[Checkins] SVN: Products.PluggableAuthService/trunk/ Launchpad #789858: don't allow conflicting login name in 'updateUser'.
Tres Seaver
tseaver at palladion.com
Mon May 30 13:25:28 EDT 2011
Log message for revision 121841:
Launchpad #789858: don't allow conflicting login name in 'updateUser'.
Changed:
U Products.PluggableAuthService/trunk/CHANGES.txt
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/ZODBUserManager.py
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py
-=-
Modified: Products.PluggableAuthService/trunk/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt 2011-05-30 17:17:32 UTC (rev 121840)
+++ Products.PluggableAuthService/trunk/CHANGES.txt 2011-05-30 17:25:28 UTC (rev 121841)
@@ -4,6 +4,8 @@
1.7.5 (unreleased)
------------------
+- Launchpad #789858: don't allow conflicting login name in 'updateUser'.
+
- Set appropriate cache headers on CookieAuthHelper login redirects to prevent
caching by proxy servers.
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/ZODBUserManager.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/ZODBUserManager.py 2011-05-30 17:17:32 UTC (rev 121840)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/ZODBUserManager.py 2011-05-30 17:25:28 UTC (rev 121841)
@@ -299,10 +299,15 @@
# The following raises a KeyError if the user_id is invalid
old_login = self.getLoginForUserId(user_id)
- del self._login_to_userid[old_login]
- self._login_to_userid[login_name] = user_id
- self._userid_to_login[user_id] = login_name
+ if old_login != login_name:
+ if self._login_to_userid.get(login_name) is not None:
+ raise ValueError('Login name not available: %s' % login_name)
+
+ del self._login_to_userid[old_login]
+ self._login_to_userid[login_name] = user_id
+ self._userid_to_login[user_id] = login_name
+
security.declarePrivate( 'removeUser' )
def removeUser( self, user_id ):
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py 2011-05-30 17:17:32 UTC (rev 121840)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py 2011-05-30 17:25:28 UTC (rev 121841)
@@ -445,6 +445,17 @@
self.assertEqual(user_id, 'user1')
self.assertEqual(login, 'user1 at foobar.com')
+ def test_updateUser_login_name_conflicts(self):
+ # See https://bugs.launchpad.net/zope-pas/+bug/789858
+ zum = self._makeOne()
+
+ # Create a user and make sure we can authenticate with it
+ zum.addUser( 'user1', 'user1 at example.com', 'password' )
+ zum.addUser( 'user2', 'user2 at example.com', 'other' )
+
+ self.assertRaises(ValueError,
+ zum.updateUser, 'user1', 'user2 at example.com')
+
def test_enumerateUsersWithOptionalMangling(self):
zum = self._makeOne()
More information about the checkins
mailing list