| Bug #38243 | Not Handling non existing user when calling AddUsersToRoles method | ||
|---|---|---|---|
| Submitted: | 20 Jul 2008 0:23 | Modified: | 25 Jul 2008 11:25 |
| Reporter: | Marouane BOUZOUBAA | ||
| Status: | Closed | ||
| Category: | Connector/Net | Severity: | S3 (Non-critical) |
| Version: | 5.2.2 | OS: | Any |
| Assigned to: | Target Version: | ||
| Tags: | Membership Provider, Role Provider | ||
[21 Jul 2008 23:45]
Reggie Burnett
This one is verified but not in the way the user thinks. The provider should not throw an exception but should silently create the user if it doesn't exist. Note that a user record is not the same thing as a membership record.
[21 Jul 2008 23:48]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/50148
[21 Jul 2008 23:48]
Reggie Burnett
Fixed in 5.2.3
[25 Jul 2008 11:25]
Tony Bedford
An entry was added to the 5.2.3 changelog: The provider did not silently create the user if the user did not exist.
Description: the method AddUsersToRoles tests for valid roles and checks for whether the user in in role but does not throw an exception when the user is not a membership. this is because the method: int roleId = GetRoleId(connection, rolename); converts null to int as 0, meaning that the userId end up being 0. an invalid row is inserted after that. How to repeat: call AddUsersToRoles method with an invalid user and a valid role. Suggested fix: i fixed it by adding a test on the userId : int userId = GetUserId(connection, username); if (userId == 0) { throw new ProviderException(Resources.UsernameNotFound); }