Zope PluggableAuthService

enumerateUsers fails with unicode arguments

Reported by Willi Langenberger on 2008-02-06
2
Affects Status Importance Assigned to Milestone
Zope PAS
Undecided
Unassigned

Bug Description

The enumerateUsers method of ZODBUserManager plugin does not
handle unicode arguments right. In the following example (taken
and modified from test_ZODBUserManager.py) we add four users
('foo', 'bar', 'baz', 'bam' ) and then search for u'abc'. I would have
expected that nothing is found. Instead, we get three matches:

  ID_LIST = ( 'foo', 'bar', 'baz', 'bam' )
  for id in ID_LIST:
      zum.addUser( id, '%<email address hidden>' % id, 'password' )
  info_list = zum.enumerateUsers( id = u'abc',
                  exact_match=False )

=> 'bar', 'baz', 'bam'

Reason:

class ZODBUserManager(...):

  def enumerateUsers(self, id, login, ...):
        ....
        if isinstance( id, str ):
            id = [ id ]
        if isinstance( login, str ):
            login = [ login ]

Because u'abc' is no str object, it is *not* transformed to a list.
Thus, later on we search for: "a", "b" and "c".

I dont know what is the best fix for this. Either we can
assume a standard encoding of the user names, then we can
encode to that string. Or we log an error, eg "string argument
required". But i think it is wrong to enumerate 'bar', 'baz' and
'bam' if we look for u'abc'.

Willi Langenberger (wlang) wrote :

attached is a patch which includes the new unicode test. we expect zero matches but get three ones.

Tres Seaver (tseaver) wrote :

The attached patch makes your test pass.

Tres Seaver (tseaver) wrote :

Thanks for the report, and the test. I have checked in the test and a fix
on the 1.4 branch, the 1.5 branch, and the trunk. Both are included in
the 1.5.3 release.

Changed in zope-pas:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers