diff options
| author | Charles Sarrazin <charles@sarraz.in> | 2016-05-26 03:56:44 +0200 |
|---|---|---|
| committer | Charles Sarrazin <charles@sarraz.in> | 2016-05-26 04:36:36 +0200 |
| commit | 3b89f41a6a9e015da1bd008be13c985349f86e7b (patch) | |
| tree | 0e4927f6cca7074d1869b991a39da3062ec1876e /Core/User | |
| parent | ef9abbe2063b55156fb88c353b4e332eef0793fc (diff) | |
| download | symfony-security-3b89f41a6a9e015da1bd008be13c985349f86e7b.zip symfony-security-3b89f41a6a9e015da1bd008be13c985349f86e7b.tar.gz symfony-security-3b89f41a6a9e015da1bd008be13c985349f86e7b.tar.bz2 | |
[Ldap] Fixed issue with Entry password attribute containing array of values and made password attribute configurablev3.1.0-RC1v3.1.0
Diffstat (limited to 'Core/User')
| -rw-r--r-- | Core/User/LdapUserProvider.php | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/Core/User/LdapUserProvider.php b/Core/User/LdapUserProvider.php index a37981c..e722c98 100644 --- a/Core/User/LdapUserProvider.php +++ b/Core/User/LdapUserProvider.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Core\User; use Symfony\Component\Ldap\Entry; +use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Ldap\Exception\ConnectionException; @@ -31,6 +32,7 @@ class LdapUserProvider implements UserProviderInterface private $searchPassword; private $defaultRoles; private $defaultSearch; + private $passwordAttribute; /** * @param LdapInterface $ldap @@ -41,7 +43,7 @@ class LdapUserProvider implements UserProviderInterface * @param string $uidKey * @param string $filter */ - public function __construct(LdapInterface $ldap, $baseDn, $searchDn = null, $searchPassword = null, array $defaultRoles = array(), $uidKey = 'sAMAccountName', $filter = '({uid_key}={username})') + public function __construct(LdapInterface $ldap, $baseDn, $searchDn = null, $searchPassword = null, array $defaultRoles = array(), $uidKey = 'sAMAccountName', $filter = '({uid_key}={username})', $passwordAttribute = null) { $this->ldap = $ldap; $this->baseDn = $baseDn; @@ -49,6 +51,7 @@ class LdapUserProvider implements UserProviderInterface $this->searchPassword = $searchPassword; $this->defaultRoles = $defaultRoles; $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter); + $this->passwordAttribute = $passwordAttribute; } /** @@ -99,8 +102,42 @@ class LdapUserProvider implements UserProviderInterface return $class === 'Symfony\Component\Security\Core\User\User'; } + /** + * Loads a user from an LDAP entry. + * + * @param string $username + * @param Entry $entry + * + * @return User + */ private function loadUser($username, Entry $entry) { - return new User($username, $entry->getAttribute('userpassword'), $this->defaultRoles); + $password = $this->getPassword($entry); + + return new User($username, $password, $this->defaultRoles); + } + + /** + * Fetches the password from an LDAP entry. + * + * @param null|Entry $entry + */ + private function getPassword(Entry $entry) + { + if (null === $this->passwordAttribute) { + return; + } + + if (!$entry->hasAttribute($this->passwordAttribute)) { + throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $this->passwordAttribute, $entry->getDn())); + } + + $values = $entry->getAttribute($this->passwordAttribute); + + if (1 !== count($values)) { + throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $this->passwordAttribute)); + } + + return $values[0]; } } |