Added:
branches/5.2/MySql.Web/Providers/Source/Application.cs
Modified:
branches/5.2/CHANGES
branches/5.2/MySql.Web/Providers/MySql.Web.csproj
branches/5.2/MySql.Web/Providers/Source/MembershipProvider.cs
branches/5.2/MySql.Web/Providers/Source/ProfileProvider.cs
branches/5.2/MySql.Web/Providers/Source/RoleProvider.cs
branches/5.2/MySql.Web/Providers/Source/SchemaManager.cs
branches/5.2/MySql.Web/Tests/ProfileTests.cs
branches/5.2/MySql.Web/Tests/RoleManagement.cs
branches/5.2/MySql.Web/Tests/UserManagement.cs
Log:
- fixed problem where the core method GetUser was not properly checking the application id when retrieving user id values. This would mean that in some cases methods like ValidateUser would return success when they shouldn't. (bug #42574) This triggered several other cleanups in all the providers
Modified: branches/5.2/CHANGES
===================================================================
--- branches/5.2/CHANGES 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/CHANGES 2009-03-04 16:20:51 UTC (rev 1521)
@@ -8,6 +8,12 @@
- removed code from profile provider that overrode Name and Description properties in error. This had the
effect of not allowing you to override those values in the web.config (ug #40871)
- fixed "metadatacollections" collection to include foreign key columns
+- fixed GetAllProfiles (which is used by several methods). It had a typo in the SQL and was not
+ including several important columns (bug #41654)
+- fixed problem where the core method GetUser was not properly checking the application id
+ when retrieving user id values. This would mean that in some cases methods like
+ ValidateUser would return success when they shouldn't. (bug #42574) This triggered several
+ other cleanups in all the providers
Version 5.2.5 - 11/14/2008
- fixed problem with package registration that kept the DDEX provider from working (bug #40726)
Modified: branches/5.2/MySql.Web/Providers/MySql.Web.csproj
===================================================================
--- branches/5.2/MySql.Web/Providers/MySql.Web.csproj 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Providers/MySql.Web.csproj 2009-03-04 16:20:51 UTC (rev 1521)
@@ -57,6 +57,7 @@
<DesignTime>True</DesignTime>
<DependentUpon>Resources.resx</DependentUpon>
</Compile>
+ <Compile Include="Source\Application.cs" />
<Compile Include="Source\Install.cs">
<SubType>Component</SubType>
</Compile>
Added: branches/5.2/MySql.Web/Providers/Source/Application.cs
===================================================================
--- branches/5.2/MySql.Web/Providers/Source/Application.cs (rev 0)
+++ branches/5.2/MySql.Web/Providers/Source/Application.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -0,0 +1,61 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using MySql.Data.MySqlClient;
+using System.Configuration.Provider;
+using MySql.Web.Properties;
+
+namespace MySql.Web.General
+{
+ internal class Application
+ {
+ public Application(string name, string desc)
+ {
+ Id = -1;
+ Name = name;
+ Description = desc;
+ }
+
+ public int Id { get; private set; }
+ public string Name;
+ public string Description { get; private set; }
+
+ public int FetchId(MySqlConnection connection)
+ {
+ if (Id == -1)
+ {
+ MySqlCommand cmd = new MySqlCommand(
+ @"SELECT id FROM my_aspnet_Applications WHERE name=@name", connection);
+ cmd.Parameters.AddWithValue("@name", Name);
+ object id = cmd.ExecuteScalar();
+ Id = id == null ? -1 : Convert.ToInt32(id);
+ }
+ return Id;
+ }
+
+ /// <summary>
+ /// Creates the or fetch application id.
+ /// </summary>
+ /// <param name="applicationName">Name of the application.</param>
+ /// <param name="applicationId">The application id.</param>
+ /// <param name="applicationDesc">The application desc.</param>
+ /// <param name="connection">The connection.</param>
+ public int EnsureId(MySqlConnection connection)
+ {
+ // first try and retrieve the existing id
+ if (FetchId(connection) <= 0)
+ {
+ MySqlCommand cmd = new MySqlCommand(
+ "INSERT INTO my_aspnet_Applications VALUES (NULL, @appName, @appDesc)", connection);
+ cmd.Parameters.AddWithValue("@appName", Name);
+ cmd.Parameters.AddWithValue("@appDesc", Description);
+ int recordsAffected = cmd.ExecuteNonQuery();
+ if (recordsAffected != 1)
+ throw new ProviderException(Resources.UnableToCreateApplication);
+
+ Id = Convert.ToInt32(cmd.LastInsertedId);
+ }
+ return Id;
+ }
+ }
+}
Modified: branches/5.2/MySql.Web/Providers/Source/MembershipProvider.cs
===================================================================
--- branches/5.2/MySql.Web/Providers/Source/MembershipProvider.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Providers/Source/MembershipProvider.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -39,6 +39,7 @@
using MySql.Web.Common;
using System.Transactions;
using System.Text.RegularExpressions;
+using MySql.Web.General;
namespace MySql.Web.Security
{
@@ -63,7 +64,6 @@
private string connectionString;
private int minRequiredPasswordLength;
private bool writeExceptionsToEventLog;
- private string applicationName;
private bool enablePasswordReset;
private bool enablePasswordRetrieval;
private bool requiresQuestionAndAnswer;
@@ -73,7 +73,7 @@
private MembershipPasswordFormat passwordFormat;
private int minRequiredNonAlphanumericCharacters;
private string passwordStrengthRegularExpression;
- private int applicationId;
+ private Application app;
/// <summary>
/// Initializes the MySQL membership provider with the property values specified in the
@@ -103,7 +103,7 @@
}
base.Initialize(name, config);
- applicationName = GetConfigValue(config["applicationName"],
+ string applicationName = GetConfigValue(config["applicationName"],
HostingEnvironment.ApplicationVirtualPath);
maxInvalidPasswordAttempts = Convert.ToInt32(GetConfigValue(config["maxInvalidPasswordAttempts"], "5"));
passwordAttemptWindow = Convert.ToInt32(GetConfigValue(config["passwordAttemptWindow"], "10"));
@@ -156,23 +156,7 @@
// make sure we have the correct schema
SchemaManager.CheckSchema(connectionString, config);
- try
- {
- // now pre-cache the applicationId
- using (MySqlConnection conn = new MySqlConnection(connectionString))
- {
- conn.Open();
- MySqlCommand cmd = new MySqlCommand("SELECT id FROM my_aspnet_Applications WHERE name=@name", conn);
- cmd.Parameters.AddWithValue("@name", applicationName);
- object appId = cmd.ExecuteScalar();
- if (appId != null)
- applicationId = Convert.ToInt32(appId);
- }
- }
- catch (Exception ex)
- {
- throw new ProviderException(Resources.ErrorInitOfMembershipProvider, ex);
- }
+ app = new Application(applicationName, base.Description);
}
private static string GetConfigValue(string configValue, string defaultValue)
@@ -206,8 +190,8 @@
/// </example>
public override string ApplicationName
{
- get { return applicationName; }
- set { applicationName = value; }
+ get { return app.Name; }
+ set { app.Name = value; }
}
/// <summary>
@@ -550,12 +534,9 @@
connection.Open();
transaction = connection.BeginTransaction();
- // create or fetch a new application id
- SchemaManager.CreateOrFetchApplicationId(applicationName,
- ref applicationId, base.Description, connection);
// either create a new user or fetch the existing user id
int userId = SchemaManager.CreateOrFetchUserId(connection, username,
- applicationId, true);
+ app.EnsureId(connection), true);
MySqlCommand cmd = new MySqlCommand(
@"INSERT INTO my_aspnet_Membership
@@ -642,7 +623,7 @@
MySqlCommand cmd = new MySqlCommand(
String.Format(sql, deleteAllRelatedData ? "u," : ""), conn);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(conn));
cmd.Parameters.AddWithValue("@userId", userId);
return cmd.ExecuteNonQuery() > 0;
}
@@ -691,7 +672,7 @@
ON m.userId=u.id WHERE m.LastActivityDate > @date AND u.applicationId=@appId",
connection);
cmd.Parameters.AddWithValue("@date", compareTime);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(connection));
return Convert.ToInt32(cmd.ExecuteScalar());
}
}
@@ -909,7 +890,7 @@
WHERE m.Email like @email AND u.applicationId=@appId";
MySqlCommand cmd = new MySqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@email", email);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(conn));
return (string)cmd.ExecuteScalar();
}
}
@@ -1036,7 +1017,7 @@
cmd.Parameters.AddWithValue("@lastLoginDate", user.LastLoginDate);
cmd.Parameters.AddWithValue("@lastActivityDate", user.LastActivityDate);
cmd.Parameters.AddWithValue("@name", user.UserName);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(conn));
cmd.ExecuteNonQuery();
}
}
@@ -1074,7 +1055,6 @@
Islockedout FROM my_aspnet_Membership WHERE userId=@userId";
MySqlCommand cmd = new MySqlCommand(sql, connection);
cmd.Parameters.AddWithValue("@userId", userId);
- cmd.Parameters.AddWithValue("@appId", applicationId);
using (MySqlDataReader reader = cmd.ExecuteReader(CommandBehavior.SingleRow))
{
@@ -1103,7 +1083,6 @@
updateCmd.Parameters.AddWithValue("@lastLoginDate", currentDate);
updateCmd.Parameters.AddWithValue("@date", currentDate);
updateCmd.Parameters.AddWithValue("@userid", userId);
- updateCmd.Parameters.AddWithValue("@appId", applicationId);
updateCmd.ExecuteNonQuery();
}
}
@@ -1157,8 +1136,9 @@
private int GetUserId(MySqlConnection connection, string username)
{
MySqlCommand cmd = new MySqlCommand(
- "SELECT id FROM my_aspnet_Users WHERE name LIKE @name", connection);
+ "SELECT id FROM my_aspnet_Users WHERE name LIKE @name AND applicationId=@appId", connection);
cmd.Parameters.AddWithValue("@name", username);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(connection));
object id = cmd.ExecuteScalar();
if (id == null) return -1;
return (int)id;
@@ -1427,7 +1407,7 @@
}
sql += " ORDER BY u.id ASC LIMIT {0},{1}";
cmd.CommandText = String.Format(sql, pageIndex * pageSize, pageSize);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(connection));
using (MySqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
Modified: branches/5.2/MySql.Web/Providers/Source/ProfileProvider.cs
===================================================================
--- branches/5.2/MySql.Web/Providers/Source/ProfileProvider.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Providers/Source/ProfileProvider.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -39,6 +39,7 @@
using System.Web.Security;
using MySql.Web.Common;
using MySql.Web.Properties;
+using MySql.Web.General;
namespace MySql.Web.Profile
{
@@ -47,9 +48,8 @@
/// </summary>
public class MySQLProfileProvider : ProfileProvider
{
- private string applicationName;
private string connectionString;
- private int applicationId;
+ private Application app;
#region Abstract Members
@@ -63,7 +63,6 @@
/// <exception cref="T:System.InvalidOperationException">An attempt is made to call <see cref="M:System.Configuration.Provider.ProviderBase.Initialize(System.String,System.Collections.Specialized.NameValueCollection)"/> on a provider after the provider has already been initialized.</exception>
public override void Initialize(string name, NameValueCollection config)
{
- applicationId = -1;
if (config == null)
throw new ArgumentNullException("config");
@@ -79,30 +78,20 @@
try
{
- applicationName = GetConfigValue(config["applicationName"], HostingEnvironment.ApplicationVirtualPath);
+ string applicationName = GetConfigValue(config["applicationName"], HostingEnvironment.ApplicationVirtualPath);
+ connectionString = "";
ConnectionStringSettings ConnectionStringSettings = ConfigurationManager.ConnectionStrings[
config["connectionStringName"]];
if (ConnectionStringSettings != null)
connectionString = ConnectionStringSettings.ConnectionString.Trim();
- else
- connectionString = "";
if (String.IsNullOrEmpty(connectionString)) return;
// make sure our schema is up to date
SchemaManager.CheckSchema(connectionString, config);
- // now pre-cache the applicationId
- using (MySqlConnection conn = new MySqlConnection(connectionString))
- {
- conn.Open();
- MySqlCommand cmd = new MySqlCommand("SELECT id FROM my_aspnet_Applications WHERE name=@name", conn);
- cmd.Parameters.AddWithValue("@name", applicationName);
- object appIdValue = cmd.ExecuteScalar();
- if (appIdValue != null)
- applicationId = Convert.ToInt32(appIdValue);
- }
+ app = new Application(applicationName, base.Description);
}
catch (Exception ex)
{
@@ -140,7 +129,7 @@
WHERE applicationId=@appId AND
lastActivityDate < @lastActivityDate",
c);
- queryCmd.Parameters.AddWithValue("@appId", applicationId);
+ queryCmd.Parameters.AddWithValue("@appId", app.FetchId(c));
queryCmd.Parameters.AddWithValue("@lastActivityDate", userInactiveSinceDate);
if (authenticationOption == ProfileAuthenticationOption.Anonymous)
queryCmd.CommandText += " AND isAnonymous = 1";
@@ -186,7 +175,7 @@
MySqlCommand queryCmd = new MySqlCommand(
@"SELECT * FROM my_aspnet_Users
WHERE applicationId=@appId AND name = @name", c);
- queryCmd.Parameters.AddWithValue("@appId", applicationId);
+ queryCmd.Parameters.AddWithValue("@appId", app.FetchId(c));
queryCmd.Parameters.Add("@name", MySqlDbType.VarChar);
MySqlCommand deleteCmd = new MySqlCommand(
@@ -371,7 +360,7 @@
WHERE applicationId = @appId AND
lastActivityDate < @lastActivityDate",
c);
- queryCmd.Parameters.AddWithValue("@appId", applicationId);
+ queryCmd.Parameters.AddWithValue("@appId", app.FetchId(c));
queryCmd.Parameters.AddWithValue("@lastActivityDate", userInactiveSinceDate);
if (authenticationOption == ProfileAuthenticationOption.Anonymous)
queryCmd.CommandText += " AND isAnonymous = 1";
@@ -388,8 +377,8 @@
/// <returns>A <see cref="T:System.String"/> that contains the application's shortened name, which does not contain a full path or extension, for example, SimpleAppSettings.</returns>
public override string ApplicationName
{
- get { return applicationName; }
- set { applicationName = value; }
+ get { return app.Name; }
+ set { app.Name = value; }
}
/// <summary>
@@ -425,19 +414,24 @@
// retrieve encoded profile data from the database
try
{
- MySqlConnection c = new MySqlConnection(connectionString);
- MySqlCommand cmd = new MySqlCommand(@"SELECT * FROM my_aspnet_Profiles p
- JOIN my_aspnet_Users u ON u.id = p.userId
- WHERE u.applicationId = @appId AND u.name = @name", c);
- cmd.Parameters.AddWithValue("@appId", applicationId);
- cmd.Parameters.AddWithValue("@name", username);
- MySqlDataAdapter da = new MySqlDataAdapter(cmd);
- DataTable dt = new DataTable();
- da.Fill(dt);
- if (dt.Rows.Count > 0)
- DecodeProfileData(dt.Rows[0], values);
- return values;
+ using (MySqlConnection c = new MySqlConnection(connectionString))
+ {
+ c.Open();
+ MySqlCommand cmd = new MySqlCommand(
+ @"SELECT * FROM my_aspnet_Profiles p
+ JOIN my_aspnet_Users u ON u.id = p.userId
+ WHERE u.applicationId = @appId AND u.name = @name", c);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(c));
+ cmd.Parameters.AddWithValue("@name", username);
+ MySqlDataAdapter da = new MySqlDataAdapter(cmd);
+ DataTable dt = new DataTable();
+ da.Fill(dt);
+
+ if (dt.Rows.Count > 0)
+ DecodeProfileData(dt.Rows[0], values);
+ return values;
+ }
}
catch (Exception ex)
{
@@ -474,13 +468,9 @@
{
connection.Open();
- // create or fetch a new application id
- SchemaManager.CreateOrFetchApplicationId(applicationName,
- ref applicationId, base.Description, connection);
-
// either create a new user or fetch the existing user id
int userId = SchemaManager.CreateOrFetchUserId(connection, username,
- applicationId, isAuthenticated);
+ app.EnsureId(connection), isAuthenticated);
MySqlDataAdapter da = new MySqlDataAdapter(
"SELECT * FROM my_aspnet_Profiles WHERE userId=@id", connection);
@@ -640,7 +630,7 @@
FROM my_aspnet_Profiles p
JOIN my_aspnet_Users u ON u.id = p.userId
WHERE u.applicationId = @appId", c);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(c));
if (usernameToMatch != null)
{
Modified: branches/5.2/MySql.Web/Providers/Source/RoleProvider.cs
===================================================================
--- branches/5.2/MySql.Web/Providers/Source/RoleProvider.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Providers/Source/RoleProvider.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -35,6 +35,7 @@
using MySql.Web.Common;
using MySql.Web.Properties;
using System.Web;
+using MySql.Web.General;
namespace MySql.Web.Security
{
@@ -49,8 +50,7 @@
private ConnectionStringSettings pConnectionStringSettings;
private string connectionString;
private bool pWriteExceptionsToEventLog = false;
- private string applicationName;
- private int applicationId;
+ private Application app;
/// <summary>
/// Initializes the provider.
@@ -77,9 +77,8 @@
}
base.Initialize(name, config);
- if (config["applicationName"] == null || config["applicationName"].Trim() == "")
- applicationName = HostingEnvironment.ApplicationVirtualPath;
- else
+ string applicationName = HostingEnvironment.ApplicationVirtualPath;
+ if (!String.IsNullOrEmpty(config["applicationName"]))
applicationName = config["applicationName"];
if (!(config["writeExceptionsToEventLog"] == null))
@@ -100,23 +99,7 @@
// make sure our schema is up to date
SchemaManager.CheckSchema(connectionString, config);
- try
- {
- // now pre-cache the applicationId
- using (MySqlConnection conn = new MySqlConnection(connectionString))
- {
- conn.Open();
- MySqlCommand cmd = new MySqlCommand("SELECT id FROM my_aspnet_Applications WHERE name=@name", conn);
- cmd.Parameters.AddWithValue("@name", applicationName);
- object appId = cmd.ExecuteScalar();
- if (appId != null)
- applicationId = Convert.ToInt32(appId);
- }
- }
- catch (Exception ex)
- {
- throw new ProviderException(Resources.ErrorInitOfRoleProvider, ex);
- }
+ app = new Application(applicationName, Description);
}
#region Properties
@@ -130,8 +113,8 @@
/// </example>
public override string ApplicationName
{
- get { return applicationName; }
- set { applicationName = value; }
+ get { return app.Name; }
+ set { app.Name = value; }
}
/// <summary>
@@ -160,6 +143,9 @@
/// <param name="rolenames">The rolenames.</param>
public override void AddUsersToRoles(string[] usernames, string[] rolenames)
{
+ if (rolenames == null || rolenames.Length == 0) return;
+ if (usernames == null || usernames.Length == 0) return;
+
foreach (string rolename in rolenames)
{
if (String.IsNullOrEmpty(rolename))
@@ -197,7 +183,7 @@
{
// either create a new user or fetch the existing user id
int userId = SchemaManager.CreateOrFetchUserId(connection,
- username, applicationId, true);
+ username, app.Id, true);
foreach (string rolename in rolenames)
{
int roleId = GetRoleId(connection, rolename);
@@ -235,13 +221,9 @@
{
connection.Open();
- // create or fetch a new application id
- SchemaManager.CreateOrFetchApplicationId(applicationName,
- ref applicationId, base.Description, connection);
-
MySqlCommand cmd = new MySqlCommand(
@"INSERT INTO my_aspnet_Roles Values(NULL, @appId, @name)", connection);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.EnsureId(connection));
cmd.Parameters.AddWithValue("@name", rolename);
cmd.ExecuteNonQuery();
}
@@ -280,7 +262,7 @@
my_aspnet_Roles r ON uir.roleId=r.id
WHERE r.name LIKE @rolename AND r.applicationId=@appId", connection);
cmd.Parameters.AddWithValue("@rolename", rolename);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
cmd.ExecuteNonQuery();
// now delete the role itself
@@ -352,7 +334,7 @@
WHERE u.applicationId=@appId";
MySqlCommand cmd = new MySqlCommand(sql, connection);
cmd.Parameters.AddWithValue("@roleId", roleId);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
using (MySqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
@@ -381,14 +363,20 @@
{
try
{
+ // this will refresh the app id if necessary
+ if (!RoleExists(rolename)) return false;
+
using (MySqlConnection connection = new MySqlConnection(connectionString))
{
connection.Open();
+
string sql = @"SELECT COUNT(*) FROM my_aspnet_UsersInRoles uir
JOIN my_aspnet_Users u ON uir.userId=u.id
JOIN my_aspnet_Roles r ON uir.roleId=r.id
- WHERE u.name LIKE @userName AND r.name LIKE @roleName";
+ WHERE u.applicationId=@appId AND
+ u.name LIKE @userName AND r.name LIKE @roleName";
MySqlCommand cmd = new MySqlCommand(sql, connection);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
cmd.Parameters.AddWithValue("@userName", username);
cmd.Parameters.AddWithValue("@roleName", rolename);
int count = Convert.ToInt32(cmd.ExecuteScalar());
@@ -410,6 +398,9 @@
/// <param name="rolenames">The rolenames.</param>
public override void RemoveUsersFromRoles(string[] usernames, string[] rolenames)
{
+ if (rolenames == null || rolenames.Length == 0) return;
+ if (usernames == null || usernames.Length == 0) return;
+
foreach (string rolename in rolenames)
{
if (!(RoleExists(rolename)))
@@ -441,7 +432,7 @@
MySqlCommand cmd = new MySqlCommand(sql, connection);
cmd.Parameters.Add("@username", MySqlDbType.VarChar, 255);
cmd.Parameters.Add("@rolename", MySqlDbType.VarChar, 255);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
foreach (string username in usernames)
{
@@ -478,7 +469,7 @@
MySqlCommand cmd = new MySqlCommand(
@"SELECT COUNT(*) FROM my_aspnet_Roles WHERE applicationId=@appId
AND name LIKE @name", connection);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.FetchId(connection));
cmd.Parameters.AddWithValue("@name", rolename);
int count = Convert.ToInt32(cmd.ExecuteScalar());
return count != 0;
@@ -501,9 +492,13 @@
/// user name matches usernameToMatch and the user is a member of the specified role. </returns>
public override string[] FindUsersInRole(string rolename, string usernameToMatch)
{
- List<string> users =new List<string>();
+ if (!RoleExists(rolename))
+ throw new ProviderException(Resources.RoleNameNotFound);
- try {
+ List<string> users = new List<string>();
+
+ try
+ {
using (MySqlConnection connection = new MySqlConnection(connectionString))
{
connection.Open();
@@ -518,7 +513,7 @@
MySqlCommand cmd = new MySqlCommand(sql, connection);
cmd.Parameters.AddWithValue("@username", usernameToMatch);
cmd.Parameters.AddWithValue("@rolename", rolename);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
using (MySqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
@@ -559,7 +554,7 @@
GetUserId(connection, username);
sql += " WHERE r.applicationId=@appId";
MySqlCommand cmd = new MySqlCommand(sql, connection);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
using (MySqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
@@ -581,7 +576,7 @@
"SELECT id FROM my_aspnet_Users WHERE name=@name AND applicationId=@appId",
connection);
cmd.Parameters.AddWithValue("@name", username);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
object id = cmd.ExecuteScalar();
return Convert.ToInt32(id);
}
@@ -592,7 +587,7 @@
"SELECT id FROM my_aspnet_Roles WHERE name=@name AND applicationId=@appId",
connection);
cmd.Parameters.AddWithValue("@name", rolename);
- cmd.Parameters.AddWithValue("@appId", applicationId);
+ cmd.Parameters.AddWithValue("@appId", app.Id);
return (int)cmd.ExecuteScalar();
}
Modified: branches/5.2/MySql.Web/Providers/Source/SchemaManager.cs
===================================================================
--- branches/5.2/MySql.Web/Providers/Source/SchemaManager.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Providers/Source/SchemaManager.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -149,37 +149,5 @@
cmd.CommandText = "SELECT LAST_INSERT_ID()";
return Convert.ToInt32(cmd.ExecuteScalar());
}
-
- /// <summary>
- /// Creates the or fetch application id.
- /// </summary>
- /// <param name="applicationName">Name of the application.</param>
- /// <param name="applicationId">The application id.</param>
- /// <param name="applicationDesc">The application desc.</param>
- /// <param name="connection">The connection.</param>
- internal static void CreateOrFetchApplicationId(string applicationName,
- ref int applicationId, string applicationDesc, MySqlConnection connection)
- {
- // no need to create another one
- if (applicationId > 0) return;
-
- MySqlCommand cmd = new MySqlCommand(@"SELECT id FROM my_aspnet_Applications
- WHERE name = @appName", connection);
- cmd.Parameters.AddWithValue("@appName", applicationName);
- object appId = cmd.ExecuteScalar();
- if (appId == null)
- {
- cmd.CommandText = @"INSERT INTO my_aspnet_Applications VALUES (NULL, @appName, @appDesc)";
- cmd.Parameters.AddWithValue("@appDesc", applicationDesc);
- int recordsAffected = cmd.ExecuteNonQuery();
- if (recordsAffected != 1)
- throw new ProviderException(Resources.UnableToCreateApplication);
-
- cmd.CommandText = "SELECT LAST_INSERT_ID()";
- appId = cmd.ExecuteScalar();
- }
- applicationId = Convert.ToInt32(appId);
- }
-
}
}
\ No newline at end of file
Modified: branches/5.2/MySql.Web/Tests/ProfileTests.cs
===================================================================
--- branches/5.2/MySql.Web/Tests/ProfileTests.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Tests/ProfileTests.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -222,9 +222,12 @@
private void ResetAppId(MySQLProfileProvider p)
{
Type t = p.GetType();
- FieldInfo fi = t.GetField("applicationId",
+ FieldInfo fi = t.GetField("app",
BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.DeclaredOnly | BindingFlags.GetField);
- fi.SetValue(p, -1);
+ object appObject = fi.GetValue(p);
+ Type appType = appObject.GetType();
+ PropertyInfo pi = appType.GetProperty("Id");
+ pi.SetValue(appObject, -1, null);
}
[Test]
Modified: branches/5.2/MySql.Web/Tests/RoleManagement.cs
===================================================================
--- branches/5.2/MySql.Web/Tests/RoleManagement.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Tests/RoleManagement.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -157,5 +157,44 @@
Roles.AddUserToRole("eve", "Administrator");
Assert.IsTrue(Roles.IsUserInRole("eve", "Administrator"));
}
+
+ [Test]
+ public void IsUserInRoleCrossDomain()
+ {
+ MySQLMembershipProvider provider = new MySQLMembershipProvider();
+ NameValueCollection config1 = new NameValueCollection();
+ config1.Add("connectionStringName", "LocalMySqlServer");
+ config1.Add("applicationName", "/");
+ config1.Add("passwordStrengthRegularExpression", "bar.*");
+ config1.Add("passwordFormat", "Clear");
+ provider.Initialize(null, config1);
+ MembershipCreateStatus status;
+ provider.CreateUser("foo", "bar!bar", null, null, null, true, null, out status);
+
+ MySQLMembershipProvider provider2 = new MySQLMembershipProvider();
+ NameValueCollection config2 = new NameValueCollection();
+ config2.Add("connectionStringName", "LocalMySqlServer");
+ config2.Add("applicationName", "/myapp");
+ config2.Add("passwordStrengthRegularExpression", ".*");
+ config2.Add("passwordFormat", "Clear");
+ provider2.Initialize(null, config2);
+
+ roleProvider = new MySQLRoleProvider();
+ NameValueCollection config = new NameValueCollection();
+ config.Add("connectionStringName", "LocalMySqlServer");
+ config.Add("applicationName", "/");
+ roleProvider.Initialize(null, config);
+
+ MySQLRoleProvider r2 = new MySQLRoleProvider();
+ NameValueCollection configr2 = new NameValueCollection();
+ configr2.Add("connectionStringName", "LocalMySqlServer");
+ configr2.Add("applicationName", "/myapp");
+ r2.Initialize(null, configr2);
+
+ roleProvider.CreateRole("Administrator");
+ roleProvider.AddUsersToRoles(new string[] { "foo" },
+ new string[] { "Administrator" });
+ Assert.IsFalse(r2.IsUserInRole("foo", "Administrator"));
+ }
}
}
Modified: branches/5.2/MySql.Web/Tests/UserManagement.cs
===================================================================
--- branches/5.2/MySql.Web/Tests/UserManagement.cs 2009-03-03 21:11:53 UTC (rev 1520)
+++ branches/5.2/MySql.Web/Tests/UserManagement.cs 2009-03-04 16:20:51 UTC (rev 1521)
@@ -29,6 +29,7 @@
using System;
using System.Configuration.Provider;
using MySql.Web.Security;
+using MySql.Data.MySqlClient;
namespace MySql.Web.Tests
{
@@ -571,5 +572,33 @@
string pw = provider.GetPassword("foo", null);
Assert.AreEqual("barbar!", pw);
}
+
+ /// <summary>
+ /// Bug #42574 ValidateUser does not use the application id, allowing cross application login
+ /// </summary>
+ [Test]
+ public void CrossAppLogin()
+ {
+ provider = new MySQLMembershipProvider();
+ NameValueCollection config = new NameValueCollection();
+ config.Add("connectionStringName", "LocalMySqlServer");
+ config.Add("applicationName", "/");
+ config.Add("passwordStrengthRegularExpression", "bar.*");
+ config.Add("passwordFormat", "Clear");
+ provider.Initialize(null, config);
+ MembershipCreateStatus status;
+ provider.CreateUser("foo", "bar!bar", null, null, null, true, null, out status);
+
+ MySQLMembershipProvider provider2 = new MySQLMembershipProvider();
+ NameValueCollection config2 = new NameValueCollection();
+ config2.Add("connectionStringName", "LocalMySqlServer");
+ config2.Add("applicationName", "/myapp");
+ config2.Add("passwordStrengthRegularExpression", ".*");
+ config2.Add("passwordFormat", "Clear");
+ provider2.Initialize(null, config2);
+
+ bool worked = provider2.ValidateUser("foo", "bar!bar");
+ Assert.AreEqual(false, worked);
+ }
}
}
| Thread |
|---|
| • Connector/NET commit: r1521 - in branches/5.2: . MySql.Web/Providers MySql.Web/Providers/Source MySql.Web/Tests | rburnett | 4 Mar |
