Hello!
I think a found a bug in ZODBUserManager.py in the updateUserPassword
method.
To reproduce:
Add users via ZMI (id | login)
user1 | login1
user2 | login2
Everything works fine.
Now edit the second user (by clicking on "password" in the
ZODBUserManager ZMI)
And choose "login1" without quotes for the login name, retype your
password.
You now see two users in your ZODBUserManager, but only the second one
will work.
The first user is somehow "overwritten", you cant delete him, or even
use him for authentification.
I browsed the source (om not so good at that so please forgive if I went
the wrong way ;) )
And found the corresponding method "updateUserPassword"
I think somewhere in this method the duplicate login check is missing,
like in the method "addUser"
if self._login_to_userid.get( login_name ) is not None:
raise KeyError, 'Duplicate login name: %s' % login_name
Maybe anyone knows how to fix this :) I do not.
Cheers
Dom
_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas
