiamail.de
primary email bug975.test1@wiamail.de
secondary email: bug975.user1@wiamail.de
ahh :)
Account state: clean
logout
login to bug975.test1@wiamail.de
email dispute: bug975.user2@wiamail.de
"The email address 'bug975.user2@wiamail.de' has been entered
 into the dispute system, the email address will now be sent
 an email which will give the recipent the option of accepting
 or rejecting the request, if after 2 days we haven't received
 a valid response for or against we will discard the request. "
??? => email address not yet verified !!!

login to ca-mgr1
2 emails received
a) account creation confirmation
b) dispute email confirmation
   (Click the following link to accept or reject the dispute:)

action: nothing at this state

login admin
find user: bug975.test1@wiamail.de
results:
secondary email: bug975.user1@wiamail.de -> ok
Account state: clean -> ok

find user: bug975.user2@wiamail.de
results:
Account state:
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18

ca-mgr1: clicking dispute confirmation link
no information given after clicking the link

login bug975.user2@wiamail.de
receiving message:
Email Dispute
Currently the email 'bug975.user2@wiamail.de' is
in dispute, you have been sent an email to
resolve the issue, below you have the option to
accept, reject or report the request as fraudulent.
=> doing nothing - logout

login to admin
find user: bug975.user2@wiamail.de
Account State
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18
=> ok

reclicking dispute confirmation link
login bug975.user2@wiamail.de
results:
Your account has not been verified yet,
please check your email account for the signup
messages.

login to: bug975.test1@wiamail.de

Email Dispute
Currently the email 'bug975.user2@wiamail.de' is
in dispute, you have been sent an email to resolve
the issue, below you have the option to accept,
reject or report the request as fraudulent.
=> ??????

result message:
You have opted to accept this dispute and the request
will now remove this email address from the existing
account, and revoke any current certificates.

The following accounts have been removed:
bug975.user2@wiamail.de
This was the primary email on the account, and no
emails or domains were left linked so the account has
also been removed from the system.
=> ?????
   from user account who requested the dispute email ?!?

view email accounts lists 2 emails:
bug975.user1@wiamail.de
bug975.test1@wiamail.de

login admin:
find user: bug975.user1@wiamail.de
results:
primary email: bug975.test1@wiamail.de
secondary email(s): bug975.user1@wiamail.de
Account state: clean

find user: bug975.user2@wiamail.de
results:
No users found matching bug975.user2@wiamail.de
=> ?????????????????

email has not yet confirmed, and is not transfered
      to disputing account

create new account: bug975.user2@wiamail.de
login to ca-mgr1
error: Message: LoginController::loginAction:
       ID not unique
  (2nd new adding cannot be confirmed thru ca-mgr1)

login to: bug975.test1@wiamail.de
dispute email: bug975.user2@wiamail.de

login to: bug975.user2@wiamail.de
Your account has not been verified yet, please
check your email account for the signup messages.
=> cannot access email :-P

login admin
find user: bug975.user2@wiamail.de

Account State
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18
=> only one account, deleted account not displayed

checking links for userid
eg delete account
https://cacert1.it-sls.de/account.php?id=50&userid=171213&csrf=1b6419b66a932ba4ebd8adadbb177c8b
=> userid=171213

ca-mgr1: login 171213
Message: LoginController::loginAction: ID unknown

create new user: bug975.user3@wiamail.de
not yet confirmed

login to: bug975.test1@wiamail.de
email dispute: bug975.user3@wiamail.de

ca-mgr1: login bug975.user3@wiamail.de

switching to logged-in user bug975.test1@wiamail.de
using link
https://cacert1.it-sls.de/disputes.php?type=email&emailid=240851&hash=88783f779831f9afd503d5cfbd50f440
accpeting dispute:
result:
The following accounts have been removed:
bug975.user3@wiamail.de
This was the primary email on the account, and no emails or domains
were left linked so the account has also been removed from the system.

yet logged-in bug975.test1@wiamail.de
add email: bug975.user3@wiamail.de
using last sent link for email confirmation

login admin
find user: bug975.test1@wiamail.de
primary email: bug975.test1@wiamail.de
secondary emails: bug975.user1@wiamail.de
                  bug975.user3@wiamail.de
account state: clean
=> ok

find user: bug975.user1@wiamail.de
primary email: bug975.test1@wiamail.de
secondary emails: bug975.user1@wiamail.de
                  bug975.user3@wiamail.de
account state: clean
=> ok

find user: bug975.user2@wiamail.de
primary: bug975.user2@wiamail.de
no secondary emails
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18
=> ok, but whats up with the 2nd user2 ?!?

find user: bug975.user3@wiamail.de
primary email: bug975.test1@wiamail.de
secondary emails: bug975.user1@wiamail.de
                  bug975.user3@wiamail.de
account state: clean
=> ok


How does the dispute email works?
user account 2 files email dispute over user account1 email
user account 2 receives email to account #1 email
user account 2 confirms disputed email address from account #1
if this is the last email, account #1 gets deleted
account 0000002 now can add the email from account #1 under account 0000002

Ted

2011-10-02 12:56

administrator   ~0002565

It looks like unverified user accounts and mail addresses are deleted after two days, see scripts/removedead.php.
So the vanishing of unfinished@convey.de is probably OK.

Ted

2011-10-02 14:03

administrator   ~0002566

One thing I just stumbled over:
Searching for '%convey.de' lists two acounts switch1@convey.de

Account 171202 formerly had the address assigned to it, so the hit is OK. But IMHO the primary mail address of the account (switch2@convey.de) should be shown in the list.

No showstopper, but not the thing you would expect.

INOPIAE

2011-10-10 12:23

updater   ~0002587

Last edited: 2011-10-11 19:15

View 2 revisions

added new user account: 975@inopiae.com
not yet confirmed:
Admin view:
Account State
Account inconsistency: Users record verified not set
Email record hash not unset
code: 18

=> ok
Assure someone:
Red information:
You are about to assure a person that isn't currently verified. If you continue and they do not verify their account within 48 hours the account could automatically be removed by the system.
=>ok

Confirmed account over TMS:
Everything normal.

Created second account: 975-2@inopiae.com
Assuered with 10 pts on 2011-10-10 14:00
Will check +1 day and +2 days
Check after 1 day 2011-10-11 21:15 account is still there.

Uli60

2011-10-11 11:38

updater   ~0002588

reviewed by 1 SA
tested by 3 testers
ready to deploy after 2nd review

NEOatNHNG

2011-10-11 21:24

administrator   ~0002591

Mail sent to critical admins

wytze

2011-10-12 08:24

developer   ~0002592

Patch has been installed on the production server on October 12, 2011. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2011-10/msg00005.html

Werner Dworak

2012-12-22 07:53

updater   ~0003547

More than 3 month solved and no complaints

Issue History

Date Modified Username Field Change
2011-08-23 12:56 Uli60 New Issue
2011-08-23 12:58 Uli60 Relationship added related to 0000859
2011-08-23 12:58 Uli60 Relationship added related to 0000882
2011-08-23 13:00 Uli60 Relationship added related to 0000794
2011-08-24 21:24 Uli60 Note Added: 0002344
2011-08-24 21:25 Uli60 Assigned To => Uli60
2011-08-24 21:28 Uli60 Note Edited: 0002344 View Revisions
2011-08-24 21:35 Uli60 Note Edited: 0002344 View Revisions
2011-08-24 21:36 Uli60 Note Edited: 0002344 View Revisions
2011-08-24 21:37 Uli60 Note Edited: 0002344 View Revisions
2011-08-25 10:12 Uli60 File Added: 43.php
2011-08-25 10:16 Uli60 Note Added: 0002345
2011-08-25 10:16 Uli60 Status new => fix available
2011-08-25 10:17 Uli60 Relationship replaced parent of 0000859
2011-08-25 10:26 Uli60 Note Added: 0002347
2011-08-25 10:27 Uli60 Note Edited: 0002347 View Revisions
2011-08-25 10:29 Uli60 Note Edited: 0002347 View Revisions
2011-08-25 10:29 Uli60 Note Edited: 0002347 View Revisions
2011-08-25 10:30 Uli60 Note Edited: 0002347 View Revisions
2011-08-25 13:03 Uli60 Note Edited: 0002344 View Revisions
2011-08-25 18:46 Ted Assigned To Uli60 => Ted
2011-08-25 20:21 Ted Note Added: 0002348
2011-08-25 20:22 Ted File Added: 43_ted_proposal.php
2011-08-25 20:30 Ted Note Added: 0002349
2011-08-25 20:35 Ted Source_changeset_attached => cacert-devel master 43ac3fd8
2011-08-25 20:45 Ted Source_changeset_attached => cacert-devel master 48944b00
2011-08-25 20:52 Ted Note Added: 0002350
2011-08-25 20:52 Ted Assigned To Ted =>
2011-08-25 20:52 Ted Status fix available => needs review & testing
2011-08-25 20:53 Ted Reviewed by => Ted
2011-08-26 10:03 Uli60 File Added: 43_975_110826.php
2011-08-26 10:12 Uli60 Note Added: 0002351
2011-08-26 10:12 Uli60 Assigned To => Uli60
2011-08-26 10:12 Uli60 Status needs review & testing => fix available
2011-08-26 10:53 Uli60 File Added: 43-975-diff-20110826.diff
2011-09-14 17:25 Ted Source_changeset_attached => cacert-devel master 7dcb0566
2011-09-14 17:25 Ted Source_changeset_attached => cacert-devel master b14806a5
2011-09-14 17:27 Ted Note Added: 0002432
2011-09-14 17:27 Ted Status fix available => needs review & testing
2011-09-16 02:15 NEOatNHNG Source_changeset_attached => cacert-devel master e3ac088d
2011-09-16 02:15 NEOatNHNG Source_changeset_attached => cacert-devel master 76d73d8d
2011-09-16 02:32 NEOatNHNG Note Added: 0002448
2011-09-16 02:35 NEOatNHNG Note Edited: 0002448 View Revisions
2011-09-16 02:36 NEOatNHNG Reviewed by Ted => NEOatNHNG
2011-09-18 19:36 Ted Reviewed by NEOatNHNG => Ted, NEOatNHNG
2011-09-18 19:37 Ted Note Added: 0002460
2011-09-18 19:37 Ted Status needs review & testing => needs testing
2011-09-18 21:08 Ted Note Added: 0002461
2011-09-25 23:42 Uli60 Note Added: 0002518
2011-09-27 23:12 NEOatNHNG Source_changeset_attached => cacert-devel testserver a230c734
2011-10-02 12:56 Ted Note Added: 0002565
2011-10-02 14:03 Ted Note Added: 0002566
2011-10-10 12:23 INOPIAE Note Added: 0002587
2011-10-11 11:38 Uli60 Note Added: 0002588
2011-10-11 11:38 Uli60 Status needs testing => ready to deploy
2011-10-11 19:15 INOPIAE Note Edited: 0002587 View Revisions
2011-10-11 21:24 NEOatNHNG Note Added: 0002591
2011-10-11 21:35 NEOatNHNG Source_changeset_attached => cacert-devel release 861f3415
2011-10-12 08:24 wytze Note Added: 0002592
2011-10-12 08:24 wytze Status ready to deploy => solved?
2011-10-12 08:24 wytze Resolution open => fixed
2012-12-12 13:14 Uli60 Relationship added related to 0000123
2012-12-12 13:38 Uli60 Relationship added related to 0000103
2012-12-22 07:51 Werner Dworak Relationship deleted parent of 0000859
2012-12-22 07:51 Werner Dworak Relationship added related to 0000859
2012-12-22 07:53 Werner Dworak Note Added: 0003547
2012-12-22 07:53 Werner Dworak Status solved? => closed
2013-01-15 17:42 Werner Dworak Fixed in Version => 2012 Q4