Mahara

Parent auth fails due to mixed case checking

Series 1.9
Bug #1364170

Bug #1364170 reported by Robert Lyon on 2014-09-01

This bug affects 3 people

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Robert Lyon	Mahara 15.04.0
1.10	Fix Released	High	Robert Lyon	Mahara 1.10.3
1.8	Fix Released	High	Robert Lyon	Mahara 1.8.7
1.9	Fix Released	High	Robert Lyon	Mahara 1.9.5
15.04	Fix Released	High	Robert Lyon	Mahara 15.04.0

Bug Description

Currently in the auth/user.php [around line 187] there is a query that is matching lower(username) against username

At the very least it should be lower(u.username) against us.username

however the whole sql query could be tidied up to function better.

Normally, usernames are email addresses and are stored as lowecase strings - but sometimes you need a username that is not lowercase and so this check fails.

Tags:

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-09-01: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/3677

Revision history for this message

Son Nguyen (ngson2000) wrote on 2014-09-09:

Hi Robert

Can you please provide some test cases

Thank you
Son

Revision history for this message

Robert Lyon (robertl-9) wrote on 2014-09-09:

Hi Son

To test:

1) have a user with a username that has an uppercase char in the name.
2) set up an institution that has xmlrpc auth as well as another auth as parent auth and add user to the institution
3) have remoteauthname set for the user for parent auth and try logging in via xmlrpc with that username

currently the check when a parent auth is available checks the lowercase(username) against the same username not lowecased and so should throw an error

Aaron Wells (u-aaronw) on 2014-10-20

Changed in mahara:
milestone:	1.10.0 → 1.10.1

Aaron Wells (u-aaronw) on 2014-10-21

no longer affects:

mahara/1.7

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-01-13: A change has been merged

Reviewed: https://reviews.mahara.org/3677
Committed: http://gitorious.org/mahara/mahara/commit/649c20210e4653ee16bb6b5a9ef3ae539dbc581d
Submitter: Son Nguyen (<email address hidden>)
Branch: master

commit 649c20210e4653ee16bb6b5a9ef3ae539dbc581d
Author: Robert Lyon <email address hidden>
Date: Tue Sep 2 11:29:57 2014 +1200

Checking the remoteusername for parent auth better (Bug #1364170)

Currently it checks lowercase username against the same username

But we need to compare apples wuith apples so the subquery also needs
to return lowercase username.

Change-Id: Icbe65e12d415be6f943399185c828166ed8a98d4
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Wangchen (tshering-wangchen) wrote on 2015-02-06:

Hi Robert,

Sound like this might be the solution to the BUG that is affecting us (Uni of Canberra) as Shane reported on: https://bugs.launchpad.net/mahara/+bug/1358603

We are upgrading to Mahara 1.10.2 in the next few days.
So, will this patch work on the Mahara 1.10.2?
And, can you please advise on how to proceed with getting the patch?

Looking forward to your response.

Kind regards
Wangchen
University of Canberra

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-02-09: A patch has been submitted for review

Patch for "1.10_STABLE" branch: https://reviews.mahara.org/4262

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-02-09:

Patch for "1.8_STABLE" branch: https://reviews.mahara.org/4263

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-02-09:

Patch for "1.9_STABLE" branch: https://reviews.mahara.org/4264

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-02-09:

Hi Wangchen

I've added the patch to the 1.10 branch : https://reviews.mahara.org/#/c/4262/

You should be able to grab it via cherry -pick or by patch from that page.

Let me know if you have any trouble

Cheers

Robert

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-04-15: A change has been merged

#10

Reviewed: https://reviews.mahara.org/4263
Committed: http://gitorious.org/mahara/mahara/commit/288cdf72bda439426f9e21f525ae894daf4ff6fd
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.8_STABLE

commit 288cdf72bda439426f9e21f525ae894daf4ff6fd
Author: Robert Lyon <email address hidden>
Date: Tue Sep 2 11:29:57 2014 +1200

Checking the remoteusername for parent auth better (Bug #1364170)

Currently it checks lowercase username against the same username

But we need to compare apples wuith apples so the subquery also needs
to return lowercase username.

Change-Id: Icbe65e12d415be6f943399185c828166ed8a98d4
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-04-15:

#11

Reviewed: https://reviews.mahara.org/4264
Committed: http://gitorious.org/mahara/mahara/commit/9623f879cbd4072629589c5df974d4c602eac9c7
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.9_STABLE

commit 9623f879cbd4072629589c5df974d4c602eac9c7
Author: Robert Lyon <email address hidden>
Date: Tue Sep 2 11:29:57 2014 +1200

Checking the remoteusername for parent auth better (Bug #1364170)

Currently it checks lowercase username against the same username

But we need to compare apples wuith apples so the subquery also needs
to return lowercase username.

Change-Id: Icbe65e12d415be6f943399185c828166ed8a98d4
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-04-15:

#12

Reviewed: https://reviews.mahara.org/4262
Committed: http://gitorious.org/mahara/mahara/commit/5bd89c64ff1e30e6c1e9196246d81add53dfe826
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE

commit 5bd89c64ff1e30e6c1e9196246d81add53dfe826
Author: Robert Lyon <email address hidden>
Date: Tue Sep 2 11:29:57 2014 +1200

Checking the remoteusername for parent auth better (Bug #1364170)

Currently it checks lowercase username against the same username

But we need to compare apples wuith apples so the subquery also needs
to return lowercase username.

Change-Id: Icbe65e12d415be6f943399185c828166ed8a98d4
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2015-04-17

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1358603

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.