[Zope-PAS] Re: Bug in ZODBUserManager

Wed, 07 Jun 2006 10:18:58 -0700 

Dominique Lederer wrote:

Hello!

I think a found a bug in ZODBUserManager.py in the updateUserPassword
method.

To reproduce:
Add users via ZMI (id | login)
user1 | login1
user2 | login2

Everything works fine.
Now edit the second user (by clicking on "password" in the
ZODBUserManager ZMI)
And choose "login1" without quotes for the login name, retype your
password.

You now see two users in your ZODBUserManager, but only the second one
will work.
The first user is somehow "overwritten", you cant delete him, or even
use him for authentification.

I browsed the source (om not so good at that so please forgive if I went
the wrong way ;) )
And found the corresponding method "updateUserPassword"

I think somewhere in this method the duplicate login check is missing,
like in the method "addUser"

if self._login_to_userid.get( login_name ) is not None:
            raise KeyError, 'Duplicate login name: %s' % login_name

Maybe anyone knows how to fix this :) I do not.

Cheers
Dom


Please try the following patch::

------------------------------ 8< -----------------------------------
--- plugins/ZODBUserManager.py  (revision 68513)
+++ plugins/ZODBUserManager.py  (working copy)
@@ -314,6 +314,10 @@
         old_login_name = self._userid_to_login[ user_id ]

         if old_login_name != login_name:
+
+            if self._login_to_userid.get( login_name ) is not None:
+                raise KeyError, 'Duplicate login name: %s' % login_name
+
             del self._login_to_userid[ old_login_name ]
             self._login_to_userid[ login_name ] = user_id
             self._userid_to_login[ user_id ] = login_name
------------------------------ 8< -----------------------------------
If it works, then please submit it along with your problem report to the PAS collector: 

  http://www.zope.org/Collectors/PAS/

(Actually, please submit the issue even if the patch doesn't work).


Tres.
--
===================================================================
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com

_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to