8000 security #18736 Fixed issue with blank password with Ldap (csarrazi) · symfony/symfony@6f48b4b · GitHub
[go: up one dir, main page]
Skip to content

Commit 6f48b4b

Browse files
fabpotfabpot
committed
security #18736 Fixed issue with blank password with Ldap (csarrazi)
This PR was merged into the 2.8 branch. Discussion ---------- Fixed issue with blank password with Ldap | Q | A | ------------- | --- | Branch? | 1.8 | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Commits ------- c7d9c62 Fixed issue with blank password with Ldap
2 parents 6d20cee + c7d9c62 commit 6f48b4b

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,10 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
7373
$username = $token->getUsername();
7474
$password = $token->getCredentials();
7575

76+
if ('' === $password) {
77+
throw new BadCredentialsException('The presented password must not be empty.');
78+
}
79+
7680
try {
7781
$username = $this->ldap->escape($username, '', LDAP_ESCAPE_DN);
7882
$dn = str_replace('{username}', $username, $this->dnString);

src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,23 @@
2121
*/
2222
class LdapBindAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
2323
{
24+
/**
25+
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
26+
* @expectedExceptionMessage The presented password must not be empty.
27+
*/
28+
public function testEmptyPasswordShouldThrowAnException()
29+
{
30+
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
31+
$ldap = $this->getMock('Symfony\Component\Ldap\LdapClientInterface');
32+
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
33+
34+
$provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
35+
$reflection 9A33 = new \ReflectionMethod($provider, 'checkAuthentication');
36+
$reflection->setAccessible(true);
37+
38+
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key'));
39+
}
40+
2441
/**
2542
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
2643
* @expectedExceptionMessage The presented password is invalid.
@@ -40,7 +57,7 @@ public function testBindFailureShouldThrowAnException()
4057
$reflection = new \ReflectionMethod($provider, 'checkAuthentication');
4158
$reflection->setAccessible(true);
4259

43-
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key'));
60+
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', 'bar', 'key'));
4461
}
4562

4663
public function testRetrieveUser()

0 commit comments

Comments
 (0)
0