View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001543 | Main CAcert Website | account administration | public | 2022-07-06 20:47 | 2022-10-11 18:43 |
Reporter | egal | Assigned To | egal | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | fix available | Resolution | open | ||
Platform | Main CAcert Website | OS | N/A | OS Version | stable |
Summary | 0001543: email-adresses without member-id need to be deleted | ||||
Description | As long as the "strict" setting was active on webdb1 there were 28 email-addresses, which do not belong to any account in email-table. Normally emails of members, which are not verified, are deleted after 24 hours (according to our text) or 48 hours (according to our coding). As the memid is empty, these email-addresses would stay in email-table forever ... blocking these email-addresses (users) to join cacert. | ||||
Steps To Reproduce | none (as strict-mode was switched off for database) | ||||
Additional Information | According to our coding a "memid=0" should not be possible ... ... but in strict mode for mariadb it was not possible to create an entry in user-table ... resulting in "id=0". This value was added to email-table: > select * from email where memid=0 order by id desc; +--------+-------+--------------------------------+---------------------+---------------------+---------------------+------+----------+ | id | memid | email | created | modified | deleted | hash | attempts | +--------+-------+--------------------------------+---------------------+---------------------+---------------------+------+----------+ | 567890 | 0 | email@domain.tld | 2022-07-04 12:34:56 | 2022-07-04 12:34:56 | 0000-00-00 00:00:00 | | 2 | (...) (Obviously it's not a productive record above ... ;-) ) If a valid user-record could be created, the field memid is the reference to the user-record and therefore not 0. | ||||
Tags | login error, migration, webdb | ||||
Reviewed by | |||||
Test Instructions | database needs to be modified on testserver to reproduce this issue ... and to see, if a fix works | ||||
|
some additional information: there is a script named "removedead.php", which is called every hour to remove unverified accounts and their email-adresses. this script could be adapted, to remove emails-addresses with memid=0 after some time (24 hrs? 48 hrs?), too. another solution could be to authorize critical to remove these 30 entries from the database using an sql-command (one-shot only) |
|
fix available as https://code.cacert.org/cacert/cacert-webdb/pulls/2/files |
Date Modified | Username | Field | Change |
---|---|---|---|
2022-07-06 20:47 | egal | New Issue | |
2022-07-06 20:47 | egal | Tag Attached: login error | |
2022-07-06 20:47 | egal | Tag Attached: migration | |
2022-07-06 20:47 | egal | Tag Attached: webdb | |
2022-07-06 20:51 | egal | Note Added: 0006121 | |
2022-07-06 20:52 | egal | Assigned To | => jandd |
2022-07-07 16:08 | jandd | Status | new => needs work |
2022-07-07 16:20 | jandd | Status | needs work => fix available |
2022-07-07 16:20 | jandd | Note Added: 0006125 | |
2022-07-07 16:21 | jandd | Assigned To | jandd => egal |
2022-10-11 18:42 | egal | Description Updated | |
2022-10-11 18:43 | egal | Note Edited: 0006121 |