[Checkins] SVN: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/ Launchpad #789858: don't allow conflicting login name in 'updateUser'.
Tres Seaver
tseaver at palladion.com
Mon May 30 13:00:56 EDT 2011
Log message for revision 121836:
Launchpad #789858: don't allow conflicting login name in 'updateUser'.
Changed:
U Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/doc/CHANGES.txt
U Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ZODBUserManager.py
U Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py
-=-
Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/doc/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/doc/CHANGES.txt 2011-05-30 16:53:48 UTC (rev 121835)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/doc/CHANGES.txt 2011-05-30 17:00:56 UTC (rev 121836)
@@ -4,6 +4,8 @@
PluggableAuthService 1.6.5 (unreleased)
---------------------------------------
+- Launchpad #789858: don't allow conflicting login name in 'updateUser'.
+
- Launchpad #672694: In the ZODBRoleManager made it clearer that
adding a removing a role does not have much effect if you do not do
the same in the root of the site (at the bottom of the Security tab
Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ZODBUserManager.py
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ZODBUserManager.py 2011-05-30 16:53:48 UTC (rev 121835)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ZODBUserManager.py 2011-05-30 17:00:56 UTC (rev 121836)
@@ -1,4 +1,4 @@
-##############################################################################
+#############################################################################
#
# Copyright (c) 2001 Zope Foundation and Contributors
# Reserved.
@@ -296,10 +296,15 @@
# The following raises a KeyError if the user_id is invalid
old_login = self.getLoginForUserId(user_id)
- del self._login_to_userid[old_login]
- self._login_to_userid[login_name] = user_id
- self._userid_to_login[user_id] = login_name
+ if old_login != login_name:
+ if self._login_to_userid.get(login_name) is not None:
+ raise ValueError('Login name not available: %s' % login_name)
+
+ del self._login_to_userid[old_login]
+ self._login_to_userid[login_name] = user_id
+ self._userid_to_login[user_id] = login_name
+
security.declarePrivate( 'removeUser' )
def removeUser( self, user_id ):
Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py 2011-05-30 16:53:48 UTC (rev 121835)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py 2011-05-30 17:00:56 UTC (rev 121836)
@@ -443,6 +443,17 @@
self.assertEqual(user_id, 'user1')
self.assertEqual(login, 'user1 at foobar.com')
+ def test_updateUser_login_name_conflicts(self):
+ # See https://bugs.launchpad.net/zope-pas/+bug/789858
+ zum = self._makeOne()
+
+ # Create a user and make sure we can authenticate with it
+ zum.addUser( 'user1', 'user1 at example.com', 'password' )
+ zum.addUser( 'user2', 'user2 at example.com', 'other' )
+
+ self.assertRaises(ValueError,
+ zum.updateUser, 'user1', 'user2 at example.com')
+
def test_enumerateUsersWithOptionalMangling(self):
zum = self._makeOne()
More information about the checkins
mailing list