Description: In the past Bugzilla allowed multiple login accounts to be created with email addresses that only differed by case. This caused issues from time to time when users logged in to the wrong account or received unintended email. Red Hat Bugzilla contains checks in places where login names are added or edited that make sure the login name is lowercased before entering the database. Also MySQL enforces this where PostgreSQL did not in the past. Function Requirements: 12558 Bugzilla Db - Lowercase profiles.login_name Bugzilla App - force profiles.login_name lowercase everywhere
Created attachment 290149 [details] force lowercasing in bugzilla app
Note : The attached patch is not the latest patch that we applied to force lowercasing , I couldn't find the latest one but basically the only difference is that we places lc and trim in function in clean_login_name() in Bugzilla/Util.pm as the following: sub clean_login_name { my $login_name = shift; return '' if not defined $login_name; return lc( trim( $login_name ) ); } Basically we can port that patch easily to the 3.2 bugzilla code , as we will only be calling the function clean_login_name to trim and lowercase loginnames before we insert it into the db, in all the different modules . basically we need to grep for modules that updates or Insert loginnames into the profiles table then we lowercase before inserting/updating that loginname in the db. from historical data LOC = 40 LOC Also will include selenium testcases to test the loginames in the web UI I would expect 2 selenium testcases = 4 hours and also an xmlrpc testcase to test xmlrpc function addUser , about 30 LOC
I think this bug is dealt with already by the upstream as they have in the Bugzilla::DB module a function called "sql_istrcmp" and this function returns SQL for a case-insensitive string comparison. and it is used to look for all login names in the database, so this replaces our function clean_login_name that we have in Bugzilla/Util.pm to do similar job. [root@taurus rh_bugzilla_3]# grep -rl sql_istrcmp . ./editusers.cgi ./request.cgi ./contrib/syncLDAP.pl ./token.cgi ./Bugzilla/User.pm ./Bugzilla/Token.pm ./Bugzilla/DB.pm ./Bugzilla/Search.pm ./Bugzilla/Object.pm ./Bugzilla/DB/Pg.pm ./Bugzilla/Field.pm