bug #49187 [Ldap] Allow multiple values on extra_fields (mvhirsch)

nicolas-grekas · nicolas-grekas · commit 69f113a3ba6a · 2023-02-01T18:58:34.000+01:00
This PR was merged into the 5.4 branch. Discussion ---------- [Ldap] Allow multiple values on `extra_fields` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no  | Deprecations? | no  | Tickets | ~ | License | MIT | Doc PR | Loading users with the `LdapUserProvider`, using `extra_fields` fails if I want to get `memberOf` attribute. This happens, if my user has multiple attributes set. After taking a look at `Ldap\Entry` (which supports multiple values per attribute). Looking at `LdapUserProvider::getAttributeValue()` it was very clear, that every attribute must be unique. The method `getAttributeValue()` has originated from `getPassword` dbf45e4, forcing the password attribute to be unique. Same goes for `uidKey` c91689b. Loading `extra_fields` should allow for multiple values per attribute (like `memberOf`). Did I break backward compatibility? No, I didn't. Simply because it was never usable as array while loading users via `LdapUserProvider`, instead an `InvalidArgumentException` was thrown.  Commits ------- e51b502 fixes retrieving multiple values for extra fields
diff --git a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
@@ -187,6 +187,9 @@ private function getAttributeValue(Entry $entry, string $attribute)
         }
 
         $values = $entry->getAttribute($attribute);
+        if (!\in_array($attribute, [$this->uidKey, $this->passwordAttribute])) {
+            return $values;
+        }
 
         if (1 !== \count($values)) {
             throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));
diff --git a/src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php b/src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php
@@ -333,6 +333,52 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()
         $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
+    public function testLoadUserByIdentifierIsSuccessfulWithMultipleExtraAttributes()
+    {
+        $result = $this->createMock(CollectionInterface::class);
+        $query = $this->createMock(QueryInterface::class);
+        $query
+            ->expects($this->once())
+            ->method('execute')
+            ->willReturn($result)
+        ;
+        $ldap = $this->createMock(LdapInterface::class);
+        $memberOf = [
+            'cn=foo,ou=MyBusiness,dc=symfony,dc=com',
+            'cn=bar,ou=MyBusiness,dc=symfony,dc=com',
+        ];
+        $result
+            ->expects($this->once())
+            ->method('offsetGet')
+            ->with(0)
+            ->willReturn(new Entry('foo', [
+                'sAMAccountName' => ['foo'],
+                'userpassword' => ['bar'],
+                'memberOf' => $memberOf,
+            ]))
+        ;
+        $result
+            ->expects($this->once())
+            ->method('count')
+            ->willReturn(1)
+        ;
+        $ldap
+            ->expects($this->once())
+            ->method('escape')
+            ->willReturn('foo')
+        ;
+        $ldap
+            ->expects($this->once())
+            ->method('query')
+            ->willReturn($query)
+        ;
+
+        $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={user_identifier})', 'userpassword', ['memberOf']);
+        $user = $provider->loadUserByIdentifier('foo');
+        $this->assertInstanceOf(LdapUser::class, $user);
+        $this->assertSame(['memberOf' => $memberOf], $user->getExtraFields());
+    }
+
     public function testRefreshUserShouldReturnUserWithSameProperties()
     {
         $ldap = $this->createMock(LdapInterface::class);

Original file line number	Diff line number	Diff line change
`@@ -187,6 +187,9 @@ private function getAttributeValue(Entry $entry, string $attribute)`
`187`	`187`	`}`
`188`	`188`
`189`	`189`	`$values = $entry->getAttribute($attribute);`
	`190`	`+ if (!\in_array($attribute, [$this->uidKey, $this->passwordAttribute])) {`
	`191`	`+ return $values;`
	`192`	`+ }`
`190`	`193`
`191`	`194`	`if (1 !== \count($values)) {`
`192`	`195`	`throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));`