Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Enable case-insensitivity in UserDB for indirect_login.

This patch allows catalogs that are using the indirect_login feature to
combine that with ignore_case to enable case-insensitive logins.

A common use-case is to have email address be the indirect login field, so
one thing to be aware of is that it's legal for two separate e-mail
addresses to differ in capitalization only (e.g. user@domain is distinct
from User@domain).
  • Loading branch information...
commit 393f8c7a580b092b9ba380223954b96d5080a061 1 parent 1026a68
@danielbr danielbr authored
Showing with 18 additions and 8 deletions.
  1. +18 −8 lib/Vend/UserDB.pm
View
26 lib/Vend/UserDB.pm
@@ -1704,26 +1704,36 @@ sub change_pass {
}
eval {
+ # Create copies so that ignore_case doesn't lc the originals.
+ my $vend_username = $Vend::username;
+ my $cgi_mv_username = $CGI::values{mv_username};
+ if ($self->{OPTIONS}{ignore_case}) {
+ $vend_username = lc $vend_username;
+ $cgi_mv_username = lc $cgi_mv_username
+ if defined $cgi_mv_username;
+ }
+
+ # Database operations still use the mixed-case original.
my $super = $Vend::superuser || (
$Vend::admin and
$self->{DB}->field($Vend::username, $self->{LOCATION}{SUPER})
);
- if ($self->{USERNAME} ne $Vend::username or
- defined $CGI::values{mv_username} and
- $self->{USERNAME} ne $CGI::values{mv_username}
+ if ($self->{USERNAME} ne $vend_username or
+ defined $cgi_mv_username and
+ $self->{USERNAME} ne $cgi_mv_username
) {
if ($super) {
- if ($CGI::values{mv_username} and
- $CGI::values{mv_username} ne $self->{USERNAME}) {
+ if ($cgi_mv_username and
+ $cgi_mv_username ne $self->{USERNAME}) {
$original_self = $self;
- $options{username} = $CGI::values{mv_username};
+ $options{username} = $cgi_mv_username;
undef $self;
}
} else {
errmsg("Unprivileged user '%s' attempted to change password of user '%s'",
- $Vend::username, $self->{USERNAME}) if $options{log};
- die errmsg("You are not allowed to change another user's password.") . "\n";
+ $vend_username, $self->{USERNAME}) if $options{log};
+ die errmsg("You are not allowed to change another user's password.");
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.