[Mailman-Developers] Query regarding ambiguous behavior of REST API due to case-sensitivity of email addresses

Ankush Sharma ankush.sharma.ece12 at iitbhu.ac.in
Sun Mar 1 10:13:19 CET 2015 

Hello people,

I want to report an issue in Mailman core that drives a bug in the Mailman
REST API. I was testing Postorius's *mass subscribe* feature. When an email
address associated with an already existing member is used for
subscription, the REST API returns a 409 code saying `Member already
subscribed` which is good. But, when we use the same email with some
letters in different cases, the REST API returns `500' i.e server error
occurred which should also return `409`. The Mailman core raises the
error *User
should have had linked address*, i.e a 500 error code occurs.

The screenshots of the above issue:-

Case-insensitive email usage:
http://postimg.org/image/qgl2piepj/
http://postimg.org/image/s5u5xkuev/
Case-sensitive email usage:
http://postimg.org/image/okyaecpvb/

As far as I can understand from the mailman docs
 http://gnu-mailman.readthedocs.org/en/latest/src/mailman/model/docs/addresses.html#case-preserved-addresses
<http://gnu-mailman.readthedocs.org/en/latest/src/mailman/model/docs/addresses.html#case-preserved-addresses>
mailman
keeps all email addresses in small cases internally.

I tested this again using CURL and REST clients and found that the REST API
is failing to return `409' in the latter case. That is, something is wrong
with mailman core. Later, I dug in the Mailman core and found out the
following things:

1. In /src/mailman/app/membership.py  `add_member` function uses *user =
user_manager.get_user(email) *to check if the user corresponding the email
address already exists or not. Here email is in *preserved case *and it
returns the user associated with this email address. Here it does not
matter if the email is in *lower case *itself.

2. Later on, in the same function the following code checks if the email is
matched:

*for address in user.addresses:*
*            if address.email == email:*
*                   break*

Here *email* is in *preserved case* while *address.email *returns a lower
case version of email and an *unmatch* occurs. ( sam at gmail.com and
SAM at gmail.com do not matches ofcourse )
But, the thing confuses me is the *assertion error* in case of an
unmatch, *User
should have had linked address.* What does it signify, as you are using the
same email to get the user object and later on matching should be done by
bringing the *passed *email in the *lower case *too, i.e ( SAW at gmail.com
should be brought down to sam at gmail.com )

*for address in user.addresses:*
*            if address.email == email.lower():*
*                   break*

It also makes the REST API return `409` in both cases and it should return
it too. I have filed a bug ( Bug #1425359 ) for this.

I may be interpreting things wrong. In case if it is an architectural
aspect related to Mailman core, please explain. In case it is a bug in
real, I would love to submit a patch for it.

Thanks,
Ankush Sharma
github.com/black-perl

More information about the Mailman-Developers mailing list