minor #38030 [Ldap] Add comment about bind with empty password (jderusse)

fabpot · fabpot · commit f0c4d3130eec · 2020-09-02T14:14:12.000+02:00
This PR was merged into the 4.4 branch. Discussion ---------- [Ldap] Add comment about bind with empty password | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | / | License | MIT | Doc PR | / When LDAP server allows unauthenticated binds, calling the method `bind` with a blank password will return a positive response. This is not an issue when using High Level classes of Symfony, because this case is handled in `LdapBindAuthenticationProvider` and `CheckLdapCredentialsListener`. And passing a blank password could be a valid use case for the low level class `Connection`. This PR adds a comment on the parameter `$password` to let people Know about this Commits ------- 63a8570 Add a warning comment on ldap empty password
diff --git a/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php b/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php
@@ -50,6 +50,8 @@ public function isBound()
 
     /**
      * {@inheritdoc}
+     *
+     * @param string $password WARNING: When the LDAP server allows unauthenticated binds, a blank $password will always be valid.
      */
     public function bind($dn = null, $password = null)
     {

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,8 @@ public function isBound()`
`50`	`50`
`51`	`51`	`/**`
`52`	`52`	`* {@inheritdoc}`
	`53`	`+ *`
	`54`	`+ * @param string $password WARNING: When the LDAP server allows unauthenticated binds, a blank $password will always be valid.`
`53`	`55`	`*/`
`54`	`56`	`public function bind($dn = null, $password = null)`
`55`	`57`	`{`