#At file:///D:/Users/jcasalt/Dev/connector-net/features/bug61027/ based on revid:julio.casal@stripped
890 Julio Casal 2011-05-17
Fixed MembershipProvider to only return exact matches when calling GetUser(string username) and GetUserNameByEmail (MySQL bug #61027, Oracle bug #12562287).
modified:
CHANGES
MySql.Web/Providers/Source/MembershipProvider.cs
MySql.Web/Tests/UserManagement.cs
=== modified file 'CHANGES'
=== modified file 'CHANGES'
--- a/CHANGES 2011-05-11 20:01:43 +0000
+++ b/CHANGES 2011-05-17 17:11:09 +0000
@@ -41,6 +41,8 @@
against server 5.5.3 or greater (MySQL bug #48007, Oracle bug #12539685).
- Fixed MySqlProviderManifest.GetStoreSchemaDescription() to return the correct schema definition depending
on the server version.
+- Fixed MembershipProvider to only return exact matches when calling GetUser(string username) and
+ GetUserNameByEmail (MySQL bug #61027, Oracle bug #12562287).
Version 6.1.5
- Fix authorization popup after modifying stored procedure in VS (Bug #44715)
=== modified file 'MySql.Web/Providers/Source/MembershipProvider.cs'
--- a/MySql.Web/Providers/Source/MembershipProvider.cs 2011-02-14 19:20:58 +0000
+++ b/MySql.Web/Providers/Source/MembershipProvider.cs 2011-05-17 17:11:09 +0000
@@ -895,7 +895,7 @@
string sql = @"SELECT u.name FROM my_aspnet_Users u
JOIN my_aspnet_Membership m ON m.userid=u.id
- WHERE m.Email like @email AND u.applicationId=@appId";
+ WHERE m.Email = @email AND u.applicationId=@appId";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@email", email);
cmd.Parameters.AddWithValue("@appId", app.FetchId(conn));
@@ -1146,7 +1146,7 @@
private int GetUserId(MySqlConnection connection, string username)
{
MySqlCommand cmd = new MySqlCommand(
- "SELECT id FROM my_aspnet_Users WHERE name LIKE @name AND applicationId=@appId", connection);
+ "SELECT id FROM my_aspnet_Users WHERE name = @name AND applicationId=@appId", connection);
cmd.Parameters.AddWithValue("@name", username);
cmd.Parameters.AddWithValue("@appId", app.FetchId(connection));
object id = cmd.ExecuteScalar();
=== modified file 'MySql.Web/Tests/UserManagement.cs'
--- a/MySql.Web/Tests/UserManagement.cs 2011-02-14 19:20:58 +0000
+++ b/MySql.Web/Tests/UserManagement.cs 2011-05-17 17:11:09 +0000
@@ -698,5 +698,31 @@
Assert.IsFalse(provider.ValidateUser("foo", "bar!bar"));
Assert.IsTrue(provider.ValidateUser("foo2", "foo!foo"));
}
+
+ [Test]
+ public void GetUserLooksForExactUsername()
+ {
+ MembershipCreateStatus status;
+ Membership.CreateUser("code", "thecode!", null, "question", "answer", true, out status);
+
+ MembershipUser user = Membership.GetUser("code");
+ Assert.AreEqual("code", user.UserName);
+
+ user = Membership.GetUser("co_e");
+ Assert.IsNull(user);
+ }
+
+ [Test]
+ public void GetUserNameByEmailLooksForExactEmail()
+ {
+ MembershipCreateStatus status;
+ Membership.CreateUser("code", "thecode!", "code@stripped", "question", "answer", true, out status);
+
+ string username = Membership.GetUserNameByEmail("code@stripped");
+ Assert.AreEqual("code", username);
+
+ username = Membership.GetUserNameByEmail("co_e@stripped");
+ Assert.IsNull(username);
+ }
}
}
Attachment: [text/bzr-bundle] bzr/julio.casal@oracle.com-20110517171109-l8gt8grro1y2ssz9.bundle
| Thread |
|---|
| • bzr commit into connector-net-6.1 branch (julio.casal:890) Bug#61027Bug#12562287 | Julio Casal | 19 May |
