[Mailman-Developers] Query regarding ambiguous behavior of REST API due to case-sensitivity of email addresses

Ankush Sharma ankush.sharma.ece12 at iitbhu.ac.in
Tue Mar 3 09:45:41 CET 2015 

Hello people,

I guess you guys might be busy. I am unable to figure out this issue yet,
can anyone help ?

Thanks,
Ankush Sharma
github.com/black-perl

On Sun, Mar 1, 2015 at 2:43 PM, Ankush Sharma <
ankush.sharma.ece12 at iitbhu.ac.in> wrote:

> Hello people,
>
> I want to report an issue in Mailman core that drives a bug in the Mailman
> REST API. I was testing Postorius's *mass subscribe* feature. When an
> email address associated with an already existing member is used for
> subscription, the REST API returns a 409 code saying `Member already
> subscribed` which is good. But, when we use the same email with some
> letters in different cases, the REST API returns `500' i.e server error
> occurred which should also return `409`. The Mailman core raises the error *User
> should have had linked address*, i.e a 500 error code occurs.
>
> The screenshots of the above issue:-
>
> Case-insensitive email usage:
> http://postimg.org/image/qgl2piepj/
> http://postimg.org/image/s5u5xkuev/
> Case-sensitive email usage:
> http://postimg.org/image/okyaecpvb/
>
> As far as I can understand from the mailman docs
>  http://gnu-mailman.readthedocs.org/en/latest/src/mailman/model/docs/addresses.html#case-preserved-addresses
> <http://gnu-mailman.readthedocs.org/en/latest/src/mailman/model/docs/addresses.html#case-preserved-addresses> mailman
> keeps all email addresses in small cases internally.
>
> I tested this again using CURL and REST clients and found that the REST
> API is failing to return `409' in the latter case. That is, something is
> wrong with mailman core. Later, I dug in the Mailman core and found out the
> following things:
>
> 1. In /src/mailman/app/membership.py  `add_member` function uses *user =
> user_manager.get_user(email) *to check if the user corresponding the
> email address already exists or not. Here email is in *preserved case *and
> it returns the user associated with this email address. Here it does not
> matter if the email is in *lower case *itself.
>
> 2. Later on, in the same function the following code checks if the email
> is matched:
>
> *for address in user.addresses:*
> *            if address.email == email:*
> *                   break*
>
> Here *email* is in *preserved case* while *address.email *returns a lower
> case version of email and an *unmatch* occurs. ( sam at gmail.com and
> SAM at gmail.com do not matches ofcourse )
> But, the thing confuses me is the *assertion error* in case of an
> unmatch, *User should have had linked address.* What does it signify, as
> you are using the same email to get the user object and later on matching
> should be done by bringing the *passed *email in the *lower case *too,
> i.e ( SAW at gmail.com should be brought down to sam at gmail.com )
>
> *for address in user.addresses:*
> *            if address.email == email.lower():*
> *                   break*
>
> It also makes the REST API return `409` in both cases and it should return
> it too. I have filed a bug ( Bug #1425359 ) for this.
>
> I may be interpreting things wrong. In case if it is an architectural
> aspect related to Mailman core, please explain. In case it is a bug in
> real, I would love to submit a patch for it.
>
> Thanks,
> Ankush Sharma
> github.com/black-perl
>
>

More information about the Mailman-Developers mailing list