diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2016-05-09 14:35:23 -0500 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2016-05-09 14:35:23 -0500 |
| commit | 787f7af77f69aa72028a3865f3689a6f18995c96 (patch) | |
| tree | 9317e91018b421034bdde8a14e659cba6e277fb0 /Core | |
| parent | 3eb62fffbb324147f6dd68da4c3427fabfbdbe80 (diff) | |
| parent | 0441ef2d18b4de4570f6364c70d0af7dd0d447f1 (diff) | |
| download | symfony-security-787f7af77f69aa72028a3865f3689a6f18995c96.zip symfony-security-787f7af77f69aa72028a3865f3689a6f18995c96.tar.gz symfony-security-787f7af77f69aa72028a3865f3689a6f18995c96.tar.bz2 | |
* 2.8:
Fixed issue with blank password with Ldap
Diffstat (limited to 'Core')
| -rw-r--r-- | Core/Authentication/Provider/LdapBindAuthenticationProvider.php | 4 | ||||
| -rw-r--r-- | Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php | 19 |
2 files changed, 22 insertions, 1 deletions
diff --git a/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/Core/Authentication/Provider/LdapBindAuthenticationProvider.php index adc42ef..e887f99 100644 --- a/Core/Authentication/Provider/LdapBindAuthenticationProvider.php +++ b/Core/Authentication/Provider/LdapBindAuthenticationProvider.php @@ -73,6 +73,10 @@ class LdapBindAuthenticationProvider extends UserAuthenticationProvider $username = $token->getUsername(); $password = $token->getCredentials(); + if ('' === $password) { + throw new BadCredentialsException('The presented password must not be empty.'); + } + try { $username = $this->ldap->escape($username, '', LDAP_ESCAPE_DN); $dn = str_replace('{username}', $username, $this->dnString); diff --git a/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php b/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php index 844bcef..fbb4d73 100644 --- a/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php +++ b/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php @@ -23,6 +23,23 @@ class LdapBindAuthenticationProviderTest extends \PHPUnit_Framework_TestCase { /** * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + * @expectedExceptionMessage The presented password must not be empty. + */ + public function testEmptyPasswordShouldThrowAnException() + { + $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $ldap = $this->getMock('Symfony\Component\Ldap\LdapClientInterface'); + $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); + + $provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap); + $reflection = new \ReflectionMethod($provider, 'checkAuthentication'); + $reflection->setAccessible(true); + + $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key')); + } + + /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException * @expectedExceptionMessage The presented password is invalid. */ public function testBindFailureShouldThrowAnException() @@ -40,7 +57,7 @@ class LdapBindAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $reflection = new \ReflectionMethod($provider, 'checkAuthentication'); $reflection->setAccessible(true); - $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key')); + $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', 'bar', 'key')); } public function testRetrieveUser() |