PAS: Confusion of login and user_id encourage wrong usage of getUser and leads to errors if login!=user_id

Plone is in principle capable of handling users with a login that differs from their user_id.

PAS obscures this capability by sloppy naming of functions and variable identifiers which leads to follow up errors e.g. in plone.api.user. This function in Products.PluggableAuthService.PluggableAuthService causes the problems:

security.declareProtected( ManageUsers, 'getUser' )
def getUser( self, name ):

""" See IUserFolder.
"""
plugins = self._getOb( 'plugins' )

name = self.applyTransform( name )
user_info = self._verifyUser( plugins, login=name )

if not user_info:
    return None

return self._findUser( plugins, user_info['id'], user_info['login'])

This function getUser( self, name) should be better namend getUserByLogin since this is what it really does.
The parameter 'name' does not help either - 'login' would be the better choice.
Since the interface specification of IUserFolder does not elaborate on the true purpose of this function, also, it is used wrongly at several places e.g. the plone.api to fetch a user by its user_id instead of using getUserByID. This works in most cases but not if login and user_id differ. Note: There are some usecases where it is usefull to differentiate between login and user_id, so mingling both is IMHO reducing the capability of Plone.

I have hacked PAS with the following code to see if our problem with the usecase login != user_id vanishes and it does! We also noticed no side effects on our product. But this is only indication and no proof.

security.declareProtected( ManageUsers, 'getUser' )
def getUserByLogin( self, login ):
""" See IUserFolder.
"""
plugins = self._getOb( 'plugins' )

login = self.applyTransform( login )
user_info = self._verifyUser( plugins, login=login )

if not user_info:
    return None

return self._findUser( plugins, user_info['id'], user_info['login'])


security.declareProtected( ManageUsers, 'getUser' )
def getUser( self, name ):
    """ See IUserFolder.
    """
    return self.getUserById( name )

The PAS tests have to be fixed on two hands of lines to reflect the change from getUser to getUserByLogin if the tests are dealing with logins. Also some tests should be added e.g. to the plone API to test for the usecase login != user_id and the api should be fixed.
The use of the legacy function getUser should by marked as deprecated.

What is your opinion on this matter?

I raised this at
plone.api.get_roles(username=userid) breaks if username != userid

Seem like not a easy thing to solve.