Fix problematic case-sensitivity in ExternalAuth::DBI. #200
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Well, I found |
Users expect their username and email address to be case-insensitive. RT's users are case-insensitive, but RT::Authen::ExternalAuth::DBI had a bug that caused it to fail if its backing database was case-insensitive. It used DBI::selectall_hashref keyed on the username or email address from the backing database (whichever was used to look up the account), and then retrieved the record from the resulting hash based on the value it had been passed. If the backing database was case-insenitive but case-preserving (as most are) and the case in the database did not match the case used for the query, then the case used to create the hash key would not match the case used to retrieve it. Since Perl hash keys are case-sensitive, the hash dereference would fail and the method would return undef, resulting in very strange error messages. This changes it to use DBI::selectall_arrayref and simply use the first record returned. Since the code already checks that exactly one result is returned that change should have no effect on the intended behavior.
Elemecca
force-pushed
the
4.4/extauth-dbi-ci
branch
from
c7ccc92 to
cea7479
Compare
|
Hi Sam, Thanks for your patch. It's on our list to review and merge. :) Best, |
|
Why was this closed? It doesn't appear to have been merged, nor has an equivalent change been made on master, and the bug still exists. Has this change been rejected? Do I need to rebase it for a new branch? |
|
Hi Sam It seems an unintentional action, sorry for the confusion. I re-opened it. -sunnavy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Users expect their username and email address to be case-insensitive. RT's users are case-insensitive, but
RT::Authen::ExternalAuth::DBIhad a bug that caused it to fail if its backing database was case-insensitive.It used
DBI::selectall_hashrefkeyed on the username or email address from the backing database (whichever was used to look up the account), and then retrieved the record from the resulting hash based on the value it had been passed. If the backing database was case-insenitive but case-preserving (as most are) and the case in the database did not match the case used for the query, then the case used to create the hash key would not match the case used to retrieve it. Since Perl hash keys are case-sensitive, the hash dereference would fail and the method would returnundef, resulting in very strange error messages.This changes it to use
DBI::selectall_arrayrefand simply use the first record returned. Since the code already checks that exactly one result is returned that change should have no effect on the intended behavior.I feel like this should have regression tests, but there don't seem to be any tests yet for
ExternalAuth::DBIand I'm not sure how to mock the external database, so I'm submitting without tests for now. I'll keep looking into how to do it, but I'd appreciate advice if people have any.