From 3891b63a1eb52076337885487f251a10580a4a85 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 27 Apr 2016 18:50:13 +0200
Subject: Bug 218917 - Allow the login name to be different from the email
 address Original patch by Gervase Markham r=gerv a=dkl

---
 Bugzilla/Auth/Verify.pm | 54 +++++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 24 deletions(-)

(limited to 'Bugzilla/Auth/Verify.pm')

diff --git a/Bugzilla/Auth/Verify.pm b/Bugzilla/Auth/Verify.pm
index ef5b749b1..20318b3a5 100644
--- a/Bugzilla/Auth/Verify.pm
+++ b/Bugzilla/Auth/Verify.pm
@@ -36,7 +36,8 @@ sub create_or_update_user {
     my $dbh = Bugzilla->dbh;
 
     my $extern_id = $params->{extern_id};
-    my $username  = $params->{bz_username} || $params->{username};
+    my $login     = $params->{bz_username} || $params->{username};
+    my $email     = Bugzilla->params->{use_email_as_login} ? $login : $params->{email};
     my $password  = $params->{password} || '*';
     my $real_name = $params->{realname} || '';
     my $user_id   = $params->{user_id};
@@ -44,7 +45,7 @@ sub create_or_update_user {
     # A passed-in user_id always overrides anything else, for determining
     # what account we should return.
     if (!$user_id) {
-        my $username_user_id = login_to_id($username || '');
+        my $login_user_id = login_to_id($login || '');
         my $extern_user_id;
         if ($extern_id) {
             trick_taint($extern_id);
@@ -52,26 +53,26 @@ sub create_or_update_user {
                  FROM profiles WHERE extern_id = ?', undef, $extern_id);
         }
 
-        # If we have both a valid extern_id and a valid username, and they are
+        # If we have both a valid extern_id and a valid login, and they are
         # not the same id, then we have a conflict.
-        if ($username_user_id && $extern_user_id
-            && $username_user_id ne $extern_user_id)
+        if ($login_user_id && $extern_user_id
+            && $login_user_id ne $extern_user_id)
         {
             my $extern_name = Bugzilla::User->new($extern_user_id)->login;
             return { failure => AUTH_ERROR, error => "extern_id_conflict",
                      details => {extern_id   => $extern_id,
                                  extern_user => $extern_name,
-                                 username    => $username} };
+                                 username    => $login} };
         }
 
-        # If we have a valid username, but no valid id,
+        # If we have a valid login, but no valid id,
         # then we have to create the user. This happens when we're
-        # passed only a username, and that username doesn't exist already.
-        if ($username && !$username_user_id && !$extern_user_id) {
-            validate_email_syntax($username)
-              || return { failure => AUTH_ERROR, 
+        # passed only a login, and that login doesn't exist already.
+        if ($login && !$login_user_id && !$extern_user_id) {
+            validate_email_syntax($email)
+              || return { failure => AUTH_ERROR,
                           error   => 'auth_invalid_email',
-                          details => {addr => $username} };
+                          details => {addr => $email} };
             # Usually we'd call validate_password, but external authentication
             # systems might follow different standards than ours. So in this
             # place here, we call trick_taint without checks.
@@ -79,23 +80,24 @@ sub create_or_update_user {
 
             # XXX Theoretically this could fail with an error, but the fix for
             # that is too involved to be done right now.
-            my $user = Bugzilla::User->create({ 
-                login_name    => $username, 
+            my $user = Bugzilla::User->create({
+                login_name    => $login,
+                email         => $email,
                 cryptpassword => $password,
                 realname      => $real_name});
-            $username_user_id = $user->id;
+            $login_user_id = $user->id;
         }
 
-        # If we have a valid username id and an extern_id, but no valid
+        # If we have a valid login id and an extern_id, but no valid
         # extern_user_id, then we have to set the user's extern_id.
-        if ($extern_id && $username_user_id && !$extern_user_id) {
+        if ($extern_id && $login_user_id && !$extern_user_id) {
             $dbh->do('UPDATE profiles SET extern_id = ? WHERE userid = ?',
-                     undef, $extern_id, $username_user_id);
-            Bugzilla->memcached->clear({ table => 'profiles', id => $username_user_id });
+                     undef, $extern_id, $login_user_id);
+            Bugzilla->memcached->clear({ table => 'profiles', id => $login_user_id });
         }
 
         # Finally, at this point, one of these will give us a valid user id.
-        $user_id = $extern_user_id || $username_user_id;
+        $user_id = $extern_user_id || $login_user_id;
     }
 
     # If we still don't have a valid user_id, then we weren't passed
@@ -109,11 +111,15 @@ sub create_or_update_user {
     # Now that we have a valid User, we need to see if any data has to be updated.
     my $changed = 0;
 
-    if ($username && lc($user->login) ne lc($username)) {
-        validate_email_syntax($username)
+    if ($email && lc($user->email) ne lc($email)) {
+        validate_email_syntax($email)
           || return { failure => AUTH_ERROR, error => 'auth_invalid_email',
-                      details => {addr => $username} };
-        $user->set_login($username);
+                      details => {addr => $email} };
+        $user->set_email($email);
+        $changed = 1;
+    }
+    if ($login && lc($user->login) ne lc($login)) {
+        $user->set_login($login);
         $changed = 1;
     }
     if ($real_name && $user->name ne $real_name) {
-- 
cgit v1.2.3-24-g4f1b