[Zope-PAS] Re: Bug in ZODBUserManager

Tres Seaver tseaver at palladion.com
Wed Jun 7 13:17:59 EDT 2006 

Dominique Lederer wrote:
> Hello!
> 
> I think a found a bug in ZODBUserManager.py in the updateUserPassword
> method.
> 
> To reproduce:
> Add users via ZMI (id | login)
> user1 | login1
> user2 | login2
> 
> Everything works fine.
> Now edit the second user (by clicking on "password" in the
> ZODBUserManager ZMI)
> And choose "login1" without quotes for the login name, retype your
> password.
> 
> You now see two users in your ZODBUserManager, but only the second one
> will work.
> The first user is somehow "overwritten", you cant delete him, or even
> use him for authentification.
> 
> I browsed the source (om not so good at that so please forgive if I went
> the wrong way ;) )
> And found the corresponding method "updateUserPassword"
> 
> I think somewhere in this method the duplicate login check is missing,
> like in the method "addUser"
> 
> if self._login_to_userid.get( login_name ) is not None:
>             raise KeyError, 'Duplicate login name: %s' % login_name
> 
> Maybe anyone knows how to fix this :) I do not.
> 
> Cheers
> Dom

Please try the following patch::

------------------------------ 8< -----------------------------------
--- plugins/ZODBUserManager.py  (revision 68513)
+++ plugins/ZODBUserManager.py  (working copy)
@@ -314,6 +314,10 @@
          old_login_name = self._userid_to_login[ user_id ]

          if old_login_name != login_name:
+
+            if self._login_to_userid.get( login_name ) is not None:
+                raise KeyError, 'Duplicate login name: %s' % login_name
+
              del self._login_to_userid[ old_login_name ]
              self._login_to_userid[ login_name ] = user_id
              self._userid_to_login[ user_id ] = login_name
------------------------------ 8< -----------------------------------

If it works, then please submit it along with your problem report to the 
PAS collector:

   http://www.zope.org/Collectors/PAS/

(Actually, please submit the issue even if the patch doesn't work).


Tres.
-- 
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com

More information about the Zope-PAS mailing list