View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001136 | Main CAcert Website | account administration | public | 2013-01-09 08:12 | 2014-02-25 22:55 |
| Reporter | INOPIAE | Assigned To | BenBE | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 2013 Q1 | ||||
| Target Version | 2013 Q1 | Fixed in Version | 2013 Q3 | ||
| Summary | 0001136: Extend SE console with the functionality to revoke all user certificates of an user account | ||||
| Description | Create a button for SE to revoke all user certificates of an account so SE does not need to hijack the account anymore. This functionality is needed in the course of the account delete procedure. The org certificates (org client and org server) are not effected by this bug. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | Ted, NEOatNHNG | ||||
| Test Instructions | |||||
|
|
I pushed the fix to https://github.com/INOPIAE/CAcert/tree/bug-1136 |
|
|
while testing bug 893 revoke all certs => window pops up => accepting => ok admin console, search user again displays all certs as valid as before revoke certs routine doesn't work as expected see bug 0001136 affected certs: - user client cert - user server cert - org client cert - org server cert |
|
|
Test account with over 300 certs before: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 1 1 0 0 2015-05-21 Client: 354 353 1 0 2015-05-15 GPG: 1 1 1 2014-05-22 Org Server: 2 1 1 0 2015-05-21 Org Client: 1 1 0 0 2014-05-21 show confirm box: Are you sure you want to revoke all private certificates? later: Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 1 0 0 1 2015-05-21 Client: 354 0 1 353 2015-05-15 GPG: 1 1 1 2014-05-22 Org Server: 2 1 1 0 2015-05-21 Org Client: 1 1 0 0 2014-05-21 Pending Cert Not Revoked Pending 00000001SEff2001@tld.ld Not Revoked 0000-00-00 00:00:00 non affected certs: - user gpg - org client cert - org server cert same above with 30000 Certificates and after this no cert for login available ;) => OK |
|
|
Please review, discussion in SAP team meeting agreed to review only with one test. |
|
|
Test with account 4002.july13@acme.com. List prior to certificate revoke Cert Type: Total Valid Expired Revoked Latest Expire Server: 2 1 1 0 2013-07-16 Client: 3 2 1 0 2013-07-16 List after certificate revoke Cert Type: Total Valid Expired Revoked Latest Expire Server: 2 0 1 2 2013-07-16 Client: 3 0 1 3 2013-07-16 all certificate revoked => ok |
|
|
from prev test: later section .. client certs lists 1 expired, 353 revoked Why expired certs aren't revoked too? references: according to arbitration Delete Account Procedure v3 https://wiki.cacert.org/Arbitrations/Training/Lesson20/DeleteAccountProcSEv3 procedure defines: * revoke all certificates * Server Certificates - View * select "View all certificates" * revoke Server certificates, even expired <== * Domains - View * Delete Domains * GPG PGP Keys - View * revoke certificates x1) * Client Certificates - View * select "View all certificates" * revoke Client certificates, even expired <== Further references from Arbitration training (incl. policy references, rationale) https://wiki.cacert.org/Arbitrations/Training/Lesson20 |
|
|
beforeCert Type: Total Valid Expired Revoked Latest Expire Server: 4 0 4 0 2013-06-13 Client: 2 0 2 0 2013-05-16 GPG: None Org Server: None Org Client: 1 0 1 0 Pending gen 2 valid Certs Cert Type: Total Valid Expired Revoked Latest Expire Server: 5 1 4 0 2013-08-08 Client: 3 1 2 0 2013-08-08 GPG: None Org Server: None Org Client: 1 0 1 0 Pending revoke certificates via SE Console Cert Type: Total Valid Expired Revoked Latest Expire Server: 5 0 4 5 2013-08-08 Client: 3 0 2 3 2013-08-08 GPG: None Org Server: None Org Client: 1 0 1 0 Pending |
|
|
real order of reports: https://bugs.cacert.org/view.php?id=1136#c4014 https://bugs.cacert.org/view.php?id=1136#c4107 is wrong, as review started in parallel that results in report https://bugs.cacert.org/view.php?id=1136#c4112 re-deployment started in parallel and results in patch merge cacert-devel: testserver-stable 2445788a Timestamp: 2013-07-09 21:55:35 then notes https://bugs.cacert.org/view.php?id=1136#c4110 https://bugs.cacert.org/view.php?id=1136#c4119 |
|
|
test report see https://bugs.cacert.org/view.php?id=893#c4189 |
|
|
I have fixed some small things. Please re-test and re-review. |
|
|
I created new certificates in an account. Afterwards I could revoke them in one go over the SE console. =>ok NB I could not test the revokation of expired certificates |
|
|
I created new certificates in an account. Afterwards I could revoke them in one go over the SE console. =>ok NB I could not test the revokation of expired certificates |
|
|
I createt 6 new certificats in an account. As sys-admin I found all 6 certificates as valid. I used the revoke-certificate-button as sys-admin. Afterwards all 6 certificates were show as revoked for the admin. In the normal account I did not see any certificate after that. (this was done with valid certificates only) -> ok |
|
|
user 3 client certs/3 active, 4 server certs/2 active/2 revoked revoke certs: Account State Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 4 0 0 4 2013-10-03 Client: 3 0 0 3 2013-10-03 4 server certs revoked -> ok 3 client certs revoked -> ok => ok |
|
|
Reviewed combined bugs branch bug-1177-893-1136-1123-1137, 1a381b8..6a92669 Changes are OK, proposed minor change to make the code more easily readable. |
|
|
Certificates Cert Type: Total Valid Expired Revoked Latest Expire Server: 2 0 0 2 2013-10-04 Client: 10 0 3 10 2013-10-04 GPG: 3 2 3 2014-08-28 Org Server: 22 12 6 7 2013-10-03 Org Client: 41 24 17 1 2013-09-10 |
|
|
Tested by several testers and reviewed by two software assessors. Here we go! |
|
|
The jumbo patch for issue 0000893, 0001123, 0001136, 0001137 and 0001177 was installed on the production server on September 6, 2013. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2013-09/msg00003.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-01-09 08:12 | INOPIAE | New Issue | |
| 2013-01-09 08:12 | INOPIAE | Assigned To | => INOPIAE |
| 2013-01-09 08:15 | INOPIAE | Relationship added | related to 0000223 |
| 2013-01-09 15:34 | Werner Dworak | Relationship added | related to 0000893 |
| 2013-01-18 21:39 | INOPIAE | Note Added: 0003704 | |
| 2013-01-18 21:39 | INOPIAE | Assigned To | INOPIAE => BenBE |
| 2013-01-18 21:39 | INOPIAE | Status | new => fix available |
| 2013-01-27 13:40 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable c900824a |
| 2013-01-27 13:40 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable a9f468f5 |
| 2013-01-27 13:40 | BenBE | Reviewed by | => BenBE |
| 2013-01-27 13:40 | BenBE | Assigned To | BenBE => NEOatNHNG |
| 2013-01-27 13:40 | BenBE | Status | fix available => needs review & testing |
| 2013-01-29 21:05 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 835b26a3 |
| 2013-01-29 21:05 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 9508b647 |
| 2013-02-19 22:30 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable fbfa7568 |
| 2013-02-19 22:30 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable aa92c81a |
| 2013-03-05 22:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable ba00058e |
| 2013-03-05 22:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 90bdd8cb |
| 2013-03-05 22:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 17bb794a |
| 2013-03-12 22:13 | INOPIAE | Assigned To | NEOatNHNG => INOPIAE |
| 2013-03-12 22:13 | INOPIAE | Status | needs review & testing => needs work |
| 2013-04-30 23:20 | Uli60 | Note Added: 0003940 | |
| 2013-05-01 00:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 4bcceb37 |
| 2013-05-01 00:10 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable c3f0e56d |
| 2013-05-01 00:10 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 91bf0ec7 |
| 2013-05-01 00:14 | INOPIAE | Assigned To | INOPIAE => BenBE |
| 2013-05-01 00:14 | INOPIAE | Status | needs work => needs review & testing |
| 2013-05-01 00:20 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 519e56b3 |
| 2013-05-01 00:20 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 069d4239 |
| 2013-05-15 00:19 | INOPIAE | Description Updated | |
| 2013-05-21 19:50 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable aa02730d |
| 2013-05-21 19:50 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 22c48c06 |
| 2013-05-21 21:12 | MartinGummi | Note Added: 0004014 | |
| 2013-05-21 21:14 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:16 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:17 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:19 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:23 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:23 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:25 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:26 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:27 | MartinGummi | Note Edited: 0004014 | |
| 2013-05-21 21:33 | MartinGummi | Note Edited: 0004014 | |
| 2013-06-15 18:24 | MartinGummi | Note Edited: 0004014 | |
| 2013-07-09 20:59 | INOPIAE | Note Added: 0004107 | |
| 2013-07-09 20:59 | INOPIAE | Assigned To | BenBE => NEOatNHNG |
| 2013-07-09 20:59 | INOPIAE | Status | needs review & testing => needs review |
| 2013-07-09 21:45 | INOPIAE | Status | needs review => needs review & testing |
| 2013-07-09 22:00 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 2445788a |
| 2013-07-09 22:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 2e648977 |
| 2013-07-09 22:22 | INOPIAE | Note Added: 0004110 | |
| 2013-07-09 22:25 | Uli60 | Note Added: 0004112 | |
| 2013-07-09 23:10 | MartinGummi | Note Added: 0004119 | |
| 2013-07-09 23:23 | Uli60 | Note Added: 0004120 | |
| 2013-07-13 15:54 | INOPIAE | Note Edited: 0004110 | |
| 2013-07-14 20:46 | INOPIAE | Product Version | => 2013 Q1 |
| 2013-07-14 20:46 | INOPIAE | Target Version | => 2013 Q1 |
| 2013-07-22 05:45 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 8eab0e4d |
| 2013-07-22 05:45 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 23ee6915 |
| 2013-07-22 05:53 | BenBE | Relationship replaced | parent of 0000893 |
| 2013-07-22 05:53 | BenBE | Relationship added | parent of 0001177 |
| 2013-07-23 21:45 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 68808dde |
| 2013-07-23 21:45 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 3cbac6cc |
| 2013-07-30 21:18 | Uli60 | Note Added: 0004196 | |
| 2013-08-06 22:04 | NEOatNHNG | Reviewed by | BenBE => NEOatNHNG |
| 2013-08-06 22:04 | NEOatNHNG | Note Added: 0004213 | |
| 2013-08-06 22:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 357460eb |
| 2013-08-06 22:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 4193c986 |
| 2013-08-06 22:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 6744dcf1 |
| 2013-08-06 22:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 0a982f8b |
| 2013-08-20 19:57 | INOPIAE | Note Added: 0004236 | |
| 2013-08-24 15:15 | NEOatNHNG | Assigned To | NEOatNHNG => Ted |
| 2013-09-03 22:36 | INOPIAE | Note Added: 0004271 | |
| 2013-09-03 22:50 | Eva | Note Added: 0004272 | |
| 2013-09-03 23:00 | Uli60 | Note Added: 0004273 | |
| 2013-09-04 06:47 | Ted | Note Added: 0004276 | |
| 2013-09-04 06:47 | Ted | Assigned To | Ted => BenBE |
| 2013-09-04 06:47 | Ted | Status | needs review & testing => needs testing |
| 2013-09-04 06:48 | Ted | Reviewed by | NEOatNHNG => Ted, NEOatNHNG |
| 2013-09-04 22:02 | MartinGummi | Note Added: 0004289 | |
| 2013-09-04 22:03 | MartinGummi | Note Edited: 0004289 | |
| 2013-09-04 22:04 | MartinGummi | Note Edited: 0004289 | |
| 2013-09-04 22:05 | MartinGummi | Note Edited: 0004289 | |
| 2013-09-06 03:53 | BenBE | Status | needs testing => ready to deploy |
| 2013-09-06 03:53 | BenBE | Note Added: 0004294 | |
| 2013-09-06 15:44 | wytze | Note Added: 0004299 | |
| 2013-09-06 15:44 | wytze | Status | ready to deploy => solved? |
| 2013-09-06 15:44 | wytze | Fixed in Version | => 2013 Q3 |
| 2013-09-06 15:44 | wytze | Resolution | open => fixed |
| 2014-01-08 00:19 | INOPIAE | Status | solved? => closed |
| 2014-02-25 22:55 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 8c38aa34 |
