Download & Extend
Password policy » Issues

The username constraint is always tested, despite the corresponding option is enabled or not

Posted by jgalletta on July 22, 2011 at 8:53am
Project:Password policy
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:major
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

The configuration option for username constraint is not taken in account when the constraints are tested, so the validation (both php and javascript) is always executed.

After some debug, the problem is that the configuration is simply not tested in the validation functions (see constraint_username.inc, functions password_policy_constraint_username_validate() and password_policy_constraint_username_js(), the $constraint parameter is never used...).

Login or register to post comments

Comments

#1

Posted by frankcarey on July 23, 2011 at 1:56am

Yeah, just needed to actually check if the contraint is true (or evaluates to true). This should work, but I don't have time to test it. It is patched against my other patch that provides the ability to check names of new users, so you will have to apply that first. See http://drupal.org/node/1226434#comment-4770124

Man, 3 patches for me to get this working :(

AttachmentSizeStatusTest resultOperations
check_name_constraint-1226418-1.patch625 bytesIdleFAILED: [[SimpleTest]]: [MySQL] Unable to apply patch check_name_constraint-1226418-1.patch. Unable to apply patch. See the log in the details link for more information.View details

#2

Posted by jgalletta on July 26, 2011 at 7:23pm

Your patch works fine for the server side validation, but you forgot to also patch the javascript part :)
The same if with a return ''; if !$constraint in the js validation function should be fine.

#3

Posted by jgalletta on August 4, 2011 at 12:20pm

The server side validation patch works fine for me, now need a patch for client-side validation.

#4

Posted by erikwebb on October 26, 2011 at 1:36am
Version:6.x-1.0-beta1» 6.x-1.x-dev
Status:active» needs work

Agreed, the patch in #1 looks like a win for the server-side. Any attempts on the JS side?

#5

Posted by erikwebb on March 2, 2012 at 2:49am
Status:needs work» needs review

Actually, I just tried to reproduce the problem and wasn't able to. I add a new policy, set username to '1', receive the error. Then erase the username value, then the error goes away.

I've attached a patch that should fix this problem, but I'm not really able to see what the problem is at the moment.

AttachmentSizeStatusTest resultOperations
password_policy-username_constraint_always_tested-1226418-5.patch1.37 KBIdleFAILED: [[SimpleTest]]: [MySQL] 333 pass(es), 1 fail(s), and 0 exception(s).View details

#6

Posted by jgalletta on March 9, 2012 at 12:24pm
Status:needs review» reviewed & tested by the community

Works for me, I wrote the same code a while back and it's working on live site since this time.

#7

Posted by System Message on March 9, 2012 at 12:26pm
Status:reviewed & tested by the community» needs work

The last submitted patch, password_policy-username_constraint_always_tested-1226418-5.patch, failed testing.

#8

Posted by erikwebb on March 9, 2012 at 2:01pm
Status:needs work» needs review

I introduced a bug with that patch actually. The test itself was also broken. Re-running the tests with a new patch.

AttachmentSizeStatusTest resultOperations
password_policy-username_constraint_always_tested-1226418-8.patch2.33 KBIdlePASSED: [[SimpleTest]]: [MySQL] 334 pass(es).View details

#9

Posted by erikwebb on May 2, 2012 at 6:14pm
Status:needs review» fixed

http://drupalcode.org/project/password_policy.git/commit/fd4557a

#10

Posted by System Message on May 16, 2012 at 6:20pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nobody click here