Bug 406361 – 3.26: All login names lowercase.

Bug 406361 - 3.26: All login names lowercase.

Summary:	3.26: All login names lowercase.

Status:	CLOSED NEXTRELEASE

Aliases:	None

Product:	Bugzilla
Classification:	Community
Component:	Bugzilla General (Show other bugs)
Sub Component:
Version:	3.2
Hardware:	All Linux

Priority	high Severity medium (vote)
Target Milestone:	---
Target Release:	---
Assigned To:	Noura El hawary
QA Contact:
Docs Contact:

URL:
Whiteboard:	4 hours for selenium testing
Keywords:

Depends On:
Blocks:	RHBZ30UpgradeTracker 427052
	Show dependency tree / graph

Reported:	2007-11-30 11:58 EST by David Lawrence
Modified:	2013-06-24 00:17 EDT (History)
CC List:	0 users

See Also:
Fixed In Version:	2.18
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-01-29 00:52:12 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
force lowercasing in bugzilla app (12.68 KB, text/plain) 2007-12-20 08:19 EST, Noura El hawary	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description David Lawrence 2007-11-30 11:58:49 EST

Description:
In the past Bugzilla allowed multiple login accounts to be created with email addresses that only differed by case. This caused issues from time to time when users logged in to the wrong account or received unintended email. Red Hat Bugzilla contains checks in places where login names are added or edited that make sure the login name is lowercased before entering the database. Also MySQL enforces this where PostgreSQL did not in the past.

Function Requirements:
12558 Bugzilla Db - Lowercase profiles.login_name Bugzilla App - force profiles.login_name lowercase everywhere

Comment 1 Noura El hawary 2007-12-20 08:19:05 EST

Created attachment 290149 [details]
force lowercasing in bugzilla app

Comment 2 Noura El hawary 2007-12-20 08:37:04 EST

Note : The attached patch is not the latest patch that we applied to force
lowercasing , I couldn't find the latest one but basically the only difference
is that we places lc and trim in function in clean_login_name() in
Bugzilla/Util.pm as the following:

sub clean_login_name {
    my $login_name = shift;
    return '' if not defined $login_name;
    return lc( trim( $login_name ) );
}


Basically we can port that patch easily to the 3.2 bugzilla code , as we will
only be calling the function clean_login_name to trim and lowercase loginnames
before we insert it into the db, in all the different modules . basically we
need to grep for modules that updates or Insert loginnames into the profiles
table then we lowercase before inserting/updating that loginname in the db.

from historical data LOC = 40 LOC


Also will include selenium testcases to test the loginames in the web UI I would
expect 2 selenium testcases = 4 hours 

and also an xmlrpc testcase to test xmlrpc function addUser , about 30 LOC

Comment 3 Noura El hawary 2008-01-08 02:01:53 EST

I think this bug is dealt with already by the upstream as they have in the 
Bugzilla::DB module a function called "sql_istrcmp" and this function returns
SQL for a case-insensitive string comparison. and it is used to look for all
login names in the database, so this replaces our function clean_login_name that
we have in Bugzilla/Util.pm to do similar job.

[root@taurus rh_bugzilla_3]# grep -rl sql_istrcmp . 
./editusers.cgi
./request.cgi
./contrib/syncLDAP.pl
./token.cgi
./Bugzilla/User.pm
./Bugzilla/Token.pm
./Bugzilla/DB.pm
./Bugzilla/Search.pm
./Bugzilla/Object.pm
./Bugzilla/DB/Pg.pm
./Bugzilla/Field.pm

Note You need to log in before you can comment on or make changes to this bug.