Bug 406361

Summary: 3.26: All login names lowercase.
Product: [Community] Bugzilla Reporter: David Lawrence <dkl>
Component: Bugzilla GeneralAssignee: Noura El hawary <nelhawar>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 3.2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: 4 hours for selenium testing
Fixed In Version: 2.18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-29 05:52:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 406071, 427052    
Attachments:
Description Flags
force lowercasing in bugzilla app none

Description David Lawrence 2007-11-30 16:58:49 UTC 
Description:
In the past Bugzilla allowed multiple login accounts to be created with email addresses that only differed by case. This caused issues from time to time when users logged in to the wrong account or received unintended email. Red Hat Bugzilla contains checks in places where login names are added or edited that make sure the login name is lowercased before entering the database. Also MySQL enforces this where PostgreSQL did not in the past.

Function Requirements:
12558 Bugzilla Db - Lowercase profiles.login_name Bugzilla App - force profiles.login_name lowercase everywhere
Comment 1 Noura El hawary 2007-12-20 13:19:05 UTC 
Created attachment 290149 [details]
force lowercasing in bugzilla app
Comment 2 Noura El hawary 2007-12-20 13:37:04 UTC 
Note : The attached patch is not the latest patch that we applied to force
lowercasing , I couldn't find the latest one but basically the only difference
is that we places lc and trim in function in clean_login_name() in
Bugzilla/Util.pm as the following:

sub clean_login_name {
    my $login_name = shift;
    return '' if not defined $login_name;
    return lc( trim( $login_name ) );
}


Basically we can port that patch easily to the 3.2 bugzilla code , as we will
only be calling the function clean_login_name to trim and lowercase loginnames
before we insert it into the db, in all the different modules . basically we
need to grep for modules that updates or Insert loginnames into the profiles
table then we lowercase before inserting/updating that loginname in the db.

from historical data LOC = 40 LOC


Also will include selenium testcases to test the loginames in the web UI I would
expect 2 selenium testcases = 4 hours 

and also an xmlrpc testcase to test xmlrpc function addUser , about 30 LOC
Comment 3 Noura El hawary 2008-01-08 07:01:53 UTC 
I think this bug is dealt with already by the upstream as they have in the 
Bugzilla::DB module a function called "sql_istrcmp" and this function returns
SQL for a case-insensitive string comparison. and it is used to look for all
login names in the database, so this replaces our function clean_login_name that
we have in Bugzilla/Util.pm to do similar job.

[root@taurus rh_bugzilla_3]# grep -rl sql_istrcmp . 
./editusers.cgi
./request.cgi
./contrib/syncLDAP.pl
./token.cgi
./Bugzilla/User.pm
./Bugzilla/Token.pm
./Bugzilla/DB.pm
./Bugzilla/Search.pm
./Bugzilla/Object.pm
./Bugzilla/DB/Pg.pm
./Bugzilla/Field.pm