[interchange] Enable case-insensitivity in UserDB for indirect_login.

Dan Browning interchange-cvs at icdevgroup.org
Sat Apr 2 06:39:30 UTC 2011


commit 393f8c7a580b092b9ba380223954b96d5080a061
Author: Daniel Browning <db at kavod.com>
Date:   Fri Apr 1 22:17:53 2011 -0700

    Enable case-insensitivity in UserDB for indirect_login.
    
    This patch allows catalogs that are using the indirect_login feature to
    combine that with ignore_case to enable case-insensitive logins.
    
    A common use-case is to have email address be the indirect login field, so
    one thing to be aware of is that it's legal for two separate e-mail
    addresses to differ in capitalization only (e.g. user at domain is distinct
    from User at domain).

 lib/Vend/UserDB.pm |   26 ++++++++++++++++++--------
 1 files changed, 18 insertions(+), 8 deletions(-)
---
diff --git a/lib/Vend/UserDB.pm b/lib/Vend/UserDB.pm
index cb149e0..37c895b 100644
--- a/lib/Vend/UserDB.pm
+++ b/lib/Vend/UserDB.pm
@@ -1704,26 +1704,36 @@ sub change_pass {
 	}
 
 	eval {
+		# Create copies so that ignore_case doesn't lc the originals.
+		my $vend_username = $Vend::username;
+		my $cgi_mv_username = $CGI::values{mv_username};
+		if ($self->{OPTIONS}{ignore_case}) {
+			$vend_username = lc $vend_username;
+			$cgi_mv_username = lc $cgi_mv_username
+				if defined $cgi_mv_username;
+		}
+
+		# Database operations still use the mixed-case original.
 		my $super = $Vend::superuser || (
 			$Vend::admin and
 			$self->{DB}->field($Vend::username, $self->{LOCATION}{SUPER})
 		);
 
-		if ($self->{USERNAME} ne $Vend::username or
-			defined $CGI::values{mv_username} and
-			$self->{USERNAME} ne $CGI::values{mv_username}
+		if ($self->{USERNAME} ne $vend_username or
+			defined $cgi_mv_username and
+			$self->{USERNAME} ne $cgi_mv_username
 		) {
 			if ($super) {
-				if ($CGI::values{mv_username} and
-					$CGI::values{mv_username} ne $self->{USERNAME}) {
+				if ($cgi_mv_username and
+					$cgi_mv_username ne $self->{USERNAME}) {
 					$original_self = $self;
-					$options{username} = $CGI::values{mv_username};
+					$options{username} = $cgi_mv_username;
 					undef $self;
 				}
 			} else {
 				errmsg("Unprivileged user '%s' attempted to change password of user '%s'",
-					$Vend::username, $self->{USERNAME}) if $options{log};
-				die errmsg("You are not allowed to change another user's password.") . "\n";
+					$vend_username, $self->{USERNAME}) if $options{log};
+				die errmsg("You are not allowed to change another user's password.");
 			}
 		}
 



More information about the interchange-cvs mailing list