launchpad-reviewers team mailing list archive

[Steve Kowalik <stevenk@xxxxxxxxxx>]

Steve Kowalik has proposed merging lp:~stevenk/launchpad/remove-logintokens-on-merge into lp:launchpad.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~stevenk/launchpad/remove-logintokens-on-merge/+merge/124338

When people are merged, LoginToken's are transferred. This allows people to subvert ~registry-experts email by creating a person, adding an unvalidated email, deleting the person and then validating the mail. Deal with this by removing all LoginToken's on merge.
-- 
https://code.launchpad.net/~stevenk/launchpad/remove-logintokens-on-merge/+merge/124338
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~stevenk/launchpad/remove-logintokens-on-merge into lp:launchpad.

=== modified file 'lib/lp/registry/doc/person-merge.txt'
--- lib/lp/registry/doc/person-merge.txt	2011-12-30 06:14:56 +0000
+++ lib/lp/registry/doc/person-merge.txt	2012-09-14 05:55:23 +0000
@@ -98,6 +98,16 @@
     >>> marilize in ubuntu_translators.activemembers
     True
 
+marilize happens to have an LoginToken.
+
+    >>> from lp.services.verification.interfaces.logintoken import (
+    ...     ILoginTokenSet)
+    >>> from lp.services.verification.interfaces.authtoken import (
+    ...     LoginTokenType)
+    >>> token = getUtility(ILoginTokenSet).new(
+    ...     marilize, marilize.preferredemail.email, 'willdie@xxxxxxxxxxx',
+    ...     LoginTokenType.VALIDATEEMAIL)
+
 Do the merge!
 -------------
 
@@ -230,6 +240,11 @@
 
         https://launchpad.net/name12/+editemails ...
 
+sample has not been transferred marilize's logintoken.
+
+    >>> list(getUtility(ILoginTokenSet).searchByEmailRequesterAndType(
+    ...     'willdie@xxxxxxxxxxx', sample, LoginTokenType.VALIDATEEMAIL))
+    []
 
 Person decoration
 -----------------

=== modified file 'lib/lp/registry/model/person.py'
--- lib/lp/registry/model/person.py	2012-09-07 18:06:37 +0000
+++ lib/lp/registry/model/person.py	2012-09-14 05:55:23 +0000
@@ -3781,6 +3781,11 @@
             naked_recipe.owner = to_person
             naked_recipe.name = new_name
 
+    def _mergeLoginTokens(self, cur, from_id, to_id):
+        # Remove all LoginTokens.
+        cur.execute('''
+            DELETE FROM LoginToken WHERE requester=%(from_id)d''' % vars())
+
     def _mergeMailingListSubscriptions(self, cur, from_id, to_id):
         # Update MailingListSubscription. Note that since all the from_id
         # email addresses are set to NEW, all the subscriptions must be
@@ -4381,6 +4386,9 @@
 
         self._mergeDateCreated(cur, from_id, to_id)
 
+        self._mergeLoginTokens(cur, from_id, to_id)
+        skip.append(('logintoken', 'requester'))
+
         # Sanity check. If we have a reference that participates in a
         # UNIQUE index, it must have already been handled by this point.
         # We can tell this by looking at the skip list.