Project

General

Profile

Actions

Bug #2558

closed

(ex PT/ Technique) User Management: The fullname of the user is only set at creation. It will not be updated or checked.

Added by Nicolas PERRON over 12 years ago. Updated over 12 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Nicolas PERRON
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

If I create a user without fullname and change the Technique to update its name to 'Brandon', it will return success even if userQA1 has no fullname. It will be the same if the fullname is wrong.

Furthermore, checking a user with a wrong fullname will return success too.

it seems that fullname is never checked or updated.

Actions #1

Updated by Nicolas PERRON over 12 years ago

  • Status changed from New to In progress

Full name is not checked and only set at creation with an argument to useradd.

Actions #2

Updated by Jonathan CLARKE over 12 years ago

  • Target version changed from 2.3.8 to 2.3.9
Actions #3

Updated by Nicolas PERRON over 12 years ago

  • Status changed from In progress to Pending technical review
  • % Done changed from 0 to 100

Now, fullname is checked and changed if defined in the Technique

Actions #4

Updated by Matthieu CERDA over 12 years ago

Well it looks correct, I approve.

BUT !

I have to little objections:
  • You are editing /etc/passwd, which means your implementation is Linux and some BSDs-centric.
  • Editing /etc/passwd is quite dangerous, we should test this thoroughly.
Actions #6

Updated by Nicolas PERRON over 12 years ago

Matthieu CERDA wrote:

Well it looks correct, I approve.

BUT !

I have to little objections:
  • You are editing /etc/passwd, which means your implementation is Linux and some BSDs-centric.

Actually, we are concentrated on Linux implementation since Windows implimentation is quite wonky.

  • Editing /etc/passwd is quite dangerous, we should test this thoroughly.

How can we test /etc/passwd ? The previous use of this Technique didn't made any check on /etc/passwd, /etc/shadow or /etc/group

Actions #7

Updated by Nicolas PERRON over 12 years ago

Nicolas PERRON wrote:

Matthieu CERDA wrote:

Well it looks correct, I approve.

BUT !

I have to little objections:
  • You are editing /etc/passwd, which means your implementation is Linux and some BSDs-centric.

Actually, we are concentrated on Linux implementation since Windows implimentation is quite wonky.

  • Editing /etc/passwd is quite dangerous, we should test this thoroughly.

How can we test /etc/passwd ? The previous use of this Technique didn't made any check on /etc/passwd, /etc/shadow or /etc/group

Please make a new issue about a new implementation.

Actions #8

Updated by Matthieu CERDA over 12 years ago

I do not think a new issue is useful, I just wanted to point out that editing /etc/passwd is a thing that should be tested functionally, not in the PT.

About the Windows support, yep should keep it in mind, but it is obviously not currently on schedule.

Actions #9

Updated by Nicolas CHARLES over 12 years ago

  • Status changed from Pending technical review to Released

This looks valid. However, I wonder if it might not have been a bit more cfenginesque to use the bundle edit_line set_colon_field of the stdlib, and define classes in the files: promises part rather than in the bundle edit_line

Actions

Also available in: Atom PDF