List:Commits« Previous MessageNext Message »
From:Julio Casal Date:May 17 2011 5:11pm
Subject:bzr commit into connector-net-6.1 branch (julio.casal:890) Bug#61027
Bug#12562287
View as plain text  
#At file:///D:/Users/jcasalt/Dev/connector-net/features/bug61027/ based on revid:julio.casal@stripped

  890 Julio Casal	2011-05-17
      Fixed MembershipProvider to only return exact matches when calling GetUser(string username) and GetUserNameByEmail (MySQL bug #61027, Oracle bug #12562287).

    modified:
      CHANGES
      MySql.Web/Providers/Source/MembershipProvider.cs
      MySql.Web/Tests/UserManagement.cs
=== modified file 'CHANGES'
=== modified file 'CHANGES'
--- a/CHANGES	2011-05-11 20:01:43 +0000
+++ b/CHANGES	2011-05-17 17:11:09 +0000
@@ -41,6 +41,8 @@
   against server 5.5.3 or greater (MySQL bug #48007, Oracle bug #12539685).
 - Fixed MySqlProviderManifest.GetStoreSchemaDescription() to return the correct schema definition depending
   on the server version.
+- Fixed MembershipProvider to only return exact matches when calling GetUser(string username) and 
+  GetUserNameByEmail (MySQL bug #61027, Oracle bug #12562287).
 
 Version 6.1.5
 - Fix authorization popup after modifying stored procedure in VS (Bug #44715)

=== modified file 'MySql.Web/Providers/Source/MembershipProvider.cs'
--- a/MySql.Web/Providers/Source/MembershipProvider.cs	2011-02-14 19:20:58 +0000
+++ b/MySql.Web/Providers/Source/MembershipProvider.cs	2011-05-17 17:11:09 +0000
@@ -895,7 +895,7 @@
 
                     string sql = @"SELECT u.name FROM my_aspnet_Users u
                         JOIN my_aspnet_Membership m ON m.userid=u.id
-                        WHERE m.Email like @email AND u.applicationId=@appId";
+                        WHERE m.Email = @email AND u.applicationId=@appId";
                     MySqlCommand cmd = new MySqlCommand(sql, conn);
                     cmd.Parameters.AddWithValue("@email", email);
                     cmd.Parameters.AddWithValue("@appId", app.FetchId(conn));
@@ -1146,7 +1146,7 @@
         private int GetUserId(MySqlConnection connection, string username)
         {
             MySqlCommand cmd = new MySqlCommand(
-                "SELECT id FROM my_aspnet_Users WHERE name LIKE @name AND applicationId=@appId", connection);
+                "SELECT id FROM my_aspnet_Users WHERE name = @name AND applicationId=@appId", connection);
             cmd.Parameters.AddWithValue("@name", username);
             cmd.Parameters.AddWithValue("@appId", app.FetchId(connection));
             object id = cmd.ExecuteScalar();

=== modified file 'MySql.Web/Tests/UserManagement.cs'
--- a/MySql.Web/Tests/UserManagement.cs	2011-02-14 19:20:58 +0000
+++ b/MySql.Web/Tests/UserManagement.cs	2011-05-17 17:11:09 +0000
@@ -698,5 +698,31 @@
             Assert.IsFalse(provider.ValidateUser("foo", "bar!bar"));
             Assert.IsTrue(provider.ValidateUser("foo2", "foo!foo"));
         }
+
+        [Test]
+        public void GetUserLooksForExactUsername()
+        {
+            MembershipCreateStatus status;
+            Membership.CreateUser("code", "thecode!", null, "question", "answer", true, out status);
+
+            MembershipUser user = Membership.GetUser("code");
+            Assert.AreEqual("code", user.UserName);
+
+            user = Membership.GetUser("co_e");
+            Assert.IsNull(user);
+        }
+
+        [Test]
+        public void GetUserNameByEmailLooksForExactEmail()
+        {
+            MembershipCreateStatus status;
+            Membership.CreateUser("code", "thecode!", "code@stripped", "question", "answer", true, out status);
+
+            string username = Membership.GetUserNameByEmail("code@stripped");
+            Assert.AreEqual("code", username);
+
+            username = Membership.GetUserNameByEmail("co_e@stripped");
+            Assert.IsNull(username);
+        }
     }
 }


Attachment: [text/bzr-bundle] bzr/julio.casal@oracle.com-20110517171109-l8gt8grro1y2ssz9.bundle
Thread
bzr commit into connector-net-6.1 branch (julio.casal:890) Bug#61027Bug#12562287Julio Casal19 May