Bug 406361 - 3.26: All login names lowercase.
Summary: 3.26: All login names lowercase.
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: Bugzilla General
Version: 3.2
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Noura El hawary
QA Contact:
URL:
Whiteboard: 4 hours for selenium testing
Depends On:
Blocks: RHBZ30UpgradeTracker 427052
TreeView+ depends on / blocked
 
Reported: 2007-11-30 16:58 UTC by David Lawrence
Modified: 2013-06-24 04:17 UTC (History)
0 users

Fixed In Version: 2.18
Clone Of:
Environment:
Last Closed: 2008-01-29 05:52:12 UTC
Embargoed:

Attachments (Terms of Use)
force lowercasing in bugzilla app (12.68 KB, text/plain)
2007-12-20 13:19 UTC, Noura El hawary 		no flags Details
View All

Description David Lawrence 2007-11-30 16:58:49 UTC 
Description:
In the past Bugzilla allowed multiple login accounts to be created with email addresses that only differed by case. This caused issues from time to time when users logged in to the wrong account or received unintended email. Red Hat Bugzilla contains checks in places where login names are added or edited that make sure the login name is lowercased before entering the database. Also MySQL enforces this where PostgreSQL did not in the past.

Function Requirements:
12558 Bugzilla Db - Lowercase profiles.login_name Bugzilla App - force profiles.login_name lowercase everywhere
Comment 1 Noura El hawary 2007-12-20 13:19:05 UTC 
Created attachment 290149 [details]
force lowercasing in bugzilla app
Comment 2 Noura El hawary 2007-12-20 13:37:04 UTC 
Note : The attached patch is not the latest patch that we applied to force
lowercasing , I couldn't find the latest one but basically the only difference
is that we places lc and trim in function in clean_login_name() in
Bugzilla/Util.pm as the following:

sub clean_login_name {
    my $login_name = shift;
    return '' if not defined $login_name;
    return lc( trim( $login_name ) );
}


Basically we can port that patch easily to the 3.2 bugzilla code , as we will
only be calling the function clean_login_name to trim and lowercase loginnames
before we insert it into the db, in all the different modules . basically we
need to grep for modules that updates or Insert loginnames into the profiles
table then we lowercase before inserting/updating that loginname in the db.

from historical data LOC = 40 LOC


Also will include selenium testcases to test the loginames in the web UI I would
expect 2 selenium testcases = 4 hours 

and also an xmlrpc testcase to test xmlrpc function addUser , about 30 LOC
Comment 3 Noura El hawary 2008-01-08 07:01:53 UTC 
I think this bug is dealt with already by the upstream as they have in the 
Bugzilla::DB module a function called "sql_istrcmp" and this function returns
SQL for a case-insensitive string comparison. and it is used to look for all
login names in the database, so this replaces our function clean_login_name that
we have in Bugzilla/Util.pm to do similar job.

[root@taurus rh_bugzilla_3]# grep -rl sql_istrcmp . 
./editusers.cgi
./request.cgi
./contrib/syncLDAP.pl
./token.cgi
./Bugzilla/User.pm
./Bugzilla/Token.pm
./Bugzilla/DB.pm
./Bugzilla/Search.pm
./Bugzilla/Object.pm
./Bugzilla/DB/Pg.pm
./Bugzilla/Field.pm
Note You need to log in before you can comment on or make changes to this bug.