[interchange-cvs] interchange - jon modified lib/Vend/UserDB.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Thu Apr 7 22:46:41 EDT 2005 

User:      jon
Date:      2005-04-08 02:46:41 GMT
Modified:  lib/Vend UserDB.pm
Log:
Re-order writing of foreign and password fields.

When you create a new account, it calls $udb->set_field first for
password, then it calls it again for the indirect login "foreign"
column if the indirect login was specified. The problem with this:
it creates a race condition in which a record momentarily exists with
a blank value in that foreign column, which is treated by Interchange
as if it has a unique constraint upon it (which it well may if it's
a foreign key constraint).

Therefore, this reverses the order in which these things happen, so
the password is populated second. If indirect_login isn't specified,
then there's no practical difference.

Really, there's a larger problem in how this is set up, because this
approach doesn't permit you to have NOT NULL constraints on columns in
the user table. This should probably be re-written so it can populate
the entire record at once instead of in several steps leaving some fields
empty at first.

Patch from Ethan Rowe <ethan at endpoint.com>.

Revision  Changes    Path
2.35      +9 -9      interchange/lib/Vend/UserDB.pm


rev 2.35, prev_rev 2.34
Index: UserDB.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/UserDB.pm,v
retrieving revision 2.34
retrieving revision 2.35
diff -u -u -r2.34 -r2.35
--- UserDB.pm	5 Mar 2005 19:01:54 -0000	2.34
+++ UserDB.pm	8 Apr 2005 02:46:41 -0000	2.35
@@ -1,6 +1,6 @@
 # Vend::UserDB - Interchange user database functions
 #
-# $Id: UserDB.pm,v 2.34 2005/03/05 19:01:54 mheins Exp $
+# $Id: UserDB.pm,v 2.35 2005/04/08 02:46:41 jon Exp $
 #
 # Copyright (C) 2002-2003 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -17,7 +17,7 @@
 
 package Vend::UserDB;
 
-$VERSION = substr(q$Revision: 2.34 $, 10);
+$VERSION = substr(q$Revision: 2.35 $, 10);
 
 use vars qw!
 	$VERSION
@@ -1511,13 +1511,6 @@
 			die errmsg("Username already exists.") . "\n";
 		}
 
-		my $pass = $udb->set_field(
-						$self->{USERNAME},
-						$self->{LOCATION}{PASSWORD},
-						$pw,
-						);
-		die errmsg("Database access error.") . "\n" unless defined $pass;
-
 		if($foreign) {
 			 $udb->set_field(
 						$self->{USERNAME},
@@ -1526,6 +1519,13 @@
 						)
 				or die errmsg("Database access error.");
 		}
+
+		my $pass = $udb->set_field(
+						$self->{USERNAME},
+						$self->{LOCATION}{PASSWORD},
+						$pw,
+						);
+		die errmsg("Database access error.") . "\n" unless defined $pass;
 
 		if($options{no_login}) {
 			$Vend::Session->{auto_created_user} = $self->{USERNAME};

More information about the interchange-cvs mailing list