Bug #75397 Any Call to RoleExists() returns true whether or not the role exists
Submitted: 2 Jan 2015 21:19 Modified: 23 Feb 2015 22:05
Reporter: Omar Elabd Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:6.9.5 OS:Any
Assigned to: Gabriela Martinez Sanchez CPU Architecture:Any
Tags: MySql.Web, mysql.web.security, roles, Roles.RoleExists(), Simple Membership

[2 Jan 2015 21:19] Omar Elabd
Description:
the issue appears to be with the internal method it's using.

		internal int GetRoleId(string role)
		{
			int num;
			using (MySqlDatabaseWrapper mySqlDatabaseWrapper = new MySqlDatabaseWrapper(this.GetConnectionString()))
			{
				string str = string.Format("select roleid from {0} where rolename=?;", this._rolesTable);
				object[] objArray = new object[] { role };
				mySqlDatabaseWrapper.ExecuteQuerySingleRecord(str, objArray);
				if (role == null)
				{
					num = 0;
				}
				else
				{
					num = role[0];
				}
			}
			return num;
		}

My guess is num should be returning 0 if a role is not found

How to repeat:
Any method call of the MySqlSimpleRoleProvider.RoleExists method returns true whether or not the role actually exists.

Suggested fix:
Suggested code:

		internal int GetRoleId(string role)
		{
			int num;
			using (MySqlDatabaseWrapper mySqlDatabaseWrapper = new MySqlDatabaseWrapper(this.GetConnectionString()))
			{
				string str = string.Format("select roleid from {0} where rolename=?;", this._rolesTable);
				object[] objArray = new object[] { role };
				DataRow row = mySqlDatabaseWrapper.ExecuteQuerySingleRecord(str, objArray);
				if (row == null)
				{
					num = 0;
				}
				else
				{
					num = 1;
				}
			}
			return num;
		}

There are much better implementations but without looking at all the dependencies this seems like it shouldn't break much.
[5 Jan 2015 20:57] Omar Elabd
added more tags
[3 Feb 2015 6:46] Chiranjeevi Battula
Bug#73880 marked as related to this one.
[23 Feb 2015 22:05] Philip Olson
Posted by developer:
 
Fixed as of the upcoming MySQL Connector/Net 6.9.6 release, and here's the changelog entry:

The "MySqlSimpleRoleProvider.RoleExists" method would return true instead
of false.

Thank you for the bug report.