search

moloch-- / RootTheBox

A Game of Hackers (CTF Scoreboard & Game Manager)
http://root-the-box.com/
Apache License 2.0
908 stars 292 forks source link

(bug?) Email Validation Error #569

Closed PJNorrisS1 closed 1 year ago

PJNorrisS1 commented 1 year ago

We have set up a server now to do email validation. Email is received but the token provided does not validate. image Checked the logs - all looks as it should. Dropped the DB and opened in sqlite and noted the registration_token table is empty - looks like the token is being generated, but it is not written to the DB ?

eljeffeg commented 1 year ago

registration_token is not the email_token. registration_token is used for registering users by sending them a code. The email_token table should hold the email tokens.

PJNorrisS1 commented 1 year ago

ohhh, then in that case, here is mine image I'm sure this is why it's failing, there are lots of entries for user_id 18 and 19, where I have tried numerous times. Please could you check you are clearing this down when resetting the db and when deleting a user?

PJNorrisS1 commented 1 year ago

UPDATE: I cleared down that table of entries in email_token, tried registration again and it was successful. image Please can you fix clearing the token out? Thanks

PJNorrisS1 commented 1 year ago

EDIT: Ignore this comment, see the next one...

Hi, how was this fixed? I have been doing some testing today, monitoring the email_token. Each user that registers, an entry is created 

1|2023-06-12 13:26:29.349421|18|11e22f306c99b4ca9b931f1214395ba43e9d6b2ed048ff5a0459d8fa99f2ab53|1
2|2023-06-12 13:26:53.633738|19|6c5058fba8bcd53549c680b7ae4b1bb2d4b8559d69432965277ab0caabe11938|0
3|2023-06-12 13:32:15.924645|20|d1875ad727747c8b8c82fd5cd23e26f36fbbb35294eb9f01610d9d7e9ac1501c|0

I see the user ID field increment. Also notice that once authenticated, the last column changes from a 0 to 1, as above.

I have reset the game with player names, but the content in the db remains. New users are incremented as expected though. I thought these were suppose to be cleared down? I also delete individual users, but their email_token didn't disapper.

Although it hasn't failed, i was curious to learn what the bug was? Thanks

PJNorrisS1 commented 1 year ago

Ok, correction on the above, I hadn't pulled the latest release. However, I still am getting a glitch in the matrix...

Steps to recreate:

  1. Login as admin, reset the game with players. Check DB - email_token table empty. 👍
  2. Logged out. registered a new user. received email validation.
  3. Checked DB - one entry in there: 
    1|2023-06-12 13:59:29.374953|18|e3f877d57a70b0502a7aaaf220886a57a1102e8dc396c7ada9561ef26d3a6c17|0
  4. Clicked on link in email and get 404 error: image
PJNorrisS1 commented 1 year ago

Further to the above, I have repeated all the steps again and noticed, after registering, it completely borks the user management. Even without trying to validate, the user management in admin is 404 error.

eljeffeg commented 1 year ago

Does it display a stack output in the console? That would be helpful, thanks.

PJNorrisS1 commented 1 year ago 
uk-webapp-1     | [E 230612 15:37:30 web:1871] Uncaught exception GET /admin/users (86.xxxxxx)
uk-webapp-1     |     HTTPServerRequest(protocol='https', host='uk.xxxx.com', method='GET', uri='/admin/users', version='HTTP/1.1', remote_ip='86.10.128.58')
uk-webapp-1     |     Traceback (most recent call last):
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1784, in _execute
uk-webapp-1     |         result = method(*self.path_args, **self.path_kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 91, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 46, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 130, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/handlers/AdminHandlers/AdminUserHandlers.py", line 53, in get
uk-webapp-1     |         self.render("admin/view/users.html", errors=None)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 940, in render
uk-webapp-1     |         html = self.render_string(template_name, **kwargs)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1089, in render_string
uk-webapp-1     |         return t.generate(**namespace)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/template.py", line 362, in generate
uk-webapp-1     |         return execute()
uk-webapp-1     |       File "admin/view/users_html.generated.py", line 1267, in _tt_execute
uk-webapp-1     |         _tt_tmp = user.is_email_valid()  # admin/view/users.html:520 (via main.html:32)
uk-webapp-1     |       File "/opt/rtb/models/User.py", line 384, in is_email_valid
uk-webapp-1     |         emailtoken = EmailToken.by_user_id(self.id)
uk-webapp-1     |       File "/opt/rtb/models/EmailToken.py", line 53, in by_user_id
uk-webapp-1     |         return dbsession.query(cls).filter_by(user_id=user_id).last()
uk-webapp-1     |     AttributeError: 'Query' object has no attribute 'last'
uk-webapp-1     | [E 230612 15:37:30 BaseHandlers:196] Request from 86.xxxxx resulted in an error code 500:
uk-webapp-1     |     Traceback (most recent call last):
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1784, in _execute
uk-webapp-1     |         result = method(*self.path_args, **self.path_kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 91, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 46, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 130, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/handlers/AdminHandlers/AdminUserHandlers.py", line 53, in get
uk-webapp-1     |         self.render("admin/view/users.html", errors=None)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 940, in render
uk-webapp-1     |         html = self.render_string(template_name, **kwargs)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1089, in render_string
uk-webapp-1     |         return t.generate(**namespace)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/template.py", line 362, in generate
uk-webapp-1     |         return execute()
uk-webapp-1     |       File "admin/view/users_html.generated.py", line 1267, in _tt_execute
uk-webapp-1     |         _tt_tmp = user.is_email_valid()  # admin/view/users.html:520 (via main.html:32)
uk-webapp-1     |       File "/opt/rtb/models/User.py", line 384, in is_email_valid
uk-webapp-1     |         emailtoken = EmailToken.by_user_id(self.id)
uk-webapp-1     |       File "/opt/rtb/models/EmailToken.py", line 53, in by_user_id
uk-webapp-1     |         return dbsession.query(cls).filter_by(user_id=user_id).last()
uk-webapp-1     |     AttributeError: 'Query' object has no attribute 'last'
uk-webapp-1     |     
uk-webapp-1     | [E 230612 15:37:30 web:2344] 500 GET /admin/users (86.xxx) 66.79ms
uk-webapp-1     | [I 230612 15:37:30 web:2344] 101 GET /connect/notifications/updates (86.xxxx) 0.74ms
eljeffeg commented 1 year ago

Pushed up a new version that should fix that.

eljeffeg commented 1 year ago

I wanted to choose the last in case more than one token was requested that it validate against the last token issued.

PJNorrisS1 commented 1 year ago

Sorry - pulled the latest which updated the EmailToken.py file. Compiled and built. Logged in, reset the game so nothing exists. Checked I could access users. no problems. Registered, email received, click the link and get 404 error still. 

uk-webapp-1     | [E 230612 16:13:19 web:1871] Uncaught exception GET /admin/users (86.xxxx)
uk-webapp-1     |     HTTPServerRequest(protocol='https', host='uk.xxxx.com', method='GET', uri='/admin/users', version='HTTP/1.1', remote_ip='86.xxxx')
uk-webapp-1     |     Traceback (most recent call last):
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1784, in _execute
uk-webapp-1     |         result = method(*self.path_args, **self.path_kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 91, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 46, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 130, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/handlers/AdminHandlers/AdminUserHandlers.py", line 53, in get
uk-webapp-1     |         self.render("admin/view/users.html", errors=None)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 940, in render
uk-webapp-1     |         html = self.render_string(template_name, **kwargs)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1089, in render_string
uk-webapp-1     |         return t.generate(**namespace)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/template.py", line 362, in generate
uk-webapp-1     |         return execute()
uk-webapp-1     |       File "admin/view/users_html.generated.py", line 1267, in _tt_execute
uk-webapp-1     |         _tt_tmp = user.is_email_valid()  # admin/view/users.html:520 (via main.html:32)
uk-webapp-1     |       File "/opt/rtb/models/User.py", line 384, in is_email_valid
uk-webapp-1     |         emailtoken = EmailToken.by_user_id(self.id)
uk-webapp-1     |       File "/opt/rtb/models/EmailToken.py", line 53, in by_user_id
uk-webapp-1     |         return dbsession.query(cls).filter_by(user_id=user_id).order_by(id.desc()).first()
uk-webapp-1     |     AttributeError: 'builtin_function_or_method' object has no attribute 'desc'
uk-webapp-1     | [E 230612 16:13:19 BaseHandlers:196] Request from 86.xxxx resulted in an error code 500:
uk-webapp-1     |     Traceback (most recent call last):
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1784, in _execute
uk-webapp-1     |         result = method(*self.path_args, **self.path_kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 91, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 46, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/libs/SecurityDecorators.py", line 130, in wrapper
uk-webapp-1     |         return method(self, *args, **kwargs)
uk-webapp-1     |       File "/opt/rtb/handlers/AdminHandlers/AdminUserHandlers.py", line 53, in get
uk-webapp-1     |         self.render("admin/view/users.html", errors=None)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 940, in render
uk-webapp-1     |         html = self.render_string(template_name, **kwargs)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1089, in render_string
uk-webapp-1     |         return t.generate(**namespace)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/template.py", line 362, in generate
uk-webapp-1     |         return execute()
uk-webapp-1     |       File "admin/view/users_html.generated.py", line 1267, in _tt_execute
uk-webapp-1     |         _tt_tmp = user.is_email_valid()  # admin/view/users.html:520 (via main.html:32)
uk-webapp-1     |       File "/opt/rtb/models/User.py", line 384, in is_email_valid
uk-webapp-1     |         emailtoken = EmailToken.by_user_id(self.id)
uk-webapp-1     |       File "/opt/rtb/models/EmailToken.py", line 53, in by_user_id
uk-webapp-1     |         return dbsession.query(cls).filter_by(user_id=user_id).order_by(id.desc()).first()
uk-webapp-1     |     AttributeError: 'builtin_function_or_method' object has no attribute 'desc'
eljeffeg commented 1 year ago

Dang.. stack exchange fail. Ok, pushed a new one. lol

PJNorrisS1 commented 1 year ago

Sorry :-(

uk-webapp-1     | [E 230612 16:34:24 web:1871] Uncaught exception GET /registration/token?u=ZmQxM2RjN2QtNjM2Ni00MmQwLWJjNzMtZTMzODZhN2VmY2Qz&t=YWExOTRhNzI4MjFlZDE5OWQwZTU1ODQ1YmRmMmRkNWM= (86.10.128.58)
uk-webapp-1     |     HTTPServerRequest(protocol='https', host='uk.xxxxxx.com', method='GET', uri='/registration/token?u=ZmQxM2RjN2QtNjM2Ni00MmQwLWJjNzMtZTMzODZhN2VmY2Qz&t=YWExOTRhNzI4MjFlZDE5OWQwZTU1ODQ1YmRmMmRkNWM=', version='HTTP/1.1', remote_ip='86.xxxxx')
uk-webapp-1     |     Traceback (most recent call last):
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1784, in _execute
uk-webapp-1     |         result = method(*self.path_args, **self.path_kwargs)
uk-webapp-1     |       File "/opt/rtb/handlers/PublicHandlers.py", line 1001, in get
uk-webapp-1     |         if user.is_email_valid() is True:
uk-webapp-1     |       File "/opt/rtb/models/User.py", line 384, in is_email_valid
uk-webapp-1     |         emailtoken = EmailToken.by_user_id(self.id)
uk-webapp-1     |       File "/opt/rtb/models/EmailToken.py", line 53, in by_user_id
uk-webapp-1     |         return dbsession.query(cls).filter_by(user_id=user_id).order_by(desc(id)).first()
uk-webapp-1     |       File "<string>", line 2, in desc
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/elements.py", line 3557, in _create_desc
uk-webapp-1     |         coercions.expect(roles.ByOfRole, column),
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/coercions.py", line 193, in expect
uk-webapp-1     |         resolved = impl._literal_coercion(
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/coercions.py", line 408, in _literal_coercion
uk-webapp-1     |         self._raise_for_expected(element, argname)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/coercions.py", line 290, in _raise_for_expected
uk-webapp-1     |         util.raise_(exc.ArgumentError(msg, code=code), replace_context=err)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 211, in raise_
uk-webapp-1     |         raise exception
uk-webapp-1     |     sqlalchemy.exc.ArgumentError: GROUP BY / OF / etc. expression expected, got <built-in function id>.
uk-webapp-1     | [E 230612 16:34:24 BaseHandlers:196] Request from 86.xxxx resulted in an error code 500:
uk-webapp-1     |     Traceback (most recent call last):
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1784, in _execute
uk-webapp-1     |         result = method(*self.path_args, **self.path_kwargs)
uk-webapp-1     |       File "/opt/rtb/handlers/PublicHandlers.py", line 1001, in get
uk-webapp-1     |         if user.is_email_valid() is True:
uk-webapp-1     |       File "/opt/rtb/models/User.py", line 384, in is_email_valid
uk-webapp-1     |         emailtoken = EmailToken.by_user_id(self.id)
uk-webapp-1     |       File "/opt/rtb/models/EmailToken.py", line 53, in by_user_id
uk-webapp-1     |         return dbsession.query(cls).filter_by(user_id=user_id).order_by(desc(id)).first()
uk-webapp-1     |       File "<string>", line 2, in desc
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/elements.py", line 3557, in _create_desc
uk-webapp-1     |         coercions.expect(roles.ByOfRole, column),
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/coercions.py", line 193, in expect
uk-webapp-1     |         resolved = impl._literal_coercion(
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/coercions.py", line 408, in _literal_coercion
uk-webapp-1     |         self._raise_for_expected(element, argname)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/sql/coercions.py", line 290, in _raise_for_expected
uk-webapp-1     |         util.raise_(exc.ArgumentError(msg, code=code), replace_context=err)
uk-webapp-1     |       File "/usr/local/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 211, in raise_
uk-webapp-1     |         raise exception
uk-webapp-1     |     sqlalchemy.exc.ArgumentError: GROUP BY / OF / etc. expression expected, got <built-in function id>.
uk-webapp-1     |     
uk-webapp-1     | [E 230612 16:34:24 web:2344] 500 GET /registration/token?u=ZmQxM2RjN2QtNjM2Ni00MmQwLWJjNzMtZTMzODZhN2VmY2Qz&t=YWExOTRhNzI4MjFlZDE5OWQwZTU1ODQ1YmRmMmRkNWM= (86.10.128.58) 12.29ms
uk-webapp-1     | [I 230612 16:34:24 web:2344] 101 GET /connect/notifications/updates (86.xxxx0.79ms
eljeffeg commented 1 year ago

Sorry, this is getting embarrassing. lol. I don't have email setup to test it. Pushed an update.

PJNorrisS1 commented 1 year ago

Thanks. Will test in next hour. No problem! Really appreciate you jumping on this. On 12 Jun 2023, at 19:28, ElJeffe @.***> wrote: Sorry, this is getting embarrassing. lol. I don't have email setup to test it. Pushed an update.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

PJNorrisS1 commented 1 year ago

Hi, tested and appears to all be working as it should. One observation, if I register a user, then verify it. If I delete the user from admin, the entry in email_token is still there. Creating a new user generates another entry in there with same user id (18 in this case). Although it verified okay, is this normal behaviour? Should you be clearing the entry in email_token when deleting a user, as well as when you do a master reset?

1|2023-06-12 20:30:59.154456|18|220ffe8008dfd6f49e5bd4117fed673825603a33a3bf13f99e94f04af0cf12b2|1
2|2023-06-12 20:32:45.517535|18|b19c9f635671e953916799e6d94aba736c3082379a7e7a1bd56b1da3e8a05ea8|1
PJNorrisS1 commented 1 year ago

Further testing - seem's okay... i created a user, but not validated it (bit is 0); I then deleted the user, created a new user and validated and it worked.

1|2023-06-12 20:30:59.154456|18|220ffe8008dfd6f49e5bd4117fed673825603a33a3bf13f99e94f04af0cf12b2|1
2|2023-06-12 20:32:45.517535|18|b19c9f635671e953916799e6d94aba736c3082379a7e7a1bd56b1da3e8a05ea8|1
3|2023-06-12 20:36:16.242515|18|e57acdc3c11a39109f69b2c004529ecf413002a8c5f7667a145e39b505c7a001|0
4|2023-06-12 20:37:06.083818|18|2cc9a765e30c8ffe219fcfabde3ab2f39384af51d5ae848badafae562eed74b4|0
sqlite> select * from email_token;
1|2023-06-12 20:30:59.154456|18|220ffe8008dfd6f49e5bd4117fed673825603a33a3bf13f99e94f04af0cf12b2|1
2|2023-06-12 20:32:45.517535|18|b19c9f635671e953916799e6d94aba736c3082379a7e7a1bd56b1da3e8a05ea8|1
3|2023-06-12 20:36:16.242515|18|e57acdc3c11a39109f69b2c004529ecf413002a8c5f7667a145e39b505c7a001|0
4|2023-06-12 20:37:06.083818|18|2cc9a765e30c8ffe219fcfabde3ab2f39384af51d5ae848badafae562eed74b4|1

but could see this might be a future problem if the user is not cleared out? Is this what got us in to trouble before?

eljeffeg commented 1 year ago

Yes, that makes sense. Unlike other tables, we didn't link the EmailTokens to the User as a foreign key, which is why we had to delete them separately.

eljeffeg commented 1 year ago

Pushed an update to hopefully resolve that.

PJNorrisS1 commented 1 year ago

Tested... didn't erase the entry.

  1. reset whole game.
  2. registered a user
  3. select * from email_token; shows the one entry 👍
  4. logged in as admin
  5. deleted the unvalidated user
  6. checked the db and the entry still there. 
    uk-webapp-1     | [I 230612 21:20:26 PublicHandlers:679] Email Validation sent for paul@pjnorris.com
uk-webapp-1     | [I 230612 21:20:26 web:2344] 200 POST /registration (86.10.128.58) 857.85ms
uk-webapp-1     | [I 230612 21:20:26 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.60ms
uk-webapp-1     | [I 230612 21:20:32 web:2344] 200 GET /login (86.10.128.58) 0.95ms
uk-webapp-1     | [I 230612 21:20:32 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.98ms
uk-webapp-1     | [I 230612 21:20:34 PublicHandlers:317] Successful login: admin from 86.10.128.58
uk-webapp-1     | [I 230612 21:20:34 web:2344] 302 POST /login (86.10.128.58) 163.62ms
uk-webapp-1     | [I 230612 21:20:34 web:2344] 200 GET /user (86.10.128.58) 177.63ms
uk-webapp-1     | [I 230612 21:20:35 web:2344] 304 GET /scoreboard/ajax/timer (86.10.128.58) 0.70ms
uk-webapp-1     | [I 230612 21:20:35 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.66ms
uk-webapp-1     | [I 230612 21:20:37 web:2344] 200 GET /admin/users (86.10.128.58) 43.67ms
uk-webapp-1     | [I 230612 21:20:37 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.69ms
uk-webapp-1     | [I 230612 21:20:41 AdminUserHandlers:273] Deleted Team: 'PJN1'
uk-webapp-1     | [I 230612 21:20:41 web:2344] 302 POST /admin/users/delete/team (86.10.128.58) 36.32ms
uk-webapp-1     | [I 230612 21:20:41 web:2344] 200 GET /admin/users (86.10.128.58) 11.33ms
uk-webapp-1     | [I 230612 21:20:41 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.57ms
uk-webapp-1     | [I 230612 21:20:54 web:2344] 200 GET / (86.10.128.58) 0.93ms
eljeffeg commented 1 year ago

Yup, was not returning an array. Getting closer.

PJNorrisS1 commented 1 year ago

Just loaded last one and still the same - not deleted.

uk-webapp-1     | [I 230612 21:58:22 web:2344] 304 GET /scoreboard/ajax/timer (86.10.128.58) 0.55ms
uk-webapp-1     | [I 230612 21:58:22 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.63ms
uk-webapp-1     | [I 230612 21:58:24 web:2344] 200 GET /admin/users (86.10.128.58) 44.55ms
uk-webapp-1     | [I 230612 21:58:24 web:2344] 101 GET /connect/notifications/updates (86.10.128.58) 0.69ms
uk-webapp-1     | [I 230612 21:58:32 AdminUserHandlers:274] Deleted Team: 'PJN'
uk-webapp-1     | [I 230612 21:58:32 web:2344] 302 POST /admin/users/delete/team (86.10.128.58) 36.66ms
sqlite> select * from email_token;
1|2023-06-12 21:58:18.238009|18|546478cb413f79d55d7204df4f2799088f7e71fdde853db8af6ff3f4bfeca55d|0
sqlite> select * from email_token;
1|2023-06-12 21:58:18.238009|18|546478cb413f79d55d7204df4f2799088f7e71fdde853db8af6ff3f4bfeca55d|0
eljeffeg commented 1 year ago

I think that might have been due to a team delete instead of a user delete. I've now added it to both.

PJNorrisS1 commented 1 year ago

:-) fireworks!!!

Yup that got it! Looking very good! Thank you so much for fixing this for us. I'll do some rigorous testing tomorrow before rolling this out live.

PJ

PJNorrisS1 commented 1 year ago

Hopefully one last query on this one....

  1. Registered a new user
  2. Not activated the account.
  3. Logged in as admin - user shows as locked. I click unlock.
  4. Go to log back in as user (not validated) image

Error showing the user needs to be validated.

Should the expected behaviour be, if an admin 'unlocked' the account, it would clear the email validation? Or should there be another button there to validate user from false to true?

If not, then would it be wise to have 'resend activation email' link there or not?

PJNorrisS1 commented 1 year ago

On the above point, we ran a workshop today with email registrations enabled. All went okay, execpt we had a couple of players whose email system filtered their emails. We managed to get them released, but took time. It would be nice for the Admin to 'validate' a user as my comment above, in the case an email doesn't get pushed through.

PunitTailor55 commented 1 year ago

In addition to that we need to make admin users pagination as well.

On Wed, 14 Jun, 2023, 7:02 pm PJ Norris, @.***> wrote:

On the above point, we ran a workshop today with email registrations enabled. All went okay, execpt we had a couple of players whose email system filtered their emails. We managed to get them released, but took time. It would be nice for the Admin to 'validate' a user as my comment above, in the case an email doesn't get pushed through.

— Reply to this email directly, view it on GitHub https://github.com/moloch--/RootTheBox/issues/569#issuecomment-1591218870, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJCWCSOLJERN76HE4YFS6GTXLG4P5ANCNFSM6AAAAAAY4767U4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

eljeffeg commented 1 year ago

Pushed a change so that unlock will also validate email.

PJNorrisS1 commented 1 year ago

Perfect! Tried and tested. Thank you