Closed Bug 349349 Opened 19 years ago Closed 19 years ago

Use ->create from Bugzilla::Object instead of insert_new_user for Bugzilla::User

Categories

(Bugzilla :: User Accounts, enhancement)

Product:
Bugzilla
Component:
User Accounts
Version:
2.23
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: mkanat, Assigned: mkanat)

References

Details

Attachments

(1 file, 1 obsolete file)

Checked-In Version
20.32 KB, patch
Details | Diff | Splinter Review
Now that Bugzilla::User is a Bugzilla::Object, and we don't depend on insert_new_user returning a password, we can make it into an implementation of Bugzilla::Object->create, which is much cleaner.
Attached patch v1 (obsolete) — Splinter Review
Okay, here we go. Here are some things to know about the patch: 1) I've tested it lightly. 2) I have a plan to fix the XXX comment in Bugzilla::Auth::Verify, but it's going to take enough code that it will require it's own bug. 3) We call validate_password directly in token.cgi because we have to make sure the passwords match, and there's no easy way to do that in create(). 4) create() does not generate a random password if you don't specify a password, unlike insert_new_user. We don't need that functionality anymore, and it makes the calling code much simpler this way. We simply always require a password argument. 5) There is no...number 5. :-)
Assignee: user-accounts → mkanat
Status: NEW → ASSIGNED
Attachment #234626 - Flags: review?(LpSolit)
Comment on attachment 234626 [details] [diff] [review] v1 >Index: token.cgi > sub confirm_create_account { >- (defined $cgi->param('passwd1') && defined $cgi->param('passwd2')) >- || ThrowUserError('new_password_missing'); >- validate_password($cgi->param('passwd1'), $cgi->param('passwd2')); >+ validate_password(scalar $cgi->param('passwd1'), >+ scalar $cgi->param('passwd2')); I would like that you keep the first check, i.e. if both values are defined, before calling validate_password(). >Index: Bugzilla/User.pm >+ login_name => \&check_login_name, check_login_name() is confusing as I read it as "make sure this login name currently exists in the DB", which is exactly the opposite of what you want. I would prefer something like "check_login_availability". >+ cryptpassword - B<Required> The password for the new user. >+ Even though the name says "crypt", you should just specify >+ a plain-text password. Nit: I find this really confusing, as discussed on IRC. The last nit is optional and doesn't need to be fixed, but I would like to see the first 2 to be fixed on checkin, if possible. Your patch is working fine; r=LpSolit
Attachment #234626 - Flags: review?(LpSolit) → review+
Flags: approval?
Flags: approval? → approval+
Okay, I fixed all the nits except the last one (it would have been too complicated to fix on checkin). I'll attach what actually got checked in. Checking in checksetup.pl; /cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl new revision: 1.538; previous revision: 1.537 done Checking in createaccount.cgi; /cvsroot/mozilla/webtools/bugzilla/createaccount.cgi,v <-- createaccount.cgi new revision: 1.53; previous revision: 1.52 done Checking in editusers.cgi; /cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi new revision: 1.134; previous revision: 1.133 done Checking in token.cgi; /cvsroot/mozilla/webtools/bugzilla/token.cgi,v <-- token.cgi new revision: 1.46; previous revision: 1.45 done Checking in Bugzilla/Object.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Object.pm,v <-- Object.pm new revision: 1.4; previous revision: 1.3 done Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.128; previous revision: 1.127 done Checking in Bugzilla/Auth/Verify.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Verify.pm,v <-- Verify.pm new revision: 1.5; previous revision: 1.4 done Checking in Bugzilla/DB/Schema.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/DB/Schema.pm,v <-- Schema.pm new revision: 1.65; previous revision: 1.64 done Checking in Bugzilla/Install/DB.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Install/DB.pm,v <-- DB.pm new revision: 1.11; previous revision: 1.10 done Checking in contrib/syncLDAP.pl; /cvsroot/mozilla/webtools/bugzilla/contrib/syncLDAP.pl,v <-- syncLDAP.pl new revision: 1.9; previous revision: 1.8 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Here's what I checked in. I also forgot to remove account/exists.html.tmpl in the previous checkin, so I did it just now: Removing template/en/default/account/exists.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/account/exists.html.tmpl,v <-- exists.html.tmpl new revision: delete; previous revision: 1.8 done
Attachment #234626 - Attachment is obsolete: true
Blocks: 350244
Blocks: 351182
Blocks: CVE-2014-1572
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: