Opened 5 years ago

Last modified 4 years ago

#1745 reopened task

Authenticated user cannot create ticket on GDAL Trac

Reported by: rouault Owned by: sac@…
Priority: normal Milestone:
Component: Systems Admin Keywords:
Cc: rtorre

Description (last modified by strk)

Reported by user "rtorre":

"""I could log into trac but then after writing the ticket I got a permission error when trying to submit it: "TICKET_CREATE privileges are required to perform this operation on Ticket #None. You don't have the required permissions."."""

According to him there are other users that encounter the same issue.

Change History (12)

comment:1 Changed 5 years ago by strk

According to SQL any authenticated users has permission to create tickets already:

trac_gdal=# select * from permission where action = 'TICKET_CREATE';
   username    |    action     
---------------+---------------
 authenticated | TICKET_CREATE
(1 row)

Could it be he tried to create a ticket while his authentication token was being removed in a spam fight ?

comment:2 Changed 5 years ago by rouault

In https://trac.osgeo.org/gdal/admin/spamfilter/monitor, there was a newticket entry with a karma of 0 like other. I classified it as ham. But why would that one have been rejected whereas others are successful ?

comment:3 Changed 5 years ago by strk

Cc: rtorre added
Description: modified (diff)

My hypothesis was that the user was NOT recognized as an authenticated user. The message suggests that's the case. I guess authentication is detected via a browser cookie, so messing with the cookies table on the database could have accidentally removed his cookie.

My spam cleanup script only removes sessions and cookies data associated with known spammer users, and "rtorre" is not among them, so if that's the case I don't know how it could have happened.

comment:4 Changed 5 years ago by strk

Description: modified (diff)

I've added rtorre in Cc, in case he has some other info he can add (and at the same time if he comments here we can at least check commenting still works)

comment:5 Changed 5 years ago by rtorre

test comment

comment:6 Changed 5 years ago by rtorre

Resolution: fixed
Status: newclosed

Fixed now. I also tested ticket creation: https://trac.osgeo.org/osgeo/ticket/1759

thanks

comment:7 Changed 4 years ago by rouault

Resolution: fixed
Status: closedreopened

Rafa hit the issue again. I've granted him explicitly TICKET_CREATE priviledges in GDAL Trac administration pannel in the meantime, but there's something weird happening.

comment:8 Changed 4 years ago by strk

Even, you should be able to disable the check or tweak weights of it, see the spam filter plugin configuration.

As the configuration is global, your changing the local one would hide any global setting in the future, so if you find your settings to be working good please suggest to make them global with a new SAC ticket (trac component). Thank you .

comment:9 Changed 4 years ago by rouault

I can't see rtorre in https://trac.osgeo.org/gdal/admin/spamfilter/monitor , so I'm not sure if it is the spamfilter that rejected him

comment:10 Changed 4 years ago by strk

Can it be his browser is loosing the cookie ? I think somebody else reported a similar error (could tell by looking at the upper-right corner where you'd see the "login" link instead of the "logout" one)

PS: as you're at that /monitor page, please consider training the spam filter, I see Mateusz comments/reports being considered spam...

comment:11 Changed 4 years ago by rouault

Rafa couldn't comment in that ticket, so here are the elements he sent me by email

"""I reproduced all the steps and saved traces and screenshots, anonymizing them by replacing auth, session and token strings by "[omitted]" to avoid any security leak. Having the timestamps and everything should be enough to relate them to the server traces and get to the bottom of the problem."""

comment:12 Changed 4 years ago by rouault

Note: See TracTickets for help on using tickets.